hello and welcome back to the Tech Blackboard once again I'm back with the weekend exam cram on az900 the purpose of this session is to take you through real exam like questions on AZ 900 which will strengthen your learning and test your knowledge and preparations for the exam the entire video is divided into 40 Parts covering 765 questions in 11 hours I know it may sound a little daunting at the first but think it this way 765 questions in 660 minutes so less than a minute for each question can't get faster than this and friends the entire video presents the question in the exact exam like format there are loads of Microsoft documentation as your fundamental concepts exam tips and then I will also give you tricks that will tell you how to pick an answer cross references revision and a lot more to prepare you for the exam but before you start the session I suggest you to use promodoro technique which I also use a lot so break down each of your session into 30 minutes 25 minutes you go through the learning video and then take a five minute break and then you repeat this four times so after two hours you will take a long break of 30 minutes and then once again four repetitions no distractions no mobile alerts just focus take notes and be ready for the exam and whenever you feel like take a sip of coffee or tea keep yourself hydrated with water so are you ready for the session let's begin Microsoft Azure is one of the biggest players in Cloud Technologies and everyone who starts working on Microsoft Azure AC 900 is the stepping stone to enter the fascinating world of Microsoft Azure Cloud Technologies so if you are someone who is preparing for Azure fundamentals or AC 900 exam in 2023 then please do watch this important video you where we will take you through a series of questions and answers that will prepare you to earn your first Azure certificate easy 900 so let's start this new year with a certification in Microsoft Azure as always let's start with knowing some of the basics of AZ 900 exam we will start with the question that everyone must know before trying this exam and that is who should be doing AZ 900 well as per Microsoft this exam is intended for the candidates who are just beginning to work with the cloud-based Solutions and services or are new to Azure so AZ 900 helps you prove your knowledge of cloud computing Concepts models and services such as public Cloud private cloud and hybrid cloud in addition to this you will also learn about infrastructure as a service platform as a service and software as a service furthermore this this exam will help you show your expertise on how Azure supports security privacy compliance and Trust now let's move ahead and check out some of the common statistics on AZ 900 beginning with the exam name well the official exam name from Microsoft is exam easy 900 Microsoft Azure fundamentals now coming to the prerequisite well it is none basically it means that you don't have to have any price certification in order to be eligible for easy 900 moving ahead with the cost well it is 99 US dollars but please be aware the cost totally depends on which country you are trying to do this easy 900 for example in case you are from India it will cost you 3696 Indian rupees now let's talk about the passing score well you have to score at least 700 out of 1000 and then we have exam duration a total of 65 minutes now you can see I have given a breakage of 45 plus 20 well out of of these 65 minutes 45 minutes is the actual exam duration and approx 20 minutes is the seat time for other activities let me explain further according to Microsoft exam duration refers to the amount of time that you have to complete the exam see time refers to the amount of time that you should allocate for the exam the seat time includes the time needed to review the instructions read and accept NDA complete the exam questions and provides comments after completing it if you choose to do so friends as per my experience you should join the exam a little earlier like 10 minutes before the actual exam starts see there could be a survey about the exam and most importantly when you are using Pearson VUE option or in other words you are giving an online exam let's say from your home then there will be also some time needed when the Proctor will check your room or facility over the webcam to check if you are not using any unfair means or breaching the exam policy so my suggestion is that you keep your room empty your desk should be clean no one should be present in the room and of course no mobiles any breach of these policies will lead to the exam termination at any time now coming to the type of questions so there will be multiple choice questions or also known as McQ Mark reviews short answer true or false match the correct options and drag and drop we will cover all these types of questions in this series and one thing I can assure that you will be well prepared to take easy 900 post this series so please do not miss to subscribe to the channel and press that Bell icon and Friends during the exam you will get approximately 30 to 60 Questions and the languages available for this exam are English Japanese Chinese simplified Korean Spanish German French Indonesian Arabic Chinese traditional Italian Portuguese and Russian coming to the retirement date well they there is no retirement date this means once you have this certificate well you have it it's not going to expire or you don't have to renew it once they're always there moving on with the most important section and that is skills measured so now Microsoft has kept three major skills actually previously they were born but now they have fused many of them together reducing them just to three which I think is a right step as it has removed some of the ambiguity that was there in the previous slippers content anyways the first skill measured is describe Cloud Concepts and this will actually constitute around 25 to 30 percent of the total exam questions so Concepts like infrastructure as a service platform as a service software as a service kpex versus Opex public Cloud private Cloud hybrid Cloud these are the concepts based on which you will get the questions from this skill measure and the next skill measured is described as your architecture and services and this constitute around 35 to 40 percent and from this section you should expect questions from basic Azure architecture what are the services available like compute Services storage Services monitoring Services Etc then the third skill measured is described Azure management and governance and this is around 30 to 35 percent of the total exam questions under this section you should expect questions from what are the management and monitoring tools available in Azure and then questions based on different governance tool and how you will comply with government policies all these three skills measured are mandatory nothing is optional so please be prepared to master each of them I really hope that this introduction session has been helpful to gain some insights to help you better prepare for easy 900 so let's begin with this very interesting but equally confusing question for many of the viewers here come comes the question number one it says that which of the following is a correct statement your options are private Cloud equals to public Cloud plus hybrid Cloud the second option is public cloud is equal to hybrid plus private cloud and the third option is hybrid cloud is equal to private Cloud plus public cloud in our previous series on AZ 900 many of the viewers were really confused on this concept so let me explain this concept a little bit further so here comes the definition of private Cloud the private cloud is where the Computing Services are offered to the users over the Internet or a private internal Network moving towards the public Cloud public Cloud our own and operated by third party cloud service providers like Azure AWS or gcp so what is hybrid then hybrid as the name suggests is a combination of public cloud and the private Cloud a hybrid Cloud typically Exchange a connection from an on-premises data center to a public cloud and that's why my friends the correct answer for this question is option C hybrid cloud is a combination of private Cloud plus public Cloud now let's check out what Microsoft has to say about private Cloud public cloud and hybrid Cloud starting with private Cloud Microsoft says that a private Cloud consists of cloud computing resources used extensively by one business or organization the private Cloud can be physically located at your organization's on-site data center or it can be hosted by a third-party service provider but in case of private Cloud the services and the infrastructure are always maintained on a private Network and the hardware and the software are dedicated solely to your organization so I hope you understood private Cloud means data centers are on premises they can you also hosted by third party service providers but the Crux is that the hardware and the software both are solely dedicated to your organization so what are the advantages of private Cloud well it offers more flexibility more control and more scalability now let's understand what is public Cloud so public Cloud are most common type of cloud computing deployment the cloud resources like servers and storages are owned and operated by third-party cloud service provider and are delivered over the Internet with a public Cloud all Hardware software and other Computing infrastructure are owned and managed by cloud provider Microsoft Azure is an example of public Cloud what are the other examples well AWS and gcp and what are the advantages of a public Cloud well it offers low cost no maintenance and near unlimited scalability and also offers higher reliability so what is a hybrid Cloud let's check out that so here Microsoft says that a hybrid cloud is a type of cloud computing that combines on premises infrastructure or a private cloud with public Cloud hybrid Cloud allows data and apps to move between two environments so here you can see that the hybrid Cloud essentially is a combination of public cloud and private Cloud so why organizations choose hybrid Cloud well organizations choose a hybrid Cloud approach due to the business imperatives such as meeting Regulatory and data sognity requirements taking full advantage of on-premises Technology investment or addressing low latency issues and what are the benefits of the same well hybrid Cloud offers you more control flexibility cost Effectiveness and ease I hope you understand this very important concept of private Cloud public cloud and hybrid Cloud a lot of question in easy 900 comes around these Concepts so please read this documentation the link is right there in the description box coming to the second question the question says that which of the following describes a benefit of cloud services your options are economics of scale fixed workloads and the third one is unpredictable cost the correct answer for this question is option A economics of scale the reason is that economics of scale is the ability to do the things more cheaply and more efficiently when operating at Large Scale in comparison to operating at a smaller scale what this means is that the cloud providers such as Microsoft Google or Amazon are large-scale businesses and are able to leverage the benefits of scale and then pass on those benefits to their customer let me take example of the ability to acquire Hardware at lower cost so because these companies acquire the hardware at a massive scale and due to this massive acquisition they get a lot of discount and then they can pass on these discount or cheaper cost to their customers which is not possible for a single user or let's say a small scale business so that's why economics of scale is a big benefit of cloud services moving on to the question number three here we have that when you implement a SAS which is software as a service solution you are responsible for which of the following responsibilities your options are installing patches on operating system configure High availability configuring SAS solution and the last option is install SAS solution and the correct answer for this question is option C configuring the SAS solution now you may ask why this is a correct answer so let me give you an example I am pretty sure that almost every one of you watching this video must have used some kind of email services for example Gmail Outlook or any other for that matter let's pick Gmail for now so why using Gmail have you ever installed any patches on the operating system in fact I'm sure that you would not have ever bothered about the operating system itself similarly using Gmail we have never thought about how to ensure High availability or installing Gmail it is already there for us and we use it over internet the only thing we are bothered about is to configure the Gmail in the manner that we want the templates the settings and then use it to our convenience and friends just to make a point here that these email services such as Outlook Hotmail Gmail all these comes under SAS solution friends just to help you study further and deeply understand the cloud Concepts I suggest you to watch this video series where I have explained all the cloud Concepts in quite detail fundamental concepts like what is cloud how it works books virtual machines infrastructure as a service platform as a service and software as a service besides that I have also explained public Cloud private cloud and hybrid cloud and a lot more Azure Concepts this series is fully updated and synced with the Microsoft syllabus and both provide a solid ground up learning to you on Microsoft Azure in 2023 so please do watch this series links are given in the I button on the top right corner description box and in the pin comment and before we move ahead I want to say that friends your advice on the current content and what you want to see in the upcoming episodes truly Powers The Tech Blackboard channel so please reach us in the YouTube comment section on Instagram Facebook Twitter or you can even write to us at connectors at the rate the techblackboard.com and now comes our question number four the question says that which of the following refers to the sprinting upfront and then deducting that expenses over the time your options are capital expenditure operational expenditure and the third one is supply and demand and the correct answer for this question is option a capital expenditure and Friends capital expenditure and operational expenditure are two most important and fundamental concepts in Microsoft Azure in fact they are very important from the exam perspective as well and you will get handful of questions based on them so let's first understand this concept better and then we will do some questions based on this so here my friends on this slide I have captured the main differences between capital expenditure and operating expenditure starting with the capital expenditure so capital expenditure also known as kpax is spending of money on the physical infrastructure upfront and deducting that expenses from your tax bill over the time on the other hand the operational expenditure is spending money on services or products now now and then being built for them now you can detect this expense from your tax bill in the safe year moving on capital expenditure is a upfront cost which has a value that reduces over the time and usually has no recurring cost then on the other hand Opex well there is no upfront cost but that has a recurring cost so a major decisive difference between capital expenditure and operational or operating expenditure is that capital expenditure is upfront cost while the operating expenditure is recurring cost moving on Capital expenditures are major purchases a company makes that are designed to be used over a long term on the other hand operating expenditure are day-to-day expenses a company incurs to keep its business operational and now let's check out some examples of capital expenditure that includes physical assets such as buildings equipments machinery and vehicles and for the operating expenditure we have employee salaries rent utilities property taxes and cost of goods sold one more example deploying your own data centers and Azure Reserve virtual machine instances are few example of capex pricing model very important exam tip here Azure reserved virtual machines are not categorized as operating expenditure they are capital expenditures sometimes there can be a question on this because normally Cloud Solutions are more associated with the operating expenditure so in case in exam there is a question around Microsoft Azure reserved virtual machine then you must select capital expenditure and not operating expenditure and moving on one more example of operating expenditure is azure virtual machines so I hope you understood the concept of capital expenditure and operating expenditure and once again I'm reminding you that capital expenditure is also called kpax while operational expenditure or operating expenditure are also called Opex now here comes question number five from the choices below what is one advantage of moving your infrastructure to Azure your options are the move reduces capital expenditure or capex the move reduces operational expenditure or Opex and the third one is the move allows for complete control of infrastructure resources and the correct answer is that this move of moving towards Azure reduces capital expenditure moving on with the question number six it says that the data center infrastructure server Cost Storage cost Network cost backup and archive cost business continuity and Disaster Recovery cost technical personal cost are example of which type your options are capital expenditure and operational expenditure and the correct answer for this one is option a capital expenditure moving on with the question number 7 which is a true false kind of question here it says that the capital expenditure is The Upfront spending of money on the physical infrastructure and then deducting that upfront expense over the time and the correct answer is that this is a true statement let's move on to the question number eight the question says that operational expenditure is spending money on services or products now and being built for them now whether it's a true statement or it's a false statement this is a true statement now let's jump on to the question number nine it says that Azure virtual machine instances are example of capex pricing model the correct answer is that this is a true statement now let's move on to the question number 10 it says which of the following terms referred to making a service available with no downtime for a extended period of time your options are agility fault tolerance or high availability the correct answer for this question is High availability now because all these terms are very important from the easy 900 exam perspective let me give you a brief about all of them so agility is the ability to quickly develop test and launch applications in a cloud-based environment while fault tolerance is the ability of a system to continue to function in the event of a failure of some of its components and then we have high availability which is the correct answer for this question it actually means to keep Services up and running for long periods of time with little downtime depending upon the service in question we are going to cover a lot of questions on all these Concepts in the upcoming Parts moving on with the question number 11 the question says that which Cloud Model provides the greatest degree of ownership and control your options are hybrid Cloud private cloud or public cloud and the correct answer is option b private Cloud so in private Cloud as I mentioned in the previous questions as well all the services and infrastructure are owned by the companies itself so that's why it provides the greatest degree of ownership and control moving on the question number 12 says that which Cloud Model provides the greatest degree of flexibility now friends please observe the difference between question number 11 and question number 12. in question number 11 we were talking about the greatest degree of ownership and control while in the question number 12 we are talking about the greatest degree of flexibility so there is a difference between both of these and the options given for this question is hybrid Cloud private cloud and public cloud and the correct answer is option a hybrid Cloud so once again my friends as I explained in the question number one as well hybrid Cloud Model provides the greatest flexibility as you have the option to choose either between public cloud and private Cloud now let's move on to the question number 13 it says which of the following describes a public Cloud your options are is owned and operated by the organization that uses the resources from the cloud or the option b is let organizations run applications in the cloud or on premises the third option is provides resources and services to multiple organizations and users who can connect through a secure network connection and of course the correct answer is option C so friends please understand in case of public Cloud there are shared resources so multiple organizations and users consumes these resources over a secure network connection or Internet moving on with the question number 14 it says you have Legacy applications that require specialized Mainframe hardware and you have newer shared applications which Cloud deployment model would be best for you your options are hybrid Cloud private cloud or public cloud and the correct answer is option a hybrid Cloud so hybrid cloud is a combination of public and private Cloud so basically you can run your newer shared applications on the commodity Hardware that you rent from the public cloud and at the same time you can maintain your specialized Mainframe Hardware on the on-premises data centers let's move on to the question number 15 it says Microsoft Office 365 is an example of infrastructure as a service or platform as a service and the third option is software as a service the correct answer is that Microsoft 365 is an example of software as a service now let's move on to the question number 16 it says which of the following describes platform as a service your options are users are responsible for purchasing installing configuring and managing their own software including operating system build aware and applications option b is users create and deploy applications quick quickly without having to worry about managing the underlying infrastructure the third option is users pay an annual or monthly subscription and the correct answer is option b users create and deploy applications quickly without having to worry about managing and underlying infrastructure now let's move on to the question number 17 it says that which of the following requires the most user management of cloud services and your options are infrastructure as a service or IAS platform as a service or pass or software as a service SAS and the correct answer is infrastructure as a service coming up next is question number 18 it says that you are developing an application and want to focus on building testing and deploying you don't want to worry about managing the underlying Hardware or software which cloud service type is best for you your options are infrastructure as a service platform as a service and software as a service and the correct answer is option B platform as a service so platform as a service is the best choice here because the past service handled the it management task for you so that you can focus on building testing and deployment while the other hardware and software related issues are taken care by the service provider such as Microsoft Azure now let's move on to the question number 19 it says in which type of cloud model are all Hardware resources owned by the third party and shared between multiple tenants your options are hybrid Cloud private cloud or public cloud and clearly the answer is public Cloud so friends Microsoft Azure Amazon AWS or Google GCB are the examples of public cloud services so all these third-party service providers own all the hardware resources and that's why public cloud is the correct answer and now let's move on to the question number 20 it says that you are running a virtual machine in Azure Cloud which model reflects how the resources are managed your options are user responsibility model the second option is azure responsibility model and the third option is share responsibility model the correct answer for this question is option C shared responsibility model now friends to understand share responsibility model you must first understand IAS or infrastructure as a service platform as a service and software as a service and for that you must watch part 3 of azure fundamental course for deep understanding on all these fundamentals so here my friends you can see that in Azure cloud or any other Cloud for that matter we have infrastructure as a service platform as a service and software as a service also you can see that all these service models are compared with on-premises so you can see that we have different layers when it comes to how we build a data centers we have storage we have network servers virtualization operating system on top of that we also have middleware runtime data and application in case of on-premises the responsibility of all these layers are lying with you or your company or the Enterprise however as we move deeper into the cloud starting with iaas or infrastructure as a service here you can see that the lowest four levels are the lowest four layers are now managed by Microsoft Azure while the above five layers which includes operating system middleware runtime data and applications are now managed by you or the Enterprise and in case you take one step deeper into the cloud and reach to platform as a service now you only have to manage data and application further ahead we have SAS and in SAS mostly all the things are managed by the Microsoft Azure or the other Cloud providers mostly in these kind of cases you just use the service or you just manage some of the settings for the service I gave you the example of Gmail just a while back so Gmail is also a very good example of software as a service to cut the long story short you can see that in case of azure cloud or any other Cloud the responsibility to manage all these resources layer are divided between you and the Microsoft Azure and this division of responsibility is also known as shared responsibility model so friends these were the first set of 20 questions on easy 900 things are just getting warm up in the next subsequent parts we will level up our questions and meanwhile I suggest you to please go through the fundamental series and build upon Azure Concepts so please consider subscribing to the channel and press that Bell icon as we bring a lot of quality content on Azure learning in this video we are going to cover 20 latest questions on AZ 900 all questions covered in this video series are recently updated in 2023 and today's episode I would like to open with the correction in question number 14 that we discussed in part two let's read the question the question says that you have Legacy applications that require specialized Mainframe hardware and you have newer shared applications which Cloud deployment model would be best for you your options are hybrid Cloud private cloud and public cloud in the last part we pick the answer as hybrid Cloud please note this is an incorrect answer the correct answer to this question is option b private Cloud the reason is very simple that in the question it is clearly mentioned that we have a requirement for specialized Mainframe Hardware so friends in case you have these kind of special Hardware requirements you should always go for the private Cloud the reason is that in case of private Cloud you have more control over the hardware while in case of public Cloud for example you have Azure AWS or gcp in these cases you are more relying on the hardware that is provided by your cloud provider so that's why private cloud is the correct answer and friends I request all of you to please reach out to us in case you find any answer is not correct I promise you we will re-analyze the same and bring the correct ones in the subsequent parts and for this one I would like to thanks Luigi's MBT for pointing this out and now let's jump to the very first question of part three question number 21 and this is a question that confuses lot of AZ 900 exam takers but this is an important question not just from the exam point of view but also important for your actual working on Azure Cloud so let's read question number 21 it says an Azure administrator plans to run a Powershell script that creates Azure resources you need to recommend which computer configuration to use to run the script the solution given is run the script from a computer that runs Linux and has Azure CLI tools installed does this meet the goal now friends I have five variations of this question including this one let's read all of them and let's check out what are the different solutions given in all these questions and then I will give you all the correct answers and also summarize everything for you so here comes the second variation of the same question exactly the same question but the solution is different the solution this time says that run the script from a computer that runs Chrome operating system and uses Azure Cloud shell does this meet the goal now let's check out the third variation and this time the solution given is run the script from a computer that runs Mac OS and has Powershell core 6.0 installed does this meet the goal and the growth variation is in question number 24 it's says that you have bash in Azure Cloud shell does this meet the goal and now let's check out the fifth and the last variation of this question in this question the solution given is you use a computer that runs Windows 10 and has Azure Powershell module installed does this meet the goal now let me give you the answers of all these five questions I will also give you Microsoft documentation to prove our answer and also to do the self-study so once again I'm back on the question number 21 the correct answer for the question number 21 is no which means that you cannot run a Powershell script that creates Azure resources from a computer that runs Linux and has Azure CLI tools installed coming to the question number 22 the correct answer for this question is yes so this is the correct combination of operating system and the tools installed to run the Powershell script coming to the question number 23 the correct answer is no so you cannot run a Powershell script that creates Azure resources in case you have a Mac OS with a Powershell core 6.0 installed and friends I know this is a very controversial question I have seen lot of variations to the answer for this question we will surely understand this in a little bit more detail but let's check out the answer for the remaining two questions and the correct answer for question number 24 is yes so this also is a correct combination and now for the last variation of this question the correct answer for the question number 25 is yes now let me summarize the answers for all these five questions I will also give you my logic behind choosing these answers and then we will see some of the Microsoft documentation so here comes the summary for the question number 21 to question number 25 so you can read the question once again here in the question number 21 we were given with the solution that says run the script from a computer that runs Linux and has Azure CLI tools installed for this we chose false as an answer and the reason is that with Azure CLI you do not execute Powershell script and then for the question number 22 we chose true as the answer and the reason is that from a browser you can connect to Azure portal and execute Azure Powershell CM delete or commandlets and then for the question number 23 we chose false as the answer and the reason is that you need to have Azure Powershell module Powershell core 6.0 only is not enough now let me show you some documentation for this Powershell code 6.0 so friends I did a lot of research on this question there is a ton of confusion on this question all around internet so during my research I found this documentation from Microsoft it says Powershell core 6.0 generally available and supported you can very well notice it's an old documentation from 2018 so here you can read that Powershell core 6.0 is a new edition of Powershell that is cross platform so basically it's compatible with Windows Mac OS and Linux operating system so I went through this documentation then I also checked this documentation here which says what's new in Powershell core 6.0 you can see this documentation is now from 2020 all about Powershell core 6.0 is given here as well but in none of the documentation I could find commands that can run Azure Powershell and then I did a little bit more research come across this documentation here which says installing Powershell on Mac OS and friends this is a very latest documentation you can note this is from January 2023 and this documentation gives you a clear note here you can read that Powershell 7.3 is an In-Place upgrade that removes previous versions of Powershell and friends my research did not stop him I also have this documentation this documentation also revolves around Powershell you can read a lot about Powershell one more documentation I want to show you is this one which says quick start for Powershell in Azure Cloud shell finally I have one more documentation this one which says install Azure AZ Powershell module here also in this documentation you can see a clear recommendation from Microsoft which says that Powershell 7.0.6 LT is Powershell 7.1.3 or higher is the recommended version of partial for use with Azure easy Powershell module on all platforms to cut the long story short you can see everywhere Microsoft is recommending you not to use Azure Powershell core 6.0 but to move towards Powershell 7 or higher versions and that's the reason my friends I have chosen false for this question okay so now let me give you the quick logic behind question number 24 and 25 so for the question number 24 we pick true as the answer and the reason is that Azure Cloud shell can be used for both bash or Powershell either own Android phone or laptop coming to the last question we have true as the answer the reason is that you have Powershell and the module to create Azure resources so basically we already have Azure Powershell module installed on Windows 10 and this combination is fully equipped to run Powershell script that creates Azure resources so hopefully this research will help you understand all the answers in a better way all the links based on which I did my research are available in the description box I would highly recommend you to do some research on your own and in case you find another version of this question or maybe you disagree with any of the answers that I have picked please share your thoughts in the comment section below and I would be really happy to discuss it further and friends in case you want a free PDF file containing all the questions that we have discussed in part two and this part 3 you need to give me the correct answers for the question number three question number six question number 26 question number 32 and question number 40 share your answers in the comment section below and then you can get your own free PDF file now coming to the question number 26 question says that your company hosts an accounting application named app one that is used by all the customers of the company app one has a low usage during the first three weeks of each month and a very high usage during the last week of each month which benefit of azure cloud services support cost management for this type of usage pattern your options are high availability High latency elasticity and the last option is load balancing the correct answer for this question is option C elasticity so friends elastic Computing is the ability to quickly expand or decrease computer processing memory storage resources to beat the changing demand without worrying about the capacity planning and Engineering for the peak usage so in simple words elasticity is the ability where you can can increase or decrease the Computer Resources based on the demand and this increase and decrease of Computer Resources is done to reduce the cost now let's move on to the question number 27 it says that you plan to deploy several Azure virtual machines you need to control the ports that devices on the internet can use to access virtual machines what should you use and the options given are a network security group also known as NSG then we have an Azure active directory the third option is Network Gateway and the fourth option is azure keyboard the correct answer for this question is option A a network security group so friends read this question very carefully and understand this question is asking us to filter out the network traffic to and from the Azure virtual machines and the best way to do is NSG or Network Security Group which is our option number Aim so this is the Microsoft documentation which says how Network Security Group filter the net Network traffic and here you can read that you can use an Azure Network Security Group to filter out Network traffic to and from Azure resources in an Azure virtual Network a network security group contains security rules that allow or deny inbound traffic to or the outbound traffic from several types of azure resources for each rule you can specify source and destination port and protocol please note port and protocol and also you can specify source and destination now let me show you interesting image given here here you can see that we have a virtual Network we are also given with some subnet we have subnet 1 subnet2 and subnet 3. all these subnets contain virtual machines like virtual machine one two three and four and then you can see that all of these virtual machines are also containing Nic which is network interface card and then on top of these Nic cards we have NSG network security group and these NSG help us to filter out the traffic we can also see a TCP Port 80 here and this is open internet now friends let me give you quick details of all the services that we are seeing in this question all the services are very important so let me give you one liner for each so here you can see that you can use Azure Network Security Group to filter out traffic between Azure resources in an Azure virtual Network and then we have Azure ready or Azure active directory which is a cloud-based identity and access management service and this service helps your employees access external resources such as Microsoft 365 Azure portal and thousands of other SAS applications and then we have Azure Network Gateway so Azure VPN Gateway connects your on-premises networks to Azure through site to site VPN in a similar way that you set up and connect to a remote branch office and finally the Azure keyboard so basically this is a cloud service that provides a secure store for your secrets you can securely store Keys passwords certificates and other secrets so hopefully this quick introduction will help you understand these Services better you can always read Microsoft documentation and there will be lot of questions on these Services as well in the subsequent Parts moving on with the question number 28 it says that your Azure environment contains multiple Azure virtual machines you need to ensure that a virtual machine named vm1 is accessible from the internet over HTTP the solution given is you modify a network security group does this meet the goal and friends I have three more variations of this question as well so let me show you all of them the question number 29 exactly the same question however the solution given here is that you modify a DDOS protection plan does this meet the goal coming to the question number 13 exactly the same question once again however the answer is that you modify and azure firewall does this meet the goal and now let's check out the final version of this question the solution this time is that you modify an Azure traffic manager profile does this beat the goal so let's very quickly check the answers for all the four variations and then I will summarize everything for you so the answer for question number 28 is yes the answer for question number 29 is no and then moving on to the question number 30 this time we have a no and in case of 31 as well we have a no and now it's time that we summarize all the questions from question number 28 till question number 31 for the question number 28 NSG was given as the solution we pick true here the reason is that you can use NSG to filter out the network traffic between Azure resources in an Azure virtual Network I just show you the documentation on NSG please go back and read that documentation for more detail and then in the question number 29 tdos protection plan was given as the solution here we picked false and this is because DDOS is a form of attack on a network resource DDOS protection plan is used to protect against DDOS attacks and that's why it has nothing to do with accessibility of virtual machine over HTTP and then in the question number 30 the solution given was Azure firewall we picked false the reason is that Azure firewall is a cloud native and intelligent Network firewall security service that provides the best of the breed threat protection for your Cloud workloads running in Azure so Azure firewall also does not fit the ask of the question moving on with the question number 31 the solution given was to modify an Azure traffic manager here also we picked false as the answer the reason is that Azure traffic manager is a dns-based load balancing solution this also has nothing to do with assessing of virtual machine over HTTP I hope friends that these kind of summaries will really help you to prepare for easy 900 you can keep the screenshots of all these summaries so that you have all the variations of these kind of questions in one place now let's move on to the question number 32 it says an organization that holds its infrastructure in a private Cloud can close its data center now in this question you can read the instruction that review the underlying text here you can see that we have a underlined text if it makes a statement correct then you have to select no change needed you can see here that we have First Option given as no change needed but in case you think that this underline text makes this entire statement incorrect in that case you have to choose either of the other three options left and the other three options are option B is in a hybrid Cloud option C is in the public cloud and then we have on a hyper-v host and the correct answer for this question is option C in the public Cloud so basically what we are saying is that this statement or this underlying text is incorrect and we have to replace this text with in the public cloud and this will make the correct statement as an organization that hosts its infrastructure in the public Cloud can close its data center so let me give you a quick distinction between private cloud and public Cloud so a private cloud is hosted in your own data center therefore you cannot close your data center if you are using private Cloud on the other hand public cloud is hosted externally for example Microsoft Azure an organization that hosts its infrastructure in public Cloud can close its data center moving on with the question number 33 we have what are the two characteristics of public Cloud each correct answer presents a complete solution and you have a node which says each correct selection is worth one point the options given are a dedicated Hardware unsecured connection limited storage beated pricing and the last option is cell service management and please note my friends that we have to pick two characteristics so that means we have two correct answers here and the current answers are option D and option e okay so now let me explain why we have chosen these two as the answer with public Cloud basically you get paid as you go pricing so you pay only for what you use there is no capital expenditure and that's why we have mated pricing now coming to the self-service management well in the public Cloud you are responsible for the deployment and configuration of the cloud resources such as virtual machines storage or maybe even website so let's say in case of Microsoft Azure you want to spin a virtual machine then simply you would go to the Azure portal spin a virtual machine for yourself you do not need to raise a ticket for that or you do not need to connect to a help desk from Microsoft Azure go to the Azure portal and create your virtual machine but friends here I want to highlight a very important point so please understand Azure portal is not the only way to create resources in Azure you can also use Json file as your Cloud shell Powershell bash Etc so Azure gives you a lot of flexibility when it comes to creation of resources and now comes our question number 34 it says that you can create group policies in Azure active directory and you have to tell whether it's a true statement or it's a false statement and this one my friends is a false statement so let me try to explain group policies are part of azure active directory domain services and then Azure active directory domain Services is part of azure intro now and that you can also read here it says that Azure active directory domain Services part of Microsoft intra enables you to manage domain services such as Windows domain join group policies we also have ldap and carbos authentication without having to deploy manage and Patch domain controllers so I'm sure you have noticed that group policies are part of azure active directory domain services and not Azure active directory and just as a side note how many of you know when was the Microsoft intro added in the course of AC 900 well it was not very long back it was officially announced on 28th of October 2022. I have created a detailed video on that you can find that video in our YouTube channel also friends please note that I will cover some quick questions on Azure active directory domain services in the next part so please make sure to join In And subscribe to the channel now here comes the question number 35 it says that you can join Windows 10 devices to Azure active directory you have to tell whether it's a true statement or a false statement so here we have Microsoft documentation on Azure 80 joint devices here in this table you can clearly see operating systems on Windows 11 and Windows 10 devices except home editions So based on that documentation from Microsoft we can clearly say that we can surely join Windows 10 devices to Azure active directory and now here comes our question number 36 it says that you can join Android devices to Azure active directory once again you have to tell whether it's a true statement or a false statement and this one my friends is a false statement you can refer the same documentation that I just showed you to validate this answer as well coming up now is question number 37 it says that your company plans to migrate all its data and resources to Azure the company's migration plan states that only platform as a service or past Solutions must be used in Azure you need to deploy an Azure environment that meets companies migrate Asian plan the solution given here is that you create an Azure app service and Azure SQL databases does this meet the goal the correct answer my friends is yes and this is because both Azure app service and Azure SQL database are example of platform as a service or past solution and friends once again Microsoft can fit in lot of services in this kind of questions so there are lot of variations that can be created for these kind of questions let me show you all of them so here comes question number 38 question is exactly the same however the solution is that you create an Azure app service and Azure virtual machine that have Microsoft SQL Server installed does this meet the goal and this time my friends the correct answer is no and the reason is that though app service is a past solution but on the other hand Microsoft Azure virtual machine is Ias or infrastructure as a service and that's why the entire solution cannot not be considered as platform as a service and here comes one more variation question number 39 the solution this time is that you create an Azure app service and Azure storage account and once again my friends it's a no because app service once again it's a platform as a service but Azure storage account is Ias or infrastructure as a service so therefore this entire solution will not fit as platform as a service so as I said there can be lot of variations of these kind of questions Microsoft can present lot of new services so in case you have other versions of this question and you want to discuss with us do let us know in the comment section now let me show you one more variation but in a different format so here comes question number 40 it says that your company plans to migrate all its data and resources to Azure the company migration plan states that only platform as a service solution must be used in Azure and you need to deploy an Azure environment that meets companies migration plan and what should you create your options are an Azure virtual machines Azure SQL database and Azure storage accounts the second option is an Azure app service and Azure virtual machines that have Microsoft SQL Server installed the third option is an Azure app service and Azure SQL databases and the fourth one is an Azure storage accounts and web server in Azure virtual machines and once again the option C is the correct answer and Azure app service and Azure SQL databases and here I want to share a quick tip friends always remember that in these kind of questions firstly you must understand whether the question is asking about pass or SAS which is software as a service or IAS which is infrastructure as a service and then with that understanding always check all the services that are given in the option all those Services should fit in the migration plan so if the company wants to move towards platform as a service all the services should be platform as service and similarly for software as a service and infrastructure as a service so these were 20 questions for today in the next episodes I will come up with more exciting questions 20 latest questions on AC 900 exam coming up in this video hello and welcome back to the Tech Blackboard in the last episode we discussed about Azure active directory domain services and I promise to bring more questions on the same so let's have a quick overview of this important Azure service and then we will get back and see some questions based on this starting with the definition for the same here we can see that Azure active directory domain Services part of intra enables you to use manage domain services such as Windows domain join group policies ldap and carpros authentication without having to deploy manage and Patch domain controllers so what exactly can you do with this service let's check it out in the features section so here we can see Azure adts enables you to access manage domain services such as Windows domain join group policy ldap and carbos authentication it also gives you the ability to join Azure virtual machines to a managed domain without the domain controllers also it provides simple sign-in to apps connected to the management domain with Azure ad credentials and then we have lift and shift migration of Legacy applications from your own premises environment to a managed domain now let's check out some questions based on the information that we just gathered from the Microsoft documentation so here comes the question number 41 the question says that is azure active directory domain Services part of Microsoft intra you have to tell whether it's a true statement or it's a false statement and we have just seen that this one is a true statement Microsoft active directory domain Services is surely a part of Microsoft intro moving on with the question number 42 we have you can create multiple managed domains for a single azure ad directory so whether it's a true statement or a false statement and this one my friends is a false statement and why so because you can create a single manage domain serviced by Azure ad domain services for a single Azure ad directory so basically you cannot have multiple managed domains for a single Azure ad directory moving on with the question number 43 it says you can enable Azure adts in an Azure resource manager virtual Network it's a true or a false statement so this my friends is a true statement and this is because Azure ad domain Services can be enabled in an Azure resource manager virtual Network and please note that classic Azure virtual networks are no longer available when you create a managed domain now let's move on with the question number 44 it says that you can always invite guest user in your directory to use Azure adts so is this a true statement or a false statement and this one also is a false statement and this is because guest users invite it to your Azure 80 directory using the Azure ad B2B invite process are synchronized to your Azure ad domain Services managed domain however as the passwords for these users are not stored in your Azure ID directory Azure ad domain Services has no way to synchronize ntlm and carbos hashes for these users to your manage domain so basically they cannot sign in or join computers to your managed domain now let's move on to the question number 45 it says that you can pause an Azure adts manage domain is it a true or a false statement and this one my friends is a false statement so basically once you have enabled Azure 80 domain Services manage domain the service is available within your selected virtual Network until you delete the manage domain there is no way to pause this service billing continuous on an hourly basis until you delete the managed domain coming to the question number 46 it says Azure adts includes High availability options is it a true or a false statement and in case you guessed true then congratulations this is the right answer so please understand each Azure ad domain Services manage domain includes two domain controllers and most importantly you don't have to manage or connect these domain controllers they are part of manage service so if you deploy Azure 80 domain Services into a region that supports availability Zone The Domain controllers are distributed across the zones and that's why we say that Azure adds includes High availability options I hope this round of quick questions on Azure ad domain services will help you understand this very important Azure service in case you have any question on this service do let me know in the comment section and now my friends I have a similar question to what we saw in the question number 21 to 25 in the last episode three so let's read the question it says that you have an Azure environment you need to create a new Azure virtual machine from a tablet that runs the Android operating system what are the three possible solution each correct answer presents a complete solution and you should note that each correct selection is worth one point so what are the options available the first one is use bash in Azure Cloud shell the second one is use Powershell in Azure Cloud shell the third one is use powerapps portal and then we have use security and compliance admin Center and the last one is use Azure portal and now let me tell you the correct answers it's option a option b and option e friends please make a note in the previous part 3 I took five more similar questions all the questions are very important for easy 900 exam I explained in detail all these options we also saw and discussed various other options that come in a similar kind of questions and trust me a lot of easy 900 exam takers do a lot of mistakes in these kind of questions losing precious marks so I strongly recommend you to watch question number 21 to 25 of part 3. links to all the previous parts are available in the description box so friends due to the importance of these questions and the chaos and confusion around these questions over the Internet that's the exact idea why I bring many variations and format of these kind of questions or concepts and this is to prepare you for the exam because Microsoft keep making small changes and variations in the question so they basically trick you and try to judge you for the actual knowledge but once you understand the code concept you will never be stuck in the exam clear Concepts will not only only help you during the exam but they will go a long way in making you a better Cloud professional and now let's move on to the question number 48 it says that you plan to migrate a web application to Azure the web application is accessed by the external users you need to recommend a cloud deployment solution to minimize the amount of administrative effort used to manage web application what should you include in the recommendation your options are software as a service platform as a service infrastructure as a service and database as a service and the correct answer for this question is option B platform as a service now you may be wondering why I have selected pass as the answer to this question well if you see the question it says web application now in Azure web application mobile application all these are connected to Azure app service and what is azure app service will Azure app service is a platform as a service offering that lets you create web application and mobile application for any platform or device and connect data anywhere in the cloud or on premises also Azure app Services include the web and mobile capabilities that were previously delivered separately as Azure websites and Azure mobile services so now we know that whenever we are talking about web application or mobile application we are essentially talking about Azure app service which in turn is a platform as a service so hopefully that clears out the link between web application and pass offering now let's take few questions related to the movement of azure resources see when you work on Azure or maybe many of you have already started working on Azure there will be lot of azure resources that you need to manage and sometimes due to business needs or optimization cleanup or any other situation you might need to move resources from one place to another the so this is a very practical scenario so let's take few questions on this concept and then I will show you Microsoft documentation to support answer and also for your self-learning so let's check out the question number 49 it says that you have a subscription sub 1 with a virtual machine vm1 you create a new subscription sub to and move virtual machine one to sub 2 is it possible and the correct answer is yes this is possible you can actually move virtual machine from one subscription to another subscription and friends please note there is a big difference in moving the resource and copying the resource and don't worry we are going to cover this concept in the upcoming questions so let's move on to the question number 50 it says that you can move virtual machines to another Azure region whether it's a true statement or a false statement so this one my friends is a true statement of course you can move virtual machines from one region to another region moving on we have question 51 it says that your virtual machine vm1 resides in a resource Group rg1 and you want to copy virtual machine to another Resource Group rg2 is this possible and this time my friends I can say that this is a incorrect statement you cannot copy a virtual machine from one Resource Group to another Resource Group however as I said there is a difference between moving and copying of resource so basically the concept is that you can move the resources from one subscription to another or from one Resource Group to another however you cannot copy them from one Resource Group to another or one subscription to another you can just move them from one place to another but you cannot copy and paste them and create multiple copies of same resource I hope you understood the concept and with that let's move on to the question number 52 similar question with a little bit variation so that you can understand the concept better way it says that your virtual machine vm1 resides in Resource Group rg1 in subscription a and you want to move virtual machine to another Resource Group in subscription B is this possible and as I said this is not possible we are talking about copying the resource had it been movement of resource this would have been a true statement and with that let's move on to the next question question number 53 it says that your company has multiple Azure virtual machines in an availability Zone in region a you are asked to move one virtual machine from this availability Zone to another availability Zone in region B is this possible and the correct answer to this question is no now let me give you some Microsoft documentation where you can validate all the questions that we have discussed so far related to the moving and copying of resources so friends first of all understand that there are three kind of major resource movement the first one is where you move resources from a subscription to another subscription the second one is where you move resources from one Resource Group to another Resource Group and the third one is where you have to move resources from one Azure region to another Azure region and I have got documentation for each kind of movement in this documentation if you scroll a little bit you will reach to the first section which tells you how to move virtual machine to different subscription the second section tells you about how to move virtual machine to different Resource Group and in the third section you are also given with the Powershell commands to move the virtual machine and then in the second documentation you can also learn to move Azure virtual machine across the regions and in this documentation first you should read the overview part then you will scroll down and you will reach how this exercise is actually executed first you have to sign into the Azure portal of course and then you are also given with the prerequisite moving on you are also given how to prepare your virtual machine in for this movement across the Azure regions so a lot of information is given in this documentation besides that I have also chosen this documentation here follow this documentation and you can actually do a real lab to move Azure resources from one Resource Group to another Resource Group links to all this documentation as always is available in the description box and friends for a free PDF file containing all the questions with answers that we discussed in this part you have to tell me the exact answer of question number 47 48 and 60. so get your PDF file and then you can also do some offline learning and now let's move on to the question number 54 it says that your company has a private Cloud setup and they want to start using Microsoft Azure hybrid Cloud Model they would need to migrate their entire private Cloud Model to achieve a hybrid cloud model is this true or false and this one my friends is a false statement and the reason my friends is that hybrid Cloud Model combines both private cloud and public Cloud so the company in order to achieve the hybrid Cloud Model they do not have to sacrifice their private Cloud setup they can still keep their private Cloud setup operational however on the same time they can leverage on public cloud like Microsoft Azure and this combination of private cloud and public Cloud will help them achieve hybrid cloud and in case you want more information on private Cloud public cloud and hybrid cloud and how all three come together you must watch question number one that we discussed in part two but for now let's move on to the next question question number 55 says that your company has a private Cloud setup and they want to start using Microsoft Azure public Cloud Model when can an organization decommission its private Cloud infrastructure hosted in its data centers and your options are when they have a hybrid solution the second option is when all of their servers are in private Cloud the third option is when all of their servers are in public cloud and the fourth option is when all of their servers are in public cloud or private Cloud the correct answer for this question is when all of their servers are in public Cloud so friends a company or an organization can decommission its private Cloud infrastructure when all the servers are migrated to Azure Cloud which is a public cloud and once this migration is complete the organization has no dependency left on their private job or on premises environment and that's why they can look forward to decommission their entire private Cloud setup hosted on data centers now let's move on to the question number 56 it says what does a customer provide in software as a service or SAS model your options are application data data storage compute resources or application software the correct answer for this question is option a application data so what exactly is software as a service is in Microsoft Azure well software as a service allows users to connect to and use cloud-based apps over the Internet common examples are email calendaring and other office tools such as Microsoft Office 365. you can also read that SAS provide a complete software solution that you purchase on pay as you go basis from cloud service provider what are the different cloud service providers well like Microsoft Azure Amazon AWS or Google gcp you can also read that you rent the use of an app for your organization and your users connect to it over the Internet usually with the web browser all the underlying infrastructure middleware app software and app data are located in service providers data center the service provider manages the hardware and software and with the appropriate service agreement will ensure the availability and security of the app and your data as well and in this very document augmentation you can also understand the comments as scenarios and what are the advantages of the same well-gained access to sophisticated applications pay only what you use use free client software you can also mobilize your Workforce easily and access app data from anywhere I encourage you to read these advantages of software as a service the link is shared in the description box and now let's move on to the question number 57 it says your company plan to deploy several custom application to Azure the application will provide invoicing services to the customers of the company each application will have several prerequisite applications and services installed you need to recommend a cloud deployment solution for all the application what should you recommend your options are software as a service platform as a service and infrastructure as a service and the correct answer for this question is option C infrastructure as a service so let's understand why we have picked infrastructure as a service as the answer to this question well if you read the question very carefully it says that we have to deploy several custom application to Azure now what do you think is the best choice for custom application well its infrastructure as a service and this is because in platform as a service you have to use the platforms that are provided by the cloud service provider for example Microsoft Azure and then in case of software as a service well we just saw few examples of software as a service like Microsoft 365 or email services so basically softwares or applications are already there you just use it and pay as you go so that's why infrastructure as a service provides the greatest flexibility when it comes to custom applications and as Microsoft says infrastructure as a service is a type of cloud computing service that offers essential compute storage and networking resources is on demand on pay as you go basis infrastructure as a service is one of the four types of cloud services along which software as a service platform as a service and serverless let's move on to the question number 58 it says that you have 50 virtual machines hosted on premises and 50 virtual machine hosted in Azure the on-premises virtual machines and the Azure virtual machines are connected to each other which type of cloud model is this and your options are hybrid Cloud private cloud or public cloud and the correct answer to this question is of course option a hybrid cloud and this is very evident from the question itself the question says that we have 50 virtual machine hosted on premises so basically this is the private setup hosted on data centers and then it also says that there are 50 virtual machine hosted in Azure and this one most definitely is public Cloud so a combination of private cloud and public cloud now makes it hybrid Cloud now let's move on to the question number 59 Google Apps Microsoft Office 365 Gmail Yahoo and Facebook are example of software as a service is it a true statement or a false statement and we have just seen the documentation on this based on that we can easily say this one is a true statement and now let's move on to the question number 60 it says app Services Azure search and Azure CDN are examples of your options are software as a service platform as a service and infrastructure as a service and the correct answer to this question is option B platform as a service and here friends I want to ask how many of you know what is azure CDN let me give you a quick introduction so basically Azure CDN CDN stands for Content delivery Network so Azure CDN is a distributed network of servers that can efficiently deliver web content to the users so these content delivery in networks they store the cache content on edge servers in the point of presence also called pop locations and these locations are close to the end users resulting in minimum latency a very important service used extensively in this era of social media dominance so that was all for today 20 latest questions on AC 900 exam coming up in this video hello and welcome back to the Tech Blackboard in this part 5 of AZ 900 series in 2023 we are going to explain 20 latest questions on AZ 900 and not just the questions and answers we aim to deliver Cloud Concepts Microsoft documentation so let's jump in and prepare for easy 900 exam so let's begin part 5 with question number 61 the question says that a company is planning on deploying Microsoft Azure resources to a resource group called rg1 but the resources would belong to different locations can you have resources that belong to same Resource Group but in multiple locations so you have to tell whether it's a correct statement or it's a incorrect statement now let me explain this question a little bit more so you can see that we have a resource Group example is rg1 the location for the same is West us and then inside this Resource Group we have multiple resources such as storage account virtual machine function app web app and data Factory furthermore you can also observe the location for each resource for example storage account has a location of West U.S this location is exactly the same of the resource Group then for the virtual machine we have Central us function app has best India web app has best Europe and data Factory resides in South India so now my friends think for a moment that is it possible to have Resource Group in one location and the resources in other location then that of Resource Group itself so friends the correct answer for this question is yes so basically you can have resources in different location in a single Resource Group so while a resource Group can be in location a for example West us in our case the resources in that Resource Group can be in other locations for example West U.S Central U.S West India West Europe or South India so friends the Crux of this question and a very important concept to understand is that you can have Resource Group in one location while the resources in that Resource Group could reside in other location now friends I am sure that most of you know that we must specify a location while creating any resource in Microsoft Azure in fact you have to also mention a location when you are creating a resource Group itself now let me ask few questions here why does a resource Group needs a location secondly can the resources in the resource Group can have different locations than that of Resource Group I know I just mentioned that this is possible but I am sure that you want to understand the why behind the same and finally why does the resource Group location even matter to help you out let me give you the answer for the first question see the resource Group stores the metadata about the sources when you specify a location for the resource Group you are specifying where the metadata is to be stored also for the compliance reasons you may need to ensure that your data is stored in a particular region and friends for more details on metadata and other two questions please watch this video on your screen and you will understand all about Resource Group while doing a Hands-On lab and I will be waiting for your answers in the comment section below now let's move on to the question number 62 it says Microsoft SQL Server 2019 installed on an Azure virtual machine is an example of platform as a service or pass so you have to tell whether it's a correct statement or a incorrect one but wait I have a similar question question number 63 it says Azure SQL database is an example of platform as a service or past model again you have to tell whether it's a correct or an incorrect statement so now my friends you can see two similar questions in the first one we have Microsoft SQL Server 2019 which is installed on Azure virtual machine and the second one says that you have Azure SQL database is this the example of platform as a service in both the cases you have to confirm whether these are example of platform as a service so let me first tell you the answer for both of the questions and then I will give you Microsoft documentation that will not only Testify the answers but will also help you understand the difference between Azure SQL server on virtual machine and Azure SQL database and this difference is very important to understand because I have seen many newcomers who have always a dilemma between the two so the correct answer for the question number 62 is no and the correct answer for question number 63 is yes so now I am on the documentation from Microsoft that talks about SQL server on Azure virtual machines in this documentation you have to click on this link which is FAQ or frequently asked questions you will reach to this section the last question in this section says what are the differences between SQL server on Azure virtual machines and Azure SQL managed instance click on this question and here you can see that SQL server on Azure virtual machine is an example of infrastructure as a service please remember this point that whenever we are talking about SQL server on Azure virtual machine it is always an example of infrastructure as a service and not platform as a service as we saw in question number 62 so basically it says SQL server on Azure virtual machine