Skip to content

Instantly share code, notes, and snippets.

@chilismaug

chilismaug/az900-retake-kramdoc.md

Last active February 5, 2021 01:12
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save chilismaug/b964c4ef1f1d1f3f8cf8e06860ef46ec to your computer and use it in GitHub Desktop.
Save chilismaug/b964c4ef1f1d1f3f8cf8e06860ef46ec to your computer and use it in GitHub Desktop.
Download ZIP
Raw
az900-retake-kramdoc.md

AZ-900 KRAMFEST TOPICS.

  • Contoso needs to protect their Internet-facing web apps from common attacks. Which Azure service(s) offers out-of-box implementation of Open Web Application Security Project (OWASP) vulnerability rule sets? Choose all that apply?

See "Azure Web Application Firewall (WAF) on Azure Application Gateway" at https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview and "Azure Front Door" at https://docs.microsoft.com/en-us/azure/frontdoor/front-door-application-security [Describe Security, Privacy, Compliance, and Trust]

MS docs: There are two options when applying WAF policies in Azure. WAF with Azure Front Door is a globally distributed, edge security solution. WAF with Application Gateway is a regional, dedicated solution. Uhhh.. ...does that mean Front Door is more expensive?

  • You need to ensure no one (including administrators) can create additional resources in a Azure resource group. What will you do to achieve this objective?

A read-only lock on the resource group will meet the objective. See https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources [Describe Security, Privacy, Compliance, and Trust]

  • You work for a consulting company offering Azure migration services for government entities. Which of the following customers are allowed to use Azure Government? (choose all that apply)

Azure Government customers (US federal, state, and local government or their partners) are subject to validation of eligibility. See "What is Azure Government?" https://docs.microsoft.com/en-us/azure/azure-government/documentation-government-welcome [Describe Security, Privacy, Compliance, and Trust]

  • The Contoso Field Services team is designing an application for monitoring thousands of sensors generating millions of data points daily. Which service can facilitate bi-directional communication with millions of IoT devices?

IoT Hub is a managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. See "What is Azure IoT Hub?" at https://docs.microsoft.com/en-us/azure/iot-hub/about-iot-hub [Describe Core Azure Services]

  • An ______ protects against server rack-level failures.

See "Azure VMs : Availability Sets and Availability Zones" at https://social.technet.microsoft.com/wiki/contents/articles/51828.azure-vms-availability-sets-and-availability-zones.aspx [Describe Core Azure Services]

  • Contoso hosts a non-HTTP(S) mobile app available around the world. They need to ensure users can access the application from any country in the world with minimal latency. Which load balancing options should they use?

See "Overview of load-balancing options in Azure" at https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview [Describe Core Azure Services]

The following table summarizes the Azure load balancing services by these categories:

Service Global/regional Recommended traffic
Azure Front Door Global HTTP(S)
Traffic Manager Global non-HTTP(S) (all protocols)
Application Gateway Regional HTTP(S)
Azure Load Balancer Global (previous was Regional) non-HTTP(S)
  • Contoso's Financial Services developer team work primarily on Windows 10 and MacOS workstations. Which tools can the MacOS users on the team use to manage Azure?

The Azure Portal, Azure CLI, and Azure PowerShell are all accessible on MacOS. See https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-4.5.0 and https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-macos?view=azure-cli-latest [Describe Core Azure Services]

  • Contoso's Security team wants to implement selective use of multi-factor authentication (MFA) based on risk associated with the authentication request. Which service should they implement?

Azure AD Identity Protection allows configuration of automated response in risky authentication scenarios. See "Azure AD Identity Protection" at https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/ [Describe Security, Privacy, Compliance, and Trust]

  • You are the administrator at Tailspin Toys. You have deployed an Azure VM hosting a line-of-business web application. You need to provide access to the application over the Internet via HTTP/S. You add a security rule to the Network Security Group (NSG) to allow inbound traffic. Does this solution meet the requirement?

See "Network security groups" at https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#:~:text=A%20network%20security%20group%20contains,destination%2C%20port%2C%20and%20protocol. [Describe Security, Privacy, Compliance, and Trust]

  • Azure Container Instances enable running containers without host servers to manage

See "What is Azure Container Instances?" at https://docs.microsoft.com/en-us/azure/container-instances/container-instances-overview#linux-and-windows-containers [Describe Core Azure Services]

  • Storage for Azure VMs is hosted in which Azure Storage type?

