- True or false: You can download published audit reports and other compliance-related information related to Microsoft’s cloud service from the Service Trust Portal
- Which Azure service allows you to configure fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs?
d. Role-based Access Control
- Which Azure service allows you to create, assign, and, manage policies to enforce different rules and effects over your resources and stay compliant with your corporate standards and service-level agreements (SLAs)?
Azure Security Center
Role-based Access Control
- Which of the following services provides up-to-date status information about the health of Azure services?
Service Trust Portal
Azure Service Health
- Where can you obtain details about the personal data Microsoft processes, how Microsoft processes it, and for what purposes?
Microsoft Privacy Statement
Azure Service Health
AZURE VIRTUAL MACHINES
- Suppose you want to run a network appliance on a virtual machine. Which workload option should you choose?
- True or false: Resource Manager templates are JSON files?
- Which of these standards and protocols is used predominately for email?
- Which network security protocol provides a cryptographic network protocol?
- What is the Internet Control Message Protocol (ICMP) used for?
To send alerts when an intrusion is detected.
To send warning messages when the network is about to fail.
To send error messages and operational information that indicate success or failure when communicating with another IP address.
- What would you use the Simple Network Management Protocol (SNMP) for?
For collecting and organizing information about email servers on your IP network.
For collecting and organizing information about user access and behavior on your IP network.
For collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior.
- What are network standards used for?
To ensure that hardware conforms to a minimum standard necessary for a good network development.
To ensure that software is tightly constrained and meets the needs of the organization’s network.
To ensure that hardware and software made by different vendors can work together seamlessly.
- What is the primary purpose of a hub?
A hub allows one Ethernet network device to send data packets to a specific Ethernet device.
A hub allows the connection of multiple Ethernet devices to make them act as a single network segment.
A hub allows multiple Ethernet network devices access to the internet.
- What is the principal difference between hub routing and switch routing?
Hub routing sends all packets to all connected devices. Switch routing sends packets to specific devices.
Hub routing sends packets to specific locations. Switch routing is only used to route traffic between switches.
Hub routing sends all packets to all connected devices. Switch routing is only used to route traffic between switches.
- What does a router do?
A router is a network device that works out the fastest and most efficient way to send data across a network.
A router is a network device that forwards data packets around faults in your network.
A router is a network device that forwards data packets between computer networks.
- What is the structure of an IPv4 address?
It’s made up of four groups of eight numbers, each separated by a dot.
It’s made up of four hexadecimal numbers (0-F), each separated by a colon.
It’s made up of four numbers, in the range 0-255, each separated by a dot.
- What is TCP/IP?
It’s a protocol that improves network device security on the internet.
It’s a protocol used to secure connections on the internet.
It’s a protocol used to interconnect network devices on the internet.
- What is a subnet?
It’s the natural subdivision of an IP address into host and network.
It’s a control mechanism to limit access to an IP-based network.
It’s the logical subdivision of an IP-based network.
- How would you access a private network from the internet?
By connecting directly to the IP address of the private network.
The private network needs special access via a gateway.
It’s not possible to access a private network from the internet. A private network can access another private network by using network address translation.
- What is the DNS?
The DNS helps resolve IP addresses to domain names.
The DNS helps resolve MAC addresses to IP addresses.
The DNS helps resolve domain names to IP addresses.
- What is a thin client?
A thin client can only display processed data provided by a server.
A thin client can process some data locally, but needs the server to store the data.
A thin client can process and store data locally, and uses the server when it needs more processing power or storage.
- What is the purpose of an application server?
Hosts non-web apps and lets users in the network run them through.
Hosts all your web and non-web apps in one place, so they can be accessed across the network.
- What role does authorization play during a sign-in event?
Authorization is the process of determining whether the authenticated user or client has access to specific resources.
Authorization is the process of determining whether a particular user or client is the author of specific resources.
Authorization is the process of determining whether a client or user is who they
claim to be.
- Which of following happens in the handshake process of SSL/TLS protocol?
The server sends a “ServerHello” message back. This message includes a session ID, the server’s digital certificate, and its public key.
The server sends a “ServerHello” message back. This message includes a session ID, the client’s digital certificate, and a public key.
The server sends a “ClientHello” message back. This message includes a session ID, the server’s digital certificate, and its public key.
- Which of the following best practices should you implement for your network security on Azure?
Disable load balancing of traffic.
Disable SSH/RDP protocols.
Disable network service endpoints.
- You need to prevent users’ devices from directly requesting web pages from the internet. Which tool would you use to do this?
Packet filtering firewall.
Proxy server firewall.
- You need to query log data for applications across your network in Azure. Which tool do you use?
You use Syslog to query the log data that has been collected.
You use Log Analytics to query the data that has been collected.
You use an agent to run queries on the data that has been collected.
- What is Syslog used for?
Syslog is used to let your device send event messages.
Syslog is used to schedule processes to be triggered.
Syslog is used to update system properties on your device.
- What do you need to install on your machine to let you execute Azure CLI commands locally?
The Azure cloud shell
The Azure CLI and Azure PowerShell
Only the Azure CLI
- True or false: The Azure CLI can be installed on Linux, macOS, and Windows, and the CLI commands you use are the same in all platforms.
- Which parameter can you add to most CLI commands to get concise, formatted output?
- True or false: The Azure portal, the Azure CLI, and Azure PowerShell offer significantly different services, so it is unlikely that all three will support the operation you need.
- Suppose you are building a video-editing application that will offer online storage for user-generated video content. You will store the videos in Azure Blobs, so you need to create an Azure storage account to contain the blobs. Once the storage account is in place, it is unlikely you would remove and recreate it because this would delete all the user videos. Which tool is likely to offer the quickest and easiest way to create the storage account?
- What needs to be installed on your machine to let you execute Azure PowerShell cmdlets locally?
The Azure cloud shell
The base PowerShell product and the Az module
The Azure CLI and Azure PowerShell
- What is a tenant in Azure AD?
A tenant represents an entire organization.
A tenant represents a user in an organization.
A tenant represents a geographic location in an organization.
- What is an identity security score?
It’s a number between 1 and 223 that indicates exactly how many identities are secured in your organization.
It’s a number between 1 and 223 that indicates how aligned your security is with Microsoft best practices.
- What does the term identity mean?
Something that can be authenticated. It can be a user, application, service, or anything that needs to be identified.
Hint: An identity represents a user, or sometimes a service or an application, that needs access to do something.
A user that can be authenticated. It has to be a user. Applications or services can’t be considered as identities.
The service that does the authentication for users. It can also be an application.
- Which licensing plan supports Identity Protection?
Azure Active Directory Free
Azure Active Directory Premium P1
Azure Active Directory Premium P2
- What does Azure AD B2B provide?
Azure AD B2B allows you to manage your customers’ identities. It provides access to applications and resources.
Azure AD B2B allows you to let your users access virtual machines by using their company Azure AD credentials.
Azure AD B2B allows you to invite external users to your tenant so that your staff can collaborate with them.
- What does Azure AD Application Proxy do?
You use it to identify applications in your instance of Azure AD.
You use it to add on-premises applications to your instance of Azure AD.
You use it to add Azure AD Gallery applications to your instance of Azure AD.
- Docker Desktop is an app for building and sharing containerized apps and microservices available on which of the following operating systems?
Windows, macOS, and Windows Subsystem for Linux (WSL)
- Which is correct Docker command to rebuild a container image?
- Which of the following sentences describe a container image the best?
A container image is a read-only portable package that contains software and may include an operating system.
A container image is a set of commands that builds a container.
A container image is a read-only portable package that contains software.
- A container is launched using the –publish 80:8080 flag. Which of the following options is the most likely network configured used for the container?
- Which storage option is the best choice that allows the host and container to share a file to manage name server resolution, for example the resolve.conf file on Linux?
- A JSON file is an example of which type of data?
- A video is an example of which type of data?
- Which type of transactional database system would work best for product data?
- Suppose the operations to update inventory and process payments are in the same transaction. A user is attempting to apply store credit for the full amount of an order, and submitted the exact same order (for the full amount) using their phone and laptop at the same time – so two identical orders are received. The database behind the scenes is an ACID-compliant database, what would happen?
Both orders would be processed and use the in-store credit.
One order would be processed and use the in-store credit, and the other order would update the remaining inventory for the items in the basket, but would not complete the order.
One order would be processed and use the in-store credit, and the other order would not be processed.
- Hint: You can download published audit reports and other compliance-related information related to Microsoft’s cloud service from the Service Trust Portal.
- Hint: Role-based access control (RBAC) provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs. RBAC is provided at no additional cost to all Azure subscriber.
- Hint: Azure Policy is a service in Azure that you use to create, assign, and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service-level agreements (SLAs).
- Hint: Azure Service Health is the correct answer, because it provides you with a global view of the health of Azure services. With Azure Status, a component of Azure Service Health, you can get up-to-the-minute information on service availability.
- Hint: You can obtain the details about how Microsoft uses personal data in the Microsoft Privacy Statement.
- Hint: POP3, SMTP, and IMAP are all email protocols.
- Hint: SSH is a network protocol that provides a cryptographic network protocol to operate services securely over an unsecured network.
- Hint: ICMP is a protocol that’s used to send information about the success or failure of any network operation.
- Hint: SNMP is a protocol that’s used to gather and organize information on your IP network.
- Hint: Network standards are designed to ensure that hardware and software made by different vendors work seamlessly together.
- Hint: Hubs offer the simplest form of network. They allow multiple Ethernet-based network-enabled devices to communicate with each other.
- Hint: Hub routing sends all packets to all connected devices. Switch routing sends packets to specific devices.
- Hint:A router is an essential part of your network. A router connects different networks and also connects to the internet.
- Hint: An IPv4 address is made up of four numbers, each separated by a dot. An example is 192.168.0.1.
- Hint: TCP/IP is a suite of communication protocols that allow different networked devices to communicate with each other.
- Hint: Subnets allow your network to be divided into multiple subnetworks.
- Hint: It’s not possible to access a private network from the internet. A private network can access another private network by using network address translation.
- Hint: It’s a hierarchical and decentralized naming system for computers, services, or other resources connected to the internet or a private network.
- Hint: A thin client makes requests of a server, and is incapable of running apps or storing data locally.
- Hint: An application server provides application access to a client.
- Hosts all your web apps and lets users in the network run them and use them in their browser.
- Hint: You can enable it again once you’ve established a VPN tunnel for your connections.
- A proxy server helps you hide details about the requesting client.
- Hint: Log Analytics can help you run complex queries over your log data.
- Hint: Syslog helps you log your events.
- Hint: The three tools offer almost the same set of services. Generally, this is not a factor in deciding which tool is best for your tasks.
- Hint: The portal is a good choice for one-off operations like creating a long-lived storage account. The portal gives you a GUI containing all the storage-account properties and provides tool tips to help you select the right options for your needs.
- Hint: You need both the base PowerShell product and the Az module. The base product gives you the shell itself, a few core commands, and programming constructs like loops, variables, etc. The Az modules adds the cmdlets you need to work with Azure resources.
- Hint: You create a tenant for your organization so that your internal users can be managed by Azure AD.
- Hint: Use an identity security score to see how secure your Azure AD instance is.
- It’s a number between 1 and 223 that indicates how well your organization’s tenants align with each other.
- Hint: Identity Protection helps you configure risk-based conditional access for your applications to protect them from identity-based risks.
- Hint: If your company works with external contractors, those contractors can be invited as guest users. When the work is done, access for those contractors can be revoked.
- Hint: By using Application Proxy in this way, you create secure remote access for your on-premises applications.
- Hint: While Docker Desktop is only available for Windows and macOS. It does support using a Linux command line via Windows Subsystem for Linux (WSL). For more information and set up, see the WSL + Docker documentation.
- Hint: You use the docker build command to rebuild a container image. Once you’ve built an image, the image can’t be changed. The only way to change an image is to create a new image.
- Hint: A container image is an immutable package that contains all the application code, system packages, binaries, libraries, configuration files, and the operating system running in the container. Docker containers running on Linux share the host OS kernel and don’t require a container OS as long as the binary can access the OS kernel directly.
- Hint: The Bridge network configuration is an internal, private network used by the container and isolates the container network from the Docker host network. We use the publish flag to map ports between the container and host ports.
- Hint: A bind mount, like a volume, is stored on the host filesystem at a specific folder location. However, bind mount data is expected to be updated by the host. The resolve.conf contents is expected to change by the host and used by both the container and host.
- Hint: OLTP systems support a large set of users, have quick response times, handle large volumes of data, are highly available, and are great for small or relatively simple transactions.
- Hint: Once the second order determined that the in-store credit has already been used, it would roll back the transaction.