is a fast and straightforward migration option but it requires more Hands-On approach to database Administration you will continue to purchase install and manage your own software including operating systems and applications while on the other hand SQL Server manage instance is an example of pass or platform as a service and that's why we chose yes to the question number 63. further it says SQL Server manage distance eliminates day-to-day Administration but may require changes to application code automatic features boost performance and data protection while serverless and hyperscale automatically scale compute and storage so hopefully you understand the difference between both of these services and after reading this documentation you will never choose an incorrect answer and now my friends if you are looking for a free PDF file containing all the 20 questions that we are discussing in this video you have to tell me the correct answers for the question number 61 68 and question number 80. and now let's quickly jump to the question number 64. it says Azure Cosmos DB is an example of platform as a service or past model the correct answer to this question is yes so Cosmos DB is an example of platform as service moving on with the question number 65 it says azure Osmos DB once again is an example of serverless and the answer to this question is yes as well now friends I am pretty sure that you are thinking that probably I have either done some type of error in writing the questions or I have selected the wrong answers how can Azure Cosmos DB platform as a service as well as serverless well that's not the case it's neither a type O error not a incorrect selection so before I explain it any further let me show you two Microsoft documentation that will clear everything for you so this is the first Microsoft documentation you can see the title here is azure Cosmos DB resource model if you scroll a little bit here you can very clearly read the very first line says that Azure Cosmos DB is fully managed platform as a service and now let's move to the second documentation this one says that Azure Cosmos DB is serverless so if you read a little bit more on this documentation it says Azure Cosmos DB server us offering lets you use Azure Cosmos DB account in a consumption based fashion with serverless you are only charged the request units consumed by your database operation and the storage consumed by your data and now I am pretty sure that these documentation have made you even more confused but do not worry let me explain see platform as a service or past model is a broad category and you can assume serverless as a part of past model so in case the question asks you whether the cosmos DB is infrastructure as a service platform as a service or software as a service in this case you should always go for platform as a service but wait in case there are more granual options for example you have serverless given in the question then you should always go for the serverless so it depends what are the options given in the question likewise you have to also pick your answer and I'm pretty sure that you won't get platform as a service and serverless in the same question I hope you like this these two questions and you have learned something new today now let's move on to the question number 66 it says that you plan to provision infrastructure as a service resources in Azure what three resources are example of IAS and your options are option A and Azure web app option b and Azure virtual machine option C and Azure logic app option D Azure disk storage and option e as Azure virtual Network and the correct answer is option b option D and option e and friends if you want to learn more on IAS in fact you also want to understand what is software as service platform as a service or serverless then this is the Microsoft documentation link as always is shared in the description box coming up next is a practical question question number 67 says that you need to manage Azure by using Azure Cloud shell which Azure portal icon should you select to answer select the appropriate icon in the answer area so basically my friends in these kind of practical questions you are given with the screenshot directly from the Azure portal now in this question you have to tell if you want to invoke Azure Cloud shell which of the icons should you select so in this question you have to tell if you want to invoke Azure Cloud shell which of these icons should you click and friends what could be a better place to do these kind of practical question then Azure portal itself here you can see that we are in Azure portal and I am on my home page so before I give you the answer for this question I want to zoom a little so that you can see a little better so let me tell you which icon should you click to invoke Azure Cloud shell but before that there is one very important concept here you can see that I have Resource Group here if I click on this Resource Group then you can see that currently I have no Resource Group currently existing in my Azure portal and this essentially means I do not have any kind of resource as well now let's go back to the home you can see this is the exact same interface that is also given in the question and out of these icons if you come to this icon here you can see it says Cloud shell click on this one and now friends it gives you a message it says you don't have any storage mounted what it means is that currently you do not have any base storage based on which the cloud shell can run so this tells you an important concept that to run Azure Cloud shell as well you need some storage space so now let's click on this it says create storage so this takes a couple of seconds so now my friends you can see that we are presented with the terminal and this terminal exactly is called Cloud shell you can see it here requesting for cloud shell succeeded and now we are presented with a prompt and one thing I want to tell you that cloud shell is in two flavors the first one is Bash and the second one is Powershell you can simply switch between these two by just clicking and conforming to the message and now you can see from bash we have now converted this to a Powershell and now let's again go back to the resource Group for the better visibility I have to remove this one and here you can see that we have a resource Group already created now so let's click on this Resource Group and now you can see that this Resource Group by the name of cloud shell storage West Europe also contains a storage account here if you click here this is a storage account and this storage account basically is only created to run your Azure Cloud shell so lot of important Concepts that we learned in this question first we'll learn how to invoke Azure Cloud shell and then we also learned that whenever we are creating Azure Cloud shell a default storage account is also created to support Azure Cloud shell and of course always a good practice go back to your resource Group and always delete your resource Group once you're done with your exercise delete Resource Group and here you have to give the name of the resource Group I will copy it here paste it here and then I will say delete and this deletion will make sure that all the resources that you have created are also deleted and you are not incurring any cost so now back to our PPT and the correct answer we can see is this icon now let's move on to the question number 68 it says that you plan to extend your company Network to Azure the network contains a VPN appliance that uses an IP address of 131.107.200.1 you need to create an Azure resource that defines the VPN Appliance in Azure what Azure resource should you create to answer select the appropriate resource in the answer area and your options are services not gateways application gateways local network gateways virtual Network gateways on premises data gateways Azure data box gateways Azure stack Edge data box gateways and the last one is web application firewall policies now friends this is a really good question it checks your actual working knowledge on Azure but I assume that many of you have just started working on Azure and probably you are not familiar to the network Concepts but do not worry let me explain few important points here you can see the first line of the question it says you plan to extend your company Network to Azure now this line gives you a very clear Hint by saying extend your network to Azure because this means that we are going from on premises to Azure the second very important word given in this question is this one VPN Appliance and why this is important well you will get to know in just few seconds so friends this is a tutorial from Microsoft and it teaches you how to create a site to site VPN connection in Azure portal here you can see that we are given with this diagram so in this diagram you can see some important components we are given with VPN Gateway we also have a VPN tunnel here and then we are given with the details of IP address of our on-premise site and now I want to take you on this link here it says create a local network Gateway here you can read that the local network Gateway is a specific object that represents your on-premises location for routing purposes you can give a site a name by which Azure can refer to it and then specify IP address of the on-premises VPN device to which you will create a connection also you can read that you also specify IP address prefixes that will be routed through VPN gateway to a VPN device so here my friends in this paragraph you can note that we are given with this word which says VPN device and this VPN device is equivalent to the word that was given in question which says VPN Appliance and please note that we are creating a local network Gateway and that's why my friends the answer to this question is option T local network gateways and now let's move on to the question number 69 it says your Azure environment contains multiple Azure virtual machines you need to ensure that a virtual machine named vm1 is accessible from internet over HTTP what are two possible solutions each correct answer presents a complete solution and please note that each correct selection is worth one point the options given are modify and Azure traffic manager profile modify a network security group modify a DDOS protection plan and the last one is modify an Azure firewall the correct answer for this question is option b NSG and Azure firewall and this is because if we want to make the virtual machine named vm1 accessible from internet over HTTP then we need NSG and firewall to enable this and in case you want to learn more on NSG this is the documentation also you have documentation on Azure firewall both the links are given in the description box also friends I discuss NSG in the question number 27 of part 3 so please do watch part 3 to understand NSG in more detail and now let's let's do some questions on SLA or also called service level agreement Here Comes question number 70 it says that you can improve composite SLA by adding redundant service to your application so you have to tell whether it's a correct statement or incorrect statement an answer to this question is yes so this is a correct statement so friends please understand when you add redundant service it means that you are adding a kind of fallback plan for your application so in case some of the Redundant Services go down the entire application still remain operational and this makes a positive impact on SLA and that's why this is a true statement moving on to the question number 71 it says that you can improve composite SLA by adding more dependent service to your application once again you have to tell whether it's a correct or incorrect statement see when you add dependent service in your application now the things change in contrast to the Redundant service that we just saw in the question number 70 so adding a depend indent service it is like adding one more point of failure so if one service goes down the other services that are dependent on this service will also go down or maybe they won't respond and this is like a monolithic architecture which is not preferred these days because these days the preferred architecture is microservices now let's move on to the question number 72 it says SLA in Azure is a formal agreement between Microsoft and customer which factor is covered in SLA is a durability scalability elasticity or availability the correct answer to this question is option D availability coming up next is question number 73 it says that during which phase Azure services are subject to service level agreement or SLA your options are private preview public preview or generally available and the correct answer to this question is option C generally available once the Azure services are generally available then only the service level agreement are applicable to them so on this documentation Microsoft tells you that after public preview is completed the feature is open for any licensed customer to use and is supported via all Microsoft support channels and this also include SLA now let's move on to the question number 74 it says during public preview phase only those with special in white can access the service whether it's a true statement or a false statement and this one my friends is a false statement and this is because Microsoft documentation says that during this phase we invite few customers to take part in early access to a New Concept or a feature and which phase we are talking about well we are talking about private preview but in the question we were given with public preview so that's why we have chosen false for this question number 74. moving on with the question number 75 it says Azure services in public preview are subject to SLA or service level agreement once again is it true or false and the correct answer to this question is false and the reason is this line it says Microsoft customer support services will supply Support Services during this phase which phase we are talking about we are talking about public preview so even though Microsoft customer support services will apply to public preview but the normal service level agreement do not apply and that's why the correct answer is false let's move on with the question number 76 it says Microsoft customer support services will supply Support Services during public preview and this one my friends is a true statement moving on with the question number 77 it says all Azure services in private preview must be accessed by using a separate Azure portal whether it's a true or a false statement and this one my friends is a false statement and the reason is very simple all the services in private preview can be viewed in regular Azure portal but please remember access to private preview features is usually only By Invitation now let's move ahead to the question number 78 it says Azure services in public preview can be used in production environment and the correct answer is true so friends you can most definitely use the services in public preview in the production environment however Please be aware that the services in public preview may still have faults and more importantly we just read that the services in public preview are not subject to SLA so please be very cautious in case you are using Azure services in public preview for the production environments and now let's jump to the question number 79 it says which of the following is the correct life cycle of azure services so here you can see that we are given with two life cycles the first one starts with private review then we have public preview and then is generally available on the other hand the second one is Dev preview public preview and generally available and the correct answer of course is option one I just show you the documentation in case you missed out please rewind the video and see the documentation and now comes the question number 80 it says single sign-on is a dash method that enables user to sign in the first time and access various application and resource by using same password so in this question you have to fill this blank here with the options given here we are given with a validation and authentication a configuration and an authorization and the correct answer to this question is option b and authentication now friends many of us are always confused between authentication and authorization and to sort out that confusion I have this documentation from Microsoft that gives you authentication versus authorization so in this article you can read authentication is a process of proving that you are who you say you are this is achieved by verification of identity of a person or a device and then on the other side authorization is the act of granting an authenticated party permission to do something it specifies what data you are allowed to access and what you can do with that data so I hope this documentation will further help you to understand what are the differences between authentication and authorization so that was all for today if you learned something new today and feeling more confident for AZ 900 exam please consider liking the video subscribing to the channel and share our videos with all your loved ones who are also learning Microsoft azure 25 latest questions on AZ 900 exam coming up in this video hello and welcome back to the Tech Blackboard in this part 6 of AZ 900 series in 2023 we bring to you 25 latest questions on AZ 900 I will also give you all the answers we'll explain the cloud Concepts behind each question loads of Microsoft documentation to validate the answer and do some self-study so today I will start the episode with a focus on Azure storage redundancy and replication options a lot of different exam questions come from this area so you must be very clear with the concepts else it becomes really confusing picking the right answer in the examination so I have formulated important exam questions so that you can understand the logic and handle the question well in the exam so here comes question number 81 it says which Azure storage replication is the least expensive replication of option your options are locally written in storage or lris the second option is Zone redundant storage or zrs and then we have Geo redundant storage GRS and lastly we are given with jio Zone redundant in storage and that is gzrs the correct answer for this question is option A locally written in storage and we can validate our answer on this documentation from Microsoft that is on Azure storage redundancy come down in this documentation and then we will reach to this section here it says that locally written in storage or lrs copies your data synchronously three times within a single physical location in the primary region lrs is the least expensive replication option and this is exactly where our answer lies now let's move on to the question number 82 it says where does the copies of data maintain in lrs is it within a single region or across separate available ability Zone the third option is secondary region and the fourth option is primary region and the secondary region the correct answer for this question is option A within a single region and we can validate the question number 82 as well in the same paragraph which says lrs copies your data synchronously three times within a single physical location now let's move ahead and before diving into the next question I want to tell you if you want to have the free PDF file of all the 25 questions with answers discussed in this video you have to tell me the correct answers for the question number 84 94 and 105 but please remember if you want to Avail this free PDF file you must be a subscriber of the Tech Blackboard YouTube channel so please subscribe to the channel and press that Bell icon and send us your answers to our email ID connect us at the rate the tech blackboard.com it is absolutely free for you to subscribe the channel but it really helps us grow and keep the content free for all of you and with that let's move on to the question number 83 it says which Azure storage replication comes under the redundancy in primary region your options are locally written in storage lrs Zone redundant storage zrs Geo returned and storage GRS and the last option is jio Zone redundant storage or gzrs and the correct answer for this question is option A and option b lrs and zrs and the answer for the question number 83 can be validated on this Microsoft documentation it says redundancy in primary region and here you can see that Microsoft has given two options lrs and zrs and that's exactly we have selected as an answer to the question number 83 so let's move on to the question number 84 it says that which Azure storage replication comes under the redundancy in secondary region please note in the previous question we were talking about primary region and in this question we are talking about secondary region the options are exactly the same however the answer this time is option C and option D so this time we have GRS and gzrs and here is the validation for our question number 84 it says redundancy in secondary region and similar to what we have selected the same options are also given by Microsoft we have GRS and gzrs please read this documentation a very important documentation when it comes to Azure storage replication options and now that we are here in this section I want to bring a very important difference between GRS and gzrs hey you can read Microsoft says that primary difference between GRS and gzrs is how data is replicated in the primary region within the secondary region data is always replicated synchronously three times using lrs lrs is the secondary region that protects your data against Hardware failure and with that let's move to the next question question number 85 says that how many copies of data are maintained by an Azure storage account that uses locally redundant storage your options are three times four times six times or nine times and the correct answer for this question is three times so friends when it comes to the locally written storage or lrs there are always three copies of data that are maintained by Azure storage account and very importantly please remember that all these three copies of data are maintained in a single region moving on with the question number 86 it says how many copies of data are maintained by an Azure storage account that uses Zone redundant storage or zrs and your options are three copies four six or nine copies and this time as well we have three copies of data that are maintained in zone radiant in storage as well now you might be thinking what exactly is the difference between locally redundant storage or lrs and Zone rated in storage zrs well as I just told you that in case of lrs the three copies are maintained in a single region but on the other hand in case of zrs the three copies are maintained across separate availability Zone within a single region and now let's move on to the next question question number 87 it says how many copies of data are maintained by an Azure storage account that uses geo-rated in storage GRS or read access jio related in storage which is also known as ragrs and your options are 3 4 6 or 9 and the correct answer for this question is six copies of data are maintained in case of GRS or ragrs so once again here comes our exam tip that six copies in total including three in primary region and three in secondary region so here you can see the division that three copies of data are maintained in primary region on the other hand the other three copies are maintained in secondary region moving on to the other similar question question number 88 says that how many copies of data are maintained by an Azure storage account that uses Geo redundant storage which is gzrs or read access Geo red written storage which is ragrs and your options once again are three four six or nine and the correct answer once again is six so where are these six copies maintained well in case of gzrs and r a g z RS 6 copies in total including three across separate availability zones in primary region and three locally redundant copies in secondary region and Friends answers to the question number 85 86 87 and 88 can be validated on this Microsoft documentation it says durability and availability parameters here you can see that we are given with the comparison of lrs zrs GRS and gzrs this comparison is given on various parameters that you can observe here and if you come down little and you will reach to this section which says number of copies of data maintained on separate nodes here you can see that for lrs we have three copies within single region we read that and then for zrs we can read that we have three copies across separate availability Zone within a single region and then moving on for GRS we have six copies total including three in primary region and three in secondary region similarly for the gzrs option we have six copies in total including three across separate availability zones in primary region and three locally redundant copies in secondary region so let's move on to the question number 89 it says which are Azure storage access tiers your options are hot tier frequent tier cool tier cold tier or archived year and the correct answer for this question is option a hot tier option C cool tier and option D archived here now let's move on to the question number 90 T it says blob storage account and a general purpose storage account both are same so you have to tell whether it's a true statement or a false statement and this one my friends is a false statement and friends we can validate our answer to the question number 90 on this Microsoft documentation it says Azure blob storage pricing here you have to come and click on this FAQs and then you will reach to this section the very first question or the very first FAQs and it says a blob storage account is specialized for storing data as blobs and allows users to specify an access tier based on the frequency of access to data in that account general purpose accounts can be used to store blobs as well as files disks tables and queues so that's the primary difference between blob storage account and general purpose storage account a very important concept to understand when it comes to AC 900 exam and also the actual Azure working so friends that was a small effort from our site to make you more comfortable on the questions based on Azure storage topic hope you liked our efforts on researching and bringing you the latest questions please like the video to show your appreciation it's a small effort for you but it really help our channel to grow and thereby keep all the study material free now let's jump on to the question number 91 it says that which page in Azure portal that you typically use to assign roles to Grant access to Azure resources your options are access control or IM policy Hub user access management and the last option is user role management and the correct answer to this question is option A access control or IAM and this is where we can validate our answer to the question number 91 it says assign Azure roles using Azure portal and here you can read that Azure role-based access control or Azure rbac is an authorization system that you can use to access Azure resources Grant you assigned roles to users groups service principles or manage identities at a particular scope and then if you scroll a little bit you will reach to this section which says step one identify the needed scope more scrolling and you will reach to this section so this is the step two which says open the ad role assignment page here you can see with that access control IAM is the page that you typically use to assign roles to Grant access to Azure resources exactly the same was our question as well and there we chose access control and here I want to mention that as another variations of the same question Microsoft can also give you multiple screenshots from the Azure portal in that case you have to always pick this screenshot in which you are given the option of access control or IAM now let's move on to the question number 92 it says Azure active directory lets you set Dynamic membership rules so is this a true statement or a fault statement so this one my friends is a true statement and this is the documentation where we can prove our answer it says overview of dynamic membership for teams hey you can read that Microsoft teams supports teams associated with Microsoft 365 groups by using Dynamic membership further it says Dynamic membership enables the membership of a team to be defined one or more rules that check for a certain user attributes in Azure active directory or Azure 80. so hopefully with that documentation you can be sure that we have chosen a correct answer by the way please keep in mind that Azure active directory is now part of Microsoft intro now let's move on to the question number 93 it says that you plan to create an Azure virtual machine you need to identify which storage service must be used to store the unmanaged data disk of virtual machine what should you identify your options are containers file shares tables or queues so this is the screenshot that will be given to you in the question you can see we have four options and out of these one is the correct option and that correct option is containers so containers ask the storage service that must be used in case you want to store unmanaged data disk of the virtual machine and please also remember that Azure containers are the backbone of virtual disk platform for Azure IIs or infrastructure as a service and friends please do not get confused and mix these Azure containers with the other containers which are related to Dockers and kubernetes they both are very different services this Azure container that we are talking in this question is related to the storage for the unstructured data so please do not mix with Azure containers or Dockers now let's move on to the question number 94 it says which Cloud models can you deploy physical servers to your options are public Cloud private Cloud hybrid cloud and public Cloud so basically can you deploy physical servers to all all these three and the third option is hybrid Cloud only fourth one says private cloud and hybrid Cloud only and the correct answer to this question is option D private cloud and hybrid cloud and why so because it's on private cloud and hybrid Cloud where you can deploy your own physical servers because in case of public Cloud the installation of physical servers is fully owned by the cloud provider such as Microsoft Azure Amazon AWS or Google gcp now let's move on to the question number 95 it says Azure pay as you go pricing is an example of capex true or false and this one my friends is a false statement so with pay as you go pricing model you have to pay for the services as you use them and this is absolutely Opex operational expenditure and not capital expenditure capex is where you have to pay for something Upfront for example buying a new server now let's move on to the question number 96 it says paying electricity for your data center is an example of Opex true or false and this one my friends is a true statement although it looks a very simple statement but it confuses a lot of AC 900 exam takers so let me kill that confusion once and for all and for that I have got this documentation from Microsoft so basically this is a q a section on Microsoft documentation you can see that there is a comparison between capex and Opex and the question asked is that please explain the difference between capex and Opex and further the question asked is paying electricity every month for your data center a capital or operational expense here you can see the answer is given by the Microsoft professional and they say that a major difference between kpax and Opex can be identified with the question is what you're buying or intend to buy an asset an asset is something you can either sell or keep to gain continuous value from it for example an asset is the server in the data center or even the software and the databases is on that server electricity is not an asset the company cannot own it and that's why it is seen as Opex or operational expenditure so let's move on to the question number 97 it says deploying your own data center is an example of capex true or false I hope by now you can very well know that this statement is true so deploying your own data center is certainly an example of capital expenditure and this is because data center is an asset and you are paying Upfront for it and that can be only categorized as capital expenditure let's move on to the question number 98 it says Azure provides flexibility between capital expenditure and operational expenditure true or false and most certainly this is a true statement and now let's move on to the question number 99 it says when an Azure virtual machine is stopped you continue to pay storage cost associated with the virtual machine true or false and this one is a true statement and this is because because when an Azure virtual machine is stopped you don't have to pay for the virtual machine however you still pay for the storage cost Associated to the virtual machine and the most common storage cost are disks that are attached to Virtual machines now let's take few questions on Azure resource locking there are few important questions from this area that keep appearing in Easy 900 exam so here comes our question number 100 it says and Azure resource can have multiple logs is it a true statement or a false statement and this one is a true statement so friends Azure resources can have multiple logs and you will see an example in the very next question so here comes question number 111 it says if an Azure resource has a read-only log you can add a delete lock to the resource yes or no and yes we can add a delete log to a resource if it already has a read-only lock so that's why I said that we can have multiple logs on on the same Azure resource and now let's move on to the question number 102 it says an Azure resource inherits lock from its Resource Group true or false and this one my friends is a true statement and the same can be validated on this Microsoft documentation which says lock inheritance so this one here says that when you apply a lock at a parent scope all the resources within that scope inherit the same law and in our case we are applying lock on Resource Group level which is a parent level so all the resources under this Resource Group will inherit logs from this Resource Group let's move on to the question number 103 it says read-only means authorized users can read a resource but they cannot delete or update it so it's a true or a false statement and this one my friends is a true statement and the same can be validated on this Microsoft documentation which says lock your resources to protect your infrastructure here you can see that in this section which says read only means authorized users can read a resource but they cannot delete or update it and that's why they have marked this statement as true now let's move on to the question number 104 it says which building rules can create and delete management logs your options are owner contributor user access administrator and the last one is reader and the correct answer to this question is option a owner and the option C user access administrator and we can validate our answer to the question number 104 in this documentation which says who can create and delete logs here you can read to create and delete management logs you need to have access to Microsoft authorization or Microsoft authorization slash lock actions and further it says only owner and user access administrator built-in roles can create and delete management logs and that's exactly what we have chosen as an answer to this question and now let's move on to the question number 105 it says delete and cannot delete both logs achieve same objective users can read and modify a resource but they cannot delete it whether it's a true or a false statement and this one my friends is a true statement and the validation for question number 105 is given in this section which says that you can set logs that prevent either deletion or modification in the portal these locks are called delete and read only and in the command line these locks are called cannot delete and read only so you can see that while this log is called delete in Azure portal on the other hand the same log in command line is called as cannot delete and similar variation is also given for the read only in the Azure portal it's called read Dash only otherwise in the command line it is called read-only with no space or Dash so that was all for today I'm really sure that you learned some new Concepts and are feeling more confident for the AZ 900 exam so please before closing the video consider liking the video subscribing to the channel and share our videos to all your loved ones who are also learning Microsoft azure foreign [Music] of az900 Series in 2023 we bring to you 20 latest questions on easy 900 and today besides giving you all the answers I will also explain the cloud Concepts behind each question and as always there will be loads of Microsoft documentation so that you can validate the answers and also do some self-study and not to forget there will be loads of exam tips so that you are more confident when giving easy 900 please do not miss to watch previous parts of this series 105 latest and important questions are already covered a must watch so let's begin part 7 with question number 106 and this one says that jio zone redundant storage or g z RS includes both general purpose version 1 and general purpose version 2 storage accounts is it a true or a false statement and this one my friends is a false statement and we can validate our answer on this Microsoft documentation that says G your Zone redundant storage and in this documentation you can come across to this section that clearly says that only standard general purpose version 2 storage accounts supports gz RS now let's move to another related question question number 107 says that jio zone redundant storage or g z RS is supported by which of the following Azure storage Services your options are Azure blob storage Azure files Azure table storage and the last one is azure queue storage and the correct answer to this question is option a option b option C and option D so basically all of these Azure storage services are supported by gzrs and this question can also be validated on the same Microsoft documentation it says that gzrs is supported by all of the Azure storage services including Azure blob storage Azure files Azure table storage and Azure queue storage so that's why we have chosen on all of them as an answer to this question and now let's move on to the question number 108 it says which property of your storage account should you check to determine which right operation have been replicated to secondary region your options are last modified time property or last sync time property and the last one is last update time property and the correct answer to this question is option b last sync time property moving on with the question number 109 this one is a yes no kind of question you are given with some of the statements and for each statement you have to tell whether it's yes or no so let's read the first statement it says data that is stored in Azure storage account automatically has at least three copies is it yes or no and this one my friends is a correct statement just to tell you a little bit more there are different replication options available with a storage account the minimum replication option is locally written in storage or lrs and with lrs data is replicated synchronously three times within a primary region and friends you can validate this answer on this Microsoft documentation here you can see that we are given with this table which says lrs zrs GRS and gzrs so all of them are redundancy option in Microsoft storage account and then you are given with various parameters for the comparison between all of these options you have to come and last option says number of copies of data maintained on separate nodes and here you can see that under lrs we are given very clearly that three copies within a single region are maintained so that's why this is a correct statement moving on to the next statement it says all the data that is copied to an Azure storage account is backed up automatically to another Azure data center whether it's yes or no and this one my friend according to me is a No statement or incorrect statement and this is because data is not backed up automatically to another Azure data center although it can be depending among the replication options configured for the account locally retained in storage or lrs is the default which maintains three copies of the data in the data center so in my opinion it is only locally written in storage option in which the data is automatically backed up in Azure data center but that option is not explicitly called out in this statement that's why I have chosen no as a correct answer to this question now let's move on to the third statement it says an Azure storage account can contain up to two terabyte of data and up to 1 million files and once again I have picked a no for this statement as well and it's very important to note that the statement is saying up to 2 terabyte of data so in one sense it's saying two terabyte is the maximum limit however the limits are much higher at the time of recording this video the current and storage limit is too petabyte but I highly recommend that you should verify these figures on the Microsoft documentation however for this question we have just given bit 2 terabyte so that's why if in the question you are only asked for two terabyte of data then you can always be sure that this is a incorrect statement and now let's move on to the question number 110 it says which Azure storage access TN has the highest storage cost but the lowest access cost and your options are hot tier cool tier or archive tier the correct answer for this question is hot tier and of course you can verify the answer on this Microsoft documentation that says hot tier and in this one it says an online tier optimized for storing data that is access or modified frequently the hot tier has highest storage cost but the lowest access cost and that's exactly what our question is also asking so that's why our answer is hot air moving on to the next question question number 111 it says the archive tier is not supported as default access tier for storage account true or false and this one my friend is a true statement now let's move on to the question number 112 it says what is the minimum recommended data retention period for cool access tiers is it 5 days 30 days 45 days or 90 days the correct answer for this question is 30 days now let's take a related question question number 113 and that one says that what is the minimum recommended data retention period for the archive access tiers please note the difference between both the questions in the earlier question we were talking about cool access tiers while in this question we are talking about archive access Sears and the options for this questions are 30 days 60 days 90 days and 180 days and the correct answer for this question is 180 days and both these questions question number 112 and 113 can be verified on this Microsoft documentation which is titled as hot cool and archive access tiers for blob data here in this documentation in this section you can read about cool tier an online tier optimized for storing data that is infrequently accessed or modified data in the cool tier should be stored for a minimum of 30 days and that's exactly what we chose as an answer to the question number 112. moving on to the archived here we have an offline tier optimize for storing data that is rarely accessed and that has a flexible latency requirements on the order of hours data in the archive tier should be stored for a minimum of 180 days and this is our answer for the question number 113 let's move on question number 114 says that if you have Azure resources deployed to every region you can Implement availability Zone in all the regions so whether it's a true statement or a false statement and this one my friends is a false statement so so please understand the question very carefully the question says that if you deploy Azure resources in every region can you implement availability Zone in all the regions so basically question is asking you whether all the Azure regions have availability zones but this one is not true not all the regions have availability zones now let's move on to the question number 115 it says that you have an Azure subscription named subscription one you sign into the Azure portal and create a resource Group named rg1 and from the Azure documentation you have the following command that creates virtual machine named vm1 and here you can see in this blue text we are given with the Azure command moving on the question says that you need to create vm1 in subscription one by using the command the solution given is from a computer that runs Windows 10 install Azure CLI from a command prompt sign in to the Azure portal and then run the command want does this meet the goal I hope you understood the ask of the question the question is giving you a scenario where you have a Windows 10 computer and you have installed as your CLI and then you want to login to the Azure portal using command prompt and run this command so whether you will be able to run this command using this configuration of computer and the other resources and the correct answer for this question is that this is not a valid solution and this is because my friends this command can be run from Powershell or the command prompt if you have Azure CLI installed now please pay a close attention my friends that in question it says sign in to Azure but be very careful with the wordings of the question here they are saying sign in to Azure but that doesn't mean that you are signing to Azure portal itself so basically when the question is saying that sign in to Azure that means that you are connecting to your Azure account using command prompt but that definitely does not mean that you are actually on the Azure portal so what will happen in this command that when you will run this command this command will generate an error VM admin user error and this is because you have not mentioned username or password in this command so if you want to successfully run this command you have to add username and password in this command as a parameter but for now both of those parameters are missing and that's why this is a incorrect command and friends I have two more variations of the same question let's check it out and things will be more clearer to you so here we have one more variation question number 116 the question is exactly the same the command is same but this time the solution says that from a computer that runs on Windows 10 install Azure CLI this time the solution says that from Powershell sign in to Azure and then run the command does this meet the goal and this time also friends this is incorrect solution and why so firstly because of the reasons that I I just explained in the previous question and secondly this command is a bash command and not a Powershell command so what exactly is the correct solution let's move on to the question number 117 and here comes the question number 117 once again question is exactly the same the command is same but this time solution says from Azure portal mind it my friends this time we are not on Windows 10 machine but we are directly on Azure portal further the solution says launch Azure Cloud shell and select bash run the command in Cloud shell does this meet the goal so where exactly are we running the command we are running the command in Cloud shell where is cloud shell the cloud shell is in Azure portal and that's why this time your friends this is a correct solution I hope you understood the logic based on which I selected the answers in case you have some doubts or some confusions please let me know in the comment section now let's move on to the question number 118 it says building a data center structure is an example of operational expenditure or Opex cost is it a true or a false statement and this one my friends is a false statement because building a data center infrastructure is a capital expenditure and not operational expenditure now let's move on to the question number 119 it says monthly salaries of technical Personnel are an example of operational cost is it true or false and this one my friends is a true statement because monthly salaries are not your asset their kind of liability if you check the books of accounts and moreover monthly salaries are recurring costs and that's why they are categorized as operational expenditure now let's move on to the question number 120 it says leasing software is an example of operational expenditure cost true or false and this one is a false statement and this is because operational expenditure as I just mentioned is an ongoing cost such as leasing software but friends please pay attention in case Microsoft changes the wording of the question and instead of leasing they say purchase of software in that case it is a one-time cost and it is categorized as asset so that's why when you purchase a software then it's a capital expenditure but in case you are leasing the software then it's a operational expenditure and now comes the question number 121 it says North America is represented by a single Azure region true or false and this one my friends is a false statement the reason is that North America has several Azure regions including West U.S Central U.S South Central U.S east U.S and Canada east moving on with the question number 122 it says every Azure region has multiple data centers and this one of course is a true statement so please understand a very important Azure concept a region is a set of data centers deployed within a latency defined parameter and connected through a dedicated Regional low latency Network now let's move on to the question 123 it says data transfers between Azure Services located in different Azure regions are always free true or false and this one my friends is a false statement well honestly I wish it was true so we all could have saved lot of dollars but unfortunately this one is a false statement so please remember outbound data transfer is charged at a normal rate and inbound data transfer is free moving on with the next question question number 124 says that data that is copied to an Azure storage account is maintained automatically in at least three copies true or false and this one my friends is a true statement and we have discussed this concept many times in part six also we discussed and in part 7 in the previous questions we also discussed this concept so whenever you are creating some data in Azure storage account the minimum replication option that you can opt for is locally written in storage lrs and in this minimum option also the data is replicated synchronously three times within a primary region so that's why this is a true statement now let's move on to the question number 125 it says availability zones are used to replicate data and applications to multiple regions true or false and this one my friends is a false statement and the reason is that availability zones protect your applications and data from data center failures so please understand that availability zones are unique physical location within an Azure region so basically they are within an Azure region and they do not span across multiple Azure region and because the requirement of the question was across multiple Azure regions that's why this is a false statement in this part 8 3 we bring to you 20 latest questions on easy 900 so let's jump in and prepare for AZ 900 exam thank you so let's begin part 8 with question number 126 it's a statement based question for each statement you have to tell whether it's a correct or a incorrect statement let's begin with the first statement it says availability zones can be implemented in all Azure regions whether it's yes or no and this one my friends is an incorrect statement and this is because not all Azure regions supports availability zones always consult Microsoft documentation to know about the latest Azure regions that support availability zones I have already taken similar questions in the previous parts let's move on to the second statement it says only virtual machines that runs Windows Server can be created in availability zones yes or no and this one again is an incorrect statement and this is because one can run both Linux and windows based virtual machines created in availability zones moving on with the third statement it says availability zones are used to replicate data and applications to multiple regions yes or no and once again this one as well is an incorrect statement and why so because availability zones are unique physical locations within a single Azure region so they are used to replicate data and applications in the same region and not in multiple regions now let's move on to the question number 127 it says which performance option should you choose for low latency scenarios while creating Azure storage account your options are standard or premium the correct answer for this question is option B premium so let's validate our answer directly on the Azure portal I'm already logged in this is my home page so let's create a storage account and validate the answer here it is storage account and then you press create and this page comes where you can create the storage account and on this page you have to scroll a little bit more and then you will reach to a section which says performance and here you can clearly see that we have two options here standard which is recommended for most scenarios general purpose V2 account or version to account and then we have premium which is recommended for the scenarios that require load latency and that's exactly the ask of the question is so that's why premium is the correct answer for this question and now friends to get a free PDF file of all the 40 questions that we covered in part 8 and the previous part 7 you have to tell me the correct answers for the question number 108 112 127 133 and 137 but please remember in order to be eligible for this free PDF file you need to be a subscriber of the Tech Blackboard YouTube channel so please subscribe to the channel and press that Bell icon and send your answers on our email ID connect us at the rate detect blackboard.com also friends questions and answers make you better prepare for certification exam but the concepts make you a better professional and we have entire playlist on Azure fundamentals where we have taken each Azure Concept in detail this playlist is completely synced with Microsoft slippers on easy 900 new videos are added to this playlist very frequently do check out this playlist the link is shared in the description box and also appearing in the I button on the top right corner now let's move on to the question number 128 it says you have an on-premises Network that contains several servers you plan to migrate all the servers to Azure you need to recommend a solution to ensure that some of the servers are available even if a single Azure data centers goes offline for an extended period what should you include in your recommendations your options are fault tolerance elasticity scalability or low latency and the correct answer for this question is Fault tolerance so friends fault tolerance is the ability of a system to continue to function in the event of failure of some of its components now let's move on to the question number 129 it says when planning to migrate a public website to Azure you must plan to pay monthly usage costs and here you can see that pay monthly usage cost is underlined what does that mean let's read the instruction it says review the underlined text which is this one if it makes the statement correct then you have to select no change needed here you can see the very first option is no change needed however if the statement is incorrect then you have to choose the answer that makes the statement correct so basically either you have to choose no change needed or you have to choose either of these three options to make this statement correct now let's see what is the the correct answer the correct answer is option A no change needed and why this is so because Azure resources are paid as you go so you are charged as per your usage the billing cycle is monthly and that's why it is mentioned here that pay monthly usage cost now let's move on to another question question number 130 says that your complete developers intend to deploy a large number of custom virtual machines on a weekly basis they will also be removing these virtual machines during the same week it was deployed 60 percent of the virtual machines have Windows Server 2016 installed while the other 40 percent has Ubuntu Linux installed you are required to make sure that the administrative effort needed for this process is reduced by employing a suitable Azure service the solution given is you recommend the usage of Microsoft managed desktop does this meet the goal and the correct answer is no this solution is not meeting the requirements of the question now let me show you two more variations of the same question I will also give you some Microsoft documentation and of course the correct answer so here comes question number 131 the question is exactly the same however the solution says that you recommend the use of azure reserved virtual machine instances does this meet the goal and this time also this is a incorrect solution so what is the correct solution let's find out in the next question so now we have question number 132 exactly the same question but the solution says that you recommend the usage of azure Dev test Labs does this meet the goal and this time my friends this is meeting the goal and this is because Azure Dev test Labs is a service that allows developers and testers to easily create and manage virtual machines in a centralized and controlled environment and this service can be used to automatically deploy virtual machines based on custom images and it also allows for easy scaling of the num number of virtual machines as needed additionally it also gives you control over the cost by creating policies that automatically shuts down or deallocate virtual machines when they are not needed so this is the relevant Microsoft documentation on Azure Dev test Labs here you can read that using Dev test lab you can quickly provision development and test environments and then you can also minimize the expenses with quotas and strategies configure automatic shutdown to reduce costs generate windows and Linux environments please Focus my friends it says generate windows and Linux environments and the same you can match up with the question our question also says that 60 percent of the virtual machines are windows while the other 40 are Ubuntu Linux so that's why Azure Dev test lab is the correct answer let's move on with the question number 133 it says that you have an on-premises Network that contains 100 servers you need to recommend a solution that provides additional resources to your users the solution must minimize capital and operational expenditure costs what should you recommend in your solution and your options are a complete migration to public Cloud an additional data center a private cloud or a hybrid cloud and of course the answer is hybrid cloud and this is because hybrid cloud is a combination of public and private cloud and with hybrid Cloud you can continue to use your own premises servers while adding new servers to public cloud like Microsoft Azure and how does that help well adding new servers to a public cloud like Microsoft Azure will reduce your upfront cost or capital expenditure and that's exactly what we want to achieve we want to minimize our capital expenditure and operational expenditure and just to understand why should not be go for complete migration to public Cloud will a complete migration of 100 servers to public Cloud would involve a lot of operational cost or Opex and the question already says that we have to reduce our operational expenditure as well and then moving on to the additional data center while of course adding a new additional data center will involve a lot of capital expenditure and of course as per the question we don't want to increase our capital expenditure and then coming to the private Cloud well a private cloud is hosted on the on-premises servers and this would also add capital expenditure and that's why hybrid Cloud which is a mix of public cloud and private Cloud will help us minimize the capital and operational expenditure cost now let's move on to the question number 134 it says that you are tasked with deploying Azure virtual machines for your company you need to make sure the use of appropriate Cloud deployment solution and the solution given is that you should make use of software as a service or SAS model does this meet the goal and this solution my friends is a incorrect Solution that's why we have chosen no here so what is the correct solution we will find out in the next question so here comes question number 135 exactly the same question but this time the solution says that you should make use of platform as a service or past model but this time also my friends this is a incorrect solution and now comes question number 136 once again the question is exactly the same but this time the solution says that you should make use of infrastructure as a service or IAS model and this time this is a correct solution and this is because we very well know that Azure virtual machines are categorized as infrastructure as a service now let's move on to the question number 137 it says Azure site recovery provides full tolerance for the virtual machines once again you can see that we have this underlying text so if this entire statement along with this text makes this entire statement correct then you should go for no change needed otherwise you have to make this statement correct by choosing any of these three options and what are other three options well we have Disaster Recovery elasticity or high availability and the correct answer for this question is option b disaster recovery so now the correct statement becomes Azure site recovery provides disaster recovery for virtual machines so shall we validate our answers of course we will do that and that's why I'm here on the Microsoft documentation on Azure site recovery and here on this documentation you can read it says that site recovery is a native Disaster Recovery as a service or dras and Microsoft has been recognized as a leader in dras based on the completeness of the vision and the ability to execute by Gartner in the 2019 magic quadrant for Disaster Recovery as a service so you can clearly make a note that site recovery is a native disaster recovery and that validates our answer to the question number 137 moving on with the question number 138 it says is an availability Zone in Azure has physically separate location across two continents and once again we have underlined text so if this underlying text makes this statement correct then you have to choose no change needed otherwise you have to make this statement correct by choosing any of the three available options and your options are within a single Azure region option C is within multiple Azure regions and then we have within a single Azure Data Center and this time my friends the correct answer is option b within a single Azure region and this is because availability zones offer High availability that protects your application and data from data centers failure once again to sum up availability Zone gives you protection against data center failures and they do not span across two continents now let's move on to the question number 139 it says Azure monitor can monitor the performance of on-premises computers true or false and this is a true statement and this is because Azure monitor of course you can use it to monitor the performance of on-premises computer you can also use it to monitor the performance and availability of your on-premises servers as well as the performance of your applications and the services running on those servers and this really helps you identify and troubleshoot the issues and ensure that your on-premises system are running smoothly now let's move on to our related question question number 140 says that Azure monitor can send alerts to Azure active directory security groups true or false and this one my friends is a true statement so Azure monitors can send alerts to Azure active directory security groups and you can configure Azure monitors to send alerts to one or more Azure ad security groups when a certain condition is met and this really ensures that a set of right people are notified when there are issues with your system for example your help desk or album support and how exactly you can achieve this well in the settings you can specify an email address and this email address can be of a security group and that's why it's a true statement let's move on with the question number 141 it says Azure monitor can trigger alert based on the data in Azure log analytics workspace true or false and this one my friends again is a true statement and in case you want to learn more on Azure monitor here is the overview here you can read that Azure monitor helps you maximize the availability and performance of your application and the services it also delivers comprehensive solution for collecting analyzing and acting on Telemetry from your cloud and on-premises environments this information helps you understand how your applications are performing and proactively identify the issues that affect them and the resources they depend on similarly I have got one more documentation here it is it says what are Azure monitor alerts and in this documentation you can read all about the alerts how to set them what are the sources and what are the targets and as always links to all the documentation is available in the description box and now here comes question number 142 it says your company plans to migrate all the on-premises data to Azure you need to identify whether Azure complies with companies Regional requirements what should you use your options are the knowledge Center the Azure Marketplace my apps portal or the trust Center and the correct answer to this question is trust Center and here comes the official Microsoft documentation on trust Center it also gives you all the informations about the products and the services that runs on trust Center so here you can see that we are given with security privacy and compliance in the question we were talking about compliance and also if you scroll a little bit more you can also understand how trust Center helps you with Azure Services Azure devops services and Azure cognitive Services it helps you implement security privacy gdpr data locations compliance and you can also learn a lot more in this documentation and because of all that abilities we have chosen trust Center as the answer to this question and now let's move on to the question number 143 it says Azure policy helps organizations to your options are create security policies and force organizational standards and to access compliance at scale and the third option is create firewall rules and of course the correct answer is option b and force organizational standards and to access compliance at scale and a great place to start on Azure policy is this Microsoft documentation that clearly explains you what is azure policy Azure policy helps you enforce organizational standards and to act access compliance at scale and through its compliance dashboard it provides an aggregated view to evaluate the overall state of the environment with the ability to drill down to per resource per policy granularity and now let's move on to the question number 144 it says that you have 50 virtual machines hosted on premises and 50 virtual machines hosted in Azure the on-premises virtual machines and the Azure virtual machines are connected to each other which type of cloud model is this is it a hybrid or private or a public cloud and I'm pretty sure that you have already picked option a hybrid cloud and friends as I have mentioned this many times hybrid cloud is a combination of private cloud and public cloud and here in the question you can clearly see that we have 50 virtual machines that are hosted on premises so this is a private cloud and then we have 50 virtual machines that are hosted in Azure which is a public Cloud so this means we have combination of private cloud and public the cloud and that's why hybrid cloud is the only correct option and now let's move on to the question number 145 it says that you plan to provision infrastructure as a service resource in Azure which resource is an example of IAS or infrastructure as a service your options are an Azure web app and Azure virtual machine and Azure logic app and Azure SQL database and once again I'm sure that you have picked option b and Azure virtual machine so that was all for today friends we all are learning and we all have questions that's why at the 10th Blackboard we would like to hear what are your questions and what are your confusions on Azure Cloud we always keep covering your doubts in our videos so that everyone can benefit from it and the YouTube comment section is a great way to reach us other means to reaches are also flashing on your screen I'm really hopeful that you learned some new Concepts today and are already feeling more confident for the easy 900 exam hello and welcome back to the Tech Blackboard 20 latest questions on easy 900 are coming up in this part 9 of AZ 900 series in 2023 so let's begin Part 9 with the question number 146 and here let me show you a question which has so many versions on internet and here I would present some of them the most confusing part is that although the question is exactly the same but the Microsoft services that are given for you to choose the answer from are totally different and this confuses lot of people and even after looking so many different sites you won't be able to make out the correct answer I was asked this question so many times so I did some research and will present you three versions of this question and will also give you some Microsoft documentation to better understand the question its answers and also do some self-study so let's read the question the question says that what should you use to evaluate whether your company's Azure environment meets the regulatory requirements your options are the knowledge Center website the option b is the advisor blade from Azure portal option C is compliance manager from the security trust portal and option D is security Center blade from the Azure portal and the correct answer to this question is option C compliance manager from the security trust portal now let's check out the other versions of this question so here comes question number 147 exactly the same question however this time the options are Azure service Health Azure Knowledge Center Microsoft Defender for cloud and the last option is azure advisor and the correct answer for this question is option C Microsoft Defender for cloud and friends this is a tutorial documentation from Microsoft on how to improve your Regulatory Compliance and here you can read that Microsoft Defender for cloud helps you streamline the process of meeting Regulatory Compliance requirements using Regulatory Compliance dashboard Defender for cloud continuously accesses your hybrid Cloud environment to analyze the risk factors according to the controls and best practices to the standards that you have applied to your subscription the dashboard reflects the status of your compliance with these standards also my friends in the same documentation you can also read about the prerequisite and how can you access your Regulatory Compliance not only that you are also given with some of the investigation that you can do on your Regulatory Compliance issues so all in all a very good documentation if you want to learn how to improve your Regulatory Compliance now let's move on to the question number 148 question is exactly the same once again however this time the options are Azure service Health Azure Knowledge Center Azure security Center and Azure advisor and this time my friends amongst these options I have picked option C Azure security Center as the answer to this question so now that you have seen three versions of the same question in case you do not get compliance manager as one of the options or the services to choose the answer from then in that that case you always go for Azure security Center and why do I say that let me show you documentation in support of the answer so after doing a lot of research I came across to this Microsoft documentation that brings out the difference between Microsoft Defender for cloud and Microsoft Defender endpoint and here you can see there is a answer given by a Microsoft employee you can see it here and here it's clearly mentioned that Microsoft Defender is the overall brand for the Microsoft security products and while these two have similar names you have spotted they are different products so here you can see that we are given in a summary what is Microsoft Defender so Microsoft Defender for endpoint is Enterprise endpoint security platform and Defender for endpoints incorporates things like next Generation antivirus but also includes behavioral sensors leverages cloud-based security analytics and threat intelligence in order to provide security for Windows Mac OS Linux Android and iOS endpoints on the other hand Microsoft Defender for cloud provides Cloud security posture management providing a security analysis for all your resources in your Cloud estate and Cloud workload protection which gives you specific protection for your resources such as virtual machines cloud storage databases security Keys containers Etc so now as you saw in the Microsoft documentation Microsoft Defender is the overall brand for Microsoft security products thus you need to choose Azure security Center and here I would say that absence of compliance manager makes Azure security Center the next possible best answer friends it took me a lot of time and effort to bring all the possible variations of this question and provide you with right Microsoft documentation so please like the video and friends in order to get the free PDF file with all the 20 questions and answers that we are discussing in this part 9 you have to tell me the correct answers for the question number 147 153 and 164. please subscribe to the channel and become eligible for this free PDF file sending your answers to the email ID connect us at the rate detect blackboard.com also friends to help you even further we have an entire playlist on Azure fundamentals explaining each Azure Concept in detail this playlist is fully synced with the latest labels from Microsoft on easy 900 so please do check out this playlist the link is shared in the description box and also now appearing in the I button on the top right corner now let's move on to the question number 149 it says you plan to provision platform as a service resources in Azure which resources are an example of pass your options are an Azure web app and Azure virtual machines and Azure logic app or an Azure SQL database and the correct answer for this question is option a option C and option D now let's focus on some