Question 1: Correct

True or false: If your feature is in the General Availability phase, then your feature will
receive support from all Microsoft support channels.

 FALSE
 TRUE

(Correct)

Explanation
This is true. Do not use preview features in production apps.

For more info: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/

Question 2: Correct
What happens if Azure does not meet its own Service Level Agreement guarantee
(SLA)?

 It's not possible. Azure will always meet it's SLA?

 The service will be free that month
 You will be financially refunded a small amount of your
monthly fee

(Correct)

Explanation
Microsoft offers a refund of 10% or 25% depending on how badly they miss their service
guarantee

For more info: https://azure.microsoft.com/en-us/support/legal/sla/

Question 3: Correct
Which style of computing is easiest when migrating an existing hosted application from
your own data center into the cloud?

 IaaS

(Correct)

 Serverless
 PaaS
 FaaS

Explanation
Infrastructure as a service is the easiest to migrate into, from an existing hosted app - lift and
shift

For more info: https://azure.microsoft.com/en-us/overview/what-is-iaas/

 Question 4: Correct
What are resource groups?

 Automatically assigned groups of resources that all have the

same type (virtual machine, app service, etc)
 A folder structure in Azure in which you organize resources
like databases, virtual machines, virtual networks, or almost
any resource

(Correct)

 Within Azure security model, users are organized into

groups, and those groups are granted permissions to
resources
 Based on the tag assigned to a resource by the deployment
script, it is assigned to a group

Explanation
Resource Groups - a folder structure in Azure in which you organize resources like databases,
virtual machines, virtual networks, or almost any resource

For more info: https://docs.microsoft.com/en-us/azure/azure-resource-manager/

management/manage-resource-groups-portal

Question 5: Correct
TRUE OR FALSE: If you wanted to deploy a virtual machine to China, you would just
choose the China region from the drop down.

 TRUE
 FALSE

(Correct)

Explanation
Some regions of the world require special contracts with the local provider such as Germany
and China.

For more info: https://docs.microsoft.com/en-us/azure/china/overview-checklist

Question 6: Correct
What operating systems does an Azure Virtual Machine support?

 Linux
 Windows
 macOS
 Windows and Linux

(Correct)
  Windows, Linux and macOS

Explanation
Azure Virtual Machines support Windows and Linux

For more info: https://docs.microsoft.com/en-us/azure/virtual-machines/

Question 7: Correct
Which tool within the Azure Portal will make specific recommendations based on your
actual usage for how you can improve your use of Azure?

 Azure Monitor
 Azure Service Health
 Azure Dashboard
 Azure Advisor

(Correct)

Explanation
Azure Advisor - a tool that will analyze your use of Azure and make you specific
recommendations based on your usage across availability, security, performance and cost
categories

For more info: https://docs.microsoft.com/en-us/azure/advisor/

Question 8: Incorrect
What is the core problem that you need to solve in order to have a high-availability
application?

 You need to avoid single points of failure

(Correct)

 You need to ensure the capacity of your server exceeds your

highest number of expected concurrent users
 You should have a backup copy of your application on
standby, ready to be started up when the main application
fails.

(Incorrect)

 You need to ensure your server has a lot of RAM and a lot of
CPUs

Explanation
You'll want to avoid single points of failure, so that any component that fails does not cause
the entire application to fail.
For more info: https://docs.microsoft.com/en-us/azure/architecture/guide/design-principles/
redundancy

Question 9: Correct
What are groups of subscriptions called?

 ARM Groups
 Management Groups

(Correct)

 Subscription Groups
 Azure Policy

Explanation
Subscriptions can be nested and placed into management groups to make managing them
easier.

For more info: https://docs.microsoft.com/en-us/azure/governance/management-groups/

overview

Question 10: Incorrect

How do you stop your Azure account from incurring costs above a certain level without
your knowledge?

