Exams > Microsoft > AZ-900: Microsoft Azure Fundamentals
AZ-900: Microsoft Azure Fundamentals
Page 3 out of 40 pages Questions 21-30 out of 400 questions
Question#21

This question requires that you evaluate the underlined text to determine if it is correct.
Resource groups provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions.
Instructions: Review the underlined text. If it makes the statement correct, select `No change is needed`. If the statement is incorrect, select the answer choice that makes the statement correct.

  • A. No change is needed
  • B. Management groups
  • C. Azure policies
  • D. Azure App Service plans
Discover Answer Hide Answer

Answer: C
Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non- compliance with assigned policies. All data stored by Azure Policy is encrypted at rest.
For example, you can have a policy to allow only a certain SKU size of virtual machines in your environment. Once this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy, existing resources can be brought into compliance.
References:
https://docs.microsoft.com/en-us/azure/governance/policy/overview

Question#22

Your company plans to migrate to Azure.
The company has several departments. All the Azure resources used by each department will be managed by a department administrator.
What are two possible techniques to segment Azure for the departments? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. multiple subscriptions
  • B. multiple Azure Active Directory (Azure AD) directories
  • C. multiple regions
  • D. multiple resource groups
Discover Answer Hide Answer

Answer: AD
An Azure subscription is a container for Azure resources. It is also a boundary for permissions to resources and for billing. You are charged monthly for all resources in a subscription. A single Azure tenant (Azure Active Directory) can contain multiple Azure subscriptions.
A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.
To enable each department administrator to manage the Azure resources used by that department, you will need to create a separate subscription per department. You can then assign each department administrator as an administrator for the subscription to enable them to manage all resources in that subscription.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator

Question#23

HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer Hide Answer

Answer:
Box 1: Yes -
You can use the same account to manage multiple subscriptions. You can create an additional subscription for your account in the Azure portal. You may want an additional subscription to avoid hitting subscription limits, to create separate environments for security, or to isolate data for compliance reasons.

Box 2: No -
You cannot merge two subscriptions into a single subscription. However, you can move some Azure resources from one subscription to another. You can also transfer ownership of a subscription and change the billing type for a subscription.

Box 3: Yes -
A company can have multiple subscriptions and store resources in the different subscriptions. However, a resource instance can exist in only one subscription.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription

Question#24

HOTSPOT -
To complete the sentence, select the appropriate option in the answer area.
Hot Area:

Discover Answer Hide Answer

Answer:
You can move a VM and its associated resources to a different subscription by using the Azure portal.
Moving between subscriptions can be handy if you originally created a VM in a personal subscription and now want to move it to your company's subscription to continue your work. You do not need to start the VM in order to move it and it should continue to run during the move.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/move-vm

Question#25

You have an Azure environment that contains multiple Azure virtual machines.
You plan to implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines.
You need to recommend which Azure resources must be created for the planned solution.
Which two Azure resources should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. a virtual network gateway
  • B. a load balancer
  • C. an application gateway
  • D. a virtual network
  • E. a gateway subnet
Discover Answer Hide Answer

Answer: AE
To implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines, you need to configure a
VPN (Virtual Private Network) to connect the on-premises network to the Azure virtual network.
The Azure VPN device is known as a Virtual Network Gateway. The virtual network gateway needs to be located in a dedicated subnet in the Azure virtual network. This dedicated subnet is known as a gateway subnet and must be named 'GatewaySubnet'.
Note: a virtual network (answer D) is also required. However, as we already have virtual machines deployed in a Azure, we can assume that the virtual network is already in place.
References:
https://docs.microsoft.com/en-us/office365/enterprise/connect-an-on-premises-network-to-a-microsoft-azure-virtual-network

Question#26

You attempt to create several managed Microsoft SQL Server instances in an Azure environment and receive a message that you must increase your Azure subscription limits.
What should you do to increase the limits?

  • A. Create a service health alert
  • B. Upgrade your support plan
  • C. Modify an Azure policy
  • D. Create a new support request
Discover Answer Hide Answer

Answer: D
Many Azure resource have quote limits. The purpose of the quota limits is to help you control your Azure costs. However, it is common to require an increase to the default quota.
You can request a quota limit increase by opening a support request. In the support request, select 'Service and subscription limits (quotas)' for the Issue type, select your subscription and the service you want to increase the quota for. For this question, you would select 'SQL Database Managed Instance' as the quote type.
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-resource-limits#obtaining-a-larger-quota-for-sql-managed-instance

Question#27

HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer Hide Answer

Answer:
Box 1: No -
You can assign service administrators and co-administrators in the Azure Portal but there can only be one account administrator.

Box 2: No -
You need an Azure Active Directory account to manage a subscription, not a Microsoft account.
An account is created in the Azure Active Directory when you create the subscription. Further accounts can be created in the Azure Active Directory to manage the subscription.

Box 3: No -
Resource groups are logical containers for Azure resources. However, resource groups do not contain subscriptions. Subscriptions contain resource groups.
Reference:
https://docs.microsoft.com/en-us/office365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings

Question#28

HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer Hide Answer

Answer:
Box 1: No -
Not all Azure regions support availability zones.

Box 2: No -
Availability zones can be used with many Azure services, not just VMs.

Box 3: No -
Availability Zones are unique physical locations within a single Azure region.
Reference:
https://docs.microsoft.com/en-us/azure/availability-zones/az-region#azure-regions-with-availability-zones

Question#29

HOTSPOT -
You plan to create an Azure virtual machine.
You need to identify which storage service must be used to store the unmanaged data disks of the virtual machine.
What should you identify? To answer, select the appropriate service in the answer area.
Hot Area:

Discover Answer Hide Answer

Answer:
Azure containers are the backbone of the virtual disks platform for Azure IaaS. Both Azure OS and data disks are implemented as virtual disks where data is durably persisted in the Azure Storage platform and then delivered to the virtual machines for maximum performance. Azure Disks are persisted in Hyper-V VHD format and stored as a page blob in Azure Storage.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-pageblob-overview

Question#30

Your company plans to move several servers to Azure.
The company's compliance policy states that a server named FinServer must be on a separate network segment.
You are evaluating which Azure services can be used to meet the compliance policy requirements.
Which Azure solution should you recommend?

  • A. a resource group for FinServer and another resource group for all the other servers
  • B. a virtual network for FinServer and another virtual network for all the other servers
  • C. a VPN for FinServer and a virtual network gateway for each other server
  • D. one resource group for all the servers and a resource lock for FinServer
Discover Answer Hide Answer

Answer: B
Networks in Azure are known as virtual networks. A virtual network can have multiple IP address spaces and multiple subnets. Azure automatically routes traffic between different subnets within a virtual network.
The question states that FinServer must be on a separate network segment. The only way to separate FinServer from the other servers in networking terms is to place the server in a different virtual network to the other servers.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm

chevron rightPrevious Nextchevron right