of the questions from Azure keyboard and you can expect handful of questions in Easy 900 exam around this important concept so here comes question number 150 it says Azure keyword can analyze security log files from Azure virtual machines true or false and this one my friends is a false statement and this is because Azure keyword is a cloud service that provides a secure store for Secrets it has nothing to do with analyzing security logs from Azure virtual machines and now comes question number 151 it says this question requires you to evaluate the underlying text to determine if it's correct here you can see that we are given with this statement which says Azure keyword is used to store app secrets so basically you have to make sure this statement is correct and if it's already correct then you have to choose no change needed otherwise you have to make this statement correct by choosing one of these three options available and what are the other three options we are given with Azure security Center Azure blob storage and Azure web pose but for now the correct answer is option A no change needed and this is because Azure keyboard as we understood in the previous question as well it is actually used to store app Secrets making this statement entirely correct moving on with the question number 152 again you are given with the statement with underlined text it says that as your keyword is used to store secrets for Azure active directory Azure ad user accounts and the options given are no change needed Azure active directory administrative accounts personally identifiable information or server applications and the correct answer for this question is option T server applications so the correct statement becomes Azure keyboard is used to store secrets for Server applications and here comes question number 153 it says your company plans to automate the deployment of the servers to Azure your manager is concerned that you may expose administrative credentials during the deployment and unit to recommend an Azure solution that encrypts the administrative credentials during the deployment what should you include in the recommendation your options are Azure keyboard Azure information protection as your security Center or Azure multi-factor authentication and the correct answer what of course is azure key Vault and in this documentation from Microsoft on Azure keyboard you can read very well in the first paragraph itself that Azure keyword can be used to securely store and tightly control access to tokens passwords certificates API keys and other Secrets moving on with the question number 154 it says Azure keyword automatically generates a new secret after every use true or false and this one my friends is a true statement and now comes question number 155 it says which Azure service should you use to Source certificates your options are Azure security Center and Azure storage account as your keyboard or Azure in information protection and the correct answer is option C as your keyboard as we just saw the documentation in case you missed please rewind the video now let's shift our Focus to other type of questions and here comes question number 156 it says that if you are not using virtual machines and all its resources what should you do to save costs your options are stop virtual machines shut down virtual machine or switch off virtual machine and the correct answer is option b shutdown virtual machine and friends this is a very important Azure concept A lot of people end up paying huge bills because of the confusion between the concept of stopping virtual machine and shutdown virtual machine so please listen to this very carefully when you do not need a virtual machine or the resources associated with that virtual machine you must always shut it down and this is because when you just stop a virtual machine or you can also say that you keep a virtual machine in a deallocated state in this case of course you will not be charged for the virtual machine compute resources but you will still need to pay for the operating system and the data storage is attached to that virtual machine so that's why when you are done with the virtual machine always make sure to shut it down and now comes question number 157 it says that you have an Azure environment that contains multiple Azure virtual machines you plan to implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines you need to recommend which Azure resources must be created for this plant solution so which two Azure resources should you include in the recommendation your options are a virtual Network Gateway a load balancer an application Gateway a virtual Network or the last one is a gateway subnet now friends this is a tricky question or maybe let's say this is not tricky but it actually checks your actual Azure working knowledge and in this question you can see that it says on premises Network to communicate to the Azure virtual machines and that's why here I assume that if there is a virtual machine in Azure a virtual network is already existing so this is why I'm ruling out the option D a virtual Network see in this question we have to only choose two Azure services and that's why we have to make some clever assumptions here and once again as the question says that on-premises Network to communicate with the Azure virtual machines so this means option b which is a load balancer and option C which is application Gateway which is a web traffic load balancer is anyways of no relevance here thus the only two choices we are left with is option A a virtual Network Gateway and option e a Gateway subnet and those are most definitely the answer of this question and you know what friends this is one trick that I always use in my exam I call this elimination technique and in this technique you try to separate out the options that do not fit and make some smart assumptions and this will lead you to the correct answer and with that let's move to the question number 158 it says Azure web app Azure logic app and Azure SQL database are an example of platform as a service or past model true or false and we just saw a variation of the same question in this very video few questions back the answer to this question is that this is a true statement now let's move on to the question number 159 it says DNS server runs on virtual machine is a platform as a service true or false and this one my friends is a false statement and you have to understand that in general platform as a service is about a platform where a developer can design and deploy an application so a regular DNS server that runs on virtual machine is not passed and Azure virtual machine is always considered IAS or infrastructure as a service as it offers Computing resources let's move on to the question number 160 it says SQL Server installed on a virtual machine is SAS or software as a service true or false and this one again is a false statement and the reason is that if you install SQL server on a virtual machine manually or by using the Box image it is still a virtual machine and this means that as a customer you still need to manage all the platform aspects and by now we have read so many times that virtual machine is infrastructure as a service now let's move on to the question number 161 it says Azure SQL database is an example of pass true or false and this one is a true statement and this is because customers who purchase Azure SQL database do not need to maintain anything related to the SQL platform because was Microsoft manages that for them and here comes question number 162 it says Azure files is an example of SAS or software as a service true or false and this one my friends is a fault statement and why so because Azure files is a pass offering offered by Microsoft Azure that is built on top of azure storage it provides you fully managed file shares over a protocol that is known as SMB or server message block moving on with the question number 163 it says cloud computing leverages virtualization to provide services to multiple customers simultaneously true or false and of course this is a true statement let's move on to the question number 164 it says which service provides serverless Computing in Azure your options are Azure virtual machines Azure functions Azure storage account or Azure dedicated host and the correct answer is option b Azure functions and now let's move on to the question number 165 that says releasing a feature to all the customers is called your options are General availability General preview and the last option is public review and the correct answer is option a general availability 20 exam like questions on easy 900 coming up in this part 10 and all the questions are fully updated for AC 900 series in 2023 so let's begin part 10 with different kind of questions these questions are drag and drop so let's begin with question number 166 it says that to answer drag the appropriate benefit from the columns on the left to its description on the right each benefit may be used once more than once or not at all so here you can see that we are given with some of the Azure services on the left hand side and then we are given with a small one-liner description on the right hand side so we have to match these Azure services with these descriptions so let's read the first description it says and if then statement of assignments and access control so friends in case of if then statement what comes to your mind basically whenever we have if then statement what we are actually saying is if something happens if a condition is met then you have to take some set of actions but in case the condition B is made then you have to take some another set of actions so basically it's a conditional access and that's why this statement matches with conditional access moving on the second statement says responsible for authentication and always remember my friends whenever it's authentication always go for Azure ad the third statement says responsible for authorization and this of course is our back now how many of you know the full form of our back let me know in the comment section and before moving ahead friends in case you want a free PDF file containing all the 20 questions with answers that we are discussing in this video you have to tell me the correct answer us for the question number 169 173 and 183 and friends please like the video and subscribe to the channel so that you are eligible for this PDF file and send your answers at our email ID connect us at the rate the techblackboard.com also remember my friends that questions and answers will surely make you better prepared for the exam but the concepts will make you a better Azure professional and that's why we have entire playlist on Azure fundamentals explaining each Azure Concept in detail this playlist is completely synced with the latest Microsoft syllabus on easy 900 and you can see thumbnails of some of the videos from this playlist on your screen new videos are added very frequently do check out this playlist the link is shared in the description box and also appearing in the I button on the top right corner now let's move on to the next question question number 167 says that your company intends to subscribe to an Azure support plan the support plan must allow new support request to be opened which of the following are support plan that allows this and you have to answer by dragging the correct option from this list to this answer area and what are the options given we have basic support plan we have developer we have standard support plan we also have professional direct and we also have Premier support plan and what are the options given well we have basic support plan developer standard professional direct and Premier now let's check out what are the correct support plans that allow you to open new support requests the first support plan is basic the second one is developer then we have standard and last one is professional direct and please note my friends that Premier support plan this does not exist anymore rest in all the other plans you can open a new support request and you can read all about the support plans in this Microsoft documentation here you can see that we have only four options given here we have basic developer standard and and professional direct and as I mentioned Premier support plan does not exist anymore now let's move on to the next question question number 168 this one again is a drag and drop kind of question again you are given with some of the Azure services and these services are to be matched with these one-liner definitions so let's first check out what are the Azure Services given in the question we have Dynamic scalability then we have load latency the third one is Fault tolerance and the last one is disaster recovery and now let's check out the first definition it says a cloud service that remains available after a failure occurs and this one most definitely is Fault tolerance the second definition says a cloud service that can be recovered after a failure occurs and here my friends please note the minute difference between these two definitions the first one says remains available however the second one says that can be recovered so please understand there is a difference between remaining available and being recoverable and that's why the correct matching service for the second definition is disaster recovery moving on with the third one it says a cloud service that can be accessed quickly from the internet and this one most definitely is low latency and now the fourth definition says a cloud service that performs quickly when demand increases and this one is dynamic scalability now friends all these four Services all these are very important Azure services and one-liners are not enough and that's why let me give you more details on each of this because you will get loads of question around these services so first let's understand what is dynamic scalability so Dynamic scalability is the ability for compute resources to be added to service when the service is under heavy load for example in a virtual machine skill set additional instances of virtual machines are added when existing virtual machines are under heavy load now coming to the low level can see well latency is the time of a service to respond to the request for example the time it takes for a web page to be returned from a web server low latency means low response time which means a quicker response and now we have fault tolerance well fault tolerance is the ability of a service to remain available after a failure of one of the components of the service for example a service running on multiple servers that can withstand the failure of one server and lastly we have Disaster Recovery Disaster Recovery is the recovery of a service after failure for example restoring a virtual machine from backup after virtual machine failure friends before you jump to the next question I seriously recommend you to pause this video now and read this definition one more time understand them well and try to connect these definitions with the one-liners given in the previous question now let's move on to the question number 169 it says that your billing is based on your usage of azure resources and is invoice fill in the blanks the options given are annually monthly or daily so simply putting the question is just asking you what is the billing cycle in Azure cloud and in case you have already worked on Azure you know the correct answer is option b monthly and now let's move on to the question number 170 it says a company is planning on setting up a solution in Microsoft Azure the solution won't have the following key requirement and the requirement is give the ability to host a big data analysis services for machine learning which of the following would be best suited for this requirement your options are Azure data breaks Azure logic apps Azure app services or Azure application insights and the correct answer for this question is option A Azure databricks and in case you are wondering what is azure data breaks well Azure data breaks Lakehouse platform provides a unified set of tools for building deploying sharing and maintaining Enterprise grade data solution at scale as your data breaks integrates with cloud storage and Security in your cloud account and manages and deploys Cloud infrastructure on your behalf and just so you know as your data breaks is a Apache spark based analytics platform optimized for Microsoft Azure cloud services a great service to explore in case you want the link is right there in the description box now let's move on to the question number 171 the question says a company is planning on setting up a solution in Microsoft Azure the solution would have the following key requirement and the requirement is give the ability to detect and diagnose anomalies in web apps which of the following would be best suited for this requirement and your options are Azure data breaks Azure logic apps Azure app service or Azure application insights and this time the correct answer is option D Azure application insights so Azure application insights is a feature of azure monitor it is an extendable application Performance Management APM service for web developers on multiple platforms and you can use it to monitor your live web application it will automatically detect performance anomalies it includes powerful Analytics tool to help you diagnose issues and to understand what users actually do with your application and further it helps you continuously improve performance and usability and this one as you can see my friends it works on variety of platform including.net node.js Java hosted on premises hybrid or any public Cloud so that's why Azure application insights is a correct service to detect and diagnose anomalies in web apps now let's move on to the question number 172 it says a company is planning on hosting a solution on Microsoft Azure the solution would have following key requirement the requirement is allow the hosting of web-based application your options are Azure data breaks Azure logic apps Azure app service and the last option is azure application insights and I think this is an easier question in case you have already guessed the correct answer is option C Azure app service now let's move on to the question number 173 it says a company wants to host an application on a set of virtual machines the application must be made available 99.99 of time in order to comply with the SLE requirement what is the minimum number of virtual machines required to ensure 99.99 of time to host the application and your options are one two three or as much as possible in simple words my friends the question is just asking you how many virtual machine should you host in order to maintain 99.99 of SLA and the correct answer is to there should be at least two virtual machines to maintain 99.99 of SLA now let's move on to the question number 174 it says a company is planning on hosting Solutions with Microsoft Azure Cloud they need to Implement MFA for identities hosted in Microsoft Azure the only two valid ways of authentication for MFA as listed below the first one is picture identification and the second one is passport number is the above true or false I hope my friends you understand MFA stands for multi-factor authentication and as far as the answer goes this is a false statement now let's understand how does a multi-factor authentication or MFA works here in the documentation so here you can see that multi-factor authentication is a process in which the users are prompted during sign-in process for an additional form of identification such as a code on their cell phone or a fingerprint scam and I am sure most of you are dealing with this even a pizza delivery these days will send you an SMS code and only once you verify that code you will be delivered that pisam anyways jokes apart it also says that if you only use a password to authenticate a user it leaves an insecure Vector for attack and further it says that Azure ad multi-factor authentication works by requiring two or more of the following authentication method the first one is something you know typically a password and the second one is something you have such as a trusted device that's not easily duplicated like a phone or a Hardware Key the third one says something you are biometrics like fingerprints or a phase cam so friends as we saw in the Microsoft documentation picture identification and passport number are not valid multi-factor authentication and that's why we have chosen polls for this question now let's move on to the question number 175 it says a company plans on purchasing Microsoft Azure support plan below is the key requirement for the support plan provide an option to contact Microsoft support Engineers by phone or email ID during business hours our recommendation is made to purchase the basic support plan and what this recommendation fulfill this requirement and this one my friends is a false statement and this is because being able to contact Microsoft support Engineers by phone or email during the business hours is only available in developer standard and professional direct support plans that's why basic support plan will not fulfill this requirement and now let's move on to the question number 176 in this question we are given with some statements and we have to validate whether these statements are correct or incorrect let's read the first one it says to implement a hybrid Cloud Model A company must have an internal Network yes or no and this one my friends is an incorrect statement and the reason being it's not true that a company must always migrate from an internal Network to implement a hybrid Cloud you can also start with a public cloud and then combine that with an on-premise infrastructure to implement a hybrid Cloud moving on to the next statement the statement says that a company can extend the computing resources of its internal Network by using hybrid Cloud yes or no and this one my friends is a true statement of course a company can extend its Computing resources of its internal Network by using hybrid cloud and this is exactly what hybrid cloud is meant for basically you keep using your private Network or private resources and also extend whenever the need arises to the hybrid cloud or public Cloud so combination of this private resources and public resources makes it a hybrid cloud and now let's move on to the last statement it says in a public Cloud Model only guest users at your company can access resources in the cloud yes or no and this one my friends is an incorrect statement and why so because it's not true that only guest users can access Cloud resources you can give access to the resources to anyone who has an account in Azure active directory now let's move on to the question number 177 which says when you are implementing software as a a service or SAS solution you are responsible for your options are configuring High availability defining scalability rules the third one is installing SAS solution and the last one is configuring SAS solution and the correct answer is option D configuring the SAS solution and this is simply because everything else is managed by Cloud providers such as Microsoft Azure now let's move on to the question number 178 it says that you plan to migrate a web application to Azure the web application is accessed by external users you need to recommend a cloud deployment solution to minimize the amount of administrative effort used to manage the web application what should you include in your recommendation your options are software as a service platform as a service infrastructure as a service and the last one is database as a service and the correct answer for this one is option B platform as a service moving on to the question number 179 it says that you plan to migrate several servers from on-premise's Network to Azure what is an advantage of using public cloud service for the servers over on premises Network the options given are the public cloud is owned by public not a private corporations the second option is the public cloud is a crowdsourcing solution that provides cooperations with the ability to enhance the cloud the third option is all Cloud resources can be freely accessed by every member of the public Cloud the fourth one is the public cloud is shared entity whereby multiple corporations each use a portion of the resources in the cloud and the correct answer for this question is option D and friends I am pretty sure that you know that public cloud is not owned by public in case of Microsoft Azure as an example this is owned by Microsoft cooperation now let's move on to the question number 180 it says that you have 1000 virtual machines hosted on hyper-v host in a data center you plan to migrate all the virtual machines to an Azure pay as you go subscription you need to identify which expenditure model to use for the planned Azure solution the options given are operational elastic capital or scalable and the correct answer is option A operational and here comes question number 181 it says Azure Cosmos DB is an example of Dash offering your options are platform as a service infrastructure as a service serverless and the last option is software as a service and the correct answer is that Azure Cosmos DB is an example of platform as a service moving on with the question number one it do it says a Microsoft SQL Server database that is hosted in the cloud and has software updates managed by Azure is an example of Dash your options are Disaster Recovery as a service infrastructure as a service platform as a service and the last one is software as a service and the correct answer is option C platform as a service and friends please be very careful when you read this kind of question let's say in your exam instead of Microsoft SQL database that is hosted in Cloud instead of this option the question says Microsoft SQL Server hosted on a virtual machine in that case the correct answer would be infrastructure as a service because always remember whenever there is virtual machine in the question always go for infrastructure as a service and here comes question number 183 it says that your company plans to migrate all its data and resources to Azure the company's migration plan states that only platform as a service solutions must be used in Azure you need to deploy an Azure environment that meets the company's migration plan what should you create your options are Azure virtual machines Azure SQL database and Azure storage account the second option is an Azure app service an Azure virtual machines that have my Microsoft SQL installed I just mentioned this the third option is an Azure app service and Azure SQL database and the fourth option is an Azure storage account and web server in Azure virtual machines and the correct answer for this question is option C and Azure app service and Azure SQL database and this is because in all the other options you are given with virtual machines I just mentioned virtual machines are infrastructure as a service however in this question the ask is platform as a service and here comes question number 184 it says that you are required to deploy an artificial intelligence solution in Azure you want to make sure that you are able to build test and deploy Predictive Analytics for the solution what is the solution given solution says that you should make use of azure Cosmos DB does this meet the goal true or false and of course this one is a false statement and this is because Azure Cosmos DB has nothing to do with artificial intelligence and here comes question number 185 which is a variation of the last question 184 the question is exactly the same in this as well but the solution given is that you should make use of azure machine Learning Studio does this meet the goal true or false and of course this is a true statement as your machine Learning Studio is the service that you should use when you want to implement artificial intelligence based Solutions in this part 11 of AC 900 exam Series in 2023 I bring to you 20 latest and important key questions all our questions are well researched and supported by Microsoft documentation so that you can validate the answers and also do some self-study [Music] so let's begin part 11 with question number 186 it says that you are working on understanding all the key terms when it comes to International standards data privacy and data protection policies which of the following choices pertains to the following an organization that defines International standards across all Industries your options are gdpr ISO nist or Azure government and the correct answer for this question is ISO so what is ISO well I assume means International Organization for standardization and this is an independent non-governmental organization and the world's largest developer of voluntary International standards and this is the exact ask of the question the question asked to tell the organization that defines International standards across all industry and that's why we have chosen ISO as the answer to this question now moving on to another related question it says that you are working on understanding all the key terms when it comes to International standards data privacy and data protection policies which of the following pertains to the following and it says an organization that defines standards used by United States government your options are gdpr ISO nist or Azure government and this time the correct answer is nist so what is nist well nist means National Institute of Standards and technology and this is an organized position that promotes and maintains measurement standards and guidance to help organization access their risk now let's move on to one more related question question number 188 question says that you are working on understanding all the key terms when it comes to International standards data privacy and data protection policies which of the following pertains to the following a European policy that regulates data privacy and data protection once again the options are similar gdpr ISO nist and Azure government and this time my friends the correct answer is gdpr so what is gdpr well gdpr means general data protection regulation and what does it do it's a European Union that gives access to people to manage the personal data that has been collected by an employer or other type of agency or organization personal data is defined very broadly under gdpr as any data that relates to an identified or identifiable natural person any in case you want to dig down on what exactly is gdpr you can click on this link here and then you will reach to this site this site will give you all the details or all the intricacies that comes under gdpr a very important policy in case you are dealing with any data which is related to any European person or any European organization links to all these documents related to gdpr ISO and nist are right there in the description box you can read whenever your time permits and now let's move on to the question number 189 it's a yes no kind of question let's read the first statement it says a platform as a service solution that hosts web apps in Azure provides full control of operating system that hosts application yes or no and this one my friends is an incorrect statement and this is because past solution do not provide access to the operating system the Azure web app service provides you an environment for you to host your web application but behind this is the web app are hosted on virtual machine running on IIs but please note in case of pass or or platform as a service and Azure web apps you have no direct access to the virtual machines or the operating system that operate under the hood so that's why we have chosen a no for this statement moving on to the next statement it says a platform as a service solution that hosts web apps in Azure web apps in Azure provides the ability to scale the platform automatically yes or no and this one my friends is a correct statement and this is because a past solution that hosts web apps in Azure does provides the ability to scale the platform automatically and this ability is known as Auto scaling and once again I will repeat behind the scenes web apps are hosted on Virtual machines that run IAS so what does Auto scaling mean well Auto scaling simply means to add more load balanced virtual machines in case you have more load on your web applications and that's why we have selected yes for this statement moving on to the third statement it says a platform as a service solution that host web apps in Azure provides professional development services to continuously add features to custom applications yes or no and this one once again is a true statement and why so because platform as a service provides a framework that developers can build upon to develop or customize cloud-based application now let's move on to the question number 190 again a yes no kind of question the first statement says that Azure provides flexibility between capital expenditure or capex and operational expenditure also known as Opex yes or no and this one my friends is a true statement see traditionally it expenses has been considered as a capital expenditure because in Good Old Days Every big organization would certainly have their own data centers data centers are complex and big facilities hosting hundreds and thousands of computers all linked to each other and other resources as well and of course to build a data center you would need a lot of capital and that that's why they were huge capital expenditure up front to set up a data center but with cloud services today they provide flexibility between capital expenditure and operational expenditure while you can still use your on-premises data centers or all other resources you can Avail the benefits of pay as you go pricing model with any Cloud providers such as Microsoft Azure Amazon AWS or Google gcp and that's why this is a correct statement moving on to the next one it says that if you create two Azure virtual machine that uses b2s size each virtual machine will always generate same monthly cost yes or no so what is your answer think for a moment pause the video and tell me the answers in the comment section Well for now the correct answer for this statement is no and this is because two Azure virtual machines using the exactly same size or maybe you can say exactly same configuration could still have different disk configuration and now please pay attention because this is a very important azure concept whenever you're building Azure solution you must be aware that even if you build exactly two same virtual machines they can still cost differently and there could be multiple reasons for this for example they can have different disk configuration and not only that they can have different other resources attached to the virtual machines that are priced differently in different geographical locations so that's why even if two virtual machines are using same b2s size they can still cost differently and please always keep this important Azure Concept in your mind and with that let's move on to the third statement it says when an Azure machine is stopped you still continue to pay storage cost associated with the virtual machine yes or no and this one my friends is a true statement and this once again is a critical Azure concept because in case you do not understand this Azure concept very clearly you will end up increasing huge costs on Azure virtual machines because you might think that you have stopped Azure virtual machine but still you would be paying for other resources like storage costs even if the Azure virtual machine is stopped although we have talked on this concept many times but let's summarize once again so when you stop an Azure virtual machine the machine itself is stopped and you're not exactly paying the cost of virtual machine however you still pay for the storage cost associated with the virtual machine the most common storage that are associated with virtual machine are disattached to the virtual machines there are also other storage costs associated with virtual machine such as storage for Diagnostics data and Azure virtual machine backups so it's a good practice always shut down your virtual machines whenever you are done with them and here comes question number 191 once again yes no kind of question the first statement says that you can copy a virtual machine from one subscription to another subscription yes or no and this one my friends is an incorrect statement the second statement says that you can move Azure virtual machines to another Azure region yes or no and this one is a correct statement and the last statement says that you can move a virtual machine from one subscription to another subscription yes or no and this one my friends is a true statement so please observe the difference between statement a and statement C basically you can move a virtual machine from one subscription to another but you cannot copy virtual machine from one subscription to another subscription and this is because copying means that you are creating one more existence of same virtual machine in another subscription and that is not possible and now comes question number 192 it says the Microsoft InTune product is software as a service platform as a service or infrastructure as a service and the correct answer for this question is option a software as a service and now comes question number 193 at which OSI layer does the express route operate your options are layer 2 layer 3 layer 5 or layer 7 and the correct answer is option b layer 3 and you can validate this this answer on this Microsoft documentation that talks about what is azure express route and when you read the key benefits in context of express route the very first benefit says that layer 3 connectivity between your on-premises network and the Microsoft cloud through a connectivity provider and this is exactly where we can validate our answer layer 3 connectivity let's move on with the question number 194 it says what are the two benefits of cloud computing each correct answer presents a complete solution and please note that each correct selection is worth one point your options are enables the rapid provisioning of resources has increased administrative complexity the third one is has the same configuration option as on-premises and the last one is shift capital expenditure to operating expenditure and the correct answer for this question is option A and option D let's move on to the question number 195 it says what is a feature of azure virtual Network your options are resource cost analysis packet inspection Geo redundancy and the last one is isolation and segmentation and the correct answer for this question is option D isolation and segmentation so what exactly is the need to isolate the resources see isolation enables you to control governance policies set by the organization on the other hand the segmentation is the ability to group related assets that are part of workload operations and friends we are going to talk about isolation and segmentation in more detail in the upcoming part part 19 of our Azure fundamental full code series and in this upcoming part we are going to also talk about Azure virtual Network and Azure subnets very important concept so in case you have not subscribed to the Channel please do it now and press that Bell icon so that you don't miss any notification of all these upcoming important videos and with the belief that you have liked this video And subscribe to the channel let's move on Here Comes question number 196 it says Dash enables Azure resources to be deployed close to the users your options are elasticity Geo distribution High availability and the last one is scalability and the correct answer for this question is option b jio distribution so please understand my friends that because of jio distribution you can deploy apps and data to Regional data centers around the globe and thereby you can ensure that your customers will always have the best performance in their region and now comes question number 197 it says that your company's infrastructure includes a number of business units that each need a large number of various Azure resources for everyday operation the resources required by each business unit are identical you are required to sanction a strategy to create Azure resources automatically the solution given is that you recommend that Azure API Management Service to be included in the strategy does this meet the goal yes or no and the correct answer for this question is no and this is because Azure API Management Service is a way to create and manage customer API for existing back-end services but the question is asking about the way to create Azure resources automatically or you can also say on the fly so what is the correct service let me show you two more variations of the same question and then you will also find the correct answer so here comes question number 198 question is exactly the same the solution however this time says that you recommend that the management groups to be included in the strategy does this meet the goal yes or no and this time also my friends this is a incorrect solution so this is because management groups are just like containers that help you manage access policies and compliance across multiple subscription and they have nothing to do with creation of azure resources automatically so that's why this is an incorrect solution now let's check out question number 199 question once again is exactly the same this time the solution says that you recommend Azure Resource Management templates to be included in this strategy does this meet the goal yes or no and this time my friends this is a correct solution so basically Azure resource manager templates are JavaScript object notation also known as Json files that Define infrastructure and configuration of your projects and are great way to create Azure resources automatically and now comes question number 200 which says that which of the following describes platform as a service your options are users are responsible for purchasing installing configuring and managing their own software that includes operating systems middleware and application the second option is users create and deploy applications quickly without having to worry about managing the underlying infrastructure and the last option is users pay an annual or monthly subscription and the correct option that describes platform as a service is option b let's move on with the question number 201 it says that you are developing an application and want to focus on building testing and deploying you don't want to worry about managing the underlying Hardware or software which cloud service type is best for you your options are infrastructure as a service software as a service or platform as a service and the correct answer for this question is option C platform as a service now let's move on to the question number 202 it says that you are running a virtual machine in public Cloud using IAS or infrastructure as a service which model correctly reflects how the resource is managed your options are shared responsibility model option b is cloud user management model and the last option is user management model and the correct answer is option a shared responsibility model so basically my friends under the share responsibility Model Management of resources is shared between the cloud service provider and the end user the cloud service provider such as Microsoft Azure being responsible for the cloud service infrastructure structure and the end user that is you being responsible for the services that are being configured and managed correctly and now let's move on to the question number 203 it says that you plan to migrate several servers from an on-premises Network to Azure what is an advantage of using public cloud service for the servers over and on premises Network your options are the public cloud is owned by the public and not a private Corporation the second one is the public cloud is a crowdsourcing solution that provides cooperation with the ability to enhance the cloud and the third one says all the public Cloud resources can be freely accessed by every member of the public and the last option says the public cloud is a shared entity whereby multiple corporations each use a portion of resources in the cloud and the correct answer for this question is option D and now let's move on to the question number 204 it says in which type of cloud model are all Hardware resources owned by third party and shared between multiple tenants your options are private Cloud hybrid cloud and the third one is public cloud and of course the correct answer for this question is option C public cloud and I'm pretty sure all of you know that Microsoft Azure Amazon AWS Google gcp are three examples of public cloud services and all these service providers own their own hardware and there are multiple tenants which are nothing but the customers all these customers shared all these available Hardware resources and here comes question number 205 it says a company wants to migrate their current on-premises servers to the cloud utilizing Microsoft Azure and they require that their servers are running even in the event that a single data center goes down which of the following terms best refers to the concept that needs to be implemented to fill this requirement your options are fault tolerance elasticity scalability or low latency and the correct answer to this question is option A Fault tolerance see the hint is already given in the question the question is already saying that the company requires that their servers are running even in the event that a single data center goes down and call tolerance is a concept in which a computer system or a set of infrastructure is designed in such a way that even if one component fails a backup component takes over the operations immediately so that there is no loss of service so that's why fault tolerance is the correct answer to this question hello and welcome back to the Tech Blackboard in this part 12 of AZ 900 series in 2023 we bring to you 20 latest questions on easy 900 all our questions are well researched and supported by Microsoft documentation so that you can validate the answers and also do some self-study so let's begin Part 12 with question number 206 the question says a company is planning on setting up a pay as you go subscription with Microsoft Azure would the company have access to support forums yes or no and the correct answer is yes and this is because Community Support is available for all the plans including basic developer standard and professional direct and friends before we move any further I would like to say that sometimes you will witness repetition of the questions in various parts or maybe the same question is presented in different formats maybe you feel that this is due to some mistake but let me tell you very clearly this is no mistake it is a deliberate action that we take while designing these courses because we feel reputation will drill the concepts in your mind the questions their variations and you will be able to handle the little tweaks that Microsoft do in exams so as I all always say reputation is good for you and for your learning and with that thought in mind let's move to the question number 207 that says your company plans to purchase Azure support the company's support policy states that the Azure environment must have an option to access support Engineers by phone or email you need to recommend a support plan that meets the support policy requirement and the solution given is recommend a professional direct support plan does this meet the goal yes or no and this one my friends is a correct solution now let's move on to the question number 208 it says a company's planning on using Azure app service to host a set of web applications the company has basic tier service plan and further it says does Microsoft automatically provide professional Technical Support Services with basic support plan yes or no and this one friends is an incorrect statement and that's why we have chosen a no so Microsoft does not automatically provide Professional Services with basic plan and it's very important for you to be familiar and aware of the four support plan that we discussed in the previous question as well those are basic developer standard and professional direct and friends in case you want to get additional support outside the scope of basic support plan in that case you would need to purchase any of the other three support plans those are Developer standard or professional direct and a good place to learn about all these support plans is this Microsoft documentation here you can see that we have basic developer standard and professional direct and friends I highly recommend reading this documentation because they will be handful of questions around support plans in AZ 900 exam and next we have question number 209 it says a dash cloud is a Computing environment that combines public cloud and private Cloud by allowing data and applications to be shared between them your options are public Cloud private cloud or hybrid cloud and most definitely the correct answer is hybrid cloud and this is because hybrid cloud as the name suggests is a combination of public cloud and private Cloud so that's why hybrid cloud is the correct answer now let's move on to the question number 210 it says your company has an on-premises Network that contains multiple servers the company plans to reduce the following administrative responsibilities of network administrators the responsibilities are backing up the application data replacing failed server Hardware managing physical server security updating server operating system managing permissions to the shared documents the company plans to migrate several servers to Azure virtual machines now you need to identify which administrative responsibilities will be eliminated after the planned migration which two responsibilities should you identify your options are replacing failed server Hardware backing up the application data managing physical server security updating server operating system and the last one is managing permissions to the shared documents and please note in order to get the full marks for this question you have to select two responsibilities and the correct answer for this question is option A and option C and this simply means that once the company moves the multiple servers from on-premises to Azure Network this would free up the network administrators from the responsibilities of replacing failed server hardware and managing physical cyber security and why so because all this will now be taken care by Microsoft Azure now let's move on and do some yes no kind of question Here Comes question number 211 and the first statement says that to achieve a hybrid Cloud Model A company must always migrate from a private Cloud Model yes or no and the correct answer for this statement is no let's move on to the next statement it says a company can extend the capacity of its internal Network by using public Cloud yes or no and this one is a correct statement and the last statement says in a public Cloud Model only guest user others at your company can access the resources in the cloud yes or no and this one is an incorrect statement and friends we have discussed all these statements in the previous parts so in case you want a detailed explanation of why we have chosen these answers please refer to the previous parts let's do one more yes no kind of question question number 212 the first statement says which software as a service or SAS model you must apply for software updates yes or no and this one is an incorrect statement and this is because in case of software as a service all the software updates are taken care by the cloud provider moving on with the next statement it says with infrastructure as a service or IAS you must install the software that you want to use yes or no and this one my friends is a correct statement so friends in case you are using Microsoft Azure or baby AWS or Google gcp and you want to have more control over the software that you install in that case you must choose infrastructure as service let's move on to the next statement it says Azure backup is an example of platform as a service yes or no and this one my friends is a true statement and here comes question number 213 once again yes no kind of question the first statement says you can create a resource Group inside another Resource Group yes or no and this one my friends is an incorrect statement so basically my friends this statement is asking you whether you can create a nested Resource Group and please remember this is a very important Azure concept you cannot create a resource Group inside another Resource Group and this essentially means that you cannot have a nested Resource Group moving on to the next statement it says an Azure virtual machine can be in multiple Resource Group yes or no and this one once again is an incorrect statement so always remember friends that at any given point of time a virtual machine can only exist in one single Resource Group it cannot exist in multiple Resource Group at any given single point of time once again a very important Azure concept always keep this thing in mind now let's move on to the third statement it says a resource Group can contain resources from multiple Azure regions yes or no and this one friends is a true statement so in a resource Group you can have resources from multiple Azure regions so let's say that your Azure Resource Group reside in one Azure region let's pick Central us for the example now while your resource Group is in central us but you can still have resources from other Azure regions for example you can have resources from West U.S or East US similarly from other European regions or any other region for that matter so that's why we say that Azure Resource Group can contain resources from multiple Azure regions and now let's do some drag and drop kind of question question number 214 to answer the question you have to drag the appropriate benefit from the column on the left to its description on the right each benefit may be be used once more than once or not at all so here you can see that we are given with some of the Azure services on this left hand side and then we are also given with one-liner definitions on the right hand side in this answer area let's check out what are the Azure Services we have Disaster Recovery we have jio distribution High availability and then we also have scalability and what are the definitions given the first one says increase the compute capacity of the apps in the cloud so what according to you out of these four Services given here will match this statement well the correct answer is scalability moving on with the next definition it says provide a continuous user experience with no apparent downtime and this one for sure is high availability and the last definition says ensure that the users always have the best experience by deploying apps to all the regions wherever the users are and this can be none other than the jio distribution now let's move on to the question number 215 it says your company plans to deploy employees several custom applications to Azure these applications will provide invoicing services to the customers of the company each application will have several prerequisite application and the services installed you need to recommend a cloud deployment solution for all the applications what should you recommend your options are software as a service platform as a service and the last one is infrastructure as a service and the correct answer to this statement is option C infrastructure as a service and friends as I just mentioned in one of the questions before that in case you want full control or more control over the softwares that you want to install in that case you would always want to go for infrastructure as a service and here comes question number 216 it says you are tasked with deploying a critical lob application which will be installed on a virtual machine to Azure you are informed that the application deployment strategy should allow a guaranteed availability of 99.9 nine percent and you need to make sure that the strategy require as little virtual machines and availability zones as possible the solution given is that you include two virtual machines and one availability Zone in your strategy does this meet the goal and this one my friends is an incorrect solution and that's why no is the correct answer so what is the correct solution we will get to know in next few questions so here comes one more variation of the question number 216 the question number 217 question is exactly the same however this time the solution says that you include one virtual machine and two availability Zone in your strategy does this meet the goal and this one once again is an incorrect Solution that's why we have chosen no here and now to find out the correct answer let's check out the third variation and here it comes question number 218 the question once again exactly the same the solution however says that you include two virtual machines and two availability Zone in your strategy does this mean the goal yes or no and probably you have already guessed the answer the correct answer is yes and this is because in case you want the availability for 99.99 in that case Microsoft recommend that you must have at least two virtual machines that span across minimum of two availability zones so that's why this time the solution is correct now let's move on to the question number 219 it says that you plan to deploy several Azure virtual machines you need to ensure that the service is running on the virtual machines are available even if one single data center fails the solution given is that you deploy virtual machines to two or more Resource Group does this meet the goal yes or no and this is an incorrect statement and friends you won't believe I have five variations of the same question I have collected these all questions from various resources so let's check all of these variations and then we will also come to know the correct answer so here comes the second variation this time the solution says that you deploy virtual machines to a skill set does this meet the goal yes or no and once again this is an incorrect solution let's check out the third variation the solution this time says that you deploy virtual machines to two or more skill sets and once again my friends this is an incorrect Solution please wait we are getting close to the solution so here comes the fourth variation the solution this time says that you deploy the virtual machines to two or more availability zones does this meet the goal and yes friends this time this is a correct solution and why this is so because if you install virtual machines to two or more availability Zone in this case one of your virtual machines would still be running even if one data center fails so that's why this is a correct solution but wait I said five variations so what about the next variation let's find it out so here comes the fifth variation of the same question this time the solution says that you deploy the virtual machines to two or more regions does this meet the goal yes or no and this time my friends why once again this is a correct solution so as we saw in the previous variation similar to the availability zone two or more regions in this case also you will have a virtual machine that is still up and running even if one single data center fails so both the solution when you deploy virtual machines on two or more a well-built design or you deploy virtual machines on two or more regions both will provide you a shield in case a single data center fails so please remember all these variations Microsoft can really tweak the questions in the exams and I am sure all these variations will certainly help you in the exam now let's move on to the question number 224 once again a yes no kind of question the first statement says all the Azure resources deployed to a single Resource Group must share same Azure region yes or no and this one my friends is a incorrect statement and this is because one Azure Resource Group can have resources from multiple Azure regions moving on with the second statement it says that if you are assign a tag to a resource Group all the Azure resources in that Resource Group are assigned to the same tag and this one my friends is an incorrect statement so please remember there is no concept of tag inheritance in Microsoft Azure and with that let's move to the third statement it says that if you set permissions to a resource Group all the resources in that Resource Group inherit the permissions and this is a correct statement because unlike tags the permissions are inherited by the resources in one particular Resource Group so that's why this is a correct statement and now comes question number 225 it says that you plan to implement an Azure database solution you need to implement a database solution that meets the following requirements the first requirement is can add data concurrently from multiple regions and the second one is can store Json documents which database service should you deploy your options are Azure Cosmos DB Azure SQL azure your database for MySQL servers the fourth option is azure database for postgresql Server the fifth one is SQL elastic pools and the last one is SQL Server stretch databases and the correct answer to this question is option A Azure Cosmos DB so friends Azure Cosmos DB is a globally distributed multi-model database service and Cosmos DB is a great way to store unstructured and Json data hello and welcome back to the Tech Blackboard once again today we are back with 20 latest questions on AZ 900 and as always we have done thorough research in providing the answers and all our questions are well supported by Microsoft documentation so that you can validate the answers and also do some self learning and please do not miss to watch the previous parts of this series 225 latest questions are already covered and I am sure sure that you don't want to miss any of those before your examination so let's begin part 13 with question number 226 it says that you need to view a list of planned maintenance events that can affect the availability of an Azure subscription which blade should you use from Azure portal to answer select the appropriate blade in the answer area so this is the answer area and you are given with lot of options and out of these options you have to select an option that will provide you information on planned maintenance events in your subscription and the correct answer for this question is help and support so basically it's the help and support blade where you will get all the information of plant maintenance now let's validate our answer in the Azure portal itself so here I am in the Azure portal I am already logged in and I am on the home page of the Azure portal here you can see on this left hand side you are presented with lot of blades and in this blades option there is the option which is called called help and support you have to click on this help and support and on this page you are given with three more options which are all support requests support plans and service help and here you have to select the service Health option and then you will reach to this page and here you can clearly see that we are given with one option here which says planned maintenance it is now showing you the information that no planned events are scheduled you can also see that we are already selected with our subscription so the question also asks that you want to have information on the planned maintenance events in your subscription so in case you have multiple subscriptions you can always select them here and as you can see my friends we have regions here so in case you want to see the maintenance or plan maintenance in one particular region you can change the filter accordingly similarly you can also select one specific service if you only want to have the information of planned maintenance for that selected service but for now you can see that I have have selected all my subscription all the regions are selected and all the services are also selected and Microsoft says that there is no plan maintenance which is a really good news so that's why help and support is the correct answer to this question now let's move on to the next question question number 227 it says a company has created a resource Group as shown below they want to ensure that the resources within the resource Group do not get accidentally deleted which of the following would you use for this purpose here you can see that we have this screenshot here and in this screenshot we are given with some of the options we have activity log we have access control tags quick start deployment policies properties logs and Export template now let's see what are the options given in the question the option A says access control then we have policies logs and then we have diagnostic settings so which of these four options will help you make sure that your resources in one Resource Group are not getting accidentally deleted and the correct answer for this question is option C locks and a great place to start on Azure logs is this documentation from Microsoft that says lock your resources to protect your infrastructure here you can see the Microsoft says that as an administrator you can lock your Azure subscription Resource Group and resources to protect them from accidental user deletion and modifications the logs overwrite any user permission very important please note the locks overrides any user permissions and also my friends it's worth noting that the logs not only operate on the resources level but you can also enable logs on subscription level and Resource Group level and it's a very good and practical service from Microsoft Azure I've been using locks in all my projects to protect all my important resources or the resource groups and locks is one top big probably you will always get some of the questions from this area so please read the documentation very carefully and we have already taken some of the questions on logs in the previous parts so please do check out the previous parts of the series now let's move on to the question number 228 it says that in which Azure support plan can you open a new support request your options are Premiere and professional direct only the second option is premier professional direct and standard only third one is premier professional direct standard and developer only and the last one is professional direct standard developer and basic and the correct answer for this question is option D professional direct standard developer and basic and this means that you can open a new support request in all of the four support plans and Friends support plans is also one area from which you will always get some questions a good place to start on support plans is this Microsoft documentation and and just to mention here all of the links to all the documentation that I referred during my videos are always shared in the description box now here comes question number 229 it says that you plan to use workspace Dot from config method to connect to your Azure machine learning workspace from python environment on your local workstation and further it says that you have already used pip to install Azure ml SDK package what else should you do and your options are run pip install Azure ml SDK notebook to install notebooks extra the second option is download the config.json file for your workspace to the folder containing your local python code files the last option says create a compute instance compute Target in your workspace and the correct answer for this question is option b where you have to download the config.json file for your workspace to the folder containing your local python code files and this is because to connect a workspace from an environment outside the workspace you should download the config.json file for your workspace from Azure portal and this includes the subscription and the workspace information necessary to connect and with that we have our question number 230 it says a company wants to purchase a Microsoft Azure support plan and below is the key requirement from the support plan regular architecture reviews from Microsoft for the Azure environment which of the plan would the company need to purchase to fulfill this requirement your options are basic developer professional direct or standard and the correct answer for this question is developer and of course we can validate our answer on this documentation there is a option in this documentation which says architecture support so you can see that in other support plans for example in developer support plan and standard support plan you do have General guidelines for architecture support but then it's only professional direct plan which is this one the last one here so you can see here it's written that only in professional direct plan we have guidelines from a pool of pro Direct Delivery managers and that's why professional direct is the correct answer for this question now let's move on question number 231 it says that this question requires that you evaluate the underlying text to determine if it's correct and here you can see that we have this underline text let's read the entire sentence it says a support plan solution that gives you best practice information health status and notifications and 24 cross 7 access to billing information at the lowest possible cost is standard support plan so in case you feel that standard support plan is the correct option to fulfill all these business needs then in that case you have to select no change needed otherwise you have to replace standard support plan with the other options such as developer basic or premiere and let me tell you the correct answer my friends it's option C basic so please pay attention my friends that though the standard support plan also fulfills all the requirements that are given here it's actually the basic support plan that will fulfill all these needs at lower possible cost now let's move on to the question number 232 it says which Azure service should you use to sold certificates your options are Azure information protection as your keyboard and Azure storage account and the last one is azure security Center and the correct answer for sure is option b as your key Vault and please note it's not only the certificate that you store in Azure keyboard you can actually use Azure keyboard for other purposes such as storing the keys and the passwords so what are the other benefits of azure keyboard let's read out it says increase security and control over keys and passwords create and import encryption keys in minutes application have no direct access to the keys and the best part is that you can also use fips 140 2 level 2 and level 3 validated HSM also friends Azure keywords reduce the latency with Cloud scale and Global redundancy and it also simplifies and automate task for SSL TLS certificates and rest all the information on Azure keyboard you can read whenever your time permits coming up next is question number 233 it says a company plans to set up multiple resources within their Microsoft Azure subscription now they want to implement tagging of resources within Microsoft Azure but they also want to ensure that when the resource groups are created they have to contain attack with the name organization and value Montana now as a solution you recommend using Azure keyboard for implementing this requirement would this recommendation fulfill this requirement yes or no and the correct answer my friends is no and this is because Azure keyboard is a tool for securely storing and accessing Secrets a secret can be anything that you want to tightly control access to such as API Keys passwords or certificates we just discuss Azure keyboard in the previous question so Azure keyboard has nothing to do with tagging of resources that's why we have selected no for this question so what's the correct service for tagging of resources let's find out in next two variations and here comes the second variation question number 234 question exactly the same however this time the solution or the recommendation is that you recommend using Azure logs for implementing this requirement would this recommendation fulfill this requirement yes or no and once again the correct answer is no and this is because Azure locks is a service that helps you protect your resources from accidental deletion I just explained Azure logs in question number 227 you can see the documentation there so once again Azure logs is not the service that you can use for tagging of resources so now comes the last and the third third variation of the same question question number 235 and this time the solution says that you recommend using Azure policies for implementing this requirement would this recommendation fulfill this requirement yes or no and this time of course this is a correct solution and of course now it's time to validate our answers the documentation says that assigned policy definitions for tag compliance and the very first line of this documentation says that you can assign Azure policy to ensure tagging rules and conventions you can read that there are a lot of ways that you can assign Azure policies and implement this tagging requirement you can see that we can put Azure policy and enforce tagging on Resource Group level we can also do that on resources level subscription level so on and so forth so that's why Azure policies is the service that you use to tag the resources and here comes question number 236 it says your company needs to deploy and manage several Azure web apps using Azure app service resource which of the following URL would you use to manage Azure web apps and your options are given here so we have four options here we have portal.microsoft.com we have portal.azure.com and then we have portal.azurewebsides.net and the last option is portal.azurewebsides.com and I'm pretty sure 100 of you have guessed the right answer and that is option b portal.azure.com and now let's move on to the question 237 it says a company wants to ensure that the users in their company are authenticated when they access resources defined in their Microsoft Azure account which of the following is correct definition of authentication and your options are this specifies the type of service that you can use in Azure the second option is this specifies the type of data that you can use in Azure third one is this is the act of providing legitimate credentials and the last option is this specifies what what you can do in Microsoft Azure and the correct answer but of course is option C this is the act of providing legitimate credentials and here comes question 238 it says a company needs to create around 50 customized virtual machine out of these 50 virtual machines 20 are windows based virtual machines and 30 are Ubuntu virtual machines which of the following would help reduce administrative effort required to deploy the machines their options are Azure load balancer Azure web app Azure traffic manager or Azure skill set and the correct answer for this question is option D Azure skill sets so what are virtual machine skill set let's find out the documentation says that Azure virtual machine skill set lets you create and manage a group of load balanced virtual machines the number of virtual machines can automatically increase or decrease in response to the demand or a defined schedule and then you can also observe some of the key benefits of skill set the first one is easy to create and manage multiple virtual machines and this very statement validates our answer as well so we have a requirement of creating 50 virtual machine customized virtual machines 20 of them are windows based and the other 30 are open to base and here it clearly says that the scale sets easily lets you create and manage multiple virtual machines so that's why Azure skill set is the correct answer moving on with the question number 239 it says from Azure monitor please observe this underlying here you can view which user turned off a specific virtual machines during last 14 days now the instruction for this question says that review the underlying text this is azure monitor if it makes the statement correct then you have to select no change needed so basically the first option and if this statement is incorrect then you have to select the correct answer that will make this statement correct so basically you have to choose from other three services given which are Azure event hubs Azure activity log and Azure service health so do you think Azure monitor will help you view which user has turned off the specific virtual machine well that's not the correct answer the correct answer for this question is option C Azure activity log now let's move on to the question number 240 it says you plan to implement an Azure database solution you need to implement a database solution that meets the following requirements the first requirement is that can add data concurrently from multiple region and the second one is can store Json documents which database service should you deploy your options are Azure SQL database Azure database for postgre SQL the third option is azure database for Maria DB and the last one is azure Cosmos DB and the correct answer for this question is option D Azure Cosmos DB so friends always keep this in mind whenever in the question you see that there is a ask for data concrete agency and Json documents then in that case always go for Cosmos DB and with that we arrive to the question number 241 it says that you plan to map a network drive from several computers that run Windows 10 to Azure storage you need to create a storage solution in Azure for Planned backdrive what should you create your options are a blob storage in storage account a table in storage account and the last option is a file service in a storage account and the correct answer for this question is option C a file service in a storage account and this is because only the file service in storage account lets you create map drives from Windows machines to storage accounts now let's move on to the question number 242 it says that you plan to deploy a website to Azure the website will be accessed by users worldwide and will host large video files so basically a YouTube kind of application you need to recommend which Azure feature must be used to provide the best video playback experience what should you recommend your options are Azure region content delivery Network also better known as CDN and the last one is azure cache and the correct answer unarguably is content delivery Network so what is azure content delivery Network basically it's a service that offers a global solution for rapidly delivering the content you can also read this here that it says that Azure content delivery Network helps you stream media and download large file quickly with optimized delivery and that's why CDN is the correct answer and now comes question number 243 it says a company has a set of virtual machines defined within Microsoft Azure one of the machines was down due to the issues with the underlying Azure infrastructure the server was down for an extended period of time and breached the standard SLA defined by Microsoft now how do you think Microsoft will reimburse the downtime cost your options are but directly sending money to the customer's bank account or the second option is by spinning up another virtual machine free of cost for the client the third one is by providing service credits to the customer and the last one is by providing a service free of cost to use for a specific duration of time and the correct answer for this question is option C by providing service credits to the customer and in case you want to dig more on slas or service level agreements this is the Microsoft documentation links as usual is provided in the description box now let's move on to the question number 244 it says that your company has an on-premises Network that contains multiple servers the company plans to reduce the following administrative responsibilities of network administrator the first one is backing up application data the second one is replacing failed server hardware and then we are given with managing physical server security the fourth One is updating server operating system and the the last one is managing permissions to the shared documents further the question says the company plans to migrate several servers to Azure virtual machines you need to identify which of the administrative responsibilities will be eliminated after the planned migration and please note that you have to select two responsibilities your options are managing physical server security updating server operating system managing permissions to the shared documents the fourth one is backing up the application data and the fifth one is replacing failed server hardware and the correct answer for this question is option A and option e so just to make it clear once you migrate your servers to Azure virtual machine your administrators will be free from the responsibilities of managing physical server security and also they will get free from the responsibility of replacing failed server hardware and why do you think this will happen because all these responsibilities will now be taken care by Microsoft azure and with that we have reached to the question number 245 it says a system ability to scale dynamically is called your options are agility elasticity or extendability and the correct answer to this question is option b elasticity and please understand whenever we say that any system is elastic that essentially means that the system can adjust its processing power to match the demand this means that the system can allocate or deallocate resources dynamically hello and welcome back to the Tech Blackboard in this part 14 of AZ 900qna series once again I have another important set of 20 latest questions on AZ 900 and today I am going to focus on enhancing a lot of your Azure concepts by taking yes no kind of questions that have appeared in the previous AZ 900 exams so let's begin part 14 with question number two what is 6 the question says a company is planning on moving to Microsoft Azure Senior Management wants to get an idea on the cost that will be incurred if they decide to host resources within Azure the solution given is that you recommend using Azure cost management to get the required costing for the resources would this recommendation fit the requirement yes or no and the correct answer to this question is no and this is because Azure cost management is a native Azure cost management solution and this tool helps you analyze the cost create and manage budgets export data and also you can do some cost optimization and you can understand more on Azure cost Management on this Microsoft documentation it says cost management plus billing helps you understand your Azure invoice manage your billing account and subscription Monitor and control Azure spending and optimized resource use so in case you want to do some further self learning on Azure cost management the link is provided in the description box so now that we know the Azure cost management is not the correct answer what is the correct answer let's find out in the next two variations of the same question so here comes question number 247 the question is exactly the same however this time the solution says that you recommend using Cloud Y and service to get the required costing of the resources what this recommendation fit the requirement yes or no and in this case also my friends the correct answer is no and to be honest you don't need to learn about Azure Cloud Y and service because this service is already depreciated and no longer exist and the same you can observe here Microsoft clearly says that cloud DN was depreciated on June 30th 2021 and no longer exist and further it tells you that now you have to use Azure cost management the service that we observed in the last question so now let's move on to the third variation of the same question question number two 248 question is exactly the same however this time solution says that you recommend use of total cost of ownership TCO calculator would this recommendation fit the requirement yes or no and this time my friends the correct answer is yes because total cost of ownership or TCO calculator is the service that gives you an idea on the cost that will be incurred if you decide to move your resources within Azure and you can gain more information on TCO total cost of ownership calculator on this Microsoft documentation and this documentation tells you that TCO calculator can be used to estimate the cost saving that you can realize by migrating your workloads to Microsoft Azure so this is a very good Microsoft Azure tool that you can use or your company can use in case you or your company are thinking about moving your infrastructure to Microsoft Azure so once again let me summarize for you course management and billing helps you understand your azure advice or Bill manage your billing account and subscriptions so this is very simple to understand you are using Microsoft Azure services and for that use Microsoft is billing you sending you an invoice and cost management helps you understand that invoice from Microsoft and manage your billing accounts and then on the flip side Azure total cost of ownership or TCO calculator is used to estimate the cost saving that you can achieve by migrating your application workloads to Microsoft Azure and that's exactly what was asked in the question as well that's why total cost of ownership calculator is the correct answer now let's move on to the next question question number 249 it says your company has a website that is being threatened by an attacker to bring it down by sending large volume of network traffic to your service and you have to tell which Azure service can help your company to protect its app service instead against from this kind of attack your options are Azure policy Azure firewall Azure DDOS protection and the last one is network security groups and the correct answer for this question is option C Azure details protection and what is a dealer's attack when Dido's attack attempts to overwhelm or exhaust your application Resources by making the application slow by throwing large volume of network traffic to your servers and this makes your application slow and responsive to the legitimate users and I want to take one more question on DDOS protection and then I will give you Microsoft documentation so here comes question number 250 it says when deployed with a web application firewall also known as vac Azure DDOS protection protects both at Network layer and application layer yes or no and this my friends is a correct answer and now as promised this is the Microsoft documentation on Azure DDOS protection here you can read that distributed denial service DDOS attacks are some of the largest availability and security concerns facing customers that are moving their application to the cloud a Leader's attacks attempts to exhaust an application resources making an application unavailable to the legit Mart user DDOS attacks can be targeted at any end point that is publicly reachable through the internet and here you can also see the graphical representation of these leaders attacks a lot of good information like key benefits of leaders protection is given on this documentation I recommend you to read this very critical service or very important service that protects your web applications and friends to further enhance your knowledge here is a bit of information you can see that DDOS protection Azure DDOS protection operates on network layer which is layer 3 and 4 it also operates on application layer which is layer 7 and that's why we have chosen yes for this question coming up now is question number 251 it says logs in Azure monitor are stored in which of the following Services your options are Azure log analytics workspace Azure event hubs Azure stream and the last one is azure Cosmos DB and the correct answer for this question is option A Azure log analytics workspace and we can validate our answer for this question on this Microsoft documentation Azure monitor data platform in this documentation you have to reach to the section which says logs and here in this section it clearly says that logs are events that occurred within the system and then it also tells you that logs in Azure monitor are stored in log analytics workspace and that's exactly what we have also chosen as the answer to this question moving on to the question number 252 it says Azure file sync enables centralizing your organizations while shares in Azure files while keeping the flexibility performance and compatibility of a Windows file server and the correct answer to this question is yes so what is azure file sync well Azure file sync enables centralizing your organization file shares in the Azure files while keeping the flexibility performance and compatibility of a Windows file server while some of the users May opt to keep a full copy of their data locally as your file sync additionally has the ability to transform Windows Server into a quick cache of your Azure file share and that's why this is a correct statement moving on to the next question question number 253 says the archive access tier is set at storage account level yes or no and this one my friends is an incorrect statement and this answer can be validated in this node section of this Microsoft documentation it clearly says that the archive tier is not supported as the default access tier for a storage account moving on to the question number 254 it says the hot access tier is recommended for data that is accessed and modified frequently yes or no and this one my friends is a true statement and that's why we have chosen a yes for this statement and now that we are talking about archived here the next question question number 256 is to read a blob that is in the archive tier you must first rehydrate The Blob to an online tier hot or cold tier yes or no and of course this is a true statement and that's why it's a yes and you can very well validate the answer on this Microsoft documentation it clearly says for the archive here rehydrate to hot tier with set block tier or copy blob similarly it also tells you rehydrate to cold tier which set block tier or copy blob the links to all these important documentation is already available in the description box and friends if you're learning with me so far please do not forget to press that like button and with that let's move on to the next question question number 257 says archive TR provides 99.99 of availability yes or no and this one my friends is an incorrect statement that's why we have chosen no for this question now let's validate our answer why we have chosen to know well this documentation clearly says that archive tier is a offline access tier that's why it does not provide 99.99 of availability and in case you are looking forward for that kind of availability you can see there is a option here which says R A GRS reads and that is available under hot tier coming up next is question number 259 that says you have multiple virtual machines processing each order that comes from a web application that runs the website these virtual machine exist on a Azure virtual network but the need to access the internet what's the best way to limit all outbound traffic from virtual machine to known host your options are configure Azure DDOS protection to limit network access to trusted ports and hosts the second option is create application rules in Azure firewall the third one is ensure that all running applications communicate with only trusted ports and hosts and the correct answer for this question is option b create application rules in Azure firewall and this is because Azure firewall enables you to limit the outbound HTTP or https traffic to a specified list of fully qualified domain names also known as fq DNS and now comes question number 260 it says Azure ad can save logs in Azure monitor yes or no and this one my friends is a true statement moving on with our next question question number 261 says that you can integrate on-premises active directive domains with Azure active directory yes or no and this is a valid statement that's why yes is the correct answer coming up next is question number 262. it says you have multiple virtual machines in Azure virtual Network now you want to implement a deny but default policy so that the virtual machines cannot connect to each other what is the best way to do the same your options are configure Azure DDOS protection to limit the network access to trusted ports and hosts the next option is create application rules in Azure firewall the last one is ensure that all the running applications communicate with only trusted ports and hosts now I am pretty sure that you must be thinking that question number 259 and 262 which is this one are exactly the same however there is a small difference between both the questions and you can consider this as your homework please go ahead rewind the video compare the two questions and let me know the differences in the comment section but in case you do not find any differences or you are having any difficulty understanding both these questions but for now the correct answer for this question is option b create an application rules in Azure firewall why the reason I explained in that previous question as well and now comes question number 263 it says Azure site recovery provides dash for virtual machines and you have to choose between fault tolerance Disaster Recovery elasticity and high availability and the correct answer for this question is option b disaster recovery so now let's understand what is site recovery it says that as an organization you need to adopt a business continuity and Disaster Recovery bcdr strategy that keeps your Tech data save and your apps and workloads online when planned and unplanned outages occur and then it tells you Azure Recovery Services contributes to your bcds strategy and all the main pointers are listed on this documentation and you can understand what does the site recovery provides all the information around site recovery is available in this documentation now let's jump on to the next question question number 264 it says resource groups provides organization with the ability to manage the compliance of azure resources across multiple subscriptions and further the instructions given the question says that review the underlying text here is the underlying text if it makes the statement correct then you have to select no change needed you can see the very first option is no change needed further it says if the statement is incorrect then you have to select the answer choices that makes the statement correct so basically if you feel this statement with this underlined text is correct then you have to choose no change needed otherwise you have to make this statement correct by choosing the other three options which are management groups Azure policies and the last one is azure app service plans and the correct answer to this question is option b management groups and now let's move on to the question number 265 it says which tool enables users to authenticate to multiple applications by using single sign-on better known as SSO and your options are Azure Resource Group Azure active directory Azure advisor and the last one is azure Monitor and the correct answer for this question is option b Azure active directory hello and welcome back to the Tech Blackboard another wonderful learning day and in today's session once again we have got 20 latest questions on AZ 900 and today I am going to enhance a lot of your Azure concepts by taking questions that come in Easy 900 exam with a lot of variations and in these kind of questions you will be presented with multiple solutions for an exact same question and you have to pick the right answer and friends this really challenges your knowledge and make so many exam takers confused resulting in losing precious marks and to top up your learning I have got lot of Microsoft documentation so let's begin part 15 with question number 266 the question says that your company developers intend to deploy a large number of custom virtual machines on a weekly basis they will also be removing these virtual machines during the same week it was deployed 60 percent of the virtual machines have Windows Server 2016 installed while the other 40 percent has Ubuntu Linux installed now you are required to make sure that the administrative effort needed for this process is reduced by employing a suitable Azure service the solution given here is that you recommend the use of azure reserved virtual machines instances does this solution meet the goal yes or no and the correct answer for this question is no because as your reserved virtual machine has nothing to do with deployment of the resources now let's check out the other two variations of the same question and then we will also get to know the correct answer so coming up question number 267 the question exactly the same this time the solution says that you recommend the use of Microsoft manage desktop does this solution meet the goal yes or no and once again this is an incorrect solution now let's check out the third variation question number 268 question once again exactly the same the solution however this time says that you recommend use of azure Dev test Labs does this solution need the goal yes or no and this time my friends this is a correct solution and why do you think Azure Dev test lab is the correct solution let's find out in this documentation here you can see it says what is azure Dev test lab and it's clearly mentioned that Azure Dev test lab is a service for easily creating using and managing infrastructure as a service or IAS virtual machines and platform as a service environments in Labs lab offer pre-configured basis and artifacts for creating virtual machines and Azure resource manager templates for creating environments like Azure web apps and SharePoint forms and the most important section of this documentation is that Azure Dev test lab is a service for easily creating using and managing infrastructure as a service virtual machines and platform as a service in our question as well we were asked to tell a service in Azure which will help the administrator to spin up virtual machines based on Windows server or Ubuntu Linux and also my friends if you remember the question correctly it asks us to deploy large number of custom virtual machines and also to remove these virtual machines during the same week that's why Azure Dev test lab is the best service to use here because it enables you to quickly spin up virtual machines and also get rid of them I hope you understood why we have chosen Azure Dev test lab as the answer to this question now let's move on to another set of the questions question number 269 says that you have been informed by your superiors of the company intentions to automate server deployment to Azure there is however some concern that administrative credentials could be uncovered during this process and you are required to make sure that during the deployment the administrative credentials are encrypted using a suitable Azure solution the solution given here is you recommend the use of azure information protection does this solution meet the goal yes or no and in this case my friends Azure information protection is not the correct Solution that's why no is the correct answer and this is because Azure information protection is a cloud-based solution that enables organizations to discover classify and protect documents and emails by applying labels to the content so now let's check out the other variation of the same question question number 270 exactly the same question the solution however says that you recommend the use of azure multi-factor authentication better known as MFA does this solution meet the goal yes or no and once again MFA or Azure multi-factor authentication is not the correct service to encrypt your administrative credentials that's why we have chosen a no so what is the correct service to use let's find out in the question number 271 question once again exactly the same the solution however this time says that you recommend the use of azure keyboard does this solution meet the goal yes or no and this time my friends this is a correct service when it comes to secure your credentials or passwords and of course course you can validate the answer on this Microsoft documentation it says that Azure keyboard is a cloud service for securely storing and accessing Secrets what is the secret well a secret is anything that you want to tightly control access to such as API Keys passwords certificates or cryptographic trees and that's exactly what was the requirement in our question that's why we have chosen Azure keyword as the correct answer now let's move on to another set of question question number 272 says that you are required to deploy an artificial intelligence solution in Azure you want to make sure that you are able to build test deploy Predictive Analytics for the solution the solution given here is that you should make use of azure Cosmos DB does this solution meet the goal yes or no and this time my friends this solution or Azure Cosmos DB has nothing to do with artificial intelligence that's why we have chosen no for this question and let let me give you brief on Azure Cosmos DB a very important Azure service Azure Cosmos DB is a fully managed nosql database for modern app development and also my friends Azure Cosmos DB provides you with single digit millisecond response time and automatic and instant scalability guaranteeing speed at any scale and here comes the second variation of the same question question exactly the same solution however says that you should make use of azure machine Learning Studio does this solution meet the goal yes or no and this time of course this is a correct solution and in case you want to learn more on machine Learning Studio this is the Microsoft documentation links to all the documentation is right there in the description box coming up next is question number 274 the question says that your company's infrastructure includes a number of business units that needs a large number of various Azure resources for everyday operation the resources required by each business unit are identical also note that you are required to sanction a strategy to create Azure resources automatically the solution given is that you recommend the use of azure API Management Service to be included in the strategy does this solution meet the goal yes or no and in this case my friend Azure API management service is not the correct service that's why we have chosen no for this question and why this is so because Azure API Management Service is a way to create and manage customer API for existing back-end services but in our case we have been asked to sanction a strategy to create Azure resources automatically and this service here is not matching this business requirement so let's jump on to see the other variations of the same question and let's find out the correct service and here comes question number 275 another variation of the same question but with different solution solution says that you recommend the use of management groups to be included in the strategy does this meet the goal yes or no and this time once again it's an incorrect service that's why we have chosen no for this question and this is because Azure management groups support Azure role-based access control for all resources access and Rule definitions and Azure management groups have nothing to do with creation of azure resources automatically now let's check out the third variation of the same question this time the solution is saying that you recommend the use of azure resource manager templates to be included in the strategy does this meet the goal yes or no and this time of course this is a correct service that's why yes for this question so what are Azure resource manager well Azure resource manager is the deployment and Management Service for Azure it provides a management layer that enables you to create update and delete resources in your Azure account and you can also use management features like access controls logs and tags to secure and organize your resources after deployment and Friends trust me it's a wonderful service from Azure in case you want to deploy a large number of resources or in case you want to automate the deployment of the resources as your resource manager templates is the service to go for coming up next is question number 277 it says that your company is planning to migrate all their virtual machines to an Azure pay as you go subscription the virtual machines are currently hosted on hyper V host in a data center you are required to make sure that the intended Azure solution uses the correct expenditure model and the solution given is that you should recommend the use of elastic expenditure model does this solution meet the goal yes or no and this of course is an incorrect solution because there is nothing like elastic expenditure model however elasticity is in itself a characteristics of cloud computing now let's move on to see the second variation of the same question exactly the same question the solution however says that you should should recommend the use of scalable expenditure model does this solution meet the goal yes or no and once again this is an incorrect solution because scalability expenditure model there is nothing like that now let's find out the correct solution here comes the third variation of the same question the solution this time says that you should recommend the use of operational expenditure model does this meet the goal yes or no and of course this is a correct Solution that's why yes is the correct answer and this is because operating expenditure are ongoing cost of doing business consuming cloud services in a pay as you go model could qualify as operating expenditure and now comes another set of questions question number 280 says that your company active directory for us includes thousands of user accounts you have been informed that all network resources will be migrated to Azure thereafter the on-premises data center will be retired now you are required to employ a strategy that reduces the effect on users once the planned migration has been completed the solution given is that you plan to require Azure multi-factor authentication MFA does this solution meet the goal yes or no and Friends Azure multi-factor authentication is the incorrect service for this business case that's why no is the correct answer so what's the correct service to use let's find out in the question number 281 exactly the same question solution however says that you plan to sync all the active directory user accounts to Azure active directory or Azure ad does this solution meet the goal yes or no and of course this is a correct solution so by syncing all the active directory user accounts to Azure ad the users will be able to access their resources seamlessly after the migration without any major disruptions and this will reduce the impact of migration on the users and minimize the need for them to change their existing login credentials so that's why this is the correct solution moving on to the question number 282 it says that you are planning to migrate a company to Azure each of the company's numerous divisions will have an administrator in place to manage the Azure resources used by their respective division now you want to make sure that the Azure deployment that you employ allows for Azure to be segmented for the divisions while keeping the administrative effort to a minimum the solution given is that you plan to make use of several Azure active directory or Azure 80 directories does this solution meet the goal yes or no and this my friends is an incorrect solution so let's check out the second variation of the same question question number 283 exactly same question the solution says that you plan to make use of azure resource manager does this meet the goal yes or no and of course this time this is a correct solution and here on your screen is question number 284 it says that your company has an Azure active directory environment users or occasionally connect to Azure ad via internet and you have been tasked with making sure that the users who connect to the Azure ad via internet from an unidentified IP address are automatically encouraged to change the passwords the solution given is that you configure the use of azure ad privileged identity management does this solution meet the goal yes or no and this is an incorrect Solution that's why we have picked no for this question and the reason is my friends that Azure ad privilege identity management is a service in Azure active directory that enables you to manage control and monitor access to important resources in your organization these resources include resources in Azure ad Azure and other Microsoft online services such as Microsoft 365 or Microsoft InTune and in case you want to read more on Azure ad privileged identity management this is the Microsoft documentation exactly what I just told you I a good documentation a video is also given along with the reasons why you should use this service the link is right there in the description box so now let's try to find out what is the correct solution for this business case and for that here comes question number 285 question exactly the same however this time the solution says that you configure the use of azure ad identity production does this solution meet the goal yes or no and this time of course my friend this is a correct Solution that's why we have picked yes for this question so today I presented you with a lot of questions with multiple variations in many previous Parts more such questions were presented so many variations similar questions confusing options well Microsoft will do everything to confuse you or should I say everything to test your knowledge so friends the way I prepared for these examinations is to just remember the correct answer or you can also say just remember the correct variation for example when the question is asking about securing passwords or certificates always keep Azure keyword in your mind another example could be when the question is asking about some Global database with millisecond response time or some database which is good with Json style storing it is always undoubtedly Azure Cosmos DB so as I say just focus on the right answer understand the concept why it is right and nothing can then divert you from the correct answer and also you will never lose precious marks and friends if you like this tip then please do not close the video before you press the like button and subscribe to the channel in case you are new here today hello and welcome back to the Tech Blackboard today in this special part 16 we will concentrate a little on Azure blueprints this is one area on which you won't find many questions on the internet and there is a lot of confusion between Azure blueprints arm templates and Azure policies so I have gathered quite a few questions on Azure blueprints which will not only help you understand this great service but also score better in Easy 900 exam so let's begin part 16 with question number 286 the question says that Azure blueprint service is designed to provide a dash and you have to fill this blank with these options here your options are centralized repository of approved designs patents for Effective management of azure environment the second option is repository of Aram templates the third one is repository of resource groups policies and role assignments and the correct answer for this question is option A centralized repository of approved design patents for Effective management of azure environments so before we take any further questions let's read a brief about Azure blueprints here you can see in this Microsoft documentation which says what is azure blueprints here Microsoft tells you that just as a blueprint allows an engineer or an architect to sketch a Project's design parameters as your blueprints enables Cloud Architects and Central Information Technology groups to define a reputable set of azure resources that implements and address to organizations standards patterns and requirements Azure blueprints makes it possible for the development team to rapidly build and start up new environments with the trust they are building within organization compliance with a set of built-in components such as networking to speed up the development and delivery and so my friends Azure blueprints in the nutshell is a set of standards and requirements for configuring the implementation of azure Services by establishing set of specific rules conventions or design that can be reused and before I move any further just want to mention that we have already covered 285 latest questions so please do not miss to watch the previous parts of this series all the questions are very important not only from the understanding perspective but also to gain good marks in the examination all the links to the previous parts are shared in the description box and now let's move on to the question number 287 it says which of the following Azure component types can be a part of azure blueprint definition your options are Azure resource manager template Azure rule definition Azure role assignment Azure Cloud shell Azure resource groups Azure are back Azure subscription and the last one one is azure policy assignment and the correct answer for this question is option A Azure resource manager template option C Azure role assignment option e Azure resource groups and option H Azure policy assignments and this question can be validated on the same Microsoft documentation here if you go a little further down you will reach to this section here which says blueprint definition and here you can read a blueprint is composed of artifacts Azure blueprints currently supports following resources as artifacts Resource Group arm templates policy assignments and role assignments now let's move on to the question number 288 it says which of the permissions your account needs to create an Azure blueprint and your options are Microsoft dot blueprint slash blueprints slash write slash policy slash right the third option is slash artifacts slash right and the fourth one is slash role slash right the fifth one is slash versions slash right and the correct answer for this question is option a option C and option e and friends I want you to build more understanding on each of these options and for that this is the small snippet from my side and this snippet tells you that Microsoft dot blueprint slash blueprints slash right this is used to create a blueprint definition and then we have slash artifact slash write this is used to create artifacts on a blueprint definition and the last one slash versions slash right is used to publish a blueprint so I hope this small snippet will definitely help you when you're actually working on Azure blueprints now moving on to the question number 289 it says which building role can manage blueprint definition but cannot assign them your options are order contributor blueprint contributor and the last one is blueprint operator and the correct answer for this question is option C blueprint contributor and friends the answer to the question number 289 can be validated in this section here here you can read that Azure blueprint contributor can manage blueprint definition but cannot assign them similarly you can also observe what are the other Azure roles owner contributor blueprint contributor that we just saw and the last one is blueprint operator because there can be questions on the other roles as well and as always the documentation link is shared in the description box so go ahead and do some self-study now let's move on to the question number 290 it says Azure Blueprints and Azure arm templates are the same thing yes or no and this one my friends is an incorrect statement that's why we have chosen no and you can understand all the differences between Blueprints and arm templates on this documentation link is right there in the description box and coming up next is question number 291 it says select the possible ways in which you can create Azure blueprints your options are Azure portal Azure Powershell Azure CLI Azure rest API and Azure templates and the correct answer my friends for this question is well all of these so basically you can create Azure blueprints using Azure portal Powershell CLI rest API and Azure templates and friends in case you want to understand more on how to create Azure blueprints using each of these option you can come to this documentation and here in the left section of this documentation you will find a separate documentation on each of these option for example you can come and understand how to create Azure blueprints using Azure portal or you can also go ahead and go for Azure Powershell so on and so forth so go ahead my friends create Azure blueprints in a way that suits you the best and now comes question number 292 it says Azure blueprints are stored either locally or in Source control yes or no and this is an incorrect statement that's why we have chosen no for this question and in case you are wondering if the Azure blueprints are not stored locally or not stored in Source control where exactly they are stored well my friends they are stored natively in Microsoft Azure and with that we have reached to the question number 293 it says each blueprint can consist of zero or more arm templates artifacts yes or no and this is the correct statement that's why yes for this question coming up next is question number 294 it says a policy can be included as one of the many artifacts in Blueprint definition yes or no and this one my friends is a true statement that's why yes for this question and now let's validate our answer on this documentation here you have to reach to this option here which says blueprint definition click on this and just above this section you can read the answer for this question it says a policy can be included as one of the many artifacts in a blueprint definition and it also tells you blueprints also supports using parameters with policies and initiatives and with that documentation we are assured that our answer is correct and now comes question number 295 it says you can assign blueprint definition only once to an Azure subscription yes or no and this one my friends is an incorrect statement that's why no is the correct answer and friends just to build more understanding on this concept here I would say the whole idea of having blueprint is that you are able to reuse them so friends as I told you and showed you the documentation in the very first question of this part blueprints means something that you can use to build something upon so you can use them to deploy in as many employment as you want and friends for all of you who actually look Microsoft Azure as a great career opportunity and are really serious to work on Microsoft Azure this is one video that you can use to understand Azure blueprints a great video from Microsoft Azure Friday series I rarely followed this series to understand the latest and the greatest in the Microsoft world so for all those serious Learners the link is shared in the description box so hopefully my friends this series of questions on Azure blueprints will really help you not only to understand the blueprint concept but also score good in Easy 900 now let's change our gear and have some questions on the other Concepts so here comes question number 296 it says your company's active directory for us includes thousands of user accounts you have been informed that all network resources will be migrated to Azure thereafter the on-premises data center will be retired and you are required to employ a strategy that reduces the effect on users once the planned migration has been completed the solution given is that you plan to sync all the active directory user accounts to Azure active directory or Azure ad does this solution meet the goal yes or no and this one my friends is a correct solution now let's move on to the question number 297 it says that you are planning a strategy to deploy numerous web servers and database servers to Azure this strategy should allow for the connection types between web servers and database servers to be controlled the solution given is that you plan to require Azure multi-factor authentication also known as MFA does this solution meet the goal yes or no well this is an incorrect solution so what is the correct solution let's find out in the other two variations of the same question so here comes one more variation question number 298 question exactly the same the solution says that you include a local network Gateway in your strategy does this meet the goal yes or no and this one again my friends is an incorrect solution now let's find out the correct solution coming up in question number 299 question once again exactly the same the solution says that you include network security groups or NSG in your strategy does this meet the goal yes or no and this time my friends this is a correct solution and this is because Azure network security groups or nsgs helps you filter out the traffic to and from Azure resources in an Azure virtual Network and that's why Azure network security groups is the correct answer and now comes question number 300 if you're still learning with me a good Round of Applause for all of you and the question says that when you need to delegate permissions to several Azure virtual machines simultaneously you must deploy the Azure virtual machines your options are to the same as your region by using the same Azure resource manager template the third option is to the same Azure Resource Group and the last one is to the same availability Zone and the correct answer for this question is option C to the same Azure Resource Group and the reason is that Azure resource groups is a logical container for Azure resources resource groups makes the management of azure resources easier and with Resource Group you can allow users to manage all the resources in a resource Group such as virtual machines websites and subnets and the permissions that you apply on Resource Group also apply to all the resources that are contained in that Resource Group and Friends Azure Resource Group is a very very critical Concept in Microsoft Azure so much so that you cannot create any single resource without understanding Azure resource groups and that's why in order to understand this concept better you can watch this video which is flashing now on your screens and this video will give you all the details on resource groups in order to work get started with Azure resource groups and friends in this video you will also understand a very vital Concept in Resource Group which many people do not understand the question or the concept is that why do you need a location when you are creating Azure Resource Group please go ahead and watch this video hello and welcome back to the Tech Blackboard today in this part 17 let's focus on the questions based on the section describe Azure management and governance you will get 30 to 35 percent of the questions from this section such an important section it is so let's not wait any further and let's jump and prepare for easy 900 exam so coming up on your screen the first question for today question number 301 the question says that how can the IT department ensure that the employees at the company's retail stores can access companies application only from the approved tablet devices your options are SSO which is single sign-on the second option is conditional access and the last one is multi-factor authentication and the correct answer for this question is option b conditional access and now let's move on to the other similar questions and then you will understand when to choose SSO when to choose conditional access which we chose in this question as well and then you will also understand what are we using multi-factor authentication form so let's move on here comes question number 302 it says that how can the IT department use Biometrics properties such as facial recognition to enable delivery drivers to prove their identities once again the options given are same SSO conditional access and multi-factor authentication and in this case my friends the correct answer is option C multi-factor authentication and why we have chosen multi-factor authentication well authenticating through multi-factor authentication can include something the user knows something the user has and something the user is and in this question we have facial recognition which comes under something the user is and similar to this question there can be more question for example instead of asking or saying facial recognition and instead of asking for Biometrics properties they can also give you options such as authentication using SMS or maybe asking for the birthday or any other question from the user and all these would come under something the user knows or something the user has but I'm really sure that you got the gist when to choose multi-factor authentication now let's move on and take the question number 303 it says that how can the IT department reduce the number of times the user must authenticate to access multiple application options are SSO conditional access and multiple authentication and this time my friends the correct answer is option A SSO which is single sign-on and just so you know single sign-on or SSO enables a user to remember only one ID and one password to access multiple application and I'm really sure that many of you are already using single sign-on in the corporate world and before moving any further for the viewers who are joining us here for the first time please note that we have already covered 300 very important and the latest questions on AZ 900 in this latest 2023 series and you do not want to miss any of these questions all the questions are very important they will not only help you get good marks but also clear lot of your Azure Concepts and links to all the previous parts are available in the description box and coming up now is question number 304 it says how can companies allow some users to control the virtual machines in each environment but prevent them from modifying networking and other resources in the same Resource Group or as your subscription your options are option A create a role assignment through Azure role-based Access Control better known as Azure rbac the second option is create a policy in Azure policy that audits resource usage the third one is split the environment into separate Resource Group and the correct answer for this question is option A create a role assignment through Azure role-based Access Control also known as Azure are back and in case you do not know what is azure are back well Azure rbac enables you to create roles that Define access permissions you might create one role that limits access only to the virtual machines and a second role that provides administrators with access to everything and that's the exact ask in our question as well that's why Azure R back is the correct answer now let's move on to the question number 305 it says your company plans to migrate to Azure the company has several departments all the Azure resources used by each department will be managed by a department administrator so what are the two possible techniques to segment Azure for the Departments your options are on multiple Azure active directory or Azure 80 directories the second option is multiple subscriptions then we have multiple regions and the last one is multiple resource groups and please pay attention you have to choose two possible techniques the correct answer for this question is option b multiple subscriptions and option D multiple resource groups and friends both subscriptions and resource groups are very important Concept in Microsoft Azure let me give you more details on each of these so in Azure subscription is a container for the Azure resources it is also a boundary for permissions to resources and for the billing you are charged monthly for all the resources in a subscription a single Azure tenant can contain multiple Azure subscriptions now coming up to the Azure Resource Group will Azure Resource Group is a container that holds the related resources for an Azure solution the resource Group can include all the resources for the sales solution or only those resources that you want to manage as a group now friends I want your full attention now a very important concept to enable each department administrator to manage the Azure resources used by that department which is asked here in the question you will need to create a separate subscription per department and once you have these separate subscription you can then assign each department administrator as an administrator for each of these subscription to enable them to manage all the resources in that subscription and this is how you can take care of this business need using multiple subscription and multiple resource groups and in case you want to understand more on Azure subscription and Azure Resource Group these are the video that you need to watch both these videos are from the Azure fundamental Series this is one series that you must watch in case you are Azure beginner as this series will cover all the concepts that you need to know to get started with Azure career and now comes question number 306 it says where can a legal team access information around how the Microsoft cloud helps them to secure sensitive data and comply with the applicable law and the regulations your options are Microsoft privacy statement trust Center and the last option is online services terms and the correct answer for this question is option b trust Center and this documentation here will help you get started with the Azure cross Center and you can see that the trust Center work on three tenants security privacy and compliance and as always you can find the link for this documentation in the description box and now comes question number 307 it says where can the company access details about the personal data Microsoft processes and how the company processes it including for container your options are Microsoft privacy statement the second option is the azure compliance documentation and the last one is Microsoft compliance offerings and the correct answer for this question is option a Microsoft privacy statement so Microsoft privacy statement provides information that's relevant to a specific service including Cortana and now comes question number 308 it says that your company's website has a business critical data that must be secured at any cost to replicate data your business needs to copy data to a secondary region from the primary region across multiple data centers that are located many miles apart which storage option is best for you your options are premium storage Zone redundant storage or zrs Geo redundant storage which is GRS and then we have last one locally written in storage also known as lrs and the correct answer for this question is option C jio redundant storage so friends Geo redundant storage or GRS rep duplicates your data to a secondary region that is in a different geographic location from the primary region and that's exactly what our question was also asking a secondary region from the primary region across multiple data centers that are located many miles apart that's why geo redundant storage is the correct answer and for those who want to Deep dive and learn all the options in Microsoft Azure storage redundancy this is the documentation here you can read all about these options a very critical and important Microsoft service because any good application always thinks about building redundancy across the application and here you can also learn about different redundancy options like locally redundant storage you can also learn about Zone redundant storage so on and so forth and now comes question number 309 it says which is the best way for the companies to ensure that they only deploy cost effective virtual machine SKU sizes and your options are create a policy in Azure policy that specifies the allowed SKU sizes and the second option is periodically inspect the deployment manually to see which SKU sizes are used the third one is create an Azure rbac role that defines the allowed virtual machine SQ sizes and the correct answer for this question is option A create a policy in Azure policy that specifies the allowed SKU sizes now let's move on to the question number 310 it says which is the likely best way for the companies to identify which billing department each Azure resources belongs to your options are track resource usage in a spreadsheet the second option is split the deployment into a separate Azure subscriptions where each subscription belongs to its own billing department and the last option is apply a tag to each resource that includes the associated billing department happen and the correct answer for this question is option C apply attack to each resource that includes the associated billing department and what are tags well tags provide extra information or metadata about your resources and you can create a tag that's named billing department whose value would be the name of the billing department and then you can use Azure policy to ensure that the proper tags are assigned when the resources are provisioned and that's how you can enforce the use of tags in case any new resource is created and now comes question number 311 it says your company has virtual machine hosted in Microsoft Azure the virtual machines are located in single Azure virtual Network named v-net one the company has users that work remotely the remote workers require access to the virtual machines on v-net 1 you need to provide access for remote workers what should you do your options are figure side to side VPN or configure vnet to bnet VPN the third option is configure point to site VPN and the fourth option is configure direct access on a Windows Server 2012 server virtual machine and the last one is configure a multi-site VPN and the correct answer for this question is option C configure a point to site p2s VPN so friends please understand a point to side VPN Gateway connection lets you create a secure connection to your virtual network from an individual client computer p2s VPN is also useful solution to use instead of S2s VPN when you have only few clients that you need to connect to a virtual Network and in case you want to learn more about VPN Gateway design this is a very good documentation from Microsoft here you can understand and learn about all the site to site VPN point to site VPN v-net to v-net connection site to site and express route coexisting connection and a lot more here you can also see you have high available connections and also some next steps that you might need to take in case you want to implement a virtual private Network now let's move on to the question number 312 it says single sign-on or SSO is a dash method your options are a configuration a validation and authentication and the last one is an authorization and the correct answer for this question is option C and authentication so basically my friends single sign-on is an authentication method that enables users to sign in the first time and access various applications and Resources by using same password coming up next is question number 313 it says that you have an on-premises Network that contains several servers now you plan to migrate all the servers to Azure now you need to recommend a solution to ensure that some of the servers are available even if a single your data centers goes offline for an extended period what should you include in the recommendation your options are availability set fault tolerance scalability elasticity and the last one is low latency and the correct answer for this question is option b for tolerance and this is because fault tolerance is the ability of a system to continue to function in the event of a failure of some of its components so even if some of the components of your applications are failing fault tolerance will make sure that your application is still working and available to the users and with that let's move on to the question number 314 it says in Azure what do you understand by application availability your options are application is available to high-end users and the second option is the individual SLA of each resource the last one is the overall time that a system is functional and working and the correct answer of course is option C the overall time that a system is functioning and working now let's move on to the question number 315 it says you are the data engineer for your company an application uses no SQL database to store datum the database uses key value and white column no SQL database type the developers need to access data in the database using an API now you need to determine which API to use for the database model and type which are the two apis should you use please pay attention you have to choose two apis your options are Cassandra API the second one is table API third one is SQL API then we have dremlin API and the last one is mongodb API and the correct answer for this question is option A Cassandra API and option e mongodb API and this is because both Cassandra API and mongodb API has value pair which was the ask of the question as well and here comes the question number 316 which is which two types of customers are eligible to use Azure government to develop a Cloud solution each correct answer presents a complete solution and each correct selection is worth one point your options are a Canadian government contractor the second one is a European government contractor third one is a United States government entity and the fourth one is a European government entity and the last option that we have is a United States government contractor and the correct answer for this question is option C A United States government entity and option e a United States government contractor so looking forward to learn more on Azure government I'm sure you do so this is the Microsoft documentation which tells you what is azure government here you can read that Azure government is a cloud environment specifically built to meet compliance and security requirements for the US government please note this is only for the US government and this Mission critical Cloud deliveries breakthrough Innovations to the U.S government customers and their Partners Azure government applies to the government at any level from state to local government to the federal agencies including department and defense agencies the most important point to note here is whenever you are seeing Azure government for now it is only restricted and pointing towards the United States government and now comes the question number 317 it says this question requires you to evaluate the underlying text to determine if it's correct and here you can see that we have this underlying text let's read the entire statement it says your company implements Azure policies to automatically add a watermark to Microsoft Word documents that contain credit card information now friends you have to review this underlying text and if you think that this underline text makes the entire statement correct in that case you have to choose the first option which is no change needed and in case you think that this underline text needs to be corrected in that case you have to choose between the options given here which are DDOS protection and then we have Azure information protection the last one is azure active directory identity protection and in this case my friends you have to choose option C Azure information protection in case you want to automatically add a watermark to the Microsoft Word documents that contain credit card information so Azure policies is not the correct service to achieve this business requirement and a good place to understand what is azure information protection is this documentation here it says that Azure information protection is a part of Microsoft purview information protection which was formerly known as Microsoft information in protection or MIP Microsoft purview information protection helps you discover classify protect and govern sensitive information wherever it lives or travels and of course you can note that AIP exchains labeling and classification functionality provided by Microsoft purview with the following capabilities and you can read more on this documentation as your time permits but for now let's move on to the next question question number 318 it says Define availability sets your options are a group of instances for your application in an availability Zone the second option is a logical grouping of virtual machines that allows Azure to understand how your application is built to provide for redundancy and availability and the last option is set of resources and the correct answer for this question is option b and now let's move on to the question number 319 it says multi-factor authentication in azure directory is used to provide access to the resources based on an organizational policies yes or no and in this case my friends this is an incorrect statement and that's why we have paid no for this question and I'm pretty sure that you are eager to know what is the service to provide access to the resources based on organizational policy so let's find out in the next question and here comes the question 320 it says conditional access in Azure active directory is used to provide access to the resources based on organizational policies yes or no and yes this time this is a correct statement that's why we have chosen is so now you know conditional access is the correct tool what is conditional access well conditional access is the tool used by Azure active directory to allow access to the resources based on identity signals conditional access is more refined MFA or multi-factor authentication method and this is a very good documentation in case you want to understand what are multi-factor authentication and conditional access hello and welcome back to the Tech Blackboard it's a beautiful shiny day today a perfect day to learn and prepare for easy 900 exam in the last few parts we have been focusing on some specific sections of AC 900 slippers but today in this part 18 I present to you a mixed bag of 20 latest questions on AZ 900 just the way you can expect in real exam so let's begin part 18 with question number 321 it says that you plan to build an Enterprise Data Warehouse in Azure to perform business data analysis the requirement is to build an integrated environment that will support the development of end-to-end analytical Solutions which service should you use for this your options are Azure machine learning Azure synapse analytics and the last one is azure database for postgray SQL and the correct answer for this question is option b Azure synapse analytics now friends all of these services are very important in Microsoft Azure so I want to give you one-lined definition of each of these so that you have some basic idea for each of these Services when you're appearing in the Microsoft examination starting with machine learning Azure machine learning is a development platform for coding machine learning then we have Azure synapse analytics which is also the correct answer for this question this is a data analytics platform that combines data integration Enterprise data warehousing and big data analytics and you can surely match of this definition given here with that of the requirement given in the question as well now coming to the Azure database for postgre SQL this is a relational database service based on open source postgrad database engine and it is not used to build a data warehouse that's why Azure synapse analytics is the correct answer now let's move on to the question number 322 it says that your company plans to start using azure and will migrate all its network resources to Azure you need to start planning processes by exploring Azure what should you create first should you create subscription a resource Group a virtual Network or should you create a management group and the correct answer for this question is option A a subscription and please listen to this very carefully a subscription is linked to the payment setup and each subscription will result in a separate bill and thus without creating a subscription you cannot create any Azure resource and this is true even when you have a free account and friends in case you do not know Azure gives you 200 worth of free account that you can use to create and explore Azure by creating resources that you want and if you are anything like me I am always interested things that are free and open source so this is the Microsoft Azure documentation page or you can say the start page where you can start learning and exploring Microsoft Azure and here you can see that Microsoft says let's start with USD 200 as your credit so basically you can simply create a free Azure account just give your details like email and other address details that Microsoft will ask and then you will have 200 already credited in this account and you can create pretty much any Microsoft Azure resource and explore and learn Microsoft Azure and friends as I just mentioned even in this free account you have to first create subscription before you can create any other Microsoft Azure resource so always keep in mind subscription is the first thing that you create in your Azure account and now comes question number 323 it says which of the following is a reputable set of governance tool that helps development team quickly build and create new environments while adhering to organizational compliance to speed up the development and the deployment your options are Azure blueprint a continuous immigration continuous deployment which is also known as CI CD pipeline configuration the third option is azure policy and the last one is azure devops and the correct answer for this question is option A Azure blueprints so friends Azure blueprints is important Microsoft service and there will be questions on this in AC 900 exam and I have presented lot of questions on Azure blueprint in part 16 of this series so please watch part 16 and you will gain a lot of insights on Azure Blueprints and also you will understand its differences against Microsoft Azure arm templates and a lot more now let's quickly jump to the question number 324 it says which of the following correctly defined Edge Computing and your options are Edge Computing allows you to secure your application on multiple locations the second option is Edge Computing allows customer to run virtual machines containers and data services at Edge location the last option is Edge Computing allow allows to create scalable web applications and the correct answer for this question is option b Edge Computing allows customers to run virtual machines containers and data services at Edge locations moving on with the question number 325 it says which of the following could Grant or deny access based on originating IP address your options are Azure active directory Azure firewall and the last one is VPN Gateway and no prices for guessing the correct answer for this question is option b Azure firewall and let me share some more information on Azure firewall so Azure firewall grants server access based on originating IP address of each request and you can create firewall rules that specifies ranges of IP addresses only clients from these granted IP addresses will be allowed to access the server firewall rules also include specific Network protocol and Port information and now comes question number 326 it says from Azure Cloud shell you can note a underline here you can track your company's regulatory standards and regulations such as ISO 27001 now the instruction given are that review the underlying text here you can see this underline text if it makes the statement correct then you have to select no change needed which is the first option given here and if this statement is incorrect select the answer choices that makes the statement correct so basically in case this is an incorrect option then you have to choose from these other three options which are the Microsoft cloud partner portal the third option is compliance manager and the last option is the trust Center and the correct answer for this question is the trust Center so the correct statement becomes from trust Center you can track your company's regulatory standards and regulations such as ISO 27001 let's move on to the question number 327 it says which of the following is a correct statement the first one is private cloud is a combination of public Cloud plus hybrid Cloud the second option is public cloud is a combination of hybrid Cloud plus private cloud and the last one is hybrid cloud is a combination of private Cloud plus public cloud and this one question confuses lot of people but please please understand my friends hybrid Cloud as the name suggests is a combination of private Cloud plus public cloud and that's why option C is the correct answer and because this topic is so important I want to give you a use case on hybrid Cloud so here you can see that your application so please understand this is the use case on hybrid Cloud so let's say that your application resides on premises or in a private Cloud so please pay attention my friends we are saying that your application resides on private Cloud so we are already mentioning about private cloud let's move ahead it says many times sudden spikes in demand overload the capacity of your applications like seasoned events like online shopping or text filing now organizations can tap into additional Computing resources in the public Cloud sometimes called Cloud bursting where the hybrid Cloud environment allows the on-premises infrastructure to burst through the public Cloud so you can see there are two very important elements of this use case first of all we are saying that our application is already working or already residing on on premises or private Cloud then secondly we are saying that in case the demand comes or there is a sudden spike in the demand then we can burst out our own premises application to use public cloud and that's why this solution or this use case is a hybrid Cloud furthermore it says many customers take advantage of hybrid Cloud to achieve global scale and increase reliability in highly regulated Industries data residency requirements May mandate that certain set of data must be kept on premises while the other workloads can reside in public Cloud so hopefully you understand I have presented you two use cases for the hybrid Cloud the first one already says that in case you have to burst out then you can use public cloud and this combination of private cloud and public Cloud will make this a hybrid cloud in Second Use case I am saying that sometimes there is a regulatory mandate you have to keep some data on premises due to security reasons but the other data or other part of the application you can move to the public cloud in that case also your combining private cloud and the public Cloud so that also makes it a hybrid Cloud I hope this is now very clear to you what is a hybrid cloud and where you can use it and now let's move on to the question number 328 a related question it says that your organization existing infrastructure is on devices due to changing demand organization was to move some of its infrastructure on Azure Cloud now you are tasked to suggest a cloud computing model that takes full advantage of on-premises infrastructure and also allows data and application to be shared between on-premises and Cloud infrastructure which of the cloud computing model would you suggest your options are public Cloud private cloud and hybrid cloud and I'm pretty sure with the detailed discussion that we did in the last question all of you have picked the right option and that is option C hybrid Cloud moving on to the question number 329 it says this question requires you to evaluate the underlying text to determine if it's correct this is the statement here and you can see it says resource groups provides organizations with the ability to manage compliance of azure resources across multiple subscription so basically in these kind of questions you have to review this underlying text and if this makes the entire statement correct in that case you have to choose this no change needed option otherwise you have to choose one of the options given here to make this entire statement correct so what are the other options we have Azure app service plan the third option is azure policies and then we have management groups and the correct answer for this question is option C Azure policies now we have discussed Azure policies many times but a quick revision would not harm so Azure policies can be used to define requirements for resource properties during deployments and for already existing resources Azure policies controls properties such as pipes or location of the resources and very importantly Azure policy is a service in Microsoft Azure that you can use to create assign and manage policies and these policies enforce different rules and effects over your resources so those resources can stay compliant with your organization standards and and service level agreements for example you can have a policy that only allows a certain level of SKU size of virtual machines in your environment and once this policy is implemented new and existing resources will be evaluated for compliance now let me ask you a quick question or let me say I give your homework all of you please understand this and try to answer the question is I just mentioned that Azure policies once applied will be evaluated against all the existing and the new resources now you have to tell me in case of the existing resources if any resource is violating the Azure policies what do you think will happen will that resource continue to function or will that resource cease to function let me know your answers in the comment section and let's share this good knowledge and now let's move on to the question number 330 it says which options lets you extend your on-premises networks into Microsoft cloud over a private connection with the help of connectivity provider your options are point to site VPN side to side VPN or express route and friends here I just want to mention in the previous part 17 I took a question on point to site VPN and many of our Learners message me asking about taking questions on other type of VPN what kind of question should they expect in Easy 900 exam from this section I truly understand this section confuses a lot of azure Learners which option to choose when so here I present three back-to-back questions on this concept and I'm sure this will help you understanding this concept better and you can also help me by liking this video please like the video now coming to the correct answer for this question is option C express route and in case you want to understand more on Azure express route this is the documentation it says express route lets you extend your on-premises networks into Microsoft cloud over private connection with the help of a connectivity provider and that's exactly what was asked in the question as well connectivity provider that's why express route is the correct answer now let's take up question number 331 it says which option is used to set the communication between an on-premises VPN device and an Azure VPN Gateway through an encrypted tunnel over the Internet your options are point to site VPN site to site VPN or express route and this time my friends the correct answer is option b side to side VPN now friends side to side VPN establishes connection between on-premises VPN device and an Azure VPN Gateway that is deployed in a virtual Network now this type of connection type allows communication between any on-premises authorized resource to access virtual Network through an encrypted tunnel that's why side to side VPN is the correct answer and now coming up question number 332 it says which option lets you create a secure connection to your virtual network from an individual client computer your options are once again point to side VPN site to site VPN and express route and this time my friends the correct answer is point to site VPN and in case you want to learn more about point to site VPN this is the documentation it says the point to site VPN Gateway connection lets you create a secure connection to your virtual network from an individual Cloud computer a p2s connection is established by starting it from the client computer this solution is useful for telecommunicators who want to connect to Azure v-nets from a remote location such as from home or a conference and also friends please check out the question number 311 of previous part 17 for another similar question on VPN concept and now let's move on to the question number 333 it says which of the following Azure services do not require you to select particular region your option are virtual machines storage types Azure active directory as your traffic manager or the last one is azure DNS and correct answers for this question is option C option D and option e so basically my friends whenever you are creating Azure active directory or Azure traffic manager as your DNS in that case you do not have to choose a particular region and here comes question number 334 it says which Azure service you can use for quickly sending billions of notifications to iOS Android windows or Kindle devices working with APNs or also known as Apple push notification service GCM Google Cloud messaging and wns windows push notification service and more your options are iot Hub Azure notification hubs Azure machine learning and the last one is azure Monitor and the correct answer to this question is option b Azure notification hubs so what is the Azure notification hubs so so basically this is a massively scalable mobile push notification engine for quickly sending millions of notifications to iOS Android windows or Kindle devices working with APN basically whatever the question is asking this service is more suitable for that and coming up next is question number 335 it says to what should an application connect to retrieve security tokens your options are Azure storage account Azure active directory as your security Center and the last one is azure keyboard and the correct answer for this question is option b Azure active directory a very important service in Microsoft Azure so what is azure active directory will Azure ad authenticates users and provides access tokens and access token is a security token that is issued by an authorization server also note my friends many people confuse security tokens as secrets please minded security tokens are not a secret what is a secret in Microsoft Azure well password private keys and certificates all these are categorized as Secrets but not security tokens and also note my friends tokens are generated when the request is made and they change with almost each request and valid for a short duration only and that's why there is no point in protecting the token by storing it in Azure keyboard to use it when it is needed it's not static it's a dynamic value and that's why it doesn't make any sense to store security tokens coming up next is question number 336 it says that you need to be aware of the latest Azure security standards to protect your data which of the following service should you use to ensure this your options are Azure government online terms of service trust Center and the last one is azure compliance documentation and the correct answer for this question is option C trust Center coming up next is question number 337 it says Azure Cosmos B is an example of which Cloud offering your options are platform as a service infrastructure as a service serverless and the last one is software as a service and the correct answer for this question is option a platform as a service moving on to the question number 338 it says a Microsoft SQL Server database that is hosted in the cloud and has software updates managed by Azure is an example of your options are Disaster Recovery as a service or tras the second option is infrastructure as a service and then we have platform as a service the last one is software as a service and the correct answer for this question is platform as a service and here my friends I want to make a point very clear many people confuses in these kind of questions here it is not saying Microsoft SQL database on a virtual machine in that case that would have been infrastructure as a service but in this case what we are telling is that SQL Server database that is hosted on the cloud and more importantly all the updates software updates are managed by Azure in this case this is most certainly platform as a service and now let's move on to the question number 339 it says that you can access compliance manager from your options on Azure active directory admin Center second option is azure portal and then we have Microsoft 365 compliance Center then we have Azure service trust portal and the last option is Microsoft purview compliance portal and the correct answer for this question is option e Microsoft purview compliance portal and this documentation here is a good place to start working on compliance manager the link as usual is given in the description box and now let's move on to the question number 340 it says which of the following provides information about the plan maintenance and the changes that could affect the availability of your resources your options are azure your monitor Azure security Center as your service health and the correct answer for this question is option C Azure service health so let me give you a brief introduction on Azure service health so Azure service health is a suit of experiences that provide personalized guidance and support when the issues with Azure Services affect you and this service can notify you help you understand the impact of issues and keep you updated as the issue is resolved also note my friends that Azure service help can also help you in prepare for Planned maintenance and changes that could affect the availability of your resources and also my friends in case you want to learn more on Azure service Health then this is the question that you must see question number 226 of part 13 and in this question my friends I have explained in a very detailed manner with the live demo how can you access of where from you can access Azure service help and what are the facilities or the benefits everything is shown in this question live demo on Azure portal hello and welcome back to the Tech Blackboard once again I am back with a lot of learning on Microsoft Azure and today with another set of 20 latest questions let's learn some fundamental concepts on Azure security Azure policies Blueprints and a lot more the reason why I'm taking a lot of questions on Azure security and governance is that recently a big chunk of questions are coming from this section which clearly resonates Microsoft focus on security so let's straight away dive in and learn some new Concepts today and also prepare for AZ 900 so let's begin part 19 with question number 341 it says that this question requires you that you evaluate the underlying text to determine if it's correct so here you can see that we are given with this statement which says you use management groups to organize resources in an Azure subscription further the question says that review the underlying text here you can see we have this underlying text if this makes the statement correct then in that case you have to choose no change needed which is the very first option otherwise you have to make this statement correct by selecting other three options given which are resource groups management groups and administrative units and the correct answer for this question my friends is option b resource groups so basically you use resource groups to organize resources in an Azure subscription and just to give you more highlights on Azure resource groups well Azure resources can be combined into resource groups which acts as a logical container into which Azure resources such as web apps database storage accounts are deployed and managed and please always remember my friends that you cannot have any Azure resource before you have a resource Group and now let's quickly jump on to the next question it says which of the following could require both both a password and a security question for full authentication your options are Azure firewall application Gateway and the last one is multi-factor authentication the correct answer for this question is option C multi-factor authentication what is the multi-factor authentication well multi-factor authentication also known as MFA requires two or more elements for full authentication and I'm pretty sure all of you must have experienced this and you must be getting SMS or text on your mobiles to authenticate yourself while using any application and friends there are lot of ways using multi-factor authentication for example many applications these days are also using Microsoft or Google Authenticator and friends in a very easy to understand language just consider MFA or multi-factor authentication as an extra layer of authentication beyond your own passwords and here comes question number 343 it says that you plan to deploy several Azure virtual machines and you need to control the ports that devices on the internet can use to access virtual machines what should you use your options are a network security group and then we have an Azure active directory Azure Active Directory Group and the last one is azure keyboard and the correct answer for this question is option A a network security group now let's take few more questions on NSG or network security group one topic from where you can surely expect some questions in AZ 900 and here comes question number 344 it says your company plans to deploy several web servers and several database servers to Azure you need to recommend an Azure solution to limit the types of connection from the web servers to database servers what should you include in the recommendation your options are Azure service bus a local network Gateway a route filter and the last option is network security groups and yes is the correct answer is option D Network Security Group see in this question the keywords are web servers and several database servers so basically you are maintaining an internal communication between your web servers and database servers and that's why for internal communication network security groups is the best choice moving on with the question number 345 it says which of the following Services would you use to filter internet traffic in your Azure virtual Network your options are Azure firewall network security group or VPN Gateway and the correct answer for this question is option b network security group and here comes some more information on network security group that allows you to filter Network traffic to and from Azure resources in an Azure virtual Network an NSG can contain multiple inbound and outbound security rules that enables you to filter out traffic to and from resources buy Source and destination IP address port and protocol so friends please note these details very carefully because Microsoft can change the question and ask the questions that are revolving around IP addresses ports and protocols and in that case you now know that network security group is the option to choose on and now let's take some questions on the other security aspects here comes the question number 346 it says which of the following provides information about the planned maintenance and the changes that could affect the availability of your resources your options are Azure monitor Azure security Center and the last one is azure service health and the correct answer for this question is option C Azure service health and Friends Azure service health is a suit of experiences that provides personalized guidance and support when issues with Azure Services affects you it can notify you help you understand the impact of issues and keep you updated as the issue is resolved and very importantly my friends Azure service help can also help you prepare for the planned maintenance and the changes that can affect the availability of your resources so out and out a very important Azure service and here comes question number 347 it says North America is represented by a single Azure region yes or no and the correct answer for this question is no and this is because North America has several Azure regions including West U.S Central U.S South Central Us East U.S and lastly Canada east so that's why North America comprises of multiple Azure regions let's move on question number 348 says that Azure web app Azure logic app and Azure SQL database are all examples of platform as a service or past model yes or no the correct answer for this question is yes all all the services given here are the example of platform as a service and friends I am sure that all of you who are following this series from the very beginning might be feeling that some of the questions are getting repeated of course I know that and this has been deliberately planned so that all the questions the concepts are drilled in your mind because repetition really helps you when you are giving exams to recall your answers so that's why trust the process my friends with each reputation I always try to give you a new piece of knowledge on the Azure services and friends so far if you're liking our efforts and liking the content of this video please please press the like button and with that here comes question number 349 it says a company ABC limited wants to execute workflows that are designed to automate business scenarios and are built from predefined logic blogs without any code please note without any code very important keywords that will help us to choose the correct answer further it says that which of the services is most suited your options are Azure functions Azure logic apps Azure workflows and the last one is azure compute the correct answer for this question my friends is option b Azure logic apps and this is the documentation where you can get started on Azure logic apps and please do not get confused because the heading of this documentation says decide when to use Azure functions in this documentation only when you scroll a little downwards you will reach to this section which says Azure logic apps and here you can read that logic apps are similar to the functions and that's why I chose this documentation I could have really taken you directly to the logic apps documentation but I wanted you to see that Azure logic apps are very closely connected to Azure functions and that's why chosen this documentation here you can read that Azure logic apps are similar to of the functions and it's very important my friends that you note that both logic apps and Azure functions enable you to trigger logic based on an event and on one side you have Azure functions that help you execute the code based on an event on the other hand you have Azure logic apps that execute workflows and that was the exact ask or the need of the question and that's why we have chosen Azure logic apps as the answer to this question and the link to the referred documentation is available in the description box now let's move on with the question number 350 it says that you have an on-premises application that sends email notification automatically based on a rule now you plan to migrate the application to Azure you need to recommend a serverless Computing solution for the application what should you include in your recommendation your options are Azure API Azure logic apps the third option is azure workflows and lastly we have Azure functions and the correct answer for this question is option b Azure logic apps and now comes question number 351 similar kind of question where we have underlined text and in this statement which says if Microsoft plans to end the support for an Azure service that does not have a successor service Microsoft will provide notification at least 12 months before now here you have to validate whether 12 months is the correct period in case it is then you have to choose no change needed otherwise you have to choose from the options given which are 6 months 90 days and 30 days the correct answer for this question is no change needed because yes Microsoft will give you a notification of 12 months before they terminate any Microsoft Azure service that does not have a successor service and now let's quickly jump to the question number 352 it says where can you obtain details about the personal data that Microsoft processes how Microsoft processor is it and what are the purposes your options are Microsoft privacy statement the second option is compliance manager and lastly we have Azure service health and the correct answer for this question is option a Microsoft privacy statement and just as the question needs Microsoft privacy statement explains what personal data Microsoft processes how Microsoft processes it and what are the purpose all the details you can get in Microsoft privacy statement and now comes question number 353 it says which of the following can be used to help you enforce resource tagging so that you can manage the billing your options are option A Azure policy option b Azure services and lastly we have compliance manager and undoubtedly the correct answer is option A Azure policy and we have talked about Azure policies many time before but here comes a quick one-liner Azure policy can be used to enforce stagging values and rules on azure your resources so in case you want to enforce a policy that will ensure that all the resources that are created in your Azure subscription will always contain a set of tags then Azure policy can be of great help and don't worry my friends we have a lot of questions on Azure policies that will tell you what are the other different uses that you can use as your policy for but for now let's move on to the next question question number 354 it says which of the following can be used to define a reputable set of azure resources that Implement organizational requirements your options are Azure blueprint Azure policy lastly we have Azure resource groups and the correct answer for this question is option A Azure blueprint and for the friends who are joining us here for the first time Azure blueprints enable Cloud Architects to define a reputable set of azure resources that Implement and adhere to the organization standards patterns and and requirements as your blueprint enables development teams to rapidly build and deploy new environments with the knowledge that they are building within organizational compliance within a set of built-in components that speed up the development and the delivery and friends there is a lot of confusion on Azure blueprints that's why I have taken a lot of questions on Azure blueprints in the previous parts so please make sure to watch the previous Parts there will be surely some questions on Azure blueprints an important Azure service and you do not want to miss that and now comes question number 355 it says which of the following lets you grant users only the rights that they need to perform their jobs your options are Azure policy compliance manager and the last one is role-based access control and the correct answer for this question is option C role based access control and role-based access control or art back is one very important Azure service we we will take some questions on this service in the coming Parts as well but for now please understand that our back lets you grant users only the rights that they need to perform their jobs and you know what friends I have seen a lot of people who get confused between Azure are back and Azure ad are also known as Azure active directory and in case you also have the same confusion please make sure to watch the next upcoming part where I will explain the differences between Azure ad and Azure are back but for now let's move on to the next question question number 356 says that you plan to deploy 20 virtual machines to an Azure environment and you need to make sure that a virtual machine named vm1 cannot connect to the other virtual machines and for that vm1 must your options are to be deployed to a separate virtual Network the second option is run a different operating system than the other virtual machine third one is to be deployed to a separate Resource Group and lastly we have have a two virtual interfaces and the correct answer for this question is option A to be deployed to a separate virtual Network and now comes question number 357 it says that you plan to deploy several Azure virtual machines you need to ensure that the service is running on the virtual machines remain available even if single data center Fields what are the two possible solutions each correct answer presents a complete solution your options are deploy the virtual machines to two or more availability zones then we have deploy the virtual machines to two or more resource groups thirdly we have deploy the virtual machines to a skill set and the last one is deploy the virtual machines to two or more regions and most definitely my friends the correct answer for this question is option A and option D in option A we are saying that we should deploy virtual machines to to two or more availability zones and in the option D what we are saying is that we can deploy virtual machines to two or more Azure regions and both of these options will serve the purpose and our services will still be running on Virtual machines even if one single data center fails because both availability zones and regions will keep your application running even if one single data center fails and now comes question number 358 it says which of the following best explains cloud computing your options are delivery of Cloud Computing Services over the Internet the second option is setting up your own Data Center and lastly we have scalable Computing and the correct answer for this question is option a delivery of Computing Services over the internet and now we have question number 359 it says that which of the following is not the feature of cloud computing and your options are latest technology unlimited pool of services flexible resources and lastly we have economics of skill and the correct answer I am sure you have guessed that it's option b a limited pool of services and here comes question number 360. it says which of the following is not a cloud computing your options are public Cloud scalable Cloud private cloud and the last one is hybrid cloud and I am sure hundred percent of you have guessed the right answer and that is option b scalable cloud in the last part we have been focusing on the questions based on Azure security it is such an important topic and many new questions are coming from this section so let's continue with the questions that revolve around Azure security one area which is not just important from the exam perspective but also very important for all of those who are looking forward to professionally work on Microsoft azure so here comes the first question for today question number 361 it says which of these options helps you most easily disable an account when an employee leaves your company your options are enforced multi-factor authentication also known as MFA the second option is Monitor sign on attempts and the last option is use single sign-on and the correct answer for this question is use single sign-on and this is because my friend single sign-on centralizes your user identity so you can disable an inactive account in a single step and Friends most of the companies these days even the one you're working in use single sign-on to centralize the administration of user identity both enablement or activation of user identity and the disablement of the inactive accounts both can be achieved by single sign-on and now comes question number 362 it says which of the following items would be a good use of resource lock your options are an express route circuit with connectivity back to your own premises Network the second option is a non-production virtual machine used to test occasional application builds and the last option is a storage account used to temporarily store images processed in a development environment and the correct answer for this question is option A and express route circuit with the connectivity back to your own premises Network and why do you think it's a correct answer because the other two options are talking about non-production virtual machine which is not that business critical and the last option is talking about temporarily stored images processed in a development environment of course this is also not a business critical application because this also is a development environment only the first option is talking about production environment and that's why it's a good idea to safeguard your production connectivity with resource law talk I hope you understood why we have chosen option A in case you have still any doubts do let me know in the comment section and now comes question number 363 it says which of the following approaches would be the most efficient way to ensure a naming convention was followed across your subscription your options are send out an email with the details of your naming conventions and hope it was followed I really hope that peoples are reading the mail so carefully anyways let's move on to the next option it says create a policy with your naming requirements and assign it to the scope of your subscription and the last one is give all the other users except yourself read only access to the subscription have all requests to create resources sent to you so that you can review the names being assigned to the resources and then create them and the correct answer to fulfill this business need is option b create a policy with your naming requirement and assign it to the scope of your subscription and here comes question number 364. it says what is azure information protection now friends I know the options are bit lengthy but I have to read it for you so please bear with me the first option says that AIP is a cloud-based solution that helps organizations classify and protect its documents and emails by applying labels now labels can be applied automatically by administrators who Define rules and conditions and also manually by users and you can also apply labels with a combination of both now the second option says that AIP is a cloud-based security solution that identifies detects and helps you investigate Advanced threads compromise identities and malicious Insider actions directed at your organization the last option is AIP is a monitoring service that provides threat protection across all your service both in Azure and on premises and the correct answer for this question is option A okay so friends before we proceed I have a small request to make I see that more than 75 percent of the people who watch my video have not subscribed to the channel so in case you find any value in my content please consider subscribing to the channel it doesn't cost you anything but it really motivates me to create the quality content and keep all the content free for you coming back to our questions Here Comes question number 365 it says that your Azure environment contains multiple Azure virtual machines you need to ensure that a virtual machine named vm1 is accessible from the internet over HTTP what are the two possible solution your options are modify an Azure traffic manager profile second one is modify a network security group and then we have modify a DDOS protection plan and lastly we have modify an Azure firewall and the correct answer for this question is option b modify a network security group and option D modify an Azure firewall and here comes question number 366 it says this question requires you to evaluate the underlying text to determine if it's correct here you can see that we have underlying text in this statement let's read this statement it says one of the benefits of azure SQL data warehouse is that high availability is built into the platform and now what you need to do is review the underlined text if it makes the statement correct then in that case you have to choose no change needed which is the very first option given here otherwise you have to choose from other three options given here which are automatic scaling data compression and poisoning so that you can make this statement correct and the correct answer for this question is no change needed because High availability is definitely built into the Azure SQL data warehouse and here comes question number 367 exactly the same pattern as we saw in the previous question let's read this statement it says Azure SQL set enables you to scale to thousands of virtual machines for high performance Computing and large-scale parallel jobs and once again you have to review this underline text if it is correct then you have to choose no change needed otherwise you have to pick between these three options which are automatic scaling as your batch and the last one is an availability Zone and the correct answer for this question is option C Azure batch so it's Azure batch that enables you to scale to thousands of virtual machines for high performance Computing and large scale parallel jobs and now comes question number 368 it says which two types of customers are eligible to use Azure government to develop a Cloud solution each correct answer presents a complete solution and your options are a Canadian government contractor the second option is a European government contractor and then we have United States government entity the fourth option is a United States government contractor and the last one is a European government entity and the correct answer for this question is option C and option D and once again let me remind you whenever Azure government is in question it always relate to the United States government entities or the contractor and now comes question number 369 it says you plan to create an Azure virtual machine and you need to identify which storage service must be used to store the unmanaged database of the virtual machine your options are containers file shares tables or cues and the correct answer my friends is option A containers so basically my friends Azure containers are the backbone of virtual disk platforms for Azure infrastructure as a service and please note my friends both Azure operating system and data disk are implemented as virtual disk where the data is durably persisted in the Azure storage platform and then delivered to the virtual machine for maximum performance also friends in the real AZ 900 exam you may be presented with an image like this in comparison to the options that I have listed here so both are same you can see that I have listed or presented in an option like format whereas in the real exam you may be presented in this image format but now that you know the correct answer it doesn't matter which format the question comes in and here comes question number 370 it says authorization to access Azure resources can be provided only to Azure active directory users yes or no and the correct answer for this question is no and this is because authorization to access Azure resources can be provided by other identity providers by using Federation a commonly used example of this is to Federate your own promises active directory environment with Azure ad and use this Federation for authentication and authorization and friends if you remember in the last part also we talked about authorization and the authentication and I promise you that I will tell you the difference when to use Azure ad and when to use Azure are back so here it comes Azure ad is responsible for authentication on the other hand Azure art bag is responsible for authorization and now comes question number 371 it says to answer drag the appropriate benefit from the column on the left to its description on the right each benefit may be used once more than once or not at all now let's check out what are we given with so here we have Azure services such as as Azure ad our back and conditional access and in the answer area we are given with one-liner definitions for each of these Azure service and of course we have to match all these services to these one-liner definitions so the first definition given is and if then statement of assignments and access controls and most definitely this is none other than conditional access then we are given with responsible for authentication I just told you whenever it's authentication always go for Azure ad and the last one is responsible for authorization and of course this is azure rpact and now comes question number 372 it says identities stored in Azure active directory third-party cloud services and on-premises active directory can be used to access Azure resources yes or no and this time my friends the correct answer is yes coming up now is question number 373 it says Azure has built-in authentication and authorization services that provides secure access to Azure resources yes or no and of course this is a correct statement and now comes question number 374 it says Azure government is operated by Microsoft yes or no and this most definitely is a correct statement and now comes question number 375 related question so as your government is designed for what and your options are any government worldwide U.S government or UK government and the correct answer for this question is option b U.S government so once again I would like to reinforce this concept whenever it's Azure government it is always always related to US government and to drill this concept even deeper in your mind Here Comes question number 376 it says Azure government is available only to U.S government agencies and their Partners yes or no and most definitely this is a correct statement and now let's move the focus from Azure government or Azure us is to Azure China so here comes question number 377 it says Azure China is operated by Microsoft yes or no and this time my friends be very careful Azure China is not operated by Microsoft and that's why no is the correct option and I'm pretty sure that you are interested to know who actually operates as your China so here comes question number 378 it says Azure China is operated by 21 via net yes or no and of course you guessed it right this is a correct statement and here comes question number 379 it says Microsoft Azure Services operated by 21 via net are a standalone instance separating from Azure Global Services yes or no and this my friends is a correct statement and let's take one more final question on Azure China Here Comes question number 380 it says the service availability in Azure China is not identical to the global Azure yes on low and this is a correct statement and friends if you want to understand more on Azure China or how Microsoft Azure collaborates with 21 via net and operate Microsoft Azure China this is the documentation here you can read very clearly it says Microsoft Azure operated by 21 VNA also popularly known as Azure China is a physically separated instance of cloud services located in China and further it tells you that its independently operated and transacted by Shanghai blue cloud technology corporations limited which is also called 21 via net a wholly owned subsidiary of beijing21 vrnet broadband data center corporations limited all the other details on Azure China is given on this documentation read it there are quite some questions from Azure China in AZ 900 exam today this part 21 we are going to cover some of the very important questions similar to the questions which lately appeared in the AZ 900 exam so let's begin part 21 with a very interesting question question number 381 it says that you plan to extend your company's Network to Azure the network contains a VPN appliance that uses the IP address of 131.107.200.1 now you need to create an Azure resource that identifies the VPN appliance which Azure resource should you create your options are virtual networks load balancers virtual Network gateways DNS zones then we are given with local network Gateway traffic manager policies Network Watcher application Network gateways and the second last one is CDN profiles and lastly we have express route circuits and the correct answer for this question question is option e local network Gateway now friends local network Gateway is an object in Azure that represents your on-premises VPN device please pay attention a local network Gateway represents an on-premises VPN device and that's exactly what is given in the question as well a VPN applies with an RP address that is given here and further it says a virtual Network Gateway is the VPN object at the Azure end of the VPN and the connection is what connects the local network Gateway and the virtual Network gateway to bring up the VPN in case you do not know VPN is virtual private Network now let's move ahead it says local network Gateway typically refers to your on-premises location you give the site a name by which Azure can refer to it and then specify IP address similar to the one given in question of the on-premises weapon device to which you will create a connection and lastly it says that you can also specify IP address prefixes that will be routed through the VPN gateway to the VPN device and for all the Deep divers who want to learn this concept in detail this is the Microsoft tutorial and it tells you how to create a side-to-site VPN connection in the Azure portal you can learn about all the prerequisite then you will learn in this tutorial how to create a virtual Network how to create a VPN network and how to create a local network Gateway there are other things also given here you will also get to know about configure your VPN device create a VPN connection verify VPN connections connect to Virtual machines optional steps clean up your resources which is basically once you have done the exercise you should always clean up your Azure resources so that you are not incurring any unwanted cost and now let's do some drag and drop kind of question question number 382 so basically in this question you are given with some of the Azure services on the left hand side and then you are also given with the definitions on the right hand side and you have to match these services with these definitions so what are the services given we are given with Azure Sapphire iot Central and iot hub and now let's read the first definition it says a managed service that provides bi-directional communication between iot devices and Azure and the correct Azure service that matches this definition is iot Hub now let's jump on to the second definition it says a fully managed software as a service solution to connect Monitor and manage iot devices at scale and for this one my friends the correct service is iot Central and then the third definition says a software and Hardware solution that provides communication and security features for iot devices I'm sorry it's not for iot devices but it's from iot devices and the connect service to match this definition is azure Sapphire now let's do one more drag and drop kind of question question number 383 once again service is given on the left hand side and the definitions on the right hand side the services given are Azure machine learning Azure functions iot Hub and the last one is azure Port Services now let's read the first definition it says an Azure service that provides a digital online assistant that provides speech support and this one most surely is azure bot services and then we have an Azure service that uses past training to provide predictions that have higher probability and this one my friends is none other than Azure machine learning the third definition is an Azure service that provides serverless Computing functionalities and I'm pretty sure that you guessed it right it's Azure functions and the last definition says an Azure service that provides data from millions of sensors and of course this one is iot Hub and now comes question number 384 it says Azure advisor provides recommendation on how to improve security of an Azure active directory Azure ad environment yes or no and the correct answer for this question is no let's find out why because Azure advisor provides you with a consistent Consolidated view of recommendation for all your Azure resources it integrates with Azure security to bring your security recommendation and now please pay more attention my friends the description ahead will help you understand why we have chosen no as answer of this question it says that Azure advisor provides recommendation on lot of services like Azure Gateway app Services availability sets Azure cache Azure data Factory Azure database for MySQL Azure database for post gray SQL and a lot more other databases and then it also provides recommendation for Azure public IP addresses Azure synapse analytics SQL servers storage account traffic manager profiles virtual machine and a lot of other things but please note that as your advisor does not provide recommendations on how to improve security of an Azure ad employment and that's why no is the correct answer friends passing certifications definitely gives you a jump start in your career but in long run you must understand the Azure Concepts if you really want to professionally work in Microsoft Azure now even though I try to pass on a lot of azure Concepts in these q a videos but there is surely a limitation due to the format of this video so all of you who really look forward to Microsoft Azure as a career option please watch this fundamental series to enhance your grip on Microsoft Azure the link to this fundamental series is shared in the description box and also in the the pinned comment now let's take few more questions on Azure advisor Here Comes question number 385 it says Azure advisor provides recommendations on how to configure the network settings on Azure virtual machines yes or no and this one my friends is an incorrect statement and this is because an Azure advisor does provide recommendation to Azure virtual machine but it does not give recommendation on how to configure network setting on your Azure virtual machines that's why no is the correct answer now quickly jumping to the next question question number 386 it says Azure advisor provides recommendations on how to reduce cost of running Azure virtual machines yes or no and this definitely is the correct statement and here comes question number 387 it says what is the purpose of azure advisor your options are Provide support advice on Azure services and then we have suggest performance advice on Azure down times and lastly it says personalized consultant service that provides recommendation for Azure services and the correct answer my friends is option C and now comes question number 388 it says Azure advisor provides Focus recommendation in many areas not just the cost yes or no and this one my friends is a correct statement and I told you in the question number 384 all the various areas where you can use Azure advisor to get recommendations and now let's move our Focus from Azure advisor Here Comes question number 389 it says Azure files is an example of SAS or software as a service yes or no and both surely this is an incorrect statement and why so because Azure files is a pass or platform as a service offering provided by Microsoft Azure that is built on top of azure storage it provides fully managed file shares over protocol called SMB or server message block so so in case my friends you have a business requirement where you want to map a drive on the systems that resides on premises to Microsoft Azure storage then in that case you have to use Azure files and now comes question number 390 it says Azure SQL database is an example of pass or platform as a service yes or no and this one my friends is the correct statement that's why yes is the correct answer and please understand my friends in Azure SQL database you do not need to maintain anything related to SQL platform because Microsoft manages it and friends please make a segregation in your mind as your SQL database is not same as Azure SQL running on virtual machine so in case there is a question that asks Azure SQL on virtual machine in that case that is infrastructure as a service and you may also ask that why Azure SQL database is not SAS or software as a service and to that I would say say that in case of azure SQL database you still have to maintain the database in order for your application to work that's why Azure SQL database is pass but not SAS or not IAS or infrastructure as a service and with that concept let's move on to the next question question number 391 and here you are given with one statement with this underlined text now you have to review these underlined text and if this makes the statement correct in that case you have to choose the no change needed which is the very first option given here if this statement is incorrect then you have to choose the answer choices that makes the statement correct so basically you have to choose from other three options given here so what are the three options let's check them out it says within a single Azure region the third option is within multiple Azure regions and the last one is within a single Azure Data Center and the correct answer for this question is whether in a single Azure region so the correct statement will become an availability Zone in Azure has physically separate location within a single Azure region and with that let's jump on to the question number 392 it says the Microsoft InTune product is software as a service platform as a service and the last one is infrastructure as a service the correct answer to this question is software as a service let's quickly jump to the question 393 it says that you can use Azure cost management to view costs associated to management groups yes or no and this one my friends is a correct statement and here comes question number 394. it says that you can use Azure cost management to view the cost Associated to Resource groups and now comes next question question number 394 a similar question it says that you can use Azure cost management to view cost Associated to Resource groups yes or no now if you remember the previous question in that we were are given with Management Group but in this question we are asked for resource groups and this time my friends this is a correct statement that's why we have chosen yes for this question now question number 395 says that you can use Azure cost management to view the usage of virtual machine during the last three months yes or no and this one my friends is a correct statement quickly jumping to the next question question number 396 says that what is required to use Azure cost management your options are Microsoft customer agreement software Assurance the third option is an Enterprise agreement lastly we have an Azure plan and the correct answer for this question is option a Microsoft customer agreement and option D and Azure plan now let's validate our answer on this Microsoft documentation that says get started with cost management for partners here you can read in the very first paragraph it says cost management is natively available for direct Partners who have onboarded their customers to Microsoft customer agreement and purchase an Azure plan so you can see there are two components here Microsoft customer agreement and the second one is azure plan and those are the exact option that we have also chosen as the answer to this question and here comes question number 397 it says North America is represented by a single Azure region yes or no and this one my friends is an incorrect statement because North America has several Azure regions including West U.S Central U.S South Central U.S east U.S and Canada east so this clearly tells you that North America has multiple Azure regions listed here moving on question number 398 says that data transfers between Azure Services located in different Azure regions are always free yes or no and this one is an incorrect statement why because outbound data transfers is charged at a normal rate and inbound data transfer is free and this one in the question is outbound data transfer coming up next is question number 399 it says every Azure region has multiple data centers yes or no and this one my friends is a true statement because a region is a set of data centers deployed within the latency defined parameter and connected through a dedicated Regional low latency Network and here comes question number 400 kudos to all of you who are zealfully learning with us let's read the question question says that which of the following service should you use to organize resources in an Azure subscription your options are Azure regions resource groups management groups and the last one is Administrative units and the correct answer for this question is option b resource groups and this is because Azure resources are combined into resource groups which act as a logical container into which Azure resources such as web apps database and storage accounts are deployed and managed a detailed information on what is azure Resource Group is given on this documentation it says a resource Group is a container that holds related resources for an Azure solution the resource Group can include all the resources for the solution or only those resources that you want to manage as a group you decide how you want to allocate resources to Resource Group based on what makes most sense for your organization generally add resources that share same life cycle to the same Resource Group so that it's easy to deploy update and delete them as a group and of course all the steps to create Resource Group are also listed in this documentation links as usual to all the documentation that are referred in this video are given in the description box and that was all for today my friend if you gain some value from this video please like our video it really help us grow and if you join the Tech Blackboard family for the first time today then please do subscribe the channel and also select that all option so that you get the timely notifications of all our upcoming videos in this part 22 we are going to cover 20 questions on many different Azure Concepts which are constantly repeated in AZ 900 exams and I just mentioned this is part 22 so until now we have already covered 400 questions on easy 900 so let's begin today's learning with question number 401 it says Azure files is an example of infrastructure as a service IAS yes or no and in my opinion the correct answer is no and the reason why I say that Azure files is not an example of infrastructure as a service is this documentation from Microsoft here you can see that it says that Azure files offers fully managed file shares in the cloud that are accessible via industry standard server message block protocol Network file system protocol and Azure files rest API the most important keyword in this documentation is that Azure files offers fully managed file shares so whenever a service is fully managed it cannot be categorized as infrastructure as a service for example you take the example of virtual machine virtual machines are categorized as infrastructure as a service because they are not fully managed when you spin a virtual machine you have to take care of all the aspects of the virtual machine so basically you manage all the settings even the spinning of virtual machine but on the other hand in Azure files you do not manage any infrastructure that's why they cannot be infrastructure as a service so that's why in my opinion Azure files is not infrastructure as a service but I would like to hear if you contradict the same what are your reasoning for picking Azure files as infrastructure as a service now let's continue with the next question question number 402 it says a DNS server that runs on an Azure virtual machine is an example of platform as a service or not pass yes or no and the correct answer is no and this is because of the presence of azure virtual machines I just mentioned whenever it's Azure virtual machines it's always infrastructure as a service moving on to the question number 403 it says that if you have Azure resources deployed to every region you can Implement availability zones in all the regions yes or no and the correct answer for this question is no and this is because not every region has multiple availability Zone some regions may have only one availability Zone that's why you cannot Implement availability zones in all the regions and now comes question number 404 it says only virtual machines that run on Windows servers can be created in availability zones yes or no and the correct answer is no and this is because regions that support availability zones also support Linux virtual machines Now quickly moving to the question number 405 it says availability zones are used to replicate data and applications to multiple regions yes or no and the correct answer is no and the reason is that availability zones is a high availability offering that protects your application and data from data centers failure availability zones are unique physical location within an Azure region please note this underlying text my friends it says within an Azure region and not in multiple regions that's why the correct answer is no and further the documentation tells you that each zone is made up of one or more data centers equipped with independent Power Cooling and networking and we have discussed this concept in a lot more details in our Azure fundamental Series so in case you are interested to know this very important Azure concept this is the video that you should watch to get all the details and here comes question number 406 it says data that is so load in an Azure storage account automatically has at least three copies yes or no and this one my friends is a true statement so basically there are different replication options available within an Azure storage account the minimum replication option is locally written in storage which is lrs and within lrs the data is replicated synchronously three times within the primary region so the documentation is telling you that even with the minimum replication option which is lrs you still have three copies of the data and now comes question number 407 and here I will tell you a very important Azure Concepts so please listen to this question very carefully it says that all the data that is copied to an Azure storage account is backed up automatically to another Azure data center yes or no and the correct answer for this question is no and friends it's very very important to understand the differences between replication options and data backup both are completely different things but many people still get confused in both of these so let me give you more details on this it says that data is not backed up automatically to another Azure data center although it can be depending upon the replication option configured for the account and it's very important to understand that these replication options are not same as Backup backup involves creating a separate copy of the data typically to a different storage system and maintaining multiple versions over the time to protect against data loss corruption or deletion and please note Azure provides various backup solution for protecting your data such as Azure backup Azure site recovery and Azure VM backup so please do not get confused between backup of the data and data replication both of these Concepts sounds to be different names for the same concept but in reality T both are very different concepts but for now let's move on to the question number 408 it says an Azure storage account can contain up to two terabyte of data and up to 1 million files yes or no and the correct answer is no and the reason is that limits are much higher than that please mind the question it says up to 2 terabyte which seems to be the maximum limits set by the question but this is not the case the current storage limit is up to two petabyte for us and Europe and 500 terabyte for all the other regions including UK with no limits on the number of files so you can see the current limits are much much higher than what mentioned in the question so that's why no is the correct answer and now comes our next question but in the next question before I ask any question I have one statement for you and based on this statement we will take the next two questions so let's first read the statement it says that you plan and to deploy a critical line of business application to Azure the application will run on an Azure virtual machine and you need to recommend a deployment solution for the application the solution must provide a guaranteed availability of 99.99 percent and based on this statement here comes the question number 409 it says what is the minimum number of virtual machine you should recommend for the deployment and your options are one two three or five and the correct answer for this question is 2 so bare minimum you should have two virtual machines in order to provide a guaranteed availability of 99.99 moving on to the next question question number 410 it says what is the minimum number of availability zones you should recommend for the deployment the options are 0 1 2 and 3 and the correct answer once again is 2 so in a nutshell what we are saying is that overall solution in order to provide the available ability of 99.99 percent you should always have minimum of two virtual machine and these virtual machines should spread across two availability zones only then you can guarantee availability of 99.99 percent and here comes question number 411 it says all the Azure resources deployed to a resource Group must use the same Azure region yes or no and the answer is no the reason is that Azure resources deployed to a single Resource Group can be in different regions the resource Group only contains the metadata about the resources it contains there is no restriction of having same location for the resources as that of Resource Group so what this essentially means is that you can have Resource Group in one different region and you can have resources inside this Resource Group from another different regions and here comes question number 412 it says that if you assign a tag to a resource Group all the Azure resources in that Resource Group are assigned to the same tag yes or no and the correct answer for this question is no the reason is that tags are not inherited by default now the next obvious question that should come to your mind is there anything that is inherited by default let's find out in the next question and here comes question number 413 it says that if you assign permissions for a user to manage a resource Group the user can manage all the Azure resources in that Resource Group yes or no and the correct answer this time is yes and the reason is that permissions set at Resource Group level are inherited by the resources in that Resource Group so keep in mind once again I'm telling tags are not inherited from Resource Group to the resources but permissions are inherited by the resources inside a resource Group let's quickly jump to the question number 414 it says availability zones can be implemented in in all the Azure regions yes or no and the correct answer is no we just read few questions back that not all Azure regions support availability zones so that's why low is the correct answer moving on with the question number 415 it says only virtual machines that one on Windows Server can be created in availability zones yes or no and yes of course this is an incorrect statement and now comes question number 415 it says only virtual machines that runs on Windows servers can be created in availability zones yes or no and most surely the answer is no and this is because Azure definitely supports Linux as well quickly jumping up to the question number 416 it says availability zones are used to replicate data and applications to multiple regions yes or no and the correct answer is no and we just read this concept A few questions back that availability zones are unique physical locations within a single Azure region and not multiple regions that's why correct answer is no and here comes question number 417 it says that you can use Azure policy to download published audit reports and how Microsoft builds and operates its cloud services yes or no and the correct answer is no so basically my friends Azure policy is not used to download the publish audit reports by Microsoft I want to understand how Microsoft builds and operates its cloud services Azure policy is completely different concept and we have done a lot of question on Azure policy in the previous parts coming up next is question number 418 it says that you can use service trust portal to download the publish audit reports and how Microsoft builds and operates its cloud services yes or no and this time this is a correct statement and see friends in case you really get confused in all these policies and Trust portals and why what not always try to make relationship between these two things for example it says published audit reports and how Microsoft builds and operates its cloud services so basically Microsoft is trying to promote transparency on how it operates and what transparency brings it brings a certain level of trust and that's why service trust portal I hope this quick tip will really help you in your exams and now coming up to the next question question number 419 it says authentication confirms the identity of a person who wants access yes or no and this time it's a correct statement so authentication is used to confirm the identity of a person who wants access and there is a related concept to authentication and that is authorization let's understand what is authorization in the next question so here comes question number 420 it says authorization grants the proper access to a legitimate user yes or no and this time once again it's a correct statement so authorization is used to Grant proper access to alleged my user and further it tells you that authorization is the process of establishing what level of access alleged might user or the service should have so let me quickly summarize it for you and make the distinction between authorization and authentication clear so authentication let's say that you log into a website now the authentication will check whether you have access to login or not so in case you are a legitimate user then it will let you in and that's the authentication process but on the other hand authorization once you are in the website or in the application the authorization will decide whether you are admin or a normal user or a guest user so the level of authorization or level of work or access that you can do inside the website or any application that is decided by authorization I hope this makes the distinction between authentication and authorization clear to you foreign [Music] questions from a variety of different topics and we are going to cover 20 questions on many different Azure Concepts and please note that we have already covered 420 questions covering the length and breadth of AZ 900 exam so let's begin part 23 with question number 421 the question says that this question requires that you evaluate the underlying text to determine if it's correct this is the underlying text let's read the entire statement it says that you have an application that is comprised of an Azure web app that has a SLA of 99.95 and then you also have Azure SQL database that has an SLA of 99.99 now the question tells you that the composite SLA for the application is the product of both slas which is equal to 99.94 person so friends you have to review this underlying text and if it makes the statement correct then you have to select no change needed which is the very first option here otherwise you have to select from the other three options given let's read the other three option the option b is the lowest SLA Associated to the application which is 99.95 percent option C says the highest SLA Associated to the application which is 99.99 and lastly option D says the difference between the two slas which is 0.05 percent and the correct answer for this question is option A no change needed so 99.94 is the correct SLA and how we have calculated this this is the composite SLA which is the product of both the slas which is 99.95 percent which is the SLA of azure web app and also the SLA of 99.99 percent which is the SLA of azure SQL database and in case you are still confused let's check out the Microsoft official documentation to understand how these composite slas are calculated so here is the documentation or q a question and answer from Microsoft here you can see that we are talking about composite SLA let's come down and in this section you can see that Microsoft an employee of Microsoft has given an example the example is exactly the same that we presented in the question as well hey you can see that we are given with app service web apps that has an SLA of 99.95 and then we have SQL database with the SLA of 99.99 further you can see that composite SLA how it is calculated well composite SLA for this application is 99.95 multiplied by 99.99 which is equal to 99.94 so anytime my friends you have to calculate the com composite SLA of an application then as a first step you have to figure out the individual SLA of all the services in that application and once you have the individual SLA all you need to do is multiply all these slas and then you have your own composite SLA for the entire application so calculating composite SLA is very simple a simple multiplication and then you have composite SLS I'm pretty sure that you got the concept of composite SMA this is not just important from the exam perspective but also whenever you are working in Microsoft Azure or any other cloud service so here comes question number 422 it says to complete the sentence select the appropriate option in the answer area here you can see this sentence it says data that is stored in archive access here of an Azure storage account fill in the blanks and you have to fill this blank with any of these options what are the options option A says can be accessed at any time by using easy copy copy.exe then we have can be only read by using Azure backup option C is must be restored before the data can be accessed and lastly we are given with must be rehydrated before the data can be accessed and the correct answer for this question is option D must be rehydrated before the data can be accessed and this is because Azure storage offers different kind of access tiers the first one is hot then we have cool and lastly we have archived here and here in this question we are talking about archived here so archive access tier has the lowest storage cost but it has higher data retrieval cost compared to the hot and cool tiers data in the archive tiers can take several hours to retrieve also please note that while a blob is in archive storage The Blob data is offline and cannot be read overwritten or modified to read or download a blob in archive you must first rehydrate it to an online deal so you can see according to this documentation data in the archive access tier must always be rehydrated why so because data in archived here is offline and you cannot read overwrite or modify that data unless you rehydrate the same now let's look at question number 423 it says that when you need to delegate permissions to several Azure virtual machines simultaneously you must deploy Azure virtual machines to which of the following your options are Azure region Azure availability zones Azure Resource Group and lastly we have Azure resource manager template and the correct answer for this question is option C Azure Resource Group question number 424 it says Azure hasn't built-in authentication and authorization services that provides secure access to Azure resources yes or no and most surely this is a correct statement that's why we have chosen yes for the this question question number 425 says that Azure active directory or Azure ad provides authentication services for resources hosted in Azure and Microsoft 365 yes or no and more surely this is a correct statement and friends we have talked a lot about authorization authentication Azure ad and R back services in the previous parts so please do watch the previous Parts in order to understand these critical Azure Services needless to say you're gonna get a lot of questions around these services so I'm sure you will watch the previous parts and here comes question number 426 it says that identities stored in Azure active directory third-party cloud services and on-premises active directory can be used to access Azure resources yes or no and this one my friends is a correct statement that's why yes is the correct answer and now we have question number 427 Azure active directory requires the implement edition of domain controllers on Azure virtual machines yes or no and this one my friends is an incorrect statement that's why no is the correct answer now I am pretty sure that many of you as you are just starting with Microsoft Azure would not be knowing about this service which is called domain controllers so just to give you a Kickstart on Azure active directory domain services are also called Azure adds and here you can read let me Zoom it a little so that you can read a little better oops that was too much so this is what the documentation says that Azure active directory domain Services part of Microsoft intra which is very latest entry in Microsoft services and we have discussed this services and the questions related on this one in the previous Parts as well so this enables you to use manage domain services such as Windows domain join group policy ldap and car gross authentication without having to deploy manage or patch Dom main controllers and friends for your self-study I have provided the link for this documentation in the description box in fact all the documentation that I have referred so far or will be referring in the future slides is available in the description box but in case you want to understand why this is answered as low then you have to join the next part in which I will explain why Azure active directory does not require implementation of domain controllers on the Azure virtual machines so please do join us in the next part subscribe to the channel so that you get the timely notifications and with the belief that you have subscribed to the channel let's move to the next question question number 428 it says each user account in Azure active directory can be assigned only one license yes or no correct answer is no and coming up quickly question number 429 it says identity stored in an on-premises active directory can be synchronized to Azure active directory Azure ad yes know and this one my friends is a correct statement that's why yes is the correct answer now let's move on and take one more question on authorization question number 430 it says authorization to access Azure resources can be provided only to Azure active directory users yes or no and this one my friends is an incorrect statement and this is because there are many more ways to provide authorization to access Azure resources other than the Azure active directory coming up next is question number 431 it says that you can view your company's Regulatory Compliance report from your options are Azure advisor Azure analysis service and then we have Azure monitor lastly we are given with Azure security Center the correct answer for this question is option T Azure security symptom and this is because the advanced monitoring capabilities in Azure security Center lets you track and manage compliance and governance over the time and the overall compliance provides you with measure of how much your subscription are compliant with the policies associated with your workload so that's why Azure security Center is the place in case you want to view the company's Regulatory Compliance report and here we have question number 432 it says Azure ad is responsible for authorization yes or no and the answer is no always remember my friends that Azure ad is responsible for authentication on the other hand our back is responsible for authorization and then we have question number 433 it says that you have a resource Group named rg1 and you plan to create virtual networks and app services in rg1 you need to prevent the creation of virtual machines in rg1 the solution must ensure that the other objects can be created in rg1 what should you use your options are a lock and Azure role attack and lastly we have an Azure policy but before I answer the question I hope hope you understood the question see the question is very simply asking that you have a business need when you have a resource group called rg1 and you want to make sure that all the resources or the services can be created in rg1 but the virtual machines cannot be created in rg1 so you have to create some kind of dependency or some kind of rule or some kind of policy that will ensure that virtual machines are not enabled or created in rg1 and the only service that can help you in this business scenario is option T and Azure policy and this is because an Azure policy is a service in Azure that you can use to create assign and manage policies and these policies can enforce different rules and effect over your resources so that those resources stay compliant with your corporate standards and service level agreements and Friends trust me you're gonna get a lot of questions on Azure policy in the easy 900 exam so please discover this topic thoroughly and for more such questions on Azure policy please also watch our previous parts and the upcoming parts and now comes question number 434 it says that this question requires you that you evaluate the underlying text to determine if it's correct the statement says that after you create a virtual machine you need to modify the network security group to allow connections to the TCP port 8080 on the virtual machine now you have to review this underline text and if this text makes the entire statement correct in that case you have to choose no change needed otherwise you have to choose the other three option and the option b is virtual Network Gateway option C is virtual Network and lastly we are given with the route tables but for now the correct answer is option A no change needed why so because when you create a virtual machine the default setting is to create NSG on network security group attached to the network interface assigned to a virtual machine NSG works like a firewall and you can attach Network Security Group to a virtual Network or an individual subnets within the virtual Network and furthermore you can also attach NSG to a network interface assigned to a virtual machine and friends before we move ahead I have two three requests to make very quickly whenever you are emailing us with the answers to any of these episodes please always mention the episode number or the part number this really helps us to quickly send you the PDF files containing all the questions and the answers for that particular part otherwise it takes a bit more time and personally I do not like you waiting because you are preparing for certification and getting this PDF file on time can really boost up your learning in the offline mode and also my friends please do subscribe to the channel as we have compiled lot of new questions very close to the questions that are being asked lately in the easy 900 exam and now quickly we have question number 430 5 it says Azure Germany can be used by the legal residents of Germany only yes or no and the correct answer is no and the reason is that Azure Germany is available to the eligible customers and the partners globally who intend to do business with EU efta including United Kingdoms and just to revise once again my friends there are three types of question that you will get in AZ 900 exam related to the locations the first one is azure government whenever it's Azure government it's always the U.S government secondly we have Azure China so Azure China is not operated by Microsoft individually it is actually with the collaboration with 21 via net and then we have Azure Germany that question you're already seeing on your screen and as you might have already guessed we have covered a lot of location based questions in all the previous parts coming up next is question number 436 it says what can Azure information protection encrypt your options are network traffic the second option is documents and email messages thirdly we have an Azure storage account and lastly we have Azure SQL database and the correct answer for this question is option b documents and email messages and in case you do not know Azure information protection is a cloud-based solution that helps an organization to classify and optionally protect its document and emails by applying labels so Azure information protection can encrypt document and emails and here comes question number 437 once again this underlying text kind of question let's read this statement it says that you have an Azure virtual Network named v-net1 in a resource Group named rg1 now you assign an Azure policy specifying that the virtual networks are not an allowed resource type in rg1 so virtual Network one is deleted automatically so same instructions once again you have to review this underlying text and if it makes the statement correct then you have to choose the low change needed otherwise you have to choose from the other three options which are is moved automatically to another Resource Group option C says continuous to function normally and option D says is now a read-only object and the correct answer to this question is option C continues to function normally so let me give you a surprise question any one of you who answers the question correctly will get the PDF file containing all the questions and the answers for all 440 questions including this part 23 so you have to tell me why Azure virtual Network been at 1 will still continue to function even if we have a policy that says virtual networks are not an allowed resource type in rg1 why this happens if you tell me the correct answer you will get the PDF file with all the 440 questions send me your answers to our email ID connect and with that let's move on to the next question 438 it says Azure firewall will encrypt all the network traffic sent from Azure to the internet yes or no and the correct answer is no and this is because Azure firewall does not encrypt Network traffic it is actually used to block and allow traffic based on Source or destination IP address and Source or destination ports and the protocol but definitely not to encrypt Network traffic and here comes question number 439 it says Azure virtual machine that runs on Windows Server 2016 can encrypt Network traffic sent to the internet yes or no and the correct answer is no and friends there is a huge debate on this question whether it's a yes or a no so I have research on this question and I will present my justification in the next part 24 and now comes question number 440 it says a network security group or NSG will in script all the network traffic sent from Azure to the internet yes or no and the correct answer is no and here comes question number 440 it says network security group is an extension of application security group used to manage networking component of the application yes or no and the correct answer is no because we all know that Network Security Group are not part or extension of application Security Group that's why no is the correct answer so that's all my friends if you gained some value from this video please like the video as it helped us to grow foreign [Music] I have got some of the very latest and new questions that will surely help you pass AC 900 in 2023 so let's begin today's episode with question number 441 the question says that your company has an Azure subscription that contains resources in several regions now you need to ensure that the administrators can only create resources in those regions what should you use your options are a read-only log the second option is an Azure policy third one is a management group and lastly we have a reservation and the correct answer for this question is option b and Azure policy so what is a Azure policy well Azure policy helps you enforce organizational standards and to access compliance at skill through its compliance dashboard it provides an aggregated view to evaluate the overall state of the Enviro government with the ability to drill down to per resource and per policy it also helps you to bring your resources to compliance through bulk remediation for existing resources and automatic repetition for the new resources a really good documentation to understand Azure policy the links are shared in the description box and now comes question number 442 it says Azure ad requires the implementation of domain controllers on Azure virtual machine yes or no and the correct answer is no and if you remember my friends the previous part 23 I promised to give you the lodging for this question so here is the logic the Azure active directory is a cloud-based service and that's why it does not require domain controllers on Virtual machines and if you want some documentation on domain controllers I shared that in the previous part 23 and with that here comes question number 443 it says that you can enable just in time virtual machine access by using your options are Azure jet Azure firewall Azure front door and the last one is azure security symptom and the correct answer for this question is azure security Center so friends I am sure that many of you would not know what is just in time so this is the documentation that will help you understand just in time virtual machine access the link as usual is shared in the description box but just to give you a summary just in time virtual machine access feature in Azure security Center it allows you to lock down inbound traffic to your Azure virtual machine and this reduces exposed to attacks while providing easy access when you need to connect to Virtual Machine and now let's quickly jump to the next question this question starts with this statement that says that you plan to implement several Security Services on an Azure environment now you need to identify which Azure Services must be used to meet the following security requirements the first one is Monitor threads by by using sensors and the second one is in force Azure multi-factor authentication based on a condition so which Azure Services should you identify for each requirement and now comes our question number 444 that relates to the first requirement which is Monitor threads by using sensors and the options given are Azure monitor Azure security Center Azure active directory identity protection and the last one is azure Advanced threat protection and the correct answer for this question is option D Azure Advanced threat protection is the service that you would use to monitor threads by using sensors and here comes the next question question number 445 that relates to the second requirement and force Azure MFA based on a condition and once again the options are exactly the same but this time the correct answer is azure active directory identity protection question number 446 says that you need to configure an Azure solution that meets the following requirements the first one is secures website from attacks and the second one is generate reports that contains details of attempted attacks so what should you include in the solution your options are Azure firewall a network security group the third option is azure information protection and the last one is DDOS protection and the correct answer for this question is option D DDOS protection so let's understand a little bit more DDOS is a type of attack that tries to exhaust application resources and the goal for the DDOS attacks is to affect the applications availability and its ability to handle the legitimate requests and DDOS attacks can be targeted at any point that is publicly reachable through the internet so how does Azure helps you well Azure provides you two DDOS offering the first one is DDOS protection basic and the second one is DDOS protection standard and the DDOS protection basic is integrated into Azure platform by default at no extra cost and of course you have to pay for the detail standard it has several advantages over the basic service including logging alerting and telementary dito standard can generate reports that contains details of attempted attacks as required in this question so that's why DDOS protection is the correct answer moving on to the question number 447 it says Azure security Center can monitor Azure resources and on-premises resources yes or no and the correct answer is yes so Azure security Center is a unified infrastructure security management system that strengthens the security posture of your data centers and provide Advanced threat protection across your hybrid workloads in the cloud and what do we mean by hybrid workloads well the workloads that are on premises as well as the workloads that are on Microsoft Azure so Azure security Center is a great service in case you want to monitor Azure resources and on-premises resources and with that we have question number 448 it says all the Azure security Center features are free yes or no I wish all of them were free but alas they are not so the correct answer is no and just to give you more details continuous assessment security recommendations and Azure secure score are the free features available in Azure security Center for all others well you have to Shell out some money and now question number 449 says that from Azure security Center you can download a Regulatory Compliance report yes or no and the correct answer is no and the reason is that in case you want to download Regulatory Compliance report for that you have to use Microsoft Defender for cloud let's move on to the question number 450 that says Azure firewall will encrypt all the network traffic sent from Azure to the internet yes or no and the correct answer is no and this is because Azure firewall does not encrypt Network traffic it is used to block or allow traffic based on Source destination IP address Source destination ports and protocol coming up now is question number 451 that says a network security group will encrypt all the network traffic sent from Azure to internet yes or no and this time as well my friends the correct answer is no and why so because network security group does not encrypt Network traffic it works in a similar way like a firewall and it is used to block and allow traffic based on Source destination IP address and also Source destination ports and protocol now you might be wondering what is the exact service that we can use to encrypt all the traffic sent from Azure to the Internet so let's find out the answer in the next question question number 452 says that Azure virtual machines that run on Windows Server 2016 can encrypt traffic sent to the internet yes or no and so let me give you more documentation on this question let's validate our answer on this q a documentation given from Microsoft the question as you can see is exactly the same it says does Azure firewall encrypt all the network traffic sent from Azure to the internet and here I want to show you one reply from Microsoft employee and this one here it says no Azure firewall does not encrypt or decrypt traffic in Bound or outbound if you are sending a traffic with https how will firewall know what is the destination as the hostname headers are encrypted so that documentation from Microsoft proves that our answer is correct and friends I've got some more variations of the same question let me show you and let's try to find out the correct answer so here comes question number 451 it says a network security group will encrypt all the traffic sent from Azure to the internet yes or no and this one also is an incorrect statement and this is because a network security group does not encrypt Network traffic it works Works in a similar way as a firewall and it is also used to block or allow traffic based on the source destination IP address or Source destination ports and protocol coming up next in question number 452 it's another variation it says Azure virtual machines that runs on Windows Server 2016 can encrypt Network traffic sent to the internet yes or no and this one my friends once again is No now I am sure that you would have seen a lot of contradictory answers to this question but let me present my view in my view virtual machine could not encrypt the traffic to an internet host that is not configured to require the encryption so what I mean is by default Azure virtual machines that runs on Windows Server 2016 cannot encrypt Network traffic however you should also understand that Windows Server does come with the weep incline and it also supports other encryption methods such as ipsec encryption or SSL slash TLS so it could encrypt the traffic if the internet host was configured to require or accept the encryption I know this is really confusing because of different versions of the answers on the internet but let me present you one more and then we will see some documentation probably that will clear out some of the confusions for you so this is the last variation of the same question question number 453 says that Azure VPN Gateway will encrypt all the network traffic sent from Azure to the internet yes or no and this time my friends I have picked a yes and the reason is this documentation here it says that Azure VPN gateways so Azure VPN gateways you can use Azure VPN gateways to send encrypted traffic between your virtual Network and your on-premises location across a public connection or send Network traffic between virtual networks and I have shared the link for this documentation in the description box in case you feel the answer picked by me is not correct please let me know in the comments section and let's have a healthy discussion but for now let's move on to the question number 454 it says that your company plans to purchase an Azure subscription now companies support policy states that the Azure environment must provide an option to access support Engineers by phone or email now you need to recommend which support plan meet the support policy requirement the solution given is that you recommend a professional direct support plan yes or no and this one my friends is a correct solution moving on with the question number 455 it says that your Azure trial account expired last week now you are unable to the options given are create additional Azure active directory user accounts the second option is start an existing Azure virtual machine thirdly we are given with access your data stored in Azure and lastly we are given with access the Azure portal and the correct answer for this question is option b start an existing Azure virtual machine and please understand this concept very well my friends because I am sure most of you or many of you would be using Azure trial accounts so basically a stopped or de-allocated virtual machine is offline and not mounted on an Azure host server and what happens is that starting a virtual machine mounts the virtual machine on a host server before the virtual machine starts so as soon as the virtual machine is mounted it becomes chargeable and now that your Azure trial account is expired last week that's why for this reason you are unable to start a virtual machine after trial has expired and because it's a very very important concept I want to give you more details on all other options the first option said create additional Azure active directory user accounts now remember my friends that you are not charged for Azure active directory user accounts so you can continue to create accounts even if the trial account has expired coming to this option that says access your data stored in Azure so even if your trial account has expired you can still continue to access data that is stored in Azure and the last one is access the Azure portal well my friends this is quite a common sense in case they will not allow you to access the Azure portal how are you even going to reactivate or upgrade your subscription that's why you can still access Azure portal I hope you understood all of the options so let's move on to the next question question number 456 it says most Azure services are included in private preview before being introduced in a public preview and then in general availability yes or no and this one my friends is a correct statement that's why yes is the answer so most of the services go to private preview and then public preview before being released to General availability the private preview is only available to certain Azure customers for evaluation purposes the public preview is available to all Azure customers and here comes question number 457 it says Azure Services is in public preview can be managed only by using Azure CLI yes or no and this one is an incorrect statement and this is because Azure services in public preview can be managed using the regular management tools such as Azure portal Azure CLI and Powershell so there are many more tools that you can use other than the Azure CLI and now we have question number 458 it says the cost of an Azure service in private preview decreases when the service becomes generally available yes or no and unfortunately this is not correct there is no cost reduction in Azure Services when they are coming to General availability but I am really sure that like me you also wish this was true and with that we have question number 459 it says management groups enables you to organize multiple subscription in the hierarchies for unified policies and compliance yes or no and the correct answer is yes and the reason is that management groups helps you manage access policy and compliance for multiple subscription all the subscriptions in a Management Group automatically inherit the conditions applied to the management group and now comes question number 460 it says what is guaranteed in Azure service level agreement for virtual machines your options are feature availability bandwidth uptime or performance and the correct answer to this question is option C uptime hello and welcome back to the Tech Blackboard I hope you all are doing great and engaging yourself in some self learning in this part 25 I've got some of the very latest and new questions and what are we going to learn today well today I have questions around Azure subscriptions as your support plans virtual machines and spending very important topics so let's get started so let's begin with question number 461 which is a drag and drop kind of question here you can see we are given with some of the Azure services on the left hand side and then we are given one line definition of all these services on the right hand side so basically you have to match these Azure services with these one line definitions let's read the services we are given with Azure functions Azure app service Azure virtual machines and Azure container instances and now let's read the definitions the first definition says provide operating system virtualization so which service do you think is matching with this definition well this is undoubtedly the Azure virtual machines coming to the second definition it says provide portable environment for virtualized application and this one my friends is azure container instances moving to the third one it says use to build and deploy and scale web apps and this could be none other than Azure app service and the last one says provide a platform for serverless code and this would be most surely Azure functions and now we have a very interesting question question number 462 it says that how should you calculate the monthly uptime percentage to answer select the appropriate option in the answer area here you can see that we are given with these three drop down boxes and within the two drop down boxes we also have one mathematical operation so let's start with the first box the first option given here is downtime in minutes then we are given with maximum available minutes and then we are given with maximum available unit minus downtime in minutes and in the second box we are given with the options like 60 1440 maximum available minutes and lastly we have the third box which is given with 100 1440 and then the last one is 99.99 so basically you have to calculate the monthly uptime percentage and you have to pick the right options from each drop down menu and Please be aware that you are choosing the option based on the mathematical operation given here so the correct option that we picked from the first job done menu is the option C maximum available minutes minus downtime in minutes and then we have this box here and from this box we're selecting option C maximum available minutes and lastly we have this box and from here we are selecting the correct answer as option a 100 so what does our formula becomes our formula becomes maximum available time minus downtime in when it's divided by maximum available minutes and multiplied by 100 because of course we are calculating percentage and now we are on the Microsoft documentation that says Service level agreements for the online services so here you can see that we are given with lot of documentation let's pick the very latest one so when you click on this a word file will be downloaded open this word file and now in this word file there is a lot of information given you can see it's lately updated on April 1st 2023 you have to scroll down a little bit and you will reach to a section let me go through very quickly okay so now I have reached to the correct section it says monthly uptime percentage the monthly uptime percentage for a given active tenant in a calendar month is calculated using the following formula here you can see that we have user minutes minus downtime divided by user minutes multiplied by 100 so this is the formula that we got from the Microsoft documentation the formula is exactly the same although the terms used are little different and this is also a learning for you that in case Microsoft is using these terms here then also the formula Remains the Same so the user minutes basically is maximum available times the downtime this corresponds to downtime in minutes and then it says divided by user minutes which is this one here maximum available minutes multiplied by 100 which is the third option that we pick in the third drop down box so please pay attention either the Microsoft in AZ 900 exam can give you the option like this which I presented in the original question or it can can also present options like this so in any case now you know the formula so the options do not matter and before moving ahead all the Azure Learners who have joined the Tech Blackboard family for the first time today first of all thank you for joining us and I would like to mention that we have already covered 460 questions on very important Microsoft easy 900 exam all these questions are very latest and you will learn tons of azure Concepts get the Microsoft documentation exam tips and also free PDF files that will help you study in the offline mode these PDF files will contain all the questions with the answers that we are discussing in all these videos so while watching the video if you like our content please press the like button and also do subscribe to the channel as we bring a lot of videos on cloud certifications now let's move on to the next question question number 463 it says that your company has an Azure subscription that contains the following unused resources and you want to reduce the agile was for the company so what are the unused resources well we have 20 user accounts in Azure active directory then we have five groups in Azure ad 10 public IP addresses and we also have 10 network interfaces so as a solution in order to reduce the cost you plan to remove the unused groups does this meet the goal yes or no and this solution my friends is not the correct one that's why we have picked low and why it is so because your anyways not charged for Azure active directory groups therefore deleting the unused groups will not reduce your Azure cost let's take few more similar questions Here Comes question number 464 exactly the same question but this time the solution is that you remove the network interfaces so does this meet the goal of you reducing the Azure cost yes or no and this time once again this is an incorrect solution because as we saw in the previous question as well you are not charged for the unused network interfaces that that's why deleting the unused network interfaces will also not reduce your Azure cost and now we have third similar question you can see the question exactly once again the same however this time we are removing the unused public IP addresses does this meet the goal of reducing the cost yes or no and this time my friends the correct answer is yes because for public IP addresses you are always charged that's why in case you are deleting the unused public addresses this will certainly reduce your overall Azure cost and similarly my friends similar to this pattern there can be questions on other Azure resources so try and go to the Microsoft documentation to get a hand on this any resource for which you are not able to figure out whether deleting the resource will reduce the cost or not let me know in the comment section I will help you there and please stick around in this video because I'm going to take more question on Crossing so still a lot of learning is coming up and now we have question number 466 it says that this question requires you to evaluate get the underlying text to determine if it's correct here it's a statement given which says that you can create an Azure support request from support.microsoft.com so basically you have to review these underlined text and if this underlying text makes the overall statement correct in that case you have to choose the no change needed the very first option given here otherwise you have to make this statement correct and replace this underline text with the other three options the other three options which include the Azure portal the knowledge Center and lastly we have the security and the compliance admin Center and the correct answer for this question is option b the Azure portal so the correct statement becomes that you can create Azure support requests from the Azure portal and exactly where in the Azure portal well you can create Azure support requests from the help and support blade in the Azure portal or from the context menu of an Azure resources in the support plus troubleshooting section and now we have question number 467 it says that in which Azure support plan can you open a new support request your options are Premier and professional direct only the option b is Premiere professional direct and standard only thirdly we have premier professional direct standard and developer only and lastly we have premier professional direct standard developer and basic and the correct answer for this question is option D Premiere professional direct standard developer and basic so this is the documentation where you can compare all the support plans you can see that we have basic we have developers standard and professional Direct on the left hand side of this table you are given with all the features so you can see whether a feature is available in some particular support plan or not and before leaving this documentation I want your attention that there are only four support plans given in the Microsoft documentation which are basic developer standard and then we have professional direct and this means that currently there is no Premiere plan so for your knowledge there was a premier plan earlier but now it has been discarded but in the question if it may appear then please do not get confused you know what is the correct answer to choose ideally Microsoft should not include Premiere in their question but then you never know so the correct answer you know in case Premiere is given it's okay otherwise the correct answer for this question should be professional direct standard developer and basic and now comes question number 468 it says that this question requires you to evaluate the underlying text to determine if it's correct this is similar to the question we saw earlier and the statement says that a support plan solution that gives you the best practice information health status and notification and 24 cross 7 access to the billing information at the lowest cost possible is standard support plan so you have to tell whether standard support plans is exactly the plan which fits this statement otherwise you have to replace standard support plan with developer basic or Premiere and the correct answer for this question is option C basic and please remember that standard support plan is also fitting this business requirement but because we are given the lowest possible cost that's why basic is a better answer so once again I'm on the same documentation I just want to show you how to validate or work on these kind of questions the first requirement in the question was best practice information here you can see that we are given in this section here which says Azure advisor your free personalities guide to Azure best practices you can see there is a tick mark which means that this is available in the basic support plan the second requirement was health status and notification here you can see that we are given with this section here which says Azure health status and notification once again this is Tick marked in basic support plan thirdly we were given with 24 cross 7 access to the billing information and this one is given here which says 24 cross 7 self-help resources including Microsoft learn Azure portal how to videos documentation and community support and the last but most important requirement was lowest possible cost and that section is given here which says price and here you can see that this is included for all Azure customers but for the developer or the standard we have to pay some cost that's why basic is the most cost effective support plan that fits this business requirement and here is the next question question number 469 it says that by creating additional resource groups in an Azure subscription additional costs are incurred yes or no and the correct answer is no and the reason is that resource groups are logical containers for Azure resources and you do not have to pay for resource groups moving on question number 470 says that by copying several gigabytes of data from an on-premises network over a VPN additional data transfer costs are incurred yes or no and this one my friends is statement that's why no and the reason is my friends the data in Grace over a VPN is the data coming into Azure over the VPN and you are not charged for the data transfer cost for data increase or the coming in data to Azure now you may be wondering are you charged for the outgoing data let's find out question number 471 says that by copying several GB of data from Azure to an on-premises network over the VPN additional data transfer costs are incurred yes or no and this one my friends is a correct statement that's why yes so once again data agrees which is the opposite of data increase over a VPN is data outgoing of the Azure over the VPN and you are definitely charged for data aggress so I hope you understood let's summarize the increased data or incoming data to Azure on the VPN is not charged however the outgoing data or the data agrees is charged when the data is is going out from Azure over the VPN and now comes question number 472 that says that with Azure reservation you pay less for the virtual machines then pay as you go pricing yes or no and the correct answer is yes and the reason is a reservation is where you commit to pay for your resources for example a virtual machine for one or three years this gives you discounted price on the resource for a reservation period simply putting it my friends that you are committing Microsoft Azure that we are reserving a particular resource like virtual machine for next one or three years and for that commitment Microsoft gives you a huge discount moving on with question number 473 it says two Azure virtual machines that use b2s size have same monthly cost yes or no and the correct answer is no the reason is that there are other factors that influence the cost of virtual machines such as virtual hard disk attached to the virtual machines so you could have multiple virtual machines with same size b2s in this case but with different virtual hard disk configuration also very importantly my friends please remember that region also have a cost impact so even if you have exactly the same virtual machine the same configuration but in two Azure regions the cost can differ and that's why no is the correct answer moving on with the next question question number 474 it says that when an Azure virtual machine is stopped you continue to pay storage cost for the virtual machine yes or no and the correct answer is yes and this is a very very important Microsoft Azure concept A lot of people end up paying huge costs because of ignorance of this fact so let me tell you see when the virtual machine is stopped and unloaded or dismounted or deallocated whatever the word may be given in this case you are not charged anything but on the other hand if the virtual machine even if stop but it is still loaded or mounted or allocated you are still charged for the storage cost for the virtual machine so always remember my friends that a virtual machine is always mounted on a physical server in Azure and you are charged for the virtual machine itself as well as the storage cost so to ensure that you are not paying any cost you have to make sure that the virtual machine is stopped also it is unloaded dismounted or deallocated only then you are sure that there is no future cost I hope this makes it clear a very important concept once again I'm telling you please remember this concept my friend whenever you are practicing something on Microsoft Azure once you are done please remove all the resources or as a best practice whenever you're done with your work always delete the resource Group and this will make sure all the resources under that Resource Group are also deleted and you are safe from spending any unnecessary money and with that cost saving tip let's move on to the next question question number 475 says that a user who is assigned the owner role can transfer ownership of an Azure subscription yes or no and the correct answer is no and why so because you need to be administrator of the billing account that has subscription to be able to transfer the subscription and you can be billing administrator or Global administrator a subscription owner can change all the resources and the permissions within the subscription but cannot transfer ownership of the subscription that's why no is the correct answer and now comes question number 476 that says that you can convert the Azure subscription of your company from a free trial to pay as you go yes or no and the correct answer most surely is yes because of course you can convert the free trial subscription to pay as you go and not only for your company in case you are also using it for the personal purposes then also once your free trial is consumed over then you can convert wanted to pay as you go coming to the next question question number 471 it says that Azure spending limit is fixed and cannot be increased or decreased yes or no and the correct answer is yes so always remember my friends that you can remove the spending limit but you cannot increase or decrease it let's understand this further with the Microsoft documentation as a lot of people get confused in this and pick the wrong answer and this is the Microsoft documentation on Azure spending limit here you can read it says the spending limit in Azure prevents spending over your credit amount all the new customers who sign up the Azure free account or subscription types that include credits over multiple months have spending limit turned on by default the spending limit is equal to the amount of credit and you cannot change the amount of spending limit please pay attention you cannot change the amount of spending limit and further it says for example if you signed up for Microsoft Azure free account your spending limit is dollar 200 and you cannot change it to Dollar 500 however you can remove the spending limit so either you have no limit or you have a limit equal to the amount of the credit this prevents you from most kind of spendings so please read that documentation my friends the link is right there in the description box because this is one question I've seen a lot of people making mistakes always remember you can remove the spending limit but you cannot increase or decrease it and with that let's move on to the next question question number 478 says that if Microsoft plans to end the support for an Azure service that does not have a successor service Microsoft will provide notification at least six months before yes or no and the correct answer is no and this is because in case Microsoft plans to end the support for Azure service that does not have a successor service in that case Microsoft will always provide a notification of at least 12 months now let's move on to the next question question number 479 says that which Azure service can you use for quickly sending billions of notifications to iOS Android Windows Kindle devices working with APN which is Apple push notification service GCM which is Google Cloud messaging and lastly wns which is Windows push notification service and more your options are iot Hub Azure notification hubs Azure machine learning and lastly Azure Monitor and the correct answer for this question is option b Azure notification apps so my friends as your notification hubs is a massively scalable mobile push notification engine for quickly sending billions of notifications to iOS Android Windows Kindle devices which are working with APN GCM or wns and more so that's why option b is the correct answer and now we have question number 480 that says that you need to ensure that when Azure active directory users connect to the Azure ad from internet by using Anonymous IP address the users are prompted automatically to change their passwords which Azure service should you use your options are Azure ad Connect Health the option b is azure ad privilege identity management thirdly we have Azure Advanced threat protection and lastly Azure ad identity production and the correct answer for this question is option D Azure ad identity protection and friends if you really want to learn more on Azure identity production this is the Microsoft documentation I've shared the link for this documentation and all the other documentation in the description box so you can read whenever your time permits and that was all my friends if you gained some value from this video please like our videos as this makes the YouTube algorithm happy and also help us grow in this part 26 I present to you a mixed bag of 20 questions that will introduce you to the various Azure Concepts and will also help you secure higher marks in AZ 900 so let's begin part 26 with question number 481 it says that which of the following best explains cloud computing the first option is delivery of Computing Services over the Internet the second one is setting up your own Data Center and lastly we have capital expenditure and the correct answer for this question is option a delivery of Computing Services over the internet and now we have question number 482 it says that which of the following is not a feature of cloud computing your options are latest technology second option is a limited tool or services and then we have flexible resources and lastly economics of scale and the correct answer for this question is option b a limited pool of services so whenever you're using cloud computing you always have the latest technology flexible resources and economics of scale and virtually you have unlimited polar Services that's why option b is not a feature of cloud computing moving on with the question number 483 it says Microsoft Office 365 Xbox Live and Microsoft in tune is an example of software as a service or SAS model yes or no and the correct answer is yes all these Services given here are example of software as a service and now comes question number 44 it says Azure HD inside is an Apache spark based analytics service yes or no and the correct answer is no so what is the correct service will as your data breaks is the Apache spark based analytics service but this one here HD inside is not the correct service that's why no is the correct answer moving on question number 485 says that with a composition based plan you pay a fixed rate for all the data sent to or from virtual machines hosted in the cloud yes or no and the correct answer for this question is no and now comes question number 486 it says with a consumption based plan you reduce overall cost by paying only for the extra capacity when it is required yes or no and this one my friends is a correct statement quickly moving to the question number 47 it says which of the following describes platform as a service or past model your options are users are responsible for purchasing installing configuring and managing their own software and the second option is users create and deploy applications quickly without having to worry about managing the underlying infrastructure and lastly we have users pay an annual or monthly subscription the correct answer for sure is option b where user have to create and deploy applications quickly that is the Core Essence of platform as a service and they do not have to worry about the underlying infrastructure coming up next is question 488 it says that your company has data centers in Los Angeles and New York the company has a Microsoft Azure subscription and you are configuring two data centers as Geo cluster sites for data resiliency and now you need to recommend an Azure storage redundancy option you have the following data storage requirement the first one is data must be stored on multiple nodes and then we have data must be stored on nodes in separate Geographic locations and lastly we are given with data can be read from secondary location as well as from the primary location which of the following Azure storage redundancy option should you recommend your options are geo-rated in storage the second option is read only Geo redundant storage thirdly Zone redundant storage and lastly locally redundant storage and the correct answer for this question is option b read only Geo redundant storage now friends in case you are confused between Geo redundant storage and read-only geo-redended storage and trying to think why I picked read-only your redundant here is the explanation so basically geo-redend in storage which is the option one replicates your data to another physical location in the secondary region to protect against the regional outages however the data is available to be read only if the customer or the Microsoft initiates of failover from the primary to the secondary region please mark my word only if customer or Microsoft initiates a failover from the primary to the secondary region but here my friends in this question the requirement C says that data can be read from the secondary location as well as from the primary location which means that question is demanding a automatic field over and that is not possible in jio related in storage that's why read only redundant storage is the correct answer coming up to the question number 49 it says that you are the data engineer for your company an application uses nosql data to store data the data base uses key value and white column nosql database type developers need to access data in the database using an API and now you need to determine which API to use for the database model and the type which two apis should you use your options are Cassandra API table API mongodb API SQL API or Gremlin API and the two correct apis for this question is option a question draw API and option C mongodb API and this is because both Cassandra API and mongodb API have key value pair which is the requirement of the question as well and now we have question number 490 which says which of the following is a logical unit of azure services that links to an Azure account your options are Azure subscription second option is Management Group and the third one is Resource Group and undoubtedly the correct answer for this question is option A Azure subscription coming up for you is question number 491 it says which of the following refers to the spending of money upfront and then deducting that expense over the time your options are capital expenditure operational expenditures on supply and demand the correct answer for this question is capital expenditure so always remember Capital expenditures are the expenditure in which you spend a big amount of money upfront and then you keep deducting that expense over the time however on the other hand the operational expenditures these are those expenditures that are recurring in the nature so for example your monthly bill of your mobile TV subscriptions your salaries all these are recurring in nature that's why they are categorized as operational expenditures and now we have question number 492 which says which Cloud Model provides the greatest degree of ownership and control your options are hybrid private and public the correct answer most surely is option b private moving on to the question number 493 it says which Cloud Model provides the greatest degree of flexibility once again the options are hybrid private and public and the correct answer this time is option a hybrid cloud and please do not get confused between question number 492 and this question 493. in the previous question we were talking about the greatest degree of ownership and control that was undoubtedly private Cloud but this one is talking about greatest degree of flexibility and that is hybrid Cloud why so because hybrid cloud is the combination of public cloud and the private Cloud that's why it offers the highest degree of flexibility and now question number 494 says that which of the following Azure service should you use to download published audit reports and how Microsoft builds and operates its cloud services your options are Azure policy service trust portal Azure monitor or power bi the correct answer for this question is option b service transportal coming up next question number 495 says that choose an international organization that develops International standards for privacy and compliance your options are international governmental and defense agencies the second option is General data protection regulation which is better known as gdpr the third option is international civil defense organization and lastly we are given with International Organization for standardization which is also known as ISO and the correct answer for this question is option D ISO and now we have question number 496 which is a drag and drop kind of question and in this question you have to match these Services these Azure Services given on the left to the definitions given on the right so what are the Azure Services we are given with we are given with Azure government gdpr ISO and nist so let's read the first definition it says an organization that defines International standards across all Industries we just read this in the previous question this is none other than the iso the second definition says an organization that defines standards used by United States government and the correct answer for this question is nist thirdly we're given with a European policy that regulates data privacy and data protection this one is gdpr and lastly we are given with a dedicated public Cloud for federal and state agencies in the United States and this one my friends is azure government question number 497 says that you need to identify the type of failure for which an Azure availability Zone can be used to protect access to Azure Services what should you identify your options are a storage failure an Azure region failure of physical Servo failure or an Azure data center failure and the correct answer is an Azure data center failure so just so you understand when you are using Azure availability Zone it always protects you from Azure data center failure coming up next is question number 498 it says that use DDOS Protection Service in combination with a web application firewall for protection both at Dash and in the bracket we are given with layer 3 and layer 4 offered by DDOS protection standard and then we are given with and at the dash and in the bracket we are given with layer 7 offered by black and the options given are physical security identity and access parameter Network compute application and data and the correct answer for this question is option D Network and option F application so please my network will come here which is at layer 3 and layer 4 an application will come in the second blank which is at layer 7 and here comes question number 499 it says a company is planning on hosting an application on a set of virtual machines the virtual machines are going to be running for a prolonged duration of time which of the following should be considered to reduce the overall cost of virtual machine usage your options are premium disk the second option is virtual machine skill sets and then we have Azure reservation and lastly we have Azure resource groups and the correct answer for this question is azure reservations so in case my friends you're designing an application and you know that you're going to use a virtual machine for a prolonged period of time let's say for one year or three years in that case it is always advisable that you reserve a virtual machine for one year or three year in advance and this will also give you a lot of discounts from Microsoft and here comes question number 500 and I think all you Cloud Learners all you Azure Cloud Learners deserves a round of applause so let's read the question it says which resources can be used as a source for a network security group inbound security rule your options are application security rule only the second option is IP address only thirdly we have service tags only and lastly we have IP addresses service tags and application security groups and the correct answer for this question is my friends option D IP addresses service tags and application security groups in this part 27 we have some important questions around the Azure support plans and some revision questions with variations to the ones we have seen in the previous parts so what are we waiting for let's dive in so let's begin part 27 with question number 501 it says that you are building an application using a virtual machine in Azure and as a security requirement it is necessary to apply Azure multi-factor authentication based on certain condition which Azure service should you choose your options are Azure monitor Azure Advanced thread protection the third option is azure active directory ID protection and lastly we are given with Azure security system and the correct answer for this question is option C Azure active directory ID production so Azure active directory ID protection allows you to apply MFA on multi-factor authentication with the conditions and it is also used to detect risk such as Anonymous IP address logins unfamiliar sign-ins and and also credential leaks so that's why option C is the correct answer moving on to the question number 502 it says that your company has a virtual machine hosted in Microsoft Azure the virtual machines are located in a single Azure virtual Network named v-net1 now the company has users that work remotely the remote workers requires access to the virtual machines on v-net 1 which is the virtual Network how should you do it your options are configure a side to side VPN the second option is configure a v-net to v-net VPN and thirdly we are given with configure a point to site VPN or p2s and then we have configure direct access on Windows Server 2012 server virtual machine and lastly we have configure a multi-site VPN and the correct answer for this question is option C configure a point to site p2s VPN and the reason is because point to side VPN or p2s VPN Gateway connection lets you create a secure connection to your virtual network from an individual client computer and as you can notice in the question as well that we have remote workers who are working from their home locations on their own computers or the laptops provided by the company so that's why p2s is the best choice further it says that b2s VPN is also a useful solution to use instead of site to site VPN when you have only a few clients that are needed to connect to the virtual Network so that's why my friends p2s is the best choice for this question moving on with the question number 503 it says which of the following provides a command platform for deploying objects to your Cloud infrastructure and maintaining consistency throughout your Azure environment your options are Azure policy Resource Group Azure resource manager and the last one is Management Group and the correct answer for this question is option C Azure resource manager the reason is that Azure resource manager is a service that provides a management layer that allows you to create update and delete Azure resources all while maintaining consistency across your Azure environment so that's why Azure resource manager is the best choice for this business case coming up now is question number 504 it says that your company is planning to move from on-premises environment to Azure and you have decided to develop your application using Docker as a development environment which of the following is the best service to use for this scenario your options are Azure app service Azure container instances and thirdly we have Azure functions and lastly Azure virtual machine and I'm pretty sure that all of you have guessed the right answer and that is option b Azure container instances so Azure container services my friends is a service that runs Docker containers on demand within your Azure environment and it can operate inside a separate container without orchestration and run event driven application deploy quickly from the container development Pipeline and run the data processing and build the jobs moving on with the question number 505 it says which statement accurately describes the Modern Life Cycle policy for Azure services and your options are a Microsoft provides mainstream support for a service for five years option b is Microsoft provides a minimum of 12 months notice before ending support for a service and thirdly we are given with after a service is made generally available Microsoft provides support for the service for a minimum of four years and lastly when a service is retired you can purchase extended support for the service for up to 5 years and the correct answer for this question is Microsoft provides a minimum of 12 months notice before ending support for a service and before I move ahead to all the Azure Learners who are joining us for the first time today please watch the previous parts of this series we have already covered 5 hundred questions so please make sure to cover them all before you give your AZ 900 now let's move on with the question number 506 it says Azure site recovery provides fault tolerance for the virtual machines yes or no and the correct answer is no and the reason is very simple site recovery is a native Disaster Recovery as the service which is also known as dras and it is not linked with the fault tolerance and most surely you can watch the previous Parts as we have discussed the correct service that you should use to provide fault tolerance for the virtual machines and here comes the question number 507 it says that your developers have created a portal web app for the users in Miami branch office now the web app will be publicly accessible and used by the Miami users to retrieve customer and product information the web app is currently running in an on-premises test environment and you plan to host the web app on Azure now you need to determine which Azure web data planned to host the web app the web tier plan must meet the following requirements the requirements are that the website will use miami.vailand.com URL the second one is the website will deploy to two instances and the third one is SSL support must be included fourthly we have the website requires 12 GB of storage and lastly of course is cost must be minimized which web tier plan should you use your options are standard basic free or shared and the correct answer for this question is option a standard so this is the Microsoft documentation on which you can read all about the web tier plans so here you can see if you remember the question very well the first requirement for the question was that the website should have a custom URL which was miami.valent.com so here you can notice on the left hand side we are given with the usage tiers and under this you can notice this custom domain and you can very well see that this custom domain is supported in the standard web plan but I am sure that you are also noticing that this one is also supported in the basic and the shared so why we have chosen the standard let's wind out with the next requirement the second requirement was that the website should be deployed in two instances and here you can see that maximum instances here we are given with Dash which means nothing and then in the shared also we're given with Dash which is also the means nothing then with basic we are given with up to 3 and then in standard we are given up to 10 so now we have two choices the first one is basic and the second one is standard so let's move on to the third requirement the third requirement in the question was SSL support must be included and to find out more on the SSL I have come to this section in the same documentation it says that the secure socket layer or SSL certificates for custom domains is available on basic standard premium service plans and please note that as SSL certification enables secure connections to your custom domain website so once again you can notice that SSL is supported in both basic and the standard so now what to do let's go on to the fourth requirement the fourth requirement was that the website requires 12 GB of storage so what did I say I said 12 GB of storage and here you can see that in the basic we have only 10 GB of storage but in the standard plan we are given with 50 GB of storage so this is the only plan that fulfills all our requirements so let's revise once again standard plan covers all the business needs listed in the question we are getting the custom domain we are also getting up to three instances thirdly we are getting the SSL support and finally we are getting up to 50 GB of storage and this means standard is the best plan that we can choose to fulfill this business requirement coming up next is a similar question question number 508 it says that your developers have created 10 web applications that must be hosted on Azure now you need to determine which Azure web tier plan to host the web apps the web tier plan must meet the following requirements the first one is the web apps will use custom domains the second one is web apps each require 10 GB of storage please note my friends this is a very very important requirement and then the third one is the web apps must each run in a dedicated compute instances and the fourth one is load balancing between instances must be included and lastly cost must be minimized which web tier plan should you use your options are standard premium basic free or shared and the correct answer that I have picked is option B premium now let me give you my reasoning for it in case you do not agree with that please let me know in the comment section so once again my friends I want your attention on this requirement this second one which sees the web apps each require 10 GB of storage so how many web applications do we have we have 10 web applications each require 10 GB so that means 10 multiplied by 10 so total we need 100 GB of storage and due to the need for 100 GB of storage we cannot pick standard this time this time we have to pick premium because the Premium plan gives you 250 GB of storage space so that's why my friends I have picked premium but in case in the question you are not given with this premium option then in that case you should always go for the standard one but still once again if you have the contradient view please let me know in the comment section and we can have a good discussion coming up next is question number 509 it says that you are required to deploy an artificial intelligence solution in Azure you want to make sure that you are able to build test deploy Predictive Analytics for the solution and the given solution provided in the question is that you want to make use of azure Cosmos DB does this meet the goal yes or no and this one my friends is an incorrect Solution that's why no and the reason is very simple that Azure Cosmos DB which is presented as the solution for this question is a fully managed nosql database for modern app development single digit multi-second response times an automatic and instant scalability guarantees speed at any scale so you can see that Azure Cosmos DB is a fully managed low SQL database and it has nothing to do with the artificial intelligence solution so that's why low is the correct answer question number 510 the question is exactly the same however the solution says that you should make use of azure machine Learning Studio does this meet the goal yes or no and yes of course this one meets the goal coming up next is question number 511 it says that your company's active directory Forest includes thousands of user accounts now you have been informed that all the network resources will be migrated to Azure thereafter the on-premises data center will be retired now you are required to employ a strategy that reduces the effect on users once the planned migration has been completed as a solution you plan to sync all the active directory user accounts to Azure active directory on Azure ad does this meet the goal yes or no and this one my friends is a correct Solution that's why yes is the correct answer and now we have question number 512 it says what does a customer provide in a software as a service model your options are application data data storage compute resources or application software and the correct answer for this question is option a application data question number 513 says what is the first stage in Microsoft cloud adoption framework in Azure your options are adopt the cloud the second one is makeup line third one is ready your organization and lastly Define your strategy and the correct answer for this question is option D Define your strategy and in case you are wondering what is Microsoft Cloud adoption framework let me give you some documentation so here it is it says that Microsoft cloud adoption framework for Azure is a full lifecycle framework that enables Cloud Architects it professionals and business decision makers to achieve their Cloud adoption goals it provides the best practices documentation and tools that helps you create and Implement businesses and Technology strategies for the cloud and the link for this documentation from Microsoft is given in the description box coming up next is question number 514 it says to which Cloud models can you deploy physical servers your options are public Cloud private Cloud hybrid cloud and public Cloud the third option is hybrid Cloud only and the fourth one is private cloud and hybrid cloud and the correct answer for this question is T private cloud and hybrid cloud and now we have question number 515 it says that your team needs to have a tool that can be used to process data from millions of sensors which of the following service can be used for this purpose your options are Azure machine learning Azure iot Hub Azure AI bot and the last one is azure functions and the correct answer for this question is most surely Azure iot Hub and now we have question number 516 it says that your team needs a tool that can be used to correlate events from multiple resources into a central repository which of the following can be used for this purpose your options are Azure event Hub Azure security Center Azure ad or Azure log analytics and the correct answer for this question is option D Azure log analytics coming up next is question number 517 a platform as a service or past solution provides full control of operating system that host the application yes or no and the correct answer is no and this is because past solution does not provide access to the operating system the Azure web app service provides an environment for you to host the web application behind the scenes though the web apps are hosted on a virtual machines running iOS servers and please note that you do not have any direct access to the virtual machines or the operating system that is running IIs so that's why no is the correct answer coming up next is question number 518 it says a platform as a service solution provides additional memory to the apps by changing pricing tiers yes or no and the correct answer as for me is no and let me present you one more question with a little bit of variation so that you can understand why I have picked no for this question so here it comes question number 519 it says a solution that hosts web apps in Azure can be provided with additional memory by changing the pricing interior please note the words in this question we are saying can be provided with the additional memory so this question is talking about the possibility of providing additional memory but the previous question that was saying if past solution or platform as a service solution provides out of the box capability to provide the additional memory so that's why in the previous question we picked no but for this question the correct answer is yes but friends I am really interested to know what are your views on this question please do share your feedback in case you feel the answer picked by me is not correct but also my friends please remember just not to give the answer in yes or no also share your logic why are you picking though or why are you picking yes and with that let's move on to the next question question number 520 it says a platform as a service solution can automatically scale the number of instances yes or no and this one my friends is a correct statement so friends if you think that I am doing the good work in bringing these research question then I want your support to grow and for that please press the like button as it makes the YouTube algorithm happy and also help us reach to the wider audience just like you and in case you joined the Tech Blackboard family for the first time today then please do subscribe to the channel and also select that all option to get the timely notifications of all our upcoming videos foreign [Music] today we are going to focus questions based on Azure SLA and needless to say this is a very important section quite some questions have appeared in the recent exam from this section and before I move ahead for all the viewers who are joining The Tech Blackboard family for the first time today please note that we have already covered 520 questions on easy 900 all the questions are very latest from the 2023 Series so please do watch all the previous Parts enhance your passing score and subscribe to the Tech Blackboard channel for more such career oriented videos so what are we waiting for let's dive in so here comes the first question for today question number 521 it says that you can improve composite SLA by adding redundant service to your application yes or no and this one my friends is a true statement that's why yes is the correct answer so let's do few more questions on Azure SLA and then I will give you Microsoft document station where you can not only validate the answer but also do some self-study so here comes question number 522 which says SLA is a formal agreement between Microsoft and a customer which of the following aspects are outlined by SLA agreement your options are scalability elasticity fault tolerance or availability and most definitely the correct answer is option D availability and here comes a very interesting and important question on composite SLA it says that you have an Azure application that uses Services shown in the following table so here you can see that we are given with two Services Azure virtual machine and Azure SQL database and for each of these service we are also given with SLA which is 99.9 for Azure virtual machine and 99.99 for Azure SQL database further the question says that how should you calculate the composite SLA for the application and here you can see that we are given with four options basically four formulas to calculate SLA and and one of these is correct answer and let me reveal the correct answer which is option C and friends it's very easy to calculate the composite SLA basically you can simply multiply the individual SLA for each service and then you get your own composite slm and you should multiply this SLA here with 100 to convert this SLA into percentage so this is the relevant Microsoft documentation that you can use to understand the composite SLA so this is the section where you can understand it it is here and it says composite slas involve multiple Services supporting an application each with different level of availability for example consider an app service web app that writes to Azure SQL database at times of publication these Azure Services have the following slas here you can see that we are given with slas of azure app service web apps which is 99.95 percent and then for SQL database it is 99.99 so how to calculate the composite SLA these two Services well they have simply multiplied the slas of Individual Services and then they have composite SLA and this is exactly the similar way that I have shown in question number 523 moving on with the question number 524 it says adding more dependent services to your application improve composite SLA yes or no and the correct answer is no so friends please understand when you are adding dependent services to your application what does it mean it is like adding one more field point to your application so how do you improve composite SLA for your application well let's find out in the next question question number 525 it says adding redundant services to your application improve composite SLA yes or no and most definitely this is the correct statement so adding redundant service what does that mean basically you're adding a mechanism or you can say that you're adding failover services for example and in this documentation the example is given you can see that we have web app we also have is SQL database and then we also have a queue services so basically What's Happening Here is that in normal conditions web app will write the content or the data to SQL database however in case the SQL database is failed or not reachable in that case the web app can still continue and write the content of the data to the queue services and this is a perfect example of adding redundant services and that's how you can also improve your compositor selling moving on with the question number 526 it says the service configuration can impact on the SLA that Microsoft provides yes or no and the correct answer is yes so many services provides extra configuration options like availability zones for Azure virtual machines that increases the overall SLA and now we have question number 527 it says what's the SLA of azure maps in terms of guaranteed uptime your options are 99 99.9 or the last one is 99.99 in and the correct answer is option b 99.9 percent coming up next is question number 528 it says Azure services in public preview are subject to service level agreement or SLA yes or no and the correct answer is no so this is a very very important point for you to understand my friends that public previews are excluded from SLA and in some cases no support is offered let's take the next question question number 529 that says companies can increase service level agreement guaranteed up Time by adding Azure resources to multiple regions yes or no and the correct answer is yes of course service level agreement of time is increased usually to 99.95 percent when the resources are deployed across multiple regions and now we have question number 530 that says the service level agreement guaranteed a time for paid Azure Services is at least 99.9 percent yes or no and this one my friends is a correct statement so please understand signed that SLA vary based on the resource type and the location distribution of the resource however the minimum uptime of all the Azure Services is 99.9 percent coming up next is question number 531 it says companies can increase service level agreement guaranteed of time by purchasing multiple subscriptions yes or no and the correct answer is no and this is because the number of subscription is unrelated to the uptime SLA so it doesn't matter whether you have one single subscription or you have multiple subscription coming up next is question number 532 it says adding a third virtual machine reduces composite slm how can the companies offset this reduction your options are increase the size of each virtual machine the second option is deploy extra instances of the same virtual machine across different availability Zone in the same Azure region thirdly we are given with do nothing use Azure load balancer increases the SLA for virtual machines and the correct approach to deal with this business case is option b deploy extra instances of same virtual machines across different availability zones in the same Azure region and why this is so because even if one availability zone is affected your virtual machine instance in the other availability Zone should not be affected and your application would still be working just fine and with that we have come to the question Number 533 it says a standard support plan is included in an Azure free account yes or no and this one my friends is the incorrect statement that's why no because an Azure free account comes with the basic support plan and not with the standard support plan question number 534 says that which service level agreement is provided for Azure services in the public preview your options are each service defines its own SLA second one is SLA will be 99 percent and the third option says the SLA will be one percent less than the general availability SLA and the fourth one is the SLA will be 99.95 percent and the correct answer for this question is option A each service defines its own SLA and here comes question number 535 it says a premier support plan can only be purchased by the companies that have an Enterprise agreement or a yes or no and this one my friends is a correct statement question number 536 says all the Azure services in private preview must be accessed by using a separate Azure portal yes or no and most surely this is not a correct statement that's why no just to give you more information services in private preview can be viewed in the regular Azure portal however you need to be signed up for the feature in the private preview before you can view it and also understand my friends that access to the private preview features is only by invitation and now we have question number 537 that says Azure services in public preview can be used in production environment yes or no and this one one my friends is a true statement but but but there is a warning with this and that is that you can use services in public preview in production environment however you must understand you must be aware that the services may have faults and it's not subjected to SLA and may be withdrawn without any notice so my personal suggestion is that you should never use services in public preview always use the services which are in general availability state so I hope you understood that though you can use public preview services in production environment there is no stoppage for that but you should not why because public previous services are not backed up with the slas so in case any public preview service breaks down in the production environment Microsoft has low liability and you cannot help Microsoft responsible for it so always be aware whether the service is in public preview or in generally available and with that caution in mind let's move to the next question question number 538 says that if your company uses as Azure free account you will be only able to use a subset of azure Services yes or no and the correct answer is no and this is because Azure free account gives you 12 month access to the most popular services and you also get a credit of 200 absolutely free to use any Azure services for up to 30 days and now comes question number 539 it says that you can create up to 10 Azure free accounts by using the same Microsoft account yes or no and the correct answer is no and that essentially means that you can create only one free Azure account per Microsoft account and this brings us to the question number 540 that says all the Azure free accounts expire after a specific period yes or no and the correct answer is yes so as I just said all the free accounts expire after 12 months foreign 2023 series we are going to focus on questions based on Azure cost and friends we all understand that cost reduction is one of the primary focus of each individual and each company it is quite an important section and there are many Azure services and Concepts to be understood to be able to answer related questions in Easy 900 exam so let's jump in so let's begin part 29 with question number 541 it says which of the following Azure Services provides a set of tools for monitoring allocating and optimizing your Azure costs your options are Azure cost management Azure pricing calculator and lastly we are given with total cost of ownership calculator and the correct answer for this question is option A Azure cost management so let's take some more questions on Azure cost management and then I will give you Microsoft documentation to validate the answers and also do some self learning so here it comes question number 542 it says Azure cost management is a paid service yes or no and the correct answer for this question is no well sometimes even the good services are for free coming to the question number 543 it says select key features of azure cost management and your options are cost reduction cost and billing information budgets cost distribution among resources alerts automated exports discounts and lastly we are given with cost recommendations and the correct answer for this question is option b option C option e f and lastly option H and this documentation here my friends it's a great place to understand Microsoft cost management and how does it help you well it helps you monitor allocate and optimize Cloud cost with transparency accuracy and efficiency a lot of good information is provided in this documentation you can learn about how to monitor your crowd spending you can also learn to increase organizational accountability and much more the link as usual is provided in the description box let's move on to the question number 544 it says which of the following Azure service allows customers to compare the cost of their on-premises workloads with the same workloads running in Azure platform your options are Azure cost management Azure pricing calculator and the last one is total cost of ownership calculator and the correct answer for this question is option C total cost of ownership calculator so what is the total cost of ownership calculator well of course as the name suggests it's a calculator that Microsoft has built for you to estimate the cost saving that you can realize by migrating your workloads to Azure and how to use it well on this web page you can Define your workloads you can add your database you can add your storage so basically you try to replicate all the components that you have in your on-premises workload and then Microsoft Azure will give you a cost estimate of the ownership in case you move the entire work 0 to Microsoft Azure so in this way you can know your spending before even moving any single component to Microsoft Azure let's move on to the next question question number 545 says that Azure pricing calculator allows customers to review and estimate the cost of running their Azure Services before making a purchase yes or no and the correct answer for this question is yes moving on with the question number 546 it says that you can use Azure cost management to view the cost Associated to management groups yes or no and this one my friends is a true statement that's why yes is the correct answer and this is the Microsoft documentation where we can validate our answer and in this documentation I have come to this section which is named as how cost management and billing relay and here you can very well read that cost management is available from within the billing experience and then it says it's also available from every subscription Resource Group and Management Group in the Azure portal so here lies our answer Management Group in Azure portal so that's why yes is the correct answer moving on question number 547 it says that you can use Azure cost management to view costs associated to Resource Group yes or no and this time we just read in the documentation the correct answer is yes and let's quickly move to the question number 548 it says that you can use Azure cost management to view the usage of virtual machines during the last three months yes or no and this time my friends once again this is a true statement that's why yes is the correct answer moving on with question number 549 it says which task can you perform by using Azure advisor and your options are integrate active directory and Azure active directory option b is estimate cost of an Azure solution and then option C says confirm that Azure subscription security follows best practices and lastly we are given with evaluate which on premises resources can be migrated to Azure and the correct answer for this question is estimate the cost of an Azure solution and now comes question number 550 it says that your company has 10 offices and you plan to generate several billing reports from the Azure portal now each report will contain the Azure resource utilization of each office so which Azure resource manager feature should you use before you generate the reports your options are tags templates logs or policies and the correct answer for this question is option a tax and why this is so because you can use resource Stacks to label Azure resources and tags are metadata elements attached to the resources when all the Azure resources are tagged you can generate reports to list all the resources based on the value of that particular tag coming up next is question number 551 it says that you deploy an Azure resource the resource becomes unavailable for an extended period of time due to a service outage now what will Microsoft do so will Microsoft refund your bank account or it will migrate the resource to another subscription the third option is credit your Azure account and the last option is send your coupon code that you can redeem for Azure credits so basically the question is asking that in case there is a service that is unavailable for an extended period of time and due to that you have some problems in your application how does Microsoft will repay you and the correct answer for this question is option C Credit your Azure account so please understand that if the SLA of an Azure service is not met then you receive credits and these credits are detected from your monthly bill for that service and that's how Microsoft repays you and now coming to the question number 552 it says that your team needs to have a tool that provides digital online assistant for speech support which of the following service can be used for this purpose your options are Azure machine learning Azure it Hub Azure AI bot or Azure functions and the correct answer for this question is option C the Azure EA bot so friends whenever in the question there is a mention of online assistant for speech support then in that case always go for Azure AI bot moving on with the question number 553 it says a single Microsoft account can be used to maintain multiple Azure subscriptions yes or no and the correct answer for this question is yes which means that you can use same account to manage multiple subscriptions coming up next is question number 554 it says a company can store resources in multiple subscriptions yes or no and this one my friends is a true statement so most definitely a company can have multiple subscriptions and it can store resources in different subscriptions but then please remember a single resource instance can only exist in one subscription and now we have question number 555 it says two Azure subscriptions can be merged into a single subscription by creating a support request yes or no and the correct answer is no and it's a very important concept please remember member that you cannot merge two subscriptions into a single subscription however if the need arises you can definitely move some Azure resources from one subscription to another subscription and in case you want you can also transfer the ownership of a subscription and change the billing type for a subscription moving on with the question number 556 it says each Azure subscription can contain multiple account administrators yes or no and for this question friends I have picked the no and the reason as I understand is that you can assign service administrators and co-administrators in the Azure portal but there can be only one account administrator and now we have question number 557 it says each Azure subscription can be managed by using a Microsoft account only yes or no and this one is a false statement that's why no is the correct answer coming up next is question number 558 it says an Azure resource group contains multiple Azure subscriptions yes or no and the correct answer is no so friends Azure resource groups are logical containers for Azure resources however resource groups do not contain subscriptions in fact it's the other way around subscriptions contains resource groups and now we have question number 559 it says that your team needs to have a tool that can use past trainings to provide predictions of very high probability which of the following service can be used for this purpose your options are Azure machine learning Azure iot Hub Azure AI bot or Azure functions and the correct answer for this question is option A Azure machine learning and coming up next is question number 560 it says that you plan to host web application in Azure platform as a service solution for Azure web apps so do you think this platform will have the ability to scale automatically yes or no and the correct answer for this question is yes so when you host a web application in Microsoft Azure as Azure web apps then it automatically has the ability to scale down or scale up so friends I hope you like the questions on Azure cost Concepts if you do then why not please press the like button and help us grow hello and welcome back to the Tech Blackboard in today's episode 30 we will discuss service based questions that can often be really confusing and makes it difficult to choose the correct option some of the examples includes Azure monitor Azure log analytics Azure cross Center Azure Sentinel and many more so please stay tuned until the end of the video as I present 20 crucial questions on AZ 900 so let's begin Part 30 with question number 561 it says that your company plans to deploy several web servers and several database servers to Azure now you need to recommend an Azure solution to limit the types of connections from web servers to the database servers what should you include in your recommendations your options are network security groups Azure service bus a local network Gateway and the last one is a route filter and the correct answer for this question is option a network security groups quickly jump into the next question question number 562 it says that you have an Azure Sentinel workspace now you need to automate responses to the threats detected by Azure Sentinel what should you use your options are adaptive Network hardening in Azure security Center option b is azure service Health option C says Azure monitor workbooks and lastly we have adaptive application controls in Azure security system and the correct answer for this question is option C Azure monitor workbooks and in case you want to understand more on Azure monitor this is the Microsoft documentation which says how to use Azure monitor workbooks to visualize and monitor your data so here you can read that once you have connected your data sources to Microsoft Sentinel you can visualize and monitor the data using Microsoft Sentinel adoption of azure monitor workbooks which provides versatility in creating custom dashboards also you can read that while the workbooks are displayed differently in Microsoft Sentinel it may be useful for you to see how it creates interactive reports with Azure monitor workbooks so great documentation my friends in case you want to understand Azure monitor workbooks this is one of the less talked services in Microsoft AZ 900 but surely you will get questions on this so please have a look on this documentation the links as usual is shared in the description box let's move on with the next question it says Azure Sentinel stores collected events in an Azure storage account yes or no and the correct answer as for me my friends is no and friends I know there is a lot of confusion on this question on the internet so I have done some research and here I found this documentation which says Plan cost and understand the Microsoft Sentinel pricing and billing and here in the first paragraph itself it says that Microsoft Sentinel security analytics data is stored in Azure monitors log analytics workspace So based on that documentation from Microsoft we can say Azure storage account is not the correct answer moving on to the next question question number 564 says that Azure Sentinel can remediate incidents automatically yes or no and this one my friends is a true statement that's why yes is the correct answer coming up next is question number 565 that says Azure Sentinel can collect Windows Defender Firewall logs from the Azure virtual machines yes or no and the correct answer is yes so I hope my friends you like the questions on Azure Sentinel so far it's a very less talked about service in Microsoft Azure so please learn on this Azure Service as there are many questions coming up in recent times in AZ 900 now let's change our Focus to the other services but before that please press the like button and appreciate our efforts in bringing lot of well-researched questions so let's move on to the question number 566 it says Azure policy helps organizations too your options are enforce organizational standards and and to access compliance at scale option b is create security policy and thirdly we are given with create firewall rules and the correct answer for this question is option A enforce organizational standards and to access compliance at scale and friends we have taken a lot of questions on Azure policy which is really important from the AZ 900 exam please watch the previous parts and take up all the questions on Azure policy coming to the next question question number 567 says can one user account have more than one Microsoft 365 licenses yes or no and the correct answer is yes I know this is again a very confusing question for many of the AZ 900 exam takers so I have done some research for you and I found this documentation from the Microsoft q a page and here you can see that someone has asked exactly the same question it says can one user have multiple offers 365 licenses so what's the answer given let's find out here you can see the answer is given one by someone which is called will now let me Zoom it a little so that we can read better it says that an Office 365 business can only be associated with a work email address and if your work email address can be signed up as a personal Microsoft account you may use it as well as for Office 365 home and personal versions the only difference is the site where you are going to access the subscription offers 365 business can be accessed here you can see the portal.office.com while the offers 365 personal and home can be accessed with account.microsoft.com services and finally he sums up by saying my answer is yes a Microsoft account can have both Microsoft 365 business and Microsoft 365 home as long as it is a work email address so that documentation from Microsoft validates our answer let's move on to the question number 568 it says can we use SSO without Microsoft authenticator yes or no and the correct answer for this question is yes and in case you want to understand what is SSO or what is single sign down in Azure active directory this is the Microsoft documentation here you can read all about single sign on what is single sign on what are the other options Federation all the options all the information is given on this documentation a well presented video is also there so please go ahead and read this documentation coming up next is question number 569 another very important Microsoft service which is conditional access so let's read the question question says that conditional access uses signals collected from a user during sign-in process to decide to allow or deny access requests yes or no and the correct answer for this question is yes so friends conditional access in Azure ad capability that lets you automate Access Control based on certain user condition and it's very important to note that conditional access policies are infos are after the first Factor authentication has been completed and please pay attention it's not intended as a first line of defense for scenarios like denial of service which is Dos attacks but it uses signals from these events to determine access and in case you want to read more and understand conditional access and how can you use it in your applications to determine access this is the Microsoft documentation the links as usual is in description box now let's take more questions on conditional access question number 570 says that conditional access brings signals together to make decisions and enforce organizational policies yes or no and the correct answer this time my friends is yes so let's validate our answer I am on the same documentation and here you can read that the modern security parameter now extends Beyond organizations Network to include user and devices identity and please note Here Comes our answer it says organizations can use identity driven signals as a part of their access controls decisions and that's exactly what was asked in this question as well so this validates our answer as yes moving on with the question number 571 that says your company is looking to build authentication system the solution given is that you recommend use of conditional access does this meet the goal yes or no and this solution my friends is not the correct one that's why no is the correct answer so let's validate our answer I am again on the same documentation here you can read in this important section it says conditional access policies are imposed after the first Factor authentication is completed conditional access is not intended to be the organizational first line of defense for scenarios like denial of service attacks but it can use the signals from these events to determine access so that's why no is the correct answer moving on with the question number 572 it says conditional access policies at their simplest are if then statement yes or no and this one my friends is a true statement and you can validate the answer on the same documentation that we just report now let's check out some more services question number 573 says that what should you use to evaluate your company's Azure environment meets the regulatory requirements your options are Azure security Center Azure advisor Azure service health and the last one is azure Knowledge Center and the correct answer for this question is option A Azure security Center moving on to the question number 574 that says what can you use to identify underutilized or unused Azure virtual machines your options are Azure advisor Azure cost management plus billing the third option is azure reservation and lastly Azure policy and the correct answer for this question is option A Azure advisor so friends Azure advisor helps you optimize and reduce your overall Azure spend by identifying the idle or under utilized resources you can get course recommendations from the cost tab on the Azure advisor dashboard so want to learn more on how to reduce Services cost by using Azure advisor this is the documentation here you can see that Azure advisor as I just mentioned in my documentation helps you optimize and reduce your overall Azure spend here you can see a lot of other information for example optimize virtual machine or virtual machine skill set spend by resizing shutting down under utilized instances and this is exactly where our answer also lies so that's why Azure advisor is the service that you can use to identify under utilize or unused Azure virtual machines and now my friends let me present you one more variation of the same question that we saw in the question number 574 question number 575 says that you have an Azure subscription and you have 100 Azure virtual machines and you need to quickly identify underutilized virtual machines that can have their service tier change to a less expensive offering which blade should you use your options are metrics customer insights or Azure Monitor and the last one is azure advisor so do I need to tell the answer or you have already figured it out it's option D as your advisor so friends I hope you like these variations of the same question or the same concept because in my opinion it's very good to prepare for easy 900 exam or for any other exam for that matter so as I always encourage please understand the concept because Microsoft can tweak the questions in various Styles but you should understand the concept so that you never pick the wrong answer coming up next is question number 576 it says who can use Azure total cost of ownership calculator and your options are billing readers for an Azure subscription only option b is owners for an Azure subscription only and option C is anyone and lastly we are given with all the users who have an account in Azure active directory that is linked to an Azure subscription only and the correct answer for this question is option C anyone and the reason is very simple my friends that you don't need to have an Azure subscription to work with TCO calculator and in case you are wondering what is a tissue calculator well TCO calculator helps you estimate the cost saving of operating your Solution on Azure over the time compared to operating in your on-premises data center and people from Finance would really already know this the term total cost of ownership is used commonly in finance it can be hard to see all the hidden costs related to operating a technology capability on premises software licenses and Hardware are additional cost with TCO calculator you will enter the details of your own premises workload and then you can review suggested industry average cost for related operational cost this cost includes electricity network maintenance and it labor and you are then presented with a side-by-side report using the report you can compare those costs with same workloads running on Azure so in case my friends you or your company is thinking to move your Solutions on Microsoft Azure dco is the first place where you can analyze and estimate what will it cost to you or your company in case you're moving your solution to the Microsoft Azure and here comes question number 577 that says that you have an Azure virtual machine named vm1 now you plan to encrypt vm1 by using Azure disk encryption what Azure resource must you create first your options are an Azure storage account and Azure information protection policy the third option is an encryption key and lastly we are given with an Azure keyboard and the correct answer for this question is option D and Azure keyboard now here comes question number 578 it says that you need to be identified when Microsoft plans to perform maintenance that can affect resources deployed to an Azure subscription what should you use your options are Azure monitor Azure Services Azure advisor and last leave Microsoft trust Center and the correct answer for this question is option b Azure service health so friends Azure service Health provides a personalized view of health of the Azure services and the regions you are using this is the best place to look for the services impacting Communications about the outages planned maintenance activities and other health advisories and now we have question number 579 it says that your company has an Azure subscription that contains resources in several regions now you need to ensure that the administrators can only create resources in those regions what should you use your options are a read-only log and Azure policy a management group and the last one is a reservation and the correct answer for this question is option b and Azure policy and here comes question number 580 it says that your company has a software Assurance agreement that includes Microsoft SQL Server licenses and you plan to deploy SQL server on Azure virtual machines what should you do to minimize licensing costs for the deployment your options are de-allocate the virtual machines during of hours option b is use Azure hybrid benefits and then we have configure Azure cost management budgets and lastly we are given with use Azure reservations and the correct answer for this question is option b use Azure hybrid benefit so what is azure hybrid benefit well to start with it saves on the cost while optimizing your hybrid environment by applying your existing Windows servers SQL Server licenses or Linux subscriptions to Azure hybrid benefit and here you can also read that Azure hybrid benefit is the licensing of what that helps you migrate and save to Azure and to apply for this benefit you must be paying for either Windows server or SQL Server code licenses with software Assurance or a subscription to these products and secondly an active Linux subscription include includes a red hat Enterprise Linux or susc Linux Enterprise server running in Azure and by using Azure hybrid benefit you can achieve cost saving modernize and maintain flexible hybrid environment while operating business application so please learn about Azure hybrid benefit on this documentation today is episode 31 I will introduce you with many Azure services and we will focus on yes no kind of questions and also some review the underlying text kind of questions so coming up is the first question for the part 31 question number 581 it says that this question requires that you evaluate the underlying text to determine if it's correct so here you can see this underline text let's read this statement it says from Azure monitor you can view which user turned off a specific virtual machine during the last 14 days now you have to review this underlying text and if it makes the statement correct then you have to select the no change needed which is the very first option otherwise you have to make this statement correct by choosing the other three options so let's see what are the other options option b says Azure event hubs option C is azure activity log and lastly we are given with Azure service health and the correct answer for this question is option C Azure activity log so write statement become comes from Azure activity log you can view which user turned off a specific virtual machine during the last 14 days moving on with the next question question number 582 it says the Microsoft service trust portal can be accessed by using Microsoft cloud services account yes or no and this one my friends is a true statement that's why yes and now we have question number 583 that says compliance manager can be used to track your company's Regulatory Compliance activities related to Microsoft cloud services yes or no and this one again is a true statement that's why yes quickly moving to the question number 584 it says the my library feature can be used to save Microsoft service transported documents and the resources in a single location yes or no and this one my friends once again is a true statement so friends if you want to read more on Microsoft service trust portal this is the documentation here you can read a brief introduction on service trust portal and also the my library feature that we were talking about in the question so here you can see it says that use the my library feature to add documents and the resources on the service transporter to your my library page so please note my friends very carefully this lets you access documents that are relevant to you in a single place and that's exactly what was the ask of the question as well that's why yes is the correct answer moving on to the question number 585 it says a Windows Virtual desktop session host can run Windows 10 only yes or no and the correct answer is no so just so you know my friends the supporting operating systems for Windows Virtual desktop session host are Windows 10 Enterprise multi-session Windows 10 Enterprise Windows 7 Enterprise windows over 2012 R2 2016 and 2019 so a lot more is supported than just Windows 10. moving on to the question number 586 it says a window virtual desktop host pool that includes 20 session hosts supports a maximum of 20 simultaneous user connections yes or no and this one my friends is an incorrect statement that's why no question number 587 says a Windows Virtual desktop support desktop and app virtualization yes or no and this one my friends is a true statement that's why yes and now we have question number 588 that says Azure devops Services allow developer to deploy or update applications to Azure using continuous integration and continuous delivery which is also known as CI CD pipelines yes or no and more surely this is a true statement and now we have question number 589 that says Azure devops Services includes a git repository for developers to store code yes or no and of course this is a true statement let's take one more question on Azure devops question number 590 it says Azure devop Services can be used to build and host web apps yes or no and this one my friends is an incorrect statement that's why no so as your devop services is used as a git repository and to build the cicd pipelines and not to build and host web apps and here comes question number 591 it says a company wants to have an Enterprise messaging solution integrated with their existing application hosted within Microsoft Azure which of the following should the company use for this requirement your options are logic apps API Management Services service bus data factories or API connections the correct answer for this question is option C Service bus and now we have question number 592 that says which service provide access to the unused Azure compute capacity at deep discounts your options are Azure container distances option b is azure Reserve machine and then we have Azure spot virtual machine instances and lastly Azure virtual machines skill sets and the correct answer most surely is option C Azure spot virtual machine instances so in case you want to learn more on Azure spot virtual machine and save some big bucks then this is the documentation so here you can read that use spot virtual machines to buy unused compute capacity at a significant cost savings and you can deploy workloads that can handle interruptions and do not need to be completed within a specific period of time run the workloads for development testing quality assurance Advanced analytics Big Data machine learning and AI bad jobs rendering and transcoding of videos graphics and images at a very low cost so please read through this documentation and you can save a lot of money and with that let's jump on to the next question question number 593 says that Azure site recovery provides dash for virtual machines your options are fault tolerance Disaster Recovery elasticity or high availability and the correct answer for this question is option b disaster recovery coming up next is question number 594 that says Azure virtual machines offer less control over the Computing environment than the other Computing offerings yes or no and the correct answer is no and why this is so because the situation is just the opposite because Azure virtual machine actually offers you more control over the Computing environments than the other compute offerings so in case you want more control on operating system or you want to have custom softwares in that case Azure virtual machine is the solution to go for and coming up now is question number 595 once again a underlying text kind of question and in this question also you have to review this underline text and if it makes the entire statement correct in that case you have to choose this first option no change needed otherwise you have to make this statement correct by choosing the other three options the other three options are defining scalability rules and then we have installing the SAS solution and lastly configuring the SAS solution and the correct answer for this question is option D configuring the SAS solution so the correct statement becomes when you are implementing a software as a service solution you are responsible for configuring the SAS solution because High availability is already built in software as a service solutions moving on with the question number 596 once again the same underlying kind of question let's read this statement it says a support plan that gives you the best practice information health status and notifications and also 24 cross 7 access to the billing information at the lowest possible cost is a standard support plan and this time my friends the correct answer is option C the basic so this means it's a basic support plans that gives you best practice information health status and notification on all also the access to the billing information at the lowest possible cost now let's move on to a very interesting question question number 597 says that you plan to use Azure to host two apps named app one and app2 the apps must meet the following requirements you must be able to modify the code of app one and then we are given with administrative effort to manage the operating system of app one must be minimized and lastly we are given with the requirement for the app too which is app2 must run interactively with the operating system of the server which type of the cloud service should you use for each app to answer select the appropriate option in the answer area and please note each credit selection is worth one point so coming to the app one we are given with the options like infrastructure as a service platform as a service and software as a service and the correct answer based on the first two requirements is option B platform as a service now coming to the app too the options are exactly the same and the correct number answer for app 2 is option C software as a service and just to change a little bit of mood here I've got a drag and drop kind of question question number 598 and here you are given with some of the Azure services on the left hand side and also some definitions on the right hand side so you have to match the correct service with the correct definition so what are the services given we are given with agility Geo distribution and scalability let's read the first definition it says resources can be provisioned dynamically to meet the changing demands and the correct service that meets with this definition is scalability the second definition says application and data can be deployed to multiple regions and this one is Geo distribution now coming to the last definition it says application can be developed tested and launched rapidly and this one is definitely agility and here comes question number 599 once again the review underlined text kind of question let's read the statement it says Azure policies provide a common platform for deploying of objects to Cloud infrastructure and for implementing consistency across the Azure environment so do you think this underlying text makes the entire statement correct if yes then in that case you have to choose no change needed otherwise you have to choose from these three services which are resource groups Azure resource manager and management groups and the correct answer for this question is option C Azure resource manager so the correct statement will become Azure resource manager provide a common platform for deploying objects to Cloud infrastructure and for implementing consistency across Azure environment and now comes question number 600 and once again we have this underlying text kind of question let's read the statement it says a Azure region contains one or more data centers that are connected by using a low latency Network so in case this entire statement is correct in that case you have to choose no change needed otherwise let's read the other options it says is found in each country where Microsoft has a subsidiary office and then it says can be found in every country in Europe and America only and lastly we are given with contains one or more data centers that are connected by using High latency Network and the correct answer for this question is option A no change needed and thank you so much for tuning in and learning about the various Azure concepts with us hello and welcome back to the Tech Blackboard I hope you all are doing fine in the last episode 31 I explained many Azure services with yes no and review the underlying text kind of questions and in this episode 32 I present to you another set of 20 questions to make you aware of many new Azure concepts with the question formats like multiple choices or mcqs yes no and drag and drop so here comes the very first question for today question number 601 says that support from MSD in forums is only provided to the companies that have pay as you go subscription yes undo and the correct answer my friends is num the reason is very simple that users with any type of azure subscription that includes pay as you go Enterprise agreement Microsoft customer agreement can get support from MSD and forums so not only pay as you go subscription but also the other type of subscriptions are also included in this support from msdn forums moving on with the question number 602 that is a drag and drop kind of question in the left hand side of your screen you are given with some of the Azure services and on the right hand side in this answer area we are given with some of the definitions so we have to match these services with these definitions what are the services given let's read it out it says Azure HD inside then we are given with Azure data Lake analytics thirdly we are given with Azure SQL synapse analytics and lastly we are given with Azure SQL database now let's read the first definition that says a managed relational Cloud database service and this one definitely matches with Azure SQL database the second definition says a cloud-based service that leverages massively parallel processing to quickly run complex queries across petabyte of data in a relational database and this one matches with Azure SQL synapse analytics the third definition says can run massively parallel data transformation and processing programs across petabyte of data and this one matches with Azure data Lake analytics and then on the fourth one we have an open source framework for distributed processing and Analysis of big data sets in clusters and this one most surely matches with Azure HD Insight now let's jump to the question number 603 this says that you need to identify which blades in Azure portal must be used to perform following tasks so here we are given with three tasks in these three boxes so let's read the first task it says monitor the health of azure Services what are the options given we are given with Azure monitor Azure subscriptions Marketplace and Azure advise them and the correct Azure service to monitor the health of azure Services is none other than Azure monitor jump into the next box that says view security recommendations once again the options are same and this time my friends for this one the correct answer is option D as your advisor and now for the third box that says browse available virtual machine images and I am pretty sure that you know the answer that is option C Marketplace quickly jump into the question number 604 that says which Azure service should you use to check your secure score your options are Microsoft Defender Azure Arc DDOS protection and the last one is azure firewall and the correct answer for this question is option a Microsoft Defender and in case my friends you want to understand how to access and track your secure score this is the Microsoft documentation so here you can read in this documentation that Defender for cloud displays your score prominently in the portal and when you select the secure score tile on the overview page you're taken to the dedicated secure score page where you will see the secure score broken by the subscription and you can read more on this page all the details are given here and the link for this documentation is presented in the description box but for now let's jump to the next question question number 600 and 5 says that you can manage an on-premises Windows Server as an Azure resource by using your options are Azure a b connect the second option is azure pipelines agent Azure VPN Gateway and the last one is azure Arc and the correct answer for this question is option D Azure Arc and in case my friends you do not know Azure Arc is a service that allows you to manage on-premises servers and other resources as part of your Azure hybrid environment with Azure Arc you can use same tools apis and portals that you can use to manage Azure resources to manage your on-premises resources as well and here comes question number 606 that says which of the following service is a cloud-based network security service that helps you protect resources that are stored in an Azure virtual Network your options are Azure Sentinel the second option is azure keyboard the third one is azure dedicated host and the last one is azure firewall and this this one undoubtedly is option D Azure firewall so just so you know Azure firewall is a cloud-based service that can be used to protect resources in an Azure virtual Network and in the Azure firewall you can also Define your network rules and application rules to protect your Azure virtual Network and here comes question number 607 that says Dash refers to the ability to increase or decrease resources for a given workload your options are scalable team elasticity agility or resiliency and the correct answer for this question is option A scalability coming up question number 608 which says which of the following is referred as a logic implementation into readily available blocks of code your options are Azure logic apps Azure app service Azure arm template and the last one is azure functions and the correct answer my friends is option D as your functions so what are Azure functions well Azure functions you can use them to execute event driven serverless code functions with an end-to-end development experience and friends it's a really great Azure service I recommend you to follow through this documentation to really understand what are Azure functions and what they can do for you now let's move on to the question number 609 it says a company is planning to set up a solution on Azure platform the solution has the following main key requirement the requirement is provide a managed service that could be used to manage and scale container based applications now which of the following would be best suited for this requirement your options are Azure event grid Azure devops Azure kubernetes and Azure Dev test labs and the correct answer for this question is option C Azure kubernetes and coming up question number 610 a similar kind of question where a company is planning to set up a solution in Azure the solution would have the following key requirement the requirement says a tool that provides guidance and recommendations to improve and azure government which of the following would be best suited for this your options are Azure advisor Azure cognitive Services Azure application insights and the last one is azure devops and the correct Azure service for this task is option A Azure advisor question number 601 says a company is planning to set up a solution in Azure the following is the key requirement for that give the ability to process from millions of sensors which of the Azure Services can be used for this purpose your options are Azure machine learning Azure iot Hub Azure AI bot and Azure functions and the correct Azure service for this requirement is option b Azure iot Hub now friends those who are new to the Azure let me tell what is azure iot Hub so Azure iot Hub is a managed service hosted in the cloud that acts as a central message hub for bi-directional communication between your iot application and the devices it manages and most surely you can use use Azure iot Hub to build iot Solutions with reliable and secure communication between billions of iot devices and a cloud hosted solution backend you can connect virtually any devices to Azure iot Hub and now coming up question number 612 once again a similar kind of question it says a company is planning to set up a solution in Azure the solution would have the following key requirement the requirement is an integration solution for the deployment of code which of the following Services would be best suited for this requirement your options are Azure advisor Azure cognitive Services Azure application insights and Azure devops and this one both surely is option D Azure devops so what is azure devops well Azure devops consists of a large set of tools amongst these you have Azure pipelines which can be used to build test and deploy code and since this is the clear feature of this tool which is azure devops all the other options are incorrect and now come question number 613 that says that your company is planning on hosting resources using Azure services and you have to decide on the right service to use for the desired requirement which of the following would you use for the following requirement so what is the requirement well it says provide a service that is used to integrate Bots with the application and your options are Azure cognitive service Azure devops Azure bot service and the last one is azure synapse analytics and the correct answer for this question is option C Azure bot service and I think it's very easy to relate this Azure service with this requirement in both of these you can observe Bots is given so it's very easy to relate and now comes question number 614 similar kind of question where a company is planning to host the resources on Azure services and you have to pick the right service for this business requirement the requirement says provide a service that is used to add artificial intelligence features to the application and your options are Azure cognitive service Azure devops Azure bot service and Azure synapse analytics and the correct answer for this question is option A Azure cognitive service so what can you use as your cognitive service for well you can use Azure cognitive service to build applications with artificial intelligence capabilities and of course there are several services available in Azure cognitive Services based on the following categories the categories are Vision speech language decision and search and coming up next is question number 615 that says which offering below uses inbound and outbound rules to filter out Network traffic to and from Azure resources connected to Azure virtual networks your options are public load balancer internal load balancer application Security Group and the last one is network security group and the correct answer for this question is option D Network Security Group question number 616 says which of offering to use to configure network security as an extension of an application structure your options are public load balancer internal load balancer the third option is application Security Group and the last one is network security group and this time my friends the correct answer is option C application Security Group so what are application security groups well application security groups enables you to configure network security as a natural extension of an application structure allowing you to group virtual machines and Define network security policies based on those groups and you can also reuse your security policy at scale without manual maintenance of explicit IP addresses you can read more about application security groups in this documentation let's move further with the question number 617 it says deploying a solution using Azure container instances requires you to manage virtual machines yes or no and the correct answer is no so friends you don't have to manage virtual machines in case you're looking forward to deploy a solution using Azure container instances and now question number 618 says that Azure app service is a HTTP based service for hosting web application rest API and mobile backends yes or no and this one surely is a correct statement that's why yes is the correct answer question number 619 says that high availability refers to the ability to keep the services up and running for a long period of time while experiencing little to no downtime yes or no and the correct answer is yes coming up next is question number 620 that says which service below is Microsoft managed network security service in Azure that protects Azure virtual network resources your options are Azure Bastion Azure firewall application Security Group and the last one is azure Sentinel and the correct answer for this question is option b Azure firewall and in case you are a curious learner and you want to understand what is Azure firewall well Azure firewall is a managed cloud-based network security service that protects your Azure virtual network resources and using Azure firewall you can centrally create enforce and log application and network connectivity policies across subscriptions and virtual networks you can read all about Azure firewall in this documentation the link for all the documentation is given in the description box are you interested in advancing your career in cloud computing look no further than easy 900 or Microsoft Azure fundamental exam hello and welcome back to the Tech Blackboard in this episode 33 I have gathered 20 latest questions that are very similar to those that have appeared in the recent AZ 900 exams and friends not only you will get the opportunity to test your knowledge but I will also share some valuable Azure Concepts Microsoft documentation to help you self-learn and validate the answers and by the end of this episode you will feel more confident and prepared to pass AC 900 exam with flying colors and please do not miss to watch the previous parts of this series 620 questions on easy 900 are already covered so let's begin part 33 with question number 621 it says that your company want to migrate its web server and database server to Microsoft azure the architecture diagram is shown below you must ensure that the traffic restrictions are in place so that the database server can only communicate with the web server which of the following would you recommend for implementing these restrictions so here you can observe we have one front-end subnet and we also have one back-end subnet now the front end subnet also consists of public facing load balancer which is in turn consisting of web server virtual machine and one DNS as well and then in the backend subnet you can see we have one internal load balancer please observe the difference in the front end subnet we have public load balancer in the back end subnet though we have internal load balancer and then we also have database server virtual machines and DC virtual machine now let's check out the options given we have network security groups application security groups and a local network Gateway and the last one is a virtual private Gateway so which amongst these my friends you think that it will ensure that the traffic restrictions are in place so that the database server can only communicate with the web server and the correct answer for this question is option a network security groups moving on with the question number 622 it says the Azure service displays recent activities by the virtual machine including any configuration changes and when it was stopped and started and the services that are given are Azure monitor activity log Azure advisor and Azure agent the correct answer for this question is option b activity log so let's understand what is activity log on this Microsoft documentation that is titled as monitor Azure virtual machine here in this section you can see that we are given some details on activity log yes here it is it says that the activity log displays recent activities by the virtual machine including any configuration changes when it was stopped and started and this documentation validates that our answer is correct let's move on to the question number 623 it says that you can view activity log in the Azure portal yes or no and the correct answer my friends is yes coming up next is question number 624 it says that a company is planning to use Azure synapse analytics for hosting their sales historical data which of the following is a feature of azure synapse SQL architecture your options are high availability scalability disaster recovery and visualization and the correct answer for this question is my friends option b scalability and by the way how many of you know that Azure synapse SQL formally was called Azure SQL data warehouse although my friends you won't be getting any questions on Azure SQL data warehouse but of course it's good to know because many of us might be coming from the data warehouse background and then it's very easy to relate the concepts moving on to the question number 625 it says that you can create a diagnostic setting to send activity log to a log analytics workspace where you can view events over time or analyze them with the other collected data yes or no and the correct answer my friends is yes coming up next is question number 626 that says that you can collect Windows Event log data sources with blog analytics agent yes or no and the correct answer my friends is yes and in case my friends you want to understand more on how to collect Windows Event log data sources with log analytics agent then this is the Microsoft documentation here you can read that Windows event logs are one of the most common data sources for log analytics agent on Windows Virtual machines because many application right to the Windows Event log here you can also see that you can collect events from the standard logs such as system and application and any custom logs created by the application you need to monitor here you can see the architecture of the same also you can understand how to configure Windows in event log the links to all the documentation as always is given in the description box now let's move on to the question number 627 that says that your company has several resources hosted in Azure they want to have comprehensive solution for collecting analyzing and acting on Telemetry from the Azure Cloud which of the phonics service would you use for this requirement your options are Azure event hubs Azure analysis Services Azure advisor and the last one is azure Monitor and the correct answer my friends is option D as your monitor so what is azure monitor will Azure monitor delivers a comprehensive solution for collecting analyzing and acting on Telemetry from your cloud and on-premises environment and thus it maximizes the availability and performance of your application and services and Friends while I teach you all these questions and answers my suggestion is always to pause the video read the question read all the options that you have and before you see see what I have picked as an answer always try to put your answer on a piece of paper and then validate your answer with the one I have given this will really boost your confidence in the real exam and in case my friends you feel the answer picked by me is not correct please let me know in the comment section or you can also email us at connectors at the rate the tech blackboard.com but for now let's move on to the question number 628 that says your company wants to use Azure storage account now they have following requirement that storage account should automatically replicate data to the secondary region now the solution given is that configuring the read access Geo redundant storage account as it automatically replicate data to the secondary region does this solution beat the goal yes or no and the correct answer my friends is yes and this is because read access geo-redended storage account is most capable of replicating your data to the secondary region moving on with the question number 629 that says a company wants to ensure that the users in their company are authenticated when they access resources defined in their Microsoft Azure account which of the following is the correct definition of authentication the first option given is this specifies the type of service you can use in Azure the second option is this specifies the type of data you can use in Azure the third one says this is the act of providing legitimate credentials and the last one is this specifies what you can do in Azure and the correct answer for this question is option C this is an act of providing legitimate credentials and this is because my friends authentication is a process of proving you are what you say you are authentication is also sometimes shortened as auth n and with that piece of knowledge let's move to the next question question number 630 says that your company has 10 offices and you plan to generate several billing reports from the Azure portal now each report will contain Azure resource utilization of each office which Azure resource manager feature should you use before you generate the reports your options are tags templates logs or policies and the correct answer my friends is option a tax and just in case my friends you do not know you can use resource Stacks to label Azure resources what are tags well tags are the metadata elements attached to the resources and friends always remember tags consists of pairs of key value strings so just to give you more clarity in this question we would tag each resource with the tag to identify each office so for example you have many offices like office one office Zoom so what we can do is we tag each resource with the location tag let's say location equals to office one similarly you can tag all the resources with the location tag office 1 2 and so on and so forth when all the Azure resources are tagged then you can generate reports to list all the resources based on their value of the tag for example let's say we want to pull out the billing reports of all the resources which are tagged with office one and similarly my friends the question can also ask you that suppose you have a big company with multiple departments and you as a CEO of the company you want to control the cost based on each department in this case you can label the resources used by a certain department for example HR department finance department or it Department in this way you would be able to understand the cost pens of each department so friends in this way you can use tax in many different ways and one more way to use tax could be based on different environments for example you have test environment or production environment so you can label the resources based on the environment they are used in so I hope you got a fair idea that tags are quite flexible and they can be used in multiple ways and with that let's move on to the next question question number 631 says that you need to configure an Azure solution that meets the following requirement the first one is secure website for from attacks the second one is generate reports that contain detail of attempted attacks what should you include in the solution your options are Azure firewalls a network security group Azure information protection and the last one is DDOS protection the correct answer for friends for this question is option D D does protection so friends DDOS is a type of attack that tries to exhaust application resources and the goal of these DDOS attacks is to affect the applications availability and its ability to handle legitimate requests so basically these DDOS attacks will choke your application bandwidth so that it cannot handle the request coming from the legitimate users moving on with the question number 632 it says a company wants to create multiple data stores in Microsoft Azure they want to have storage layers that can be used to store data that is infrequently used please note the important keyword infrequently use which of the following storage tiers for azure blob storage would be suitable for this requirement and please note you have to choose two answers from the options given below what are the options we have premium storage hot storage cool storage and archive storage the correct answer for this question is option C and option D cool storage and archive storage so just to enhance your knowledge hot storage or hot storage tier is optimized for storing data that is accessed frequently moving on to the good storage we have optimized for storing data that is infrequently accessed and stored for at least 30 days and coming to the archive tier this is optimized for storing data that is readily accessed and stored for at least 180 days with the flexible latency requirements and please remember my friends these days because sometimes Microsoft will specify the number of days and based on that you have to pick the right answer so let's move on to the next question question number 633 says that an IT engineer needs to create a virtual machine in Microsoft Azure currently the RT engineer has Android based workstation and further it says currently the it engineer has a Android OS based workstation which of the following can the IIT engineer use to create the desired virtual machine in Azure your options are Microsoft powerapps Azure Cloud shell Azure Powershell and the last one is azure CLI and the correct answers for this question is option b Azure Cloud shell and option C Azure Powershell let's jump to the question number 634 it says your company is planning on using Azure ad for authentication of the resources defined in Azure now does Azure ad have the built-in capabilities for securing authentication and authorization to the resources yes or no and the correct answer my friends is yes and why so because as your active directory is Microsoft cloud-based identity and access management service which helps your employees sign in and access resources such as Microsoft Office 365 the Azure portal and thousands of other SAS applications with built-in capabilities for securing both authentication and authorization and thus it's a very important service all together and now my friends let's take few questions on Azure free account not only these questions may come in the Azure easy 900 exam but it will also give you some clarity on your doubt on getting started to learn Microsoft Azure using Azure free account so here comes the question number 635 it says a company is planning on setting up Azure free account does the basic support plan comes along with the Azure free account yes or no and the correct answer is yes question number 636 says a company is planning on using their Microsoft free Azure account for hosting production based resources does the Azure free account allows you to host production-based resources yes or no and the correct answer my friends is yes and friends I am sure that many of if you are already confused that should I use Azure free account for hosting production-based resources so why not validate our answer with the Microsoft documentation only let's go so here I am on the Microsoft FAQ page or frequently Asked question here you can read the question it says can the Azure free account be used for production or development only and what Microsoft answer is that Azure free account provides access to all the Azure services and does not block customers from building their ideas into production the Azure free account includes certain types of specific services and certain amounts for those services for free to enable your production scenarios you may need to use resources beyond the free amount so if you choose to move to the pay as you go you will be billed for those additional resources at pay as you go rates so putting this all in simple words you can most definitely use Azure free account for production based resources but please be aware that you only have 200 dollars of credit in the free account and once that's exhausted you must move to the pay as you go and now let's move on to the question number 637 it says that you can apply any of your 200 credit towards Azure Marketplace offers yes or no and the correct answer my friends is no the reason is that your credit cannot be applied to Azure Marketplace offers however many of the Azure Marketplace Partners offer free trials or free tier plans for their solution so of course you can taste different solution with the free trials or free gear plan but definitely you cannot use your 200 credit to purchase different solutions from Azure Marketplace and with that let's jump on to the question number 638 it says that can you spend your credit on Azure spot virtual machines yes or no and the correct answer my friends is no so it's important to understand there are definitely some restrictions on what you can do with the free Azure credit that you get with the free Azure account for example one of them is spot virtual machines so you cannot buy Spot virtual machines with the free credit provided in your free account but once you have used your free credit then you can move to the pay as you go and purchase spot virtual machines at Deep Discount compared to the pay as you go pricing for virtual machines and here comes question number 639 it says can you use your Azure hybrid benefit within the Azure free account yes or no and the correct answer is no so please understand that Azure hybrid benefit cannot be combined with free credit if you move to the pay as you go pricing at the end of your first 30 days or after you have spent the credit then you will be able to use Azure hybrid benefit so please remember all this stuff around the Azure free account my friends it will not only help you in the AC 900 exam but also will help you when you're actually practicing Azure in the free account and now comes question number 640 that says Geo redundant storage or Gras duplicates information to the secondary place over multiple data centers that are located many kilometers apart yes or no and the correct answer for this question my friends is yes and a very important concept once again GRS can replicate data from primary source and can transfer it to the second resource even if the two places are far away from each other so thanks for tuning in to our Azure question and answer video I hope you find it helpful in your journey to mastering Microsoft Azure and Friends be sure to check the links in the description box for more resources and information and in case you have any other questions or topic that you want us to cover please let me know in the comment section and friends as always if you find this video useful please hit that subscribe button and give it a thumbs up hello and welcome back to the Tech Blackboard in today's episode 34 we are going to focus questions based on Azure iot Azure VPN data breaks devops and many other topics topics that are less talked about and thus less understood but then still very important from the exam point of view and Friends sailing along the questions try to read the questions with me pause the video pick your answer and validate your understanding along with the correct answer picked by me loads of valuable Azure Concepts Microsoft documentation will be shared to help you gain Concepts so let's begin part 34 with question number 641 it says a company wants to implement an iot solution service available in Microsoft Azure now which of the following would meet the below requirements your requirement is Monitor and control billions of Internet of Things assets and your options are iot Hub ID decentral iot Edge or Azure time series insights and the correct answer for this question is option A RT Hub and the reason is because iot Hub is a managed service hosted in the cloud that acts as a central message hub for bi-directional communication between your iot application and the devices it manages and you can use Azure iot Hub to build iot solution with reliable and secure Communications between billions of iot devices and a cloud hosted solution backend you can connect virtually any device to iot HUB now let me present more