 Set up a billing alert to send you an email when it reaches a

certain level

(Incorrect)

 Only use Azure Functions which have a significant free limit

 Switch to Azure Reserved Instances with Hybrid Benefit for
VMs
 Implement the Azure spending limit in the Account Center

(Correct)

Explanation
If you don't want to spend over a certain amount, implement a spending limit in the account
center

For more info: https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/

spending-limit

Question 11: Incorrect

How many hours are available free when using the Azure B1S General Purpose Virtual
Machines under a Azure free account in the first 12 months?
 500 hrs
 750 hrs
 (Correct)

 300 hrs
 Indefinite amount of hrs

(Incorrect)

Explanation
Each Azure free account includes 750 hours free for Azure B1S General Purpose Virtual
Machines for the first 12 months.

For more info: https://azure.microsoft.com/en-us/free/free-account-faq/

Question 12: Correct

Which feature within Azure alerts you to service issues that happen in Azure itself, not
specifically related to your own resources?

 Azure Portal Dashboard

 Azure Security Center
 Azure Service Health

(Correct)

 Azure Monitor

Explanation
Azure Service Health - lets you know about any Azure-related service issues including
region-wide downtime

For more info: https://docs.microsoft.com/en-us/azure/service-health/

Question 13: Correct

What is the name of the collective set of APIs that provide machine learning and
artificial intelligence services to your own applications like voice recognition, image
tagging, and chat bot?

 Natural Language Service, LUIS

 Azure Batch
 Cognitive Services

(Correct)

 Azure Machine Learning Studio

Explanation
Azure Cognitive Services is the set of Machine Learning and AI API's

For more info: https://docs.microsoft.com/en-us/azure/cognitive-services/

 Question 14: Correct
Which Azure service, when enabled, will automatically block traffic to or from known
malicious IP addresses and domains?

 Azure Active Directory

 Network Security Groups
 Azure Firewall

(Correct)

 Load Balancer

Explanation
Azure Firewall has a threat-intelligence option that will automatically block traffic to/from
bad actors on the Internet.

For more info: https://docs.microsoft.com/en-us/azure/firewall/

Question 15: Correct

What is the significance of the Azure region? Why is it important?

 Even though you have to choose a region when creating

resources, there's generally no consequence of what you
select. You can create a network in one region and then
create virtual machines for that network in another region.
 You must select a region when creating most resources, and
the region is the area of the world where those resources
will be physically located.

(Correct)

 Region is just a folder structure in which you organize

resources, much like file folders on a computer.
 Once you select a region, you cannot create resources
outside of that region. So selecting the right region is an
important decision.

Explanation
The region is the area of the world where resources get created. You can create resources in
any region that you have access to. But there are sometimes restrictions when creating a
resource in one region that related resources like networks must also be in the same region for
logical reasons.

For more info: https://azure.microsoft.com/en-us/global-infrastructure/geographies/#overview

Question 16: Correct

Why should you divide your application into multiple subnets as opposed to having all
your web, application and database servers running on the same subnet?
  Separating your application into multiple subnets allows you
to have different NSG security rules for each subnet, which
can make it harder for a hacker to get from one
compromised server onto another.

(Correct)

 Each server type of your application requires its own subnet.

It's not possible to mix web servers, database servers and
application servers on the same subnet.
 There are only a limited number of IP addresses available
per subnet, so you need multiple subnets over a certain
number.
Explanation
For security purposes, you should not allow "port 80" web traffic to reach certain servers, and
you do that by having separate NSG rules on each subnet.

For more info: https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-

practices

Question 17: Correct

Which two features does Virtual Machine Scale Sets provide as part of the core
product? Pick two.

 Automatic installation of supporting apps and deployment of

custom code
 Firewall
 Load balancing between virtual machines

(Correct)

 Autoscaling of virtual machines

(Correct)

 Content Delivery Network

Explanation
VMSS provides autoscale features and has a built in load balancer. You still need to have a
way to deploy your code to the new servers, as you do with regular VMs.

For more info: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/

Question 18: Correct

Which Azure service can be enabled to enable Multi-Factor Authentication for
administrators but not require it for regular users?

 Azure Firewall
 Privileged Identity Management
 (Correct)

 Azure AD B2B
 Advanced Threat Protection

Explanation
Privileged Identity Management can be used to ensure privileged users have to jump through
additional verification because of their role.

For more info: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-

management/pim-configure

Question 19: Correct

What is the name of the open source project run by the Apache foundation that maps to
the HDInsight tools within Azure?

 Apache Jazz
 Apache Hadoop

(Correct)

 Apache Jaguar
 Apache Cayenne

Explanation
Hadoop is open source home of the HDInsight tools

For more info: https://docs.microsoft.com/en-us/azure/hdinsight/hadoop/apache-hadoop-

introduction

Question 20: Correct

TRUE OR FALSE: Azure Tenant is a dedicated and trusted instance of Azure Active
Directory that's automatically created when your organization signs up for a Microsoft cloud
service subscription.
 FALSE
 TRUE

(Correct)

Explanation
Yes, Azure Tenant is a dedicated and trusted instance of Azure AD that's automatically
created when your organization signs up for a Microsoft cloud service subscription.

See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-
whatis#which-features-work-in-azure-ad

Question 21: Correct

Which of the following are one of the advantages of running your cloud in a private
cloud?
  You own the hardware, so you can change private cloud
hosting providers easily.
 Private cloud is significantly cheaper than the public cloud.
 Assurance that your code, data and applications are running
on isolated hardware, and on an isolated network.

(Correct)

Explanation
Private cloud generally means that you are running your code on isolated computing, not
mixed in with other companies.

For more info: https://azure.microsoft.com/en-us/overview/what-are-private-public-hybrid-

clouds/

Question 22: Correct

Where can you go to see what standards Microsoft is in compliance with?

 Azure Security Center

 Azure Service Health
 Trust Center

(Correct)

 Azure Privacy Page

Explanation
The list of standards that Azure has been certified to meet is in the Trust Center

For more info: https://www.microsoft.com/en-us/trust-center

Question 23: Correct

TRUE OR FALSE: Through Azure Active Directory one can control access to an application
but not the resources of the application.

 TRUE
 FALSE

(Correct)

Explanation
Azure AD can control the access of both the apps and the app resources.

See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-
whatis#which-features-work-in-azure-ad

Question 24: Correct

What type of documents does the Microsoft Service Trust Portal provide?
  Specific recommendations about your usage of Azure and
ways you can improve
 A tool that helps you manage your compliance to various
standards
 Documentation on the individual Azure services and
solutions
 A list of standards that Microsoft follows, pen test results,
security assessments, white papers, faqs, and other
documents that can be used to show Microsoft's compliance
efforts

(Correct)

Explanation
A list of standards that Microsoft follows, pen test results, security assessments, white papers,
faqs, and other documents that can be used to show Microsoft's compliance efforts

For more info: https://servicetrust.microsoft.com/

Question 25: Correct

Which of the following would be an example of an Internet of Things (IoT) device?

 A web application that people use to perform their banking

tasks
 A refrigerator that monitors how much milk you have left
and sends you a text message when you are running low

(Correct)

 A video game, installed on Windows clients around the

world, that keep user scores in the cloud.
 A mobile application that is used to watch online video
courses

Explanation
An IoT device is not a standard computing device but connects to a network to report data on
a regular basis. A web server, a personal computer, or a mobile app is not an IoT device.

For more info: https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-introduction

Question 26: Correct

Which of the following resources are not considered Compute resources?

 Load Balancer

(Correct)

 Virtual Machines
 Azure Batch
  Virtual Machine Scale Sets
 Function Apps

Explanation
A load balancer is a networking product, and does not execute your code.

For more info: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

For more information on compute resources: https://azure.microsoft.com/en-us/product-

categories/compute/

Question 27: Incorrect

Which of the following services would NOT be considered Infrastructure as a Service?

 Virtual Network

(Incorrect)

 Virtual Machine
 Azure Functions App

(Correct)

 Virtual Network Interface Card (NIC)

Explanation
Functions are small pieces of code that you give to Azure to run for you, and you have no
access to the underlying infrastructure.

For more info: https://docs.microsoft.com/en-us/azure/azure-functions/

Question 28: Correct

Which of the following elements is considered part of the "network" layer of network
security?

 Separate servers into distinct subnets by role

(Correct)

Locks on the data center doors

All of the above
Keeping operating systems up to date with patches
Explanation
Subnets is part of network security

For more info: https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-

practices

and
https://en.wikipedia.org/wiki/OSI_model

Question 29: Correct

What is an Azure Subscription?

