Microsoft Azure Fundamentals Practice Test (AZ-900)

The Zero Trust model operates on the principle that no user or device is trusted by default, regardless of their location. It requires continuous verification of identity and access rights before granting access to resources. The perimeter-based security model trusts users inside the network by default, which can lead to vulnerabilities. The 'Trust but verify' model implies some level of initial trust, which contradicts the Zero Trust principle. The open network model does not emphasize strict access controls, making it less secure.

Software as a Service (SaaS) is a cloud computing offering that provides users with access to a vendor's cloud-based software. Users do not install applications on their local devices. Instead, the applications run on cloud-based servers, and users access the software via the web or an API. The vendor manages the infrastructure, middleware, application software, and application data. An example of a SaaS application is a web-based email service through which you can send and receive emails without having to manage the email server or client software. In contrast, the other options listed either fall under different service models, such as PaaS (where the environment, but not the applications, is managed by the provider) and IaaS (which provides virtualized computing resources over the internet), or are not related to cloud service models at all.

This statement is false. Azure Availability Zones are physically separate datacenters within an Azure region, designed to provide high availability by protecting applications and data from datacenter failures.

They are not virtual network segments; virtual networks and subnets are used to segment and isolate network traffic.

A private cloud is a cloud computing model where the infrastructure is dedicated exclusively to a single organization. It offers the benefits of scalability and flexibility while providing greater control over data security and compliance. This makes it ideal for organizations that require dedicated resources.

A public cloud provides services over the internet to multiple organizations and is not dedicated to one user.

A hybrid cloud combines elements of both public and private clouds, but the scenario specifies a dedicated environment, making the private cloud the most appropriate choice.

A community cloud is a computing model where infrastructure is shared by multiple organizations with similar needs and objectives. This contradicts the need for an environment dedicated to the organizations use.

Conditional Access in Microsoft Entra ID enables organizations to create policies that control user access based on various signals like location, device compliance, and risk detection. By using Conditional Access, the company can ensure that access to resources is granted only when specific conditions are met.

Privileged Identity Management manages and monitors access to privileged roles but doesn't enforce access policies based on signals.

Azure Information Protection classifies and protects documents and emails, not user access.

Multi-Factor Authentication (MFA) adds an extra layer of security but doesn't provide dynamic access controls based on factors like location or device compliance.

Azure Resource Manager (ARM) templates enable the automation of Azure resource deployment using declarative JSON files that define the infrastructure and configuration. This approach allows for consistent, repeatable deployments and supports version control systems, enhancing collaboration and change tracking.

Azure Policy helps enforce organizational standards and compliance.

Azure Portal is a web-based interface for manual resource management.

Azure Monitor is used for monitoring and analyzing the performance of resources.

Sovereign regions are designed to ensure that data resides within a specific geographical location, complying with national regulations. Region pairs consist of two regions within the same geography, providing disaster recovery through replication. Therefore, deploying in a sovereign region with a paired region would meet both the compliance requirement and provide a disaster recovery solution.

Tags in Azure are used to logically organize and categorize resources by applying custom metadata in the form of key-value pairs. This is particularly useful for cost management, as it enables detailed billing analysis by grouping costs across resources that share the same tags. By using tags, organizations can track and analyze costs associated with specific projects, departments, or environments.

Azure Functions is a serverless compute service that allows you to run event-triggered code without having to explicitly provision or manage infrastructure. It automatically scales based on demand and you are charged only for the compute resources used during the execution of your functions. Virtual Machines require management of the underlying infrastructure, whereas container services like Azure Kubernetes Service (AKS) also involve orchestration. Logic Apps, although used for automated workflows, are not primarily compute services and do not offer the same kind of execution model.

Azure provides integrated security features and compliance tools that help organizations manage and meet regulatory standards. By leveraging Azure's built-in capabilities, companies can enhance their security posture and simplify compliance management. The other options are incorrect because Azure does not leave customers without support for security and compliance, it does not make compliance more difficult due to shared infrastructure, nor does it require additional third-party tools to meet compliance needs.

Software as a Service (SaaS) is the appropriate model because it delivers fully managed applications over the internet. In this case, an email service provided as a SaaS solution allows the company to use the service without worrying about installing software, managing hardware, or handling updates—the cloud provider takes care of everything. Infrastructure as a Service (IaaS) would require the company to manage the operating systems and applications themselves, and Platform as a Service (PaaS) would require them to develop or deploy their own applications, which is more work than desired in this scenario.

Resource Locks can be applied to resources, resource groups, or subscriptions to prevent accidental deletion or modification. By applying a lock, even users with the necessary permissions must first remove the lock before they can perform the restricted operation. This ensures critical resources remain protected during maintenance or other operations.

Access Control (IAM) and Role-Based Access Control (RBAC) manage permissions but do not prevent users with sufficient privileges from modifying or deleting resources. Azure Policy helps enforce organizational standards and assess compliance but does not block modifications in real-time.

Cloud computing involves delivering various services over the internet, including servers, storage, databases, networking, software, analytics, and intelligence. Users can access these resources on-demand and pay only for what they consume, offering flexibility and cost-efficiency. The other options are different concepts: server virtualization is creating multiple virtual servers on a single physical server; data mining is analyzing large datasets to discover patterns; edge computing refers to processing data near the source of data generation to reduce latency.

Cloud providers like Azure offer built-in security features and maintain compliance certifications for various regulatory standards. By leveraging these services, organizations can access advanced security measures and easily meet compliance requirements without investing heavily in their own infrastructure. While scalability, global reach, and cost savings are benefits of cloud computing, they do not directly help with meeting strict regulatory requirements.

Azure Cloud Shell provides an integrated, browser-accessible shell that allows you to run Azure CLI and Azure PowerShell commands without any local installation. It's a convenient tool for managing Azure resources from any device.

Azure Resource Manager is the deployment and management service for Azure but doesn't offer a command-line interface.

Azure Portal Dashboard is a graphical interface and doesn't support command-line operations.

Azure Advisor offers personalized recommendations to optimize your Azure resources but doesn't provide command-line capabilities.