questions very similar to this one but the requirements will be different so that we can understand the purpose of each of these Services given in this question so here comes question number 642 it says a company wants to implement an iot solution service available in Microsoft Azure once again you have to meet the requirement the below given the requirement is used to analyze data on the end user devices the options are exactly the same iot Hub iot Central iot Edge or Azure time series insights and this time my friends the correct answer is option C rth so let's understand what is azure rth on this documentation here it says that Azure iot Edge is a device focused runtime that enables you to deploy run and monitor containerize Linux workloads and further it says that Azure rth is a feature of azure iot Hub and enables you to scale out and manage iot solution from the cloud by packaging your business logic into standard containers and using optional pre-built iot Edge modules from the Azure Marketplace and you can easily compose deploy and maintain your solution you can also read what are the three components which make Azure i t Edge it is azure Edge modules the second one is The iot Edge runtime and the third one is a cloud-based interface you can read all about this Azure iot Hub on this documentation as always is all the links to all the documentation that I will refer in this part will be shared in the description box so now let's move on to the next question a similar question once again question number 643 but this time requirement is different it says provides a fully managed a pass please note the new term here a pass which means application platform as a service solution that makes it easy to connect Monitor and manage iot assets at scale your options are once again the same and this time my friends the correct answer is option b iot Central so now let's understand what is azure RT Central it says that rtcentral is a iot application platform as a service a pass please note this important new term here which is application platform as a service also known as a pass further it says that this iot Central reduces the burden and the cost of developing managing and maintaining iot solution and you can use iot Central to quickly evaluate with your iot scenarios and assess the opportunities it can create for your business read the full documentation to understand more on iot Central and also understand what is application platform as a service and now let's move on to the question number 644 question once again exactly the same however this time requirement says that helps you provide powerful data exploration and Telemetry tools to help refine operational analysis your options are iot Hub iot Central iot Edge and Azure time series insights and this time my friends I hope you have already guessed it this time option D Azure time series insights is the correct answer so once again what is azure time series insights I'm sure many of you would not know so this is a fully managed analytics storage and visualization service that makes it simple to explore and analyze billions of iot events simultaneously it gives you a global view of your data which lets you quickly validate your our iot Solutions and avoid costly downtime to Mission critical devices and in case you are more interested to know about Azure time series insights gen 1 Explorer this is the documentation here you can read all about this it says exactly what we just read in the documentation so you can explore further this service in your sweet time but for now let's move on to the next question question number 645 this is a different question let's read it out it says a company is planning on hosting two virtual machines in Azure as shown below so here you can see the virtual machine and their names so we have demo virtual machine one and demo Virtual Machine 2 and furthermore we are also given with the sizes of the virtual machine so both of the virtual machine are the size of b1s then it says that when an Azure virtual machine demo 1 is stopped so basically when this virtual machine is stopped you will still incur cost for storage attached to the virtual machine yes or no and the correct answer my difference is definitely yes and we have talked about this concept many times in the previous questions but let's revisit the concept once again for those our friends who have joined us for the first time today it says that Azure continues to charge the virtual machine core hours while it is stopped but not deallocated based on the size of the virtual machine and the image you selected to create virtual machine you continue to accrue the charges for the virtual machine cloud service and the storage needed for the virtual machine operating disk and any other dis attached temporary scratch disk storage on the virtual machine is free and in case my friends you want to see two more variations of the same question with more details on it then you have to watch the question number 455 of part 24 and question number 474 of part 25 but for now let's move on to the next question question number 646 says that what is the function of side to side VPN your options on provide a secure connection between a computer on a public network and corporate Network option b is provide a dedicated private connection to Azure that does not travel over the internet and the last one is provides a connection from the on-premises VPN device to an Azure VPN Gateway and the correct answer for this question is option C and friends all about how to create a side to side VPN connection in Azure portal is given in this documentation you can read very well understand through the pictures given here and of course in this tutorial you will learn how to create a virtual Network how to create a VPN Gateway how to create a local network Gateway VPN connection and also verify your connection you can also understand what are the prerequisite so everything you will need to understand to create a side-to-site VPN connection is given in this portal now let's move on to the next question question number 647 it says that which VPN implied by provides a dedicated private connection to Azure that does not travel over the Internet your options are side to side VPN point to site VPN express route or v-net and the correct answer for this question is option C express route and this is because express route provides a dedicated private connection that's the sole purpose of express route so in case my friends you want to understand more on express route and also want to understand or go through the questions based on express route please watch the previous parts and now let's move on to the question number 648 it says that which VPN is implied by provides a secure connection between a computer on a public network and a corporate Network please note the minute difference between question number 647 and this question 648 and your options are side to side VPN point to site VPN express route and v-net and the correct answer this time my friends is option b point to site VPN so please my friends make your notes when which VPN is used because there will be lot of questions on VPN and Microsoft will give you a lot of scenarios in in which you have to pick which VPN will suit to which business requirements so very important concept from the easy 900 exam point of view and now comes question number 649 that says a company is planning to host an application on a set of virtual machine in Azure now they want to ensure that the application recovers from a region-wide failure in Azure which of the following concept to be considered to fill this requirement your options are scalability Disaster Recovery agility or elasticity and the correct answer for this question is option b disaster recovery and now comes question number 650 it says an IT engineer needs to create a virtual machine in Azure now currently the IIT engineer has a Windows desktop along with the Azure command line interface or CLI which of the following would allow the IIT engineer to use the Azure command line interface and your options are Powershell file and print Explorer command prompt or control panel and play please note that you have to pick two answers and the correct answers for this question is option A Powershell and option C command prompt and now comes question number 651 it says a company is planning to set up a solution in Azure the solution would have the following key requirements give the ability to host a big data analysis service for machine learning which of the following would be best suited for this requirement your options are Azure data breaks Azure logic apps Azure app service and the last one is azure application its sites and the correct answer for this question is option A Azure data breaks and in case you want to learn more on Azure databricks this is the documentation it says that Azure data breaks is a unified set of tools for building deploying sharing and maintaining Enterprise grade data solution at scale the Azure databricks Lakehouse platform integrates with the cloud storage and Security in your cloud account and maintain and deploy Cloud infrastructure on your behalf and you can also learn what is azure data breaks used for all the necessary information to understand and get started with Azure data break is presented in this documentation and now comes question number 652 it says the company's planning on setting up a solution in Microsoft Azure the solution would have the following key requirements and integration solution for the deployment of code which of the following would be best suited for this requirement your options are Azure advisor Azure cognitive Services Azure application insights and Azure devops and I have told you many times whenever the question is asking about the deployment of the code only one service should come into your mind and that is option D Azure devops and now comes question number 653 it says a company is currently planning to deploy resources to Azure now they want to have the ability to manage user access to resources across multiple subscriptions which of the following can help you achieve this requirement your options are resource group management groups Azure policies and Azure app service and the correct answer for this question is option b Management Group and why we are seeing management groups and not resource groups well because we are talking about managing user access to the resources across multiple subscriptions and this is the keyword here my friends multiple subscriptions and with that let's jump on to the next question question number 654 it says a company is planning on hosting Solutions on within Microsoft Azure Cloud they need to implement MFA which is multi-factor authentication for identities hosted within Microsoft Azure is it necessary to deploy a federation solution or sync on-premises identities to the cloud yes or no and the correct answer my friends is no and I know this is a tricky question so why not validate our answer on the Microsoft documentation so here is the documentation and in this table which you can read as determine identity integration requirements here on the top of this table you can read the very first question given is that do you currently lack an on-premise directory service and here you can see that we are given with some of the options the first one is cloud Baseline directory synchronization then Cloud hosted domain services and the last one is active directory Federation services and I am sure that you have already noted this is the option that matches with our question as well and you can see that we are given a low against this option so that's why no is the correct answer for the question number 654 and now comes question number 655 it says the company is planning to set up a solution in Azure the solution would have the following key requirements the requirement is provide a cloud service that helps to transform data and provide valuable insights on the data itself which of the following would be best suited for this requirement your options are Azure data Lake analytics as your virtual machines skill set as your virtual Network or Azure app so service and the correct answer most definitely is option A Azure data Lake analytics now coming to the question number 656 it says a company wants to host a set of tables in Microsoft Azure now they want absolutely zero administration of the underlying infrastructure and low latency access to the data you recommend using Azure app service would this meet the requirement yes or no and friends this time this solution is wrong so no is the correct answer and why this is so because Azure app service which is the service given in the solution this service enables you to build and host web applications mobile backends and restful apis in the programming language of your choice without managing infrastructure but please note even if this last part matches with the question please do not get confused in the question we are talking about set of tables in Microsoft Azure but Azure app service has nothing to do with the tables it is a service that in enables you to build and host web apps and mobile backends so that's why no is the correct answer and let me give you two more variations of the same question so here comes question number 657 question exactly the same however this time the solution says that you recommend using SQL database service would this meet the requirement yes or no and this time my friends correct answer is yes and this is because even though this is a platform as a service which means SQL database service is a platform as a service Microsoft still handles all the patching and updating to the SQL and operating system code and please note my friends this is a very important thing for you in case the question replaces SQL database service with something like SQL database on infrastructure as a service or SQL database on virtual machine in that case the answer would be no because in that case you have to manage everything because in case of infrastructure as service or the virtual machine it is you who has to to manage all the infrastructure so that's why in that case the answer would be no while answering the question please read the solution very carefully Microsoft can do small tweaks in the question a little bit of negligence and your answer is gone so with that questions in mind let's move on to the next question question once again exactly the same however this time we are given with the recommendation that we will use Cosmos DB service would this meet the requirement yes or no and once again my friends this is also a correct solution and this is because Azure Cosmos DB is a Microsoft's globally distributed multi-model database service with a click of button Cosmos DB enables you to elastically and independently scale out throughput and storage across any number of azure region worldwide so that's why Azure Cosmos DB also fits this business requirement now here comes question number 659 it says a company has a virtual machine created in their subscription and application is installed on the virtual machine and you need to ensure that the traffic can flow into the virtual machine on port 8080 which of the following must you modify to make this work your options are network interface card or Nic and then we have Network Security Group also known as NSG route tables or route filters and the correct answer for this question is is have you guessed it option b network security groups and Friends trust me network interface card Network Security Group specifically Network Security Group you will get a lot of question on this concept so please read on this concept how this works what are the use cases where you should use network security groups and in case you want further help please watch the previous parts we have covered lot of question on Azure network security groups and with that we have reached to the question 660 it says the company's planning on hosting a set of resources in Microsoft Azure now they want to protect their resources against DDOS attacks and also get real-time attacks metrics which of the following should the company select to meet this requirement your options are DDOS protection basic DDOS protection standard DDOS production premium or DDOS protection isolated and the correct answer for this question is option b DDOS protection standard so let me tell you DDOS standard protection provides additional mitigation capabilities over basic service tier that are tuned specifically to Azure virtual network resources leaders protection standard is simple to enable and requires no application changes foreign [Music] Blackboard in today's episode 35 we are going to focus questions based on Azure Resource Group Management Group and then some questions on Opex and a host of other topics read the questions with me pause the video try to pick your answer and validate against my answers and I will give you insights on many Azure Concepts today power packed episode is coming up so let's begin so here comes the very first question for the part number 35 question number 661 says a company is planning on deploying resources to a resource Group within Microsoft Azure the company is planning on assigning tags to the resource groups and you have to tell both the resources in the resource Group also inherit the same tags so basically the question is asking you when you create a resource Group within Microsoft Azure and you assign some tags on the resource Group level then put the resources within that Resource Group also inherit those tags yes or no and the correct answer my friends is no and the reason is very simple resources in the resource groups do not inherit the same tax so now you might be thinking is there anything that the resource inherit from the resource groups let's check out in the next question question number 662 says a company is planning on deploying resources to a resource Group within Microsoft Azure the company is planning on assigning permissions to the resource Group please mind the difference my friends this time we are talking about permissions in the last question we were talking about the tags further the question says what the resources within the resource Group also inherit the same permissions yes or no and this time my friends the correct answer is yes so unlike the tax resources in the resource groups inherit the same permissions question number 663 says a Management Group tree can support up to dash level of depth the options given are 2 4 6 or 8 and the correct answer for this question is option C 6 level of depth now let's take the next question and then I will take you to the Microsoft documentation and then we will validate this and the next question together so here comes the question number 664 it says how many management groups can be supported in a single directory your options are 100 the second option is thousand third option is 10 000 and the last option option D is 1 lakh or hundred thousand and the correct answer for this question is option C 10 000 now let's validate our answer question number 663 and 664. so here first of all you can read what are the management groups here so here you can read that if your organization has many Azure subscriptions you may need a way to efficiently manage access policies and compliance for those subscriptions management groups provides a government a scope about subscriptions and you can organize subscriptions into management groups the governance condition you apply Cascade by inheritance to all the associated subscriptions and now I have come to this section which says important facts about the management groups it is under the same documentation here you can read the very first line it says 10 000 management groups can be supported in a single directory and that validates the answer for the question number 664 further on it says a Management Group 3 can support six level of depth and that validates question number 663 and of course you can also read the other facts about the Management Group you never know questions can change in the easy 900 exam so better be prepared moving on with the next question question number 665 it says each Management Group and the subscriptions can only support one parent yes or no and the correct answer is yes and you can validate the answer using the same documentation that I just showed moving on with the question number 666 it says the company is planning to set up a solution on the Azure platform the solution has the following main key requirement provide a Management Service so basically this is the requirement it says provide a managed service that could be used to manage and scale container based application which of the following would be best suited for this requirement now friends please think for a moment what could be the best answer or best option for this question because we have talked about this service many times in the previous question so I am sure you have already picked the answers but before I reveal the answer let's check out the options given we have Azure event grid Azure devops Azure kubernetes and Azure Dev test labs and the correct answer is wait wait what is your correct answer I hope you are not cheating the correct answer for this question is option C Azure kubernetes keep these associations in your mind when whenever we are talking about container based applications Azure kubernetes is the option to go for moving on with the question number 667 it says building a data center infrastructure is an example of operational expenditure or Opex cost true or false and the correct answer for this question is false because building a data center infrastructure that involves a huge upfront cost and upfront cost is always categorized as capital expenditure and not operational expenditure and now comes question number 668 it says monthly service of the technical Personnel are an example of operational cost or operational expenditure true or false and this time my friends this is a true statement and now comes question number 669 it says leasing software is an example of operational expenditure cost true or false and this is a true statement so as I have explained in many previous questions as well let's revise once more it says that Opex or operation will cost is an ongoing cause which is the cost of operations so please keep this segregation of cost in your mind ongoing costs or cost of operations this means that you are incurring costs on the day-to-day operations that are essential for you to run the business so ongoing costs such as leasing software but on the contrary opposite of leasing software is purchase of softwares and that is one of purchases and in that case that would be categorized as capital expenditure so please keep that in mind whenever it's leasing of software it is operational expenditure whenever its purchase of software it is capital expenditure and friends I thank all the viewers who pointed out this mistake in the question number 120 part 7 so in that question although we gave the correct explanation but mistakenly we Mark the answer as false but then now you know that this is a true statement so thank you all the viewers who bought this to our notice now let's move on to the the question number 670 which is a slight variation of the same previous question it says a company is leasing software which category would the following expenses come under your options are primary expenditure capital expenditure the third option is secondary expenditure and then we have operating or operational expenditure and now you know the correct answer is option D operating or operational expenditure and here comes the question number 671 it says which of the following is true when it comes to SAS or software as a service your options are you are responsible for scalability of the solution option b is you are responsible for deploying the solution option C is that you are responsible for configuring the solution and option D is that you are responsible for high availability of the solution and the correct answer for this question is option C that you are responsible for configuring the solution because the scalability the deployment and the high availability all these factors are taken care by Microsoft Azure a simple example to understand SAS or software as a service is Gmail or any other mail service that you use do you ever care about the deployment where it is deployed which servers are used no never do you ever care about the high availability of Gmail or any other mail service never you as a user your only concerned about the configuration of the solution or configuration of your email services and other than that everything is taken care by the email provider let's move on to the next question question number 672 says that what are the additional dependent resources that an Azure virtual machine must have you have to select the two options your options are option a public IP option b Azure virtual Network option C data days and lastly we are given with Nic on network interface card and the two correct options for this question is option b Azure virtual Network and option D NIC card so just like a physical computer as your virtual machine machines also needs a network it also needs a NIC card operating system disk and resource groups to function so now let's quickly jump to the question number 673 it says a company wants to migrate some scripts to Microsoft Azure they want to make use of the serverless feature available in Azure the solution provided is that they decide to use Azure virtual machine service would this be the requirement yes or no and the correct answer is no because Azure virtual machine gives the flexibility of virtualization without having to buy and maintain the physical Hardware that runs it however you still need to maintain the virtual machine by performing tasks such as configuring patching and installing the software that wants on it and of course please note Azure virtual machine definitely are not the serverless features so let's move to the next question and find out what are the serverless feature available in Microsoft Azure so acom's question number 674 question exactly the same but this time solution says that they decide to use Azure function service would this service meet the requirement yes or no and most definitely this is a correct Solution that's why yes is the correct answer because Azure functions is a serverless compute service that lets you run even triggered code without having to explicitly provision or manage infrastructure so that's why Azure functions fits this business requirement but let me show you one more variation of the same question here it comes question number 675 question once again the same but this time the solution presented is that they decide to use Azure content delivery network service would this service meet the requirement yes or no and most definitely this is not the correct service but in case you do not know what is azure content delivery network service will Azure content delivery network service or better known as CDN is a distributed network of servers that can efficiently deliver web contents to the users a CDN Store Cache content on edge servers in point of presence or pop locations that are close to the end users and thereby they minimize latency and with that we jump to the question number 676 it says is the cool access tier a good option for long-term backup yes or no and the correct answer is no and this is because archive dear well that's the best year that you can use for long term backups data in the archived year should be stored for at least or minimum of 180 days on the other hand the cool access here well in this year you have to store the data for a minimum time period of 30 days so you can see 30 days versus 180 days that's why archived year is best for the long term backups moving on with the question number 677 it says Azure storage capacity limits are set at account level yes or no and the correct answer my friends is yes so as this is the Lesser talk concept let me validate the answer on the Microsoft documentation here is the documentation and here in this section you can very well read that Azure storage capacity limits are set at account level rather than according to the access tier and that's why we have picked yes as the answer to this question now let's move on to the question number 678 it says which of the following blob option in Azure storage is ideal for storing text or binary files and for uploading large files your options are block blobs append blobs or page blobs and what is your correct answer well my correct answer is option a block blobs so would you like to validate the answer let's do that so here on this documentation you can read it says overview of azure page blobs it says Azure storage offers three types of blob storage the first one is block blobs the second one is append blobs and thirdly we have page blobs and then it says block blobs are composed of blocks and are ideal for storing text or binary files and for uploading large files efficiently and that's why block blobs is the correct answer moving on to the next question question number 679 says a company wants to provision a solution within Microsoft Azure with the following requirements the first one is provision a WordPress solution the second one is host the solution on a virtual machine which of the following could be used to quickly deploy the above solution your options are virtual machine scale sets the second option is azure Resource Group thirdly we have Azure Marketplace and fourthly we have Azure web apps and the correct answer for this question is option C Azure Marketplace so friends Azure Marketplace is an online store that offers applications and services either built on or designed to integrate with Microsoft Azure public Cloud so as a analogy consider Google Play store or Apple App Store where you find different applications with various capabilities so similarly Azure Marketplace is online store where where you can buy or even get a free try on to many of the applications or the solution already pre-built so a great place to explore and efficiently save your time and efforts and now we have question number 680 it says which of the following are the factors that affect the compute cost of the virtual machine and you have to choose two options and the options given are the size of the virtual machine the option b is the data center the virtual machine is located in and then we have the resource Group the virtual machine is located in and lastly the region the virtual machine is located in and the correct answer for this question is option A the size of the virtual machine and option D the region of the virtual machine is located in so that's all for today thanks for tuning in for the today's Azure question announcer video I hope you find it useful in your journey to mastering Microsoft Azure and be sure to check out the links in the description box for more resources and information any doubts let me know in the comment section and please friends hit that like button to make Mr YouTube happy and help us reach more audience just like you press the Subscribe button choose the all option so that you are notified and you're always top of your azure learnings foreign [Music] exam questions on Azure horizontal and vertical scaling virtual machines blobs Azure logs and a host of other important Azure Concepts so here comes the very first question for the part 36 question number 681 it says that you need to create a new user for an Azure subscription what should you use to answer select the service in the answer area and please note each correct match is worth one point and here you can see that we are given with some of the services for example virtual machine cost management subscription Azure active directory virtual machine I think this is the scale set and then we have all Resources app Services resource Group and many others so out of these Services you have to choose which of the service would you use to create a new user for an Azure subscription option and the correct answer my friends is most definitely Azure active directory and just to bring more highlight on this Azure active directory ad is the centralized identity and access management solution for Azure resources and to create a new user for an Azure subscription you need to use Azure ID and friends before I move ahead I just want to have a quick important discussion that many of you have been asking me there are so many questions on AZ 900 coming up so should you wait for all these questions or should you go and attempt your AZ 900 certification exam and friends my honest suggestion is that in case you are feeling confident in case you're feeling prepared then please go ahead and do the AZ 900 you do not have to wait for all these parts that are coming up or lined up it's just that Microsoft keep releasing new questions and it's my duty to bring all the latest questions so that your Azure learning is never outdated but of course as I said if you feel confident please go ahead and do your certification and I wish best of luck to all of you who are attempting the easy 900 in the coming days and with that let's move on to the next question question Number 682 that which term represents the ability to increase the Computing capacity of a virtual machine by adding memory or CPUs your options are agility option b is vertical scaling option C is horizontal scaling and then lastly we have elasticity and the correct answer for this question is option b vertical scaling now here comes the next question question number 683 says that which term represents the ability to increase the Computing capacity by adding more virtual machines and I am really sure that you might be getting a little confused that previous question 682 and 683 this one are looking exactly the same but please note there is a difference in the previous question the question was asking you to increase compute capacity by adding more memory on more CPUs but then this question is asking you to increase compute capacity by adding more virtual machine so there is the difference between the two question well for now let's see the options given the options once again are agility vertical scaling horizontal scaling and elasticity and the correct answer this time please note my friends is option C horizontal scaling now let's take a couple of more questions on this scaling concept here comes the question number 684 that says scale in and scale out are related concept to horizontal scaling yes or no and the correct answer my friends is yes and one more question coming up on scaling concept question number 685 says that scaling up and scaling down are related concept to Vertical scaling yes or no and most definitely this is a true statement that's why yes is the correct answer and Friends scaling is a very important concept it's not just related to Azure but it's also relevant for AWS and Google gcp so in case you want to understand scaling little bit more type of scaling for example vertical scaling or horizontal scaling then you must watch episode 6 of our Azure fundamental series and in this series as you can see in the thumbnail also besides scaling you will also understand the concept of high availability security and governance and it's a free series my friends all the episodes are free really recommended for anyone who's starting to work with Azure and what's more my friends the entire series is fully synced with Microsoft Azure fundamentals latest syllabus and you will understand all the concepts based on which we covered the questions from 682 to 685 and that too in a single video and here comes the question number 686 that says a company is planning on setting up a solution in Microsoft Azure the solution would have the following key requirements the requirement is provide a solution to host and manage a group of identical virtual machines which of the following would be best suited for this requirement your options are azure data Lake analytics Azure virtual machines skill sets as your virtual Network and the last one is azure app service and most definitely the correct answer for this question is option b as your virtual machine skill sets and what are Azure virtual machine skill sets well as your virtual machine skill sets lets you create and manage a group of load balanced virtual machines the number of virtual machines can automatically increase or decrease in response to the demand or defined schedule and you can also read some of the benefits of azure skill sets that are easy to create and manage multiple virtual machines provides High availability and application resiliency by Distributing virtual machines across availability zones or fault domains then we have allow your applications to automatically scale as the resource demand changes and lastly works at Large Scale so that's why my friends in case you want to create a lot of virtual machine's identical virtual machines load balance in that case go for Azure virtual machine skill sets coming up the next question question 687 says a company is planning on setting up a solution in Microsoft Azure the solution would have the following key requirement the requirement is provide an isolated environment for hosting virtual machine which of the following would be best suited for this requirement your options are Azure data Lake analytics as your virtual machine skill sets as your virtual Network and Azure app service and now that we are talking about isolated environment for hosting virtual machine that's why the correct answer for this question is option C Azure virtual Network so as your virtual Network my friends are a representation of your own network in the cloud it's a logical isolation of azure Cloud dedicated to your subscription where hosting of isolated virtual machine is possible I hope you noted the last section of this paragraph isolated virtual machine is possible because that's clearly matches with the requirement given in the question and now comes one more similar question it says once again a company is planning on setting up a solution in Microsoft Azure the solution won't have the following key requirement provide a cloud service that helps to transform data and provide valuable insights on the data itself which of the following would be best suited for this requirement once again Azure data Lake analytics is First Option the second option is azure virtual machine skill sets then we have Azure virtual Network and lastly Azure app service and could you get the right answer my friends see the question is talking about help to transform data and provide valuable insights that's why of course skill set is not the option virtual network is not related to the insights and then we have app service which is used to host web application and mobile application that's why we are only left with Azure data Lake analytics and yes that is the correct dancer so friends in many of my videos I always talk about this elimination approach where you select the answer by eliminating those options that are not matching with the question and that's the exact approach that I showcased you in this question and just to give you more insights as your data Lake analytics is a distributed cloud-based data processing architecture offered by Microsoft in Azure cloud and friends my suggestion is that whenever you're watching these videos always read the question with me read the options and try to pick your answer before you see the answer given by me match your answer try to relate your Concept in these kind of tool tips so this will really boost your confidence for AZ 900 exam certification so friends if you like those two exam tips then why not please press the like button and subscribe to the channel now let's move ahead with a similar question because we are left with one of the service and my Endeavor is always that you understand all the services all the options given in the question because the questions in the exam my friends can take different forms different formats so it's very important that you understand all these Services Well for now let's read the question number 689 that says the company is planning on setting up a solution in Microsoft Azure the solution would have the following key requirement and this time the requirement says hosting web application rest API and mobile backends which of the following would be the best suited for this requirement and I'm more sure that you have already selected the answer the correct answer is option D Azure app service and now comes question number 690 it says that you plan to create an Azure virtual machine now you need to identify which storage service must be used to store unmanaged data disk for virtual machines what should you identify your options are blobs rest based object storage for unstructured the second option is files files shares that use standard SMB 3.0 the the third option is tables tabular data storage and the fourth one is queues effectively scale apps according to the traffic and friends I want to make it very clear that in real exam questions you might not be given these texts here in these brackets I have just presented this text for your understanding so that you understand and you get an idea on all these services and for now let's pick the correct answer the correct answer for this question is option A and why this is so because we are talking about unmanaged data disk for virtual machine whenever you see this option here unmanaged data disk always go for blobs and now comes question number 691 that says this question requires you to evaluate the underlying text to determine if it's correct hey you can see this underline text the statement says the data that is stored in archive access tier of an Azure storage account can be accessed by AZ copy dot exe now the instruction says that review the underlying tag if it makes the statement correct then you have to select no change needed which is the very first option otherwise if this statement is incorrect then in that case you have to select the answer choice that makes the statement correct and the other options given are option b is can only read by using Azure backups the option C is must be restored before the data can be accessed and option D is must be rehydrated before the data can be accessed and friends we have taken a lot of questions on Azure storage access tiers hot tier cool tier or archived year and that's why I'm sure that you have already guessed the right answer well the right answer is option D must be rehydrated before the data can be accessed so whenever we are talking about archive exist here in that case always remember to hydrate it before the data can be accessed and with that here comes question number 692 that says an Azure storage can have multiple delete logs yes or no and and the correct answer is yes and I guess you're already thinking what is the use of multiple delete logs well you can think multiple daily clocks in this way you can directly set a lock on subscription Resource Group and then on resource level as well that's why there is a multiple delete logs that you can put on any resource moving on with the question number 693 it says in Azure resource inherits logs from its Resource Group yes or no and the correct answer is yes so please remember when you apply a lock at a parent scope all the resources within that scope inherit the same law and one more important point is that even resources that you add later inherit the log from the parent and the most restrictive Log In The Inheritance takes precedence coming up next is question number 694 that says if an Azure resource has a read-only lock you can add a delete lock to the resource yes or no and the correct answer my friends is yes and now we have question 695 it says as your advisor provides recommendations how to improve security of azure active directory environment yes or no and the correct answer my friends is no now in case you are already curious of what Azure advisor does let's find out in the next question so here comes question number 696 that says Azure advisor provides recommendation on how to reduce the cost of running Azure virtual machines yes or no and yes this time the correct answer is yes and here comes question number 697 that says Azure advisor provides recommendation on how to configure the network settings of azure virtual machines yes or no and this is a false statement that's why no is the correct answer so friends I hope you like this approach of presenting the question related question I grouped the question together so that you are not only prepared for that very question but you also understand the entire landscape around that Azure concept do share your feedback to me if you like this approach and in case you have other the feedbacks you are most welcome to share your thoughts on our email ID connect us at the rate the techblackboard.com and now let's move on to the next question question number 698 says that you can configure the Azure active directory activity logs to appear in Azure monitor yes or no and this is a correct statement that's why yes is the correct answer and friends there is a lot of debate on this question over the Internet that's why I did some research here is my research it says that you can send Azure Ed activity logs to Azure monitor logs to enable Rich visualization monitoring and alerting on the connected data and further it says all the data collected by Azure monitor fits into one of the two fundamental types metrics and logs including Azure ad activity log and now comes the very important part please note that activity logs record when the resources are created or modified and what does the Matrix do well Matrix tells you how the resource is performing and the resources that it's consuming so basically activity logs keeps you updated whenever the resources are getting created or modified on the other hand Matrix tells you how the resource are performing question number 699 says that from Azure monitor you can monitor resources across multiple Azure subscriptions yes or no and this one my friends is a true statement that's why yes is the correct answer and also just so you know Azure monitor can consolidate log entries from multiple Azure resources subscriptions and tenants into one location for analysis together and now comes question number 700 one more milestone in learning Azure and getting ready for AZ 900 let's read the question it says from Azure monitor you can create alerts yes or no and the correct answer for this question is well wait what's your answer well my answer is yes you can tally your answer but let me give view more insights on Azure monitor so you can create alerts in Azure monitor alerts in Azure monitor proactively notify you of critical conditions and potentially attempt to take corrective actions alert rules based on metrics provide near real time alerting based on the numeric values and the rules based on logs allow for complex logic across data from multiple sources foreign [Music] areas a lot of questions have been coming from in recent times in AZ 900 exams hello and welcome back to the Tech Blackboard in today's episode 37 we are going to cover real easy 900 exam questions focusing on key areas like Microsoft Defender which is azure Cutting Edge security solution and Azure cost management specially focusing on data agrees and data increase understanding how to optimize cost and maximize efficiency is essential in any Cloud deployment so there will be lot of learnings and Microsoft documentation to strengthen your Azure learning and be easy 900 certified power packed episode is coming up so let's begin so here comes the very first question for today part 37 question number 701 question says that Microsoft Defender for cloud can monitor Azure resources and on-premises resources yes or no and the correct answer my friends is yes so you can use Microsoft Defender to monitor both Azure resources definitely on cloud and on-premises resources moving on with the question number 702 it says all features of Microsoft Defender for cloud are free yes or no and the correct answer for this question is no moving on with the question number 703 it says for Microsoft Defender for cloud you can download a Regulatory Compliance report yes or no and most definitely the answer is yes and now that we have taken some questions on Microsoft Defender let's understand exactly what is Microsoft Defender so this is the documentation on Microsoft Defender you can already know this comes under Microsoft security on this documentation you can read that how Microsoft Defender defend against malicious cyber threats and who can use Microsoft Defender when Enterprise is businesses and individuals all everyone can use Microsoft Defender you can also read and explore Microsoft Defender products for Enterprises for example we have Microsoft 360 Defender Microsoft Defender for cloud also we have Microsoft Defender for business Microsoft Defender for individuals so I hope you are noting the scope of Microsoft Defender is all across the board and as always the link to this documentation is provided in the description box but I just want to quickly give you one liner on Microsoft Defender for cloud so it's strengthens your security posture protect workloads against modern threads and helps develop secure applications so very important Microsoft service when it comes to security and threat protection now let's move on to the next question question number 704 says that adding Resource Group in an Azure subscriptions generate additional cost yes or no and the correct answer is no and this is because Azure resource groups are logical containers for Azure resources and you do not have to pay anything for resource groups question number 705 says that storing one TB of data in Azure blob storage will always cause same regardless of azure regions in which the data is located yes or no and the correct answer my friends is zoom and the reason is that price of azure storage varies by the region if you use Azure storage pricing page in that documentation in that page you can select different regions and see how the price changes per region so the Crux of the matter is that Azure process for Azure storage varies by the region so the Crux of this question is that Azure storage prices varies by the region so even if you have one TB of data in various region the cost will vary according to the region question number 706 says that when you use a general purpose version 2 Azure storage account you are only charge for the amount of data that is stored or read and write operations are free yes or no and the correct answer is most definitely a no and the reason my friends is that you are charged for the read and write operations in general purpose version 2 storage accounts so friends all these questions all these Concepts around the Azure costs always keep them in mind not only lot of questions come from this area but also they will be handy when you are actually working on Microsoft Azure now let's take few questions on another very important concept around Azure cost and that is data aggress and data increase so here comes the question number 707 it says copying 10 GB of data to Azure from an on-premises network over VPN generates additional Azure data transfer costs yes or no and the correct answer for this question is no so let me first introduce you to the Azure data Ingress concept so data aggress in the world of networking or you can say in the world of cloud it's not only just for Azure but it also is relevant for AWS and Google gcp so as I was saying data aggress in the world of networking implies the traffic that exits an entity or a network boundary so basically data aggress is the process of data leaving a network and transferring to an external location on the other hand the data increase is the traffic that enters the boundary of a network so in very simple words agris means exiting the cloud and increase means entering the cloud copying 10 GB of data to Azure from on-premises Network which means the data is coming inside Azure cloud and in this question we are talking about data Ingress so data increase over a VPN is the data coming in to Azure from VPN and you are not charged for the data cost for data agrees I hope you very well understood the concept of data Ingress this and data aggress let's move on with the question number 708 a similar question it says copying 10 GB of data from Azure to an on-premises network over VPN generates additional Azure data transfer costs yes ondo and the correct answer this time my friends is yes and why so because this time the data is exiting the Azure cloud and reaching the on-premises network so that's why we are talking about data aggress and now comes question number 709 that says transferring data between Azure storage accounts in different Azure regions is free yes or no and the correct answer is no so friends please Focus here in case you are transferring data between Azure storage accounts in different Azure regions in that case you will be charged for data read operations of the source storage account and write operations in the destination storage account so friends in case you are getting confused please rewind the video watch the video again understand the concept read more documentation from Microsoft so that you are very well prepared on these questions around Azure cost now let's move on to the question number 710 that says in Azure active Direction premium P2 at least 99.9 availability is guaranteed yes or no and the correct answer is yes question number 711 says that service level agreement or SLA for Azure active Direction premium P2 is same as the SLA of azure active directory free version yes or no and most definitely this is an incorrect statement that's why no is the correct answer now let's move on to the question number 712 but before we take this question I want to see you friends in case you are already feeling well prepared for the AZ 900 exam please go ahead and attempt the exam you do not have to wait and watch all the upcoming series see it's our duty that we bring the latest questions for the easy 900 series and other certification but in case you are already well prepared bed please go ahead and attempt your easy 900 now let's read this question it says all the paying Azure customers receive a credit if their monthly uptime percentage is below the guaranteed amount in the service level agreement yes or no and the correct answer my friends is yes so basically if your uptime percentage dips before the guaranteed amount in the service level agreement in that situation you can claim credit if the availability Falls below the SLA so what are the rules around it the amount of credit depends on the availability for example you can claim 25 credit if the availability is less than 99.9 percent and further you can claim 50 credit if it's less than 99 percent and then 100 percent claim in case the availability is less than 95 percent so keep this important point in mind in case your availability is falling beyond the SLA you always know there is a credit claim and now my friends let's take a different kind of question in a different format which is a drag and drop kind of question question number 713 so in this question you are given with some of the Azure services on the left hand side and then you are also given with one line of definition of all these services on this right hand side box which is the answer area so what you need to do is is match these Azure services with these definitions so what are the Azure Services given so here we have Azure monitor Marketplace Azure advisor and Azure SQL database let's read the first definition it says a managed relational Cloud database service and most definitely this is azure SQL database the second definition says monitor the health of azure service so which important service is this well this is azure Monitor and then we have browse all virtual machine images and this one none other than is azure Marketplace and lastly we have view security recommendation and this one is azure advisor and now comes question number 714 it says that you you have completed the migration of your organization's core servers and the processes to the cloud-based virtual machines now your finder project involves migrating a weekly batch processing task that relies on operating system drivers to print PDF reports and you need to meet this requirement while minimizing the cost what should you do so I hope you understood the requirement given here the options given are run the batch processing task using spot instances the option b is execute the batch task on a dedicated virtual machine as needed option C says configure virtual machine clusters to scale for batch processing and last option is migrate the batch processing to the serverless compute and the correct answer for this question is option a run the batch processing task using spot instances and I hope you have already noted in the question requirement that we are talking about weekly batch processing tasks so that's why we have chosen the first option which talks about batch processing using smart instance is why we are using spot instances to minimize the cost and now comes question number 715 it says that your company deploys resources in Azure according to the shared responsibility model which task will you be required to perform your options are configure connectivity between regions option b is manage access to data centers resources option C says upgrade RAM on virtualization systems and lastly install critical updates on Virtual machines and the correct answer my friends for this question is option D install critical updates on Virtual machines and all of the other options will be taken care by Microsoft Azure and now comes question number 716 it says express route is at which OSI layer your options are 2 3 5 or 7 and the correct answer for this question is option D 3 OSI level and now comes question number 716 it says express route is at which OSI layer them your options are two three five or seven and the correct answer is option b so express route operates at OSI 3 layer and very quickly my friends I want to validate the answer as there are a lot of variations and lot of discussions around this question on the internet so here is the correct answer as I mentioned that express route operates at layer 3. so now you know that our answer is correct but in case you want to learn more on express route this is the documentation now let's jump on to the next very interesting question question number 717 but before we jump on to the question itself we have to read this statement and the statement says that you work for a small company that hosts its own web server running Microsoft Internet Information Services and an email server running Microsoft Exchange now friends as the demand on the web server increases you want to add a secondary web server to spread out the traffic and also remember the other aspect of it that as the demand decreases you want to decommissioned web server to save energy and maintenance now you consider moving the current infrastructure to Cloud so you need to determine the benefits of moving the infrastructure to the cloud now friends there are multiple questions coming up based on this statement so read this statement very carefully maybe you would like to pause the video and read it once again but for now let's read the question the question says that you can use horizontal scaling for the web server yes or no and the correct answer for this question my friends is yes so friends you can use horizontal scaling for the web server with auto scale you can configure rules that monitor metrics such as requests memory usage and central processing unit percentage to determine when Azure Swift automatically remove or add virtual machine instances so here comes another question based on the same statement question number 718 says that you can resize the disk on demand on mail server if email messages increases yes or no and this one my friends is a true statement that's why yes is the correct answer so just so you know that you can resize the disk on demand on the mail server if the email messages increases Azure is elastic and it allows you to add more resources on demand as needed let's take one more question on the same statement it says that you can eliminate the cost of having it staff yes or no and the correct answer for this question is no so basically my friends you do not have to eliminate the cost of having I.T staff by moving the infrastructure to the cloud however you can reduce the it cost associated with having expert ID staff so what does that mean well you still need IIT staff to handle infrastructure as a service task but probably they need not to be an expert level and now on your screen is question number 720 it says which service lets you expand your on-premises networks into Microsoft cloud over a private connection with the help of connectivity provider your option on Azure Network express route Azure VPN network or Azure CDN and the correct answer for this question is my friends option b express route and you can use the same documentation that I referred just a few questions back to understand Azure express route so thanks for joining me for today's Azure question and answer video in case you have any doubts let me know in the comment section hello and welcome back to the Tech Blackboard in today's episode 38 we are going to cover sort of a mixed bag of questions very similar to how you get in real easy 900 exams I will not only just share the answers I will also provide you with the legit Microsoft documentation so that you don't have any dilemma while learning and you are super confident when sitting for the real exam so here comes the very first question for today question number 721 it says that you have an accounting application named app one that uses a legacy database now you plan to move app one to the cloud which service model should you use your options are platform as a service the second option is infrastructure as a service and lastly we're given with software as a service and the correct answer my friends is option b infrastructure as a service now friends in these kind of questions always look for the keywords for example in this this question we are given with Legacy database so this application which is the accounting application is using a legacy database which might not be present in the Azure Cloud so that's why whenever in the question you see some keywords like Legacy customize or ingrown application in these kind of scenarios the best way to move your application to cloud is lift and shift and this essentially means that you provision a virtual machine in Azure cloud and install your customized application and then you can run this application pretty much in the same manner as you would run the application on the on-premises servers always remember virtual machines are always infrastructure as a service so once you have established your Solution on the cloud and you feel that you're stable in that case you move piece by piece or you can say that you can take a modular approach to change your application to use more modern Technologies and then you can move towards platform as a service or software as a service but for now for this business case infrastructure as a service is the correct choice now let's move on to the next question question number 722 it says that which is the longest term you can purchase for Azure reserved virtual machines your options are three years four years five years or 10 years and the correct answer for this question is option a three years so three years is the longest term for which you can purchase Azure Reserve virtual machines moving on we have question number 723 it says that your company plans to deploy an artificial intelligence solution in Azure what should the company use to build test and deploy Predictive Analytics Solutions your options are Azure logic apps Azure machine learning designer Azure batch or Azure Cosmos TB and without a doubt the correct answer for this question is option b Azure machine learning designer so what is the Azure machine learning designer well Azure machine learning designer is a drag and drop user interface to build pipeline in Azure machine learning so here you can see in this animation we are given with modules so basically you can drag and drop the modules and build your own application for example you have one module here which is flight delays data and then you have this one here which is normalized data so before you normalize the data you want to clean your data as well that's why you drag this module from the designer and build your own artificial intelligence solution in Microsoft Azure and please note my friends that these designers or these Solutions come into versions you can see it's version 1 and version 2 and please remember very important point that both these version or the types of components used in both the version are not compatible now here comes the question number 724 it says that this question requires you to evaluate the underlying text to determine if it's correct so here you can see this statement with this underline text let's read this statement when it says Azure policies provide a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment so basically you have to review this underlying text and if it makes the statement correct then you have to select no change needed which is the very first option given otherwise to make this statement correct you have to choose from all these three other options given so let's see what are the options at option number B we have Resource Group option C we have Azure resource manager and lastly we are given with management groups and the correct answer for this question is option C Azure resource manager and Friends Azure resource manager is a very important concept so let me take you through the Microsoft documentation so that we understand both on Azure resource manager so here's the documentation on what is azure resource manager it says that Azure resource manager is a deployment and Management Service for Azure and it provides a managed management layer that enables you to create update and delete resources in your own Azure account and you can use management features such as access controls logs tags to secure and organize your resources after the deployment and as I said my friends in the slide as well Azure resource manager templates are also known as arm templates and that's why the correct statement becomes Azure resource manager provides a common platform for deploying objects to Cloud infrastructure and for implementing consistency across the Azure environment and with that let's move on to the next question question number 725 says that your company has several business units each business unit requires 20 different Azure resources for their daily operations all the business units require the same type of azure resources this is a very important line that all the business units require the same type of azure resources now you need to recommend a solution to automate the creation of of azure resources what should you include in your recommendation your options are Azure resource manager templates virtual machine skill sets option C is azure API Management Service and lastly we are given with Management Group and the correct answer my friends is option A Azure resource manager template and as I just showed you the documentation as your resource manager templates allows you to automate the creation of azure resources and deploying resource through template is also known as infrastructure as a code moving on with the question number 726 it says that which resources can be used as source for a network security group inbound security rule your options are option a service tax only option b IP addresses service tags and application security groups and option C is application security groups only and lastly we have IP addresses only and the correct answer for this question my friends is option b i p addresses service tax and application security groups now let's start with IP addresses so IP addresses can be specified as a single IP address a range of addresses or using cidr and what is a cidr well it's a classless inter-domain routing rotation then coming to the service tags service tags are predefined sets of azure services that can be used as sources to the security rules such as Azure cloud or Azure active directory coming to the Azure security groups well Azure security groups allows you to group virtual machines together and use them as a group as a source for the security rules I hope I could make you understand a little bit more why we have selected this as an answer and if yes please like the video it really motivates us and help us to reach more and more wonderful audience just like you now let's move on to the question number 727 it says that Azure active directory or Azure ad is used to manage API cryptographic keys and you have to tell whether this statement is true or false and the correct answer my friends is though this is an incorrect statement and why this is so because Azure active directory or Azure ad is a Microsoft cloud-based identity and access management service and it has nothing to do with managing API cryptographic Keys moving on to the next question question number 728 says that Azure storage encryption is enabled by default and cannot be disabled yes or no and this one my friends is a true statement that's why yes is the correct answer and just to give you more insight as I just said Azure storage encryption is enabled by default and cannot be disabled Azure storage encryption is a feature that encrypts your data using 256 bit Advanced encryption standard which is also known as es before storing it in Azure storage and with that we have come to the question number 729 which is a drag and drop kind of question in these kind of questions normally you're given with Azure services on the left hand side and then you are given with definitions for each of these services on the right hand side so basically you have to match all these services with the correct definition so let's see what are the services given to us in this question and the first service is azure virtual machines the second one is azure container instances then we have Azure app service and lastly we are given with Azure functions now let's read the first definition it says provide a platform for serverless code what do you think it is is it a virtual machine container instance app service or function well the correct answer is azure functions coming to the second definition it says use to build deploy and scale web apps whenever we have web apps always go for Azure app service and now coming to the third definition it says provide portable environment for virtualized application and this can be none other than the Azure container instances and lastly we are given with provide operating system virtualization and of course this is azure virtual machines now coming to the question number 730 it says Azure express route is used to secure traffic between virtual machines yes or no and this one my friends is an incorrect statement that's why low is the correct answer but then what is azure express route used for let's find it out so this is the documentation on what is express route well express route is an Azure service that lets you create private connections between Microsoft data centers and infrastructure that's on your premises or co-location facility you can also read and understand what are the benefits of using express route and prints all the documentation which I'm referring in this video all the links are given right there in the description box and due to the fact my friends Azure express route is a very important service I have collected some questions on it let's read the question number 731 it says the express route is in Azure service that lets you create private connection between Microsoft data centers and infrastructure that's on your premises or co-location facility and those who are paying attention we just read the definition of express route that's why we can very well say this is the correct definition that's why yes is the correct answer moving on with the question number 732 which says express route connections go over the public internet yes or no and this one my friends is an incorrect statement that's why low is the correct answer and now let's move on to the next question question number 733 says that can you use same private network connection with virtual Network and other Azure Services simultaneously yes or no and the correct answer is yes and question number 734 says the point to side VPN connection enables you to set up a private and secure connection between the user and the virtual Network yes or no and the correct answer my friends is yes and this is the documentation where we can validate our answer here you can read the exact statement that was given in the question it says the point to side VPN connection enables you to set a private and secure connection between the user and the virtual Network so that's why my friends our answer is definitely correct so let me now present you a very interesting question question number 735 it says that Azure blob storage is a so basically you have to fill in or complete this statement or the definition with the options given here so let's check out all the options given the first option is data store for queuing and reliably delivering messages between the application the second option is file share that can be mapped as a network drive the third option is key attribute store for non-relational structured data and lastly we are given with storage service optimized for very large objects such as video files and bitmaps and friends could you get the right answer well the correct answer is option B Storage service optimized for very large objects such such as video files and bitmaps now friends all the other options are equally important as far as the easy 900 exam is concerned so the very first option which is this one this one will map to Azure queues then the second option the file share one this one will map to Azure files the third option which is key attribute store this one will map to Azure tables and the last option we have already seen this one is azure blob storage so friends keep all of these definition in your mind there will be definitely questions along all these definitions so here on this documentation you can understand what are the benefits of azure storage what are the Azure storage data services then you can review the options for storing data in Azure and then of course you can have some sample scenarios for Azure storage services so friends before you close this video and dwell into other learnings I have a very important announcement to make and that is that very soon we are launching a similar real exam question and answer series on AWS Cloud practitioner exam for those who do not know AWS Cloud practitioner exam is a equivalent exam as AZ 900 so that's why my friends in case you are also interested in AWS as a career option or maybe some of your friend colleague or relative is also interested in AWS in that case my friends first of all you subscribe to the channel press that Bell icon so that you are not missing any of the notifications and then share these videos with everyone who want to build a cloud career hello and welcome back to the Tech Blackboard in today's episode 39 I have some interesting aging and questions for you on Azure CDN Azure storage Cosmos DB NSG and many more I will explain all