 Each user account is associated with a unique subscription.

If you need more than one subscription, you need to create
multiple user accounts.
 It is the level at which services are billed. All resources
created under a subscription are billed to that subscription.

(Correct)

Explanation
Subscription is the level at which things get billed. Multiple users can be associated with a
subscription at various permission levels.

For more
info: https://docs.microsoft.com/en-us/services-hub/health/azure_sponsored_subscription

Question 30: Correct

What does it mean if a service is in Private Preview mode?

 You have to apply to get selected in order to use that service

(Correct)

 Anyone can use the service but it must not be for production
use
 Anyone can use the service for any reason
 The service is generally available for use, and Microsoft will
provide support for it

Explanation
Private Preview means you have to apply to use a service, and you may or may not be
selected

For more info: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms

Question 31: Correct

If you have an Azure free account, with a $200 credit for the first month, what happens
when you reach the $200 limit?

 All services are stopped and you must decide whether you
want to convert to a paid account or not.

(Correct)

 Your account is automatically closed.

  Your credit card is automatically billed.
 You cannot create any more resources until you add more
credits to the account.

Explanation
Using up the free credits causes all your resources to be stopped until you decide to get a paid
account.

For more info: https://azure.microsoft.com/en-us/free/free-account-faq/

Question 32: Correct

What is the recommended way within Azure to store secrets such as private
cryptographic keys?

 In an Azure Storage account private blob container

 Azure Key Vault

(Correct)

 Within the application code

 Azure Advanced Threat Protection (ATP)

Explanation
Azure Key Vault - the modern way to store cryptographic keys, signed certificates and secrets
in Azure

For more info: https://docs.microsoft.com/en-us/azure/key-vault/

Question 33: Correct

True or false: Azure PowerShell scripts and Command Line Interface (CLI) scripts are
entirely compatible with each other?

 FALSE

(Correct)

 TRUE

Explanation
No, PowerShell is it's own language, different than CLI

For more info: https://docs.microsoft.com/en-us/powershell/azure/?view=azps-4.5.0

Question 34: Correct

What is the service level agreement for two or more Azure Virtual Machines that have
been placed into the same Availability Set in the same region?

 99.99%
 99.90%
  99.95%

(Correct)

 100%

Explanation
99.95%

For more info: https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/

Question 35: Correct

What does the letter R in RBAC stand for?

 Review
 Rule
 Rights
 Role

(Correct)

Explanation
RBAC is role based access control

For more info: https://docs.microsoft.com/en-us/azure/role-based-access-control/

Question 36: Incorrect

If you wanted to get an alert every time a new virtual machine is created, where could
you create that?

 Subscription settings
 Azure Monitor

(Correct)

 Azure Policy

(Incorrect)

 Azure Dashboard

Explanation
The best place to track events at the resource level is Azure Monitor.

For more info: https://docs.microsoft.com/en-us/azure/azure-monitor/

Question 37: Correct

How does Multi-Factor Authentication make a system more secure?
  It is another password that a user has to memorize, making
it more secure
 It allows the user to log in without a password because they
have already previously been validated using a browser
cookie
 It requires the user to have access to their verified phone in
order to log in

(Correct)

 It doesn't make it more secure

Explanation
Multi-Factor Authentication (MFA) - the concept of having something additional to a
“password” that is required to log in; passwords are find-able or guessable; but having your
mobile phone on you to receive a phone call, text or run an app to get a code is harder for an
unknown hacker to get

For more info: https://docs.microsoft.com/en-us/azure/active-directory/authentication/

concept-mfa-howitworks

Question 38: Correct

What two advantages does cloud computing elasticity give to you? Pick two.

 Servers have become a commodity and Microsoft doesn't

even need to even fix servers that fail within Azure.
 You can do more regular backups and you won't lose as
much when that backup gets restored
 You can serve users better during peak traffic periods by
automatically adding more capacity.

(Correct)

 You can save money.

(Correct)

Explanation
Elasticity saves you money during slow periods (over night, over the weekend, over the
summer, etc) and also allows you to handle the highest peak of traffic.

