June 27, 2020
Azure AZ-900 Exam Study Notes Part – 3
This “Azure AZ-900 Exam Study Notes Part – 3” blog series covers the continuation of the questions and answers I used for brainstorming and self-learning for the exam.
AZ-900 Exam Study Notes – Part 3
| 41 | What is an address space on a Virtual Network? |
| A | An address space is a number of IP addresses that are unique only on the specific Virtual Network. For instance, these IP addresses are assigned to resources connected to the VNet, which allows the resources to interact and communicate. And for a fact, there is no limit to the number or VNets you can have, nor to the number of address spaces. |
| 42 | While configuring a Virtual Machine to use a Virtual Network, when do the Virtual Network need to be specified? |
| A | At the time the Virtual Machine is created |
| 43 | What is the smallest subnet that you can implement in an Azure virtual network? |
| A | There are five IP addresses on each subnet that Azure platform reserves for its internal use. The smallest subnet you can implement is /29. |
| 44 | Why would you use a Content Delivery Network? |
| A | A CDN keeps a recent copy of your web application and can deliver this much faster to users close to an endpoint. CDNs can handle a LOT more data than a typical web server, which makes it ideal to handle traffic spikes as well. Furthermore, CDNs don’t generally handle individual traffic routing rules nor security. |
| 45 | If you decide to implement some of your services on the Azure platform, would you need to create Azure virtual networks? |
| A | Azure VMs have the prerequisite to create a virtual network. Also to note, Azure web app no PaaS service in Azure offers integration with a virtual network. |
| 46 | In which scenario would you use an Application Gateway? |
| A | An application gateway is similar to a load balancer but can redirect traffic based on attributes in the HTTP request, the request coming in from the internet. Furthermore, you can have a VM handling video, one handling images, and so on. Application Gateways do not handle traffic security, nor manage any Virtual Networks. |
| 47 | Will you be able to successfully ping the two virtual machines on the virtual network? |
| A | Ping functionality relies on the Internet Control Message Protocol (ICMP), which by default is blocked by Windows Firewall on each of the two Azure virtual machines. |
| 48 | How will your organization use Azure SQL Database? |
| A | Azure SQL database can be used as a backend for App Service, Cloud Services, and Applications running under VM. Importantly, it can work as a replacement for SQL server installed on VM or On-Premise. |
| 49 | What is the purpose of a VPN Gateway? |
| A | It allows encrypted traffic to flow between on-premises services and Azure services. A VPN Gateway does not filter traffic, monitor for malicious content or look after IP addresses. |
| 50 | You are planning to move streaming media content to Windows Azure Storage. You need to recommend an approach for providing worldwide users the fastest possible access to the content. |
| A | The best option is the Azure blobs. This allows you to store a large volume of data. Additionally, in case your application is targeted for a global audience, this storage blob should be front ended with CDN for better performance and reduced latency. |
| 51 | What role should you assign to a user account in the Azure AD directory instance to enable the user to fully manage all of its objects? |
| A | Global Admin |
| 52 | Which is set up by default when you create an Azure Storage Account? |
| A | Read Access Geo-Redundant Storage (RA-GRS). |
| 53 | How do resources on Azure use a Virtual Network? |
| A | A VN connects Azure services to allow them to communicate with each other and with the outside world. Some resources, such as Virtual Machines, must have a Virtual network connection, where others, such as App Services, are not required to. |
| 54 | You are a Service Administrator of an Azure subscription. What method do you recommend for delegating the ability to manage some of your subscription’s resources to another user? |
| A | You should use RBAC to configure the user as the owner of the resources. Consequently, this complies with the principle of least privilege and is the most secure solution. |
| 55 | What are the options to select, when you create a storage account ? |
| A | Locally redundant storage (LRS), Zone-redundant storage (ZRS) and Geo-redundant storage (GRS) |
| 56 | Azure Multi-Factor Authentication adds a second level of authentication, what are the possible ways to enable that? |
| A | Microsoft Azure Multi-Factor Authentication adds an extra level of authentication. This includes options such as requiring users to use a text message, a call to an office, a mobile phone, or a smartphone app. |
| 57 | How will your organization use Azure AD? |
| A | Azure AD provides a range of features that integrate with other cloud and on-premises services. Leveraging Azure AD to authenticate Azure web apps, Azure PaaS cloud services, and web applications running in Azure virtual machines is easy. Similarly, you can delegate management of Azure AD resources that are accessible via the Azure Portal by using Role-Based Access Control (RBAC).For example, an organization that deploys a web app for sales personnel to Azure can use Azure AD to authenticate user requests to the app and can choose to implement Multi-Factor Authentication when sales personnel access the app via a browser or a mobile device. |
| 58 | What does Geo-Redundant Storage (GRS) do? |
| A | Maintains 6 copies of your data. Three copies are replicated within the primary region, with three additional copies being replicated within a secondary region hundreds of miles away. |
| 59 | By default, Azure automatically configures new Windows VMs to be accessed via PowerShell Remoting. |
| A | TRUE |
| 60 | What does Zone-Redundant Storage (ZRS) do? |
| A | Maintains 3 copies of your data, replicated across two to three facilities, either within a single region or across two regions. |
Summary & Next Steps
For passing the exam, on top of this blog series, I strongly urge you to create an account in the Azure portal and get some real-time experience on the topic. For more information, please visit Microsoft sites AZ-900 and Azure fundamentals. Also” Azure AZ-900 Exam Study Notes Part – 1 & 2 ” in case if you missed part-1 & 2 of the study notes. Happy learning
Public Cloud Security Part-1
A Quick Overview of Azure IaaS Reference Architecture
AWS Associate Solution Architect FAQ’s Part – 1
About Author
Ashraf Abdulla
Founder of Hiraanet group, IT enthusiast & engineer with more than 10 years in the industry - Proven record of generating and building relationships, managing projects from concept to completion, designing educational strategies, and coaching individuals to success. Currently, enjoys blogging and solving customer issues
2 Comments