Disk See "Introduction to the core Azure Storage services" at https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction [Describe Core Azure Services]

  • You can monitor health and performance of microservices applications running on Azure Kubernetes Service (AKS) with:

Currently, only Java lets you enable application monitoring without instrumenting the code. To monitor applications in other languages use the SDKs. See "Zero instrumentation application monitoring for Kubernetes - Azure Monitor Application Insights" at https://docs.microsoft.com/en-us/azure/azure-monitor/app/kubernetes-codeless [Describe Core Azure Services]

  • As part of a hybrid cloud deployment at Contoso, you need to connect Contoso's on-premises datacenter to Azure. The solution you choose should minimize expense during the low-scale pilot deployment. Which option will you choose?

VPN Gateway See "Choose a solution for connecting an on-premises network to Azure" at https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/ [Describe Core Azure Services]

  • Which Azure Storage options replicate data to multiple Azure regions?

Geo-zone-redundant storage (GZRS) and Geo-redundant storage (GRS) See "Azure Storage redundancy" at https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy [Describe Core Azure Services]

  • Contoso Corp wants to develop an artificial intelligence (AI) app that it will host in Azure. The app will accept requests through chat, interpreting requests with natural language processing (NLP). What service in Azure should they use for this solution?

LUIS See "What is Language Understanding (LUIS)?" at https://docs.microsoft.com/en-us/azure/cognitive-services/luis/what-is-luis [Describe Core Azure Services]

  • You are deploying multiple instances of a custom Contoso web application. The application instances share a common management lifecycle, but will be located in different Azure regions. Can you deploy resources across multiple Azure regions in a single resource group?

Yes See "What is Azure Resource Manager?" at https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview [Describe Core Azure Services]

  • Contoso IT has deployed an Azure VM scale set for a frontend web application. They want guidance on configuring the virtual network for these resources. Will the Azure Advisor tool provide recommendations for these existing resources?

No See "Introduction to Azure Advisor" at https://docs.microsoft.com/en-us/azure/advisor/advisor-overview [Describe Azure Pricing, Service Level Agreements, and Lifecycles]

  • Contoso has messages from a variety of sources (many Azure services) that need to be need to be relayed to an application. Which Azure service would be best suited to the task?

Azure Event Grid integrates with several Azure services and enables a reactive application model. See "What is Azure Event Grid?" at https://docs.microsoft.com/en-us/azure/event-grid/overview [Describe Core Azure Services]

  • Azure Kubernetes Service (AKS) supports containers based on which of the following operating systems? (choose all that apply)

Win and Linux As of April 2020, Azure Kubernetes Service also supports Windows Server containers. See https://azure.microsoft.com/en-us/blog/announcing-the-general-availability-of-windows-server-containers-and-private-clusters-for-azure-kubernetes-service/ [Describe Core Azure Services]

  • Contoso's Application Development team has been tasked with building a mobile app that can interact with users using spoken and written language. Which service should they choose?

Azure Cognitive Services are APIs, SDKs, and services available to help developers build intelligent applications without having direct AI or data science skills or knowledge. See "What are Azure Cognitive Services?" at https://docs.microsoft.com/en-us/azure/cognitive-services/welcome [Describe Core Azure Services]

  • Azure Germany is available to:

Azure Germany is available to eligible customers and partners globally who intend to do business in the EU/EFTA, including the United Kingdom. See "Welcome to Azure Germany" at https://docs.microsoft.com/en-us/azure/germany/germany-welcome#:~:text=Azure%20Germany%20is%20available%20to,EFTA%2C%20including%20the%20United%20Kingdom. [Describe Security, Privacy, Compliance, and Trust]

  • The Contoso Security team has implemented a new security policy. When users connect from an unusual location, they must be prompted for MFA. If accessing from an anonymous IP, they should be forced to reset their password. Which feature will you implement?

See "What is Azure Active Directory Identity Protection?" at https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection [Describe Security, Privacy, Compliance, and Trust]

  • The Contoso Security team wants to identify unsanctioned apps that may be responsible for data leakage and unwanted SaaS expenses (aka Shadow IT). What service should they use?

MCAS is the service for identifying unsanctioned apps. See "What is MCAS" at https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security/cloud-app-security and "Govern cloud apps" at https://docs.microsoft.com/en-us/cloud-app-security/governance-discovery [Describe Security, Privacy, Compliance, and Trust]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment