Microsoft Azure Fundamentals Practice Test (AZ-900)

Utilizing Azure's auto-scaling capabilities can significantly affect costs as this feature automatically adjusts the number of virtual machine instances or other service capacities in response to the application's demand. This allows for cost savings during off-peak hours by reducing unnecessary resource allocation while ensuring performance during peak demand. The choice of operating system does not inherently affect costs unless considering the licensing fees associated with certain proprietary OS choices. Storage redundancy options do impact costs, but they are typically a consistent cost, as opposed to a variable one that fluctuates with usage. Number of users has a less direct impact since costs are more closely tied to resource consumption and scaling rather than user count.

Public cloud is delivered by a third-party provider that owns and manages the underlying infrastructure. Customers access resources over the internet and are billed according to actual usage, eliminating the need for significant capital investment. Private clouds, hybrid clouds, and traditional on-premises virtualization all require the organization to purchase or maintain some portion of the hardware, leading to higher upfront costs and less consumption-based billing.

Azure ExpressRoute allows you to create private connections between Azure datacenters and your on-premises infrastructure. These connections do not go over the public internet, offering more reliability, faster speeds, and lower latencies than typical internet connections. This makes ExpressRoute the suitable choice for scenarios that require high-bandwidth and secure network connectivity.

Azure VPN Gateway provides encrypted connections over the public internet, which may not meet the requirements for avoiding public internet transit and achieving the lowest possible latency.

Azure Virtual Network Peering connects two Azure virtual networks, allowing them to communicate directly, but it does not connect on-premises networks to Azure.

Azure CDN (Content Delivery Network) is used to deliver content to end-users globally and is not designed for establishing private connections between on-premises networks and Azure.

Azure Monitor alerts are used to create, manage, and route alerts based on the metrics from Azure services. In this case, to monitor the CPU utilization metric and trigger an alert when it exceeds a certain threshold for a specified time period, Azure Monitor alerts service is the appropriate choice. Azure Service Health is concerned with the status of Azure services, Azure Advisor provides recommendations, and Application Insights is more focused on application performance tracking, not infrastructure-level metrics such as CPU utilization.

Website Contributor grants permissions specifically for managing Azure App Service websites. It lets the development team create, configure, and delete web apps while denying control over unrelated resources like virtual machines or network objects, satisfying least-privilege principles.

Owner provides full control over all Azure resources, which exceeds the required scope.

Contributor allows management of every resource within the assigned scope, also exceeding what is needed.

Network Contributor limits permissions to networking resources only and does not include control of web apps.

When creating a new virtual machine in Azure, you must specify a virtual machine size, which determines the amount of CPU, memory, and temporary storage available to the VM. An Operating System disk is required to boot the virtual machine, and a Network Interface allows the VM to communicate within Azure and to the Internet. Additional data disks can be attached for storage purposes, but they are not a requirement for creating a virtual machine.

Managed Disks provide persistent, highly durable storage for Azure virtual machines. They are designed to support the virtual machine's operating system disk and any attached data disks, offering features like scalability, availability, and security.

Azure Blob Storage is mainly used for storing unstructured data like text or binary data (e.g., images, videos, backups).

Azure Data Lake Storage is optimized for large-scale data analytics and is generally used for big data workloads

Azure File Share provides file-level storage accessible via the SMB protocol, which is not suitable for hosting virtual machine disks.

Infrastructure as a Service (IaaS) provides virtualized computing resources over the internet. In an IaaS model, the cloud provider hosts the infrastructure components that are traditionally present in an on-premises data center, including servers, storage, and networking hardware, as well as the hypervisor or virtualization layer. The IaaS customer has control over operating systems, storage, and deployed applications and sometimes limited control of select networking components (e.g., host firewalls). Platform as a Service (PaaS) and Software as a Service (SaaS) offer less control over the environment; in PaaS, you manage the applications and data, while SaaS offers no control over the infrastructure or the platform.

The Virtual Machine Contributor role grants full management permissions for virtual machines-including creating, starting, stopping, restarting, and deleting them-while explicitly not providing management access to the virtual networks or storage accounts that the VMs use. Owner is overly permissive because it grants full control of all resources. Virtual Machine User Login only lets a user sign in to the VM and does not permit lifecycle operations. Reader is limited to read-only access and cannot perform any management tasks.

Azure Resource Manager (ARM) templates enable the automation of Azure resource deployment using declarative JSON files that define the infrastructure and configuration. This approach allows for consistent, repeatable deployments and supports version control systems, enhancing collaboration and change tracking.