For more info: https://azure.microsoft.com/en-us/overview/what-is-elastic-computing/

Question 39: Correct

What advantage does an Application Gateway have over a Load Balancer?

 Application Gateway is more like an enterprise-grade

product. You should not use a load balancer in production.
  Application Gateway can be scaled so that two, three or
more instances of the gateway can support your application.
 Application gateway understands the HTTP protocol and can
interpret the URL and make decisions based on the URL.

(Correct)

Explanation
Application gateway can make load balancing decisions based on the URL path, while a load
balancer can't.

For more info: https://docs.microsoft.com/en-us/azure/application-gateway/overview

Question 40: Correct

What is a policy initiative in Azure?

 Assigning permissions to a role in Azure

 Requiring all resources in Azure to use tags
 The ability to group policies together

(Correct)

 A custom designed policy

Explanation
The ability to group policies together

For more info: https://docs.microsoft.com/en-us/azure/governance/policy/overview#initiative-

definition

Question 41: Correct

With Azure public cloud, anyone with a valid credit card can sign up and get services
immediately

 FALSE
 TRUE

(Correct)

Explanation
Yes, Azure public cloud is open to the public in all countries that Azure supports.

For more info: https://docs.microsoft.com/en-us/learn/modules/create-an-azure-account/

Question 42: Correct

What data format are ARM templates created in?

 YAML
 XML
  JSON

(Correct)

 HTML

Explanation
ARM templates are created in JSON

For more info: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/

overview

Question 43: Incorrect

How many minutes per month downtime is 99.99% availability?

 4

(Correct)

 100
 40
 1

(Incorrect)

Explanation
99.99% is 4 minutes per month of downtime

For more info: https://azure.microsoft.com/en-us/support/legal/sla/summary/

Question 44: Correct

Which Azure management tool analyzes your usage of Azure and makes suggestions
specifically targeted to help you optimize your usage of Azure regarding cost, security and
performance?
 Azure Mobile App
 Azure Firewall
 Azure Advisor

(Correct)

 Azure Service Health

Explanation
Azure Advisor analyzes your specific usage of Azure and makes helpful suggestions on how
it can be improved.
Question 45: Incorrect
Deploying Azure App Services applications consists of what two components? Pick two.

 Managing operating system updates

 Packaged code
 (Correct)

 Configuration

(Correct)

 Database scripts

(Incorrect)

Explanation
Azure App Services, platform as a service, consists of code and configuration.

For more info: https://docs.microsoft.com/en-us/azure/app-service/

Question 46: Incorrect

Which database product offers "sub 5 millisecond" response times as a feature?

 Cosmos DB

(Correct)

 SQL Data Warehouse

 Azure SQL Database

(Incorrect)

 SQL Server in a VM

Explanation
Cosmos DB is low latency, and even offers sub 5-ms response times at some levels.

For more info: https://docs.microsoft.com/en-us/azure/cosmos-db/introduction

Question 47: Correct

What is the goal of a DDoS attack?
 To overwhelm and exhaust application resources

(Correct)

 To crack the password from administrator accounts

 To trick users into giving up personal information
 To extract data from a database

Explanation
DDoS is a type of attack that tries to exhaust application resources. The goal is to affect the
application’s availability and its ability to handle legitimate requests.
For more info: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-
overview

Question 48: Correct

What does it mean that security is a "shared model" in Azure?

 Both users and Azure have responsibilities for security.

(Correct)

 Azure takes care of security completely.

 You must keep your security keys private and ensure it
doesn't get out.
 Azure takes no responsibility for security.

Explanation
The shared security model means that, depending on the application model, you and Azure
both have roles in ensuring a secure environment.

For more info: https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-

responsibility

Question 49: Correct

What software is used to synchronize your on premises AD with your Azure AD?

 Azure AD Federation Services

 AD Connect

(Correct)

 LDAP
 Azure AD Domain Services

Explanation
AD Connect is used to synchronize your corporate AD with Azure AD.

For more info: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-

ad-connect

Question 50: Correct

For tax optimization, which type of expense is preferable?

 CapEx
 OpEx

(Correct)

Explanation
Operating Expenditure is thought to be preferable because you can fully
deduct expenses when they are incurred.