Azure Policy helps enforce organizational standards and compliance.

Azure Portal is a web-based interface for manual resource management.

Azure Monitor is used for monitoring and analyzing the performance of resources.

Platform as a Service (PaaS) is the correct choice because it provides a complete development and deployment environment in the cloud, without the need for the client to manage the underlying infrastructure such as servers, storage, or operating systems. This allows the company to focus on the deployment and management of their applications only.

Infrastructure as a Service (IaaS) would be incorrect because it provides virtualized computing resources over the internet and the customer is still responsible for managing the servers and operating systems. Software as a Service (SaaS) would also be incorrect because it refers to cloud-based software that is provided on a subscription basis and is managed entirely by the service provider, which does not fit the scenario where a company wants to deploy its own application. An in-house data center would not qualify as a cloud service model and would involve managing the entire IT infrastructure on-premises.

Azure Resource Manager (ARM) templates allow you to define your infrastructure and configuration in code using JSON files. This enables consistent and repeatable deployments, aligning with Infrastructure as Code (IaC) practices. Other options like Azure Portal and Azure Advisor do not provide code-based deployment capabilities.

AzCopy is designed for high-performance copying of data to and from Azure Storage accounts, which makes it the suitable choice for bulk data transfer operations, specifically for large-scale migration tasks. It operates from the command line, providing precise control over data transfer and can transfer data to Azure Blob Storage efficiently, using parallelization and optimized data transfer techniques. Azure Storage Explorer is a GUI-based utility more suited for ad-hoc transfers and exploration, while Azure File Sync synchronizes file shares with Azure Files, which is not suitable for one-time bulk data migrations to Blob Storage.

The correct statement is that Availability Zones are physically separate datacenters within an Azure region. They are equipped with independent power, cooling, and networking to protect applications and data from datacenter-level failures. Virtual network segments are used for network isolation, not physical high availability. Two or more regions paired for disaster recovery describes region pairs. A logical grouping of VMs within one datacenter describes an Availability Set.

Azure Functions is a serverless compute service that enables you to run code in response to events without the need to manage servers or infrastructure. It automatically scales based on demand, making it ideal for varying workloads.

Azure Virtual Machines require managing the underlying servers and scaling manually.

Azure Container Instances allow running containers without managing virtual machines but lack the automatic scaling and event-driven capabilities of Azure Functions.

Azure App Service is designed for web applications and APIs but does not provide the same level of serverless, event-driven execution.

PaaS (Platform as a Service) is the most appropriate choice because it allows you to focus on application development without managing the underlying infrastructure. It provides the necessary platform—including the operating system, development tools, and database management systems—while giving you control over the deployment environment and application settings.

IaaS (Infrastructure as a Service) requires you to manage more aspects of the system, such as the operating system and runtime.

SaaS (Software as a Service) provides fully developed applications managed by the provider, offering little to no control over the deployment environment.

Azure Advisor analyzes your Azure environment and provides personalized recommendations across various categories to help you optimize your resources. It covers aspects such as cost savings, performance enhancement, security improvement, and ensuring high availability. Understanding the scope of Azure Advisor's recommendations is key in effectively managing and optimizing an Azure environment.

Microsoft Purview provides unified data management and governance across an organization's entire data estate, including on-premises, cloud, and third-party services. It enables the discovery, classification, and control of sensitive data, ensuring compliance with regulations.

Azure Policy helps enforce organizational standards for Azure resources, but does not offer data management across different data sources.

Azure Monitor is used for monitoring and logging resource performance, and Azure Advisor provides personalized recommendations for optimizing Azure resources. Therefore, Microsoft Purview is the service that best meets the organization's needs.

Cloud computing is a model that offers on-demand access to a shared pool of configurable computing resources, such as servers, storage, networks, services, and applications, that can be rapidly provisioned and released with minimal management effort. Understanding this definition helps in recognizing the nature of cloud services and differentiating them from traditional on-premises computing.

Tags in Azure allow you to assign custom metadata to resources in the form of key-value pairs. This enables you to categorize and organize resources across resource groups and subscriptions, making it easier to track costs and manage resources associated with different departments or projects.

Resource groups help organize resources, they do not offer the same level of cross-resource categorization that tags provide.

Management locks prevent accidental deletion or modification of resources.

Azure Policy is used to enforce rules and compliance, but neither of these features allows for the assignment of metadata for categorization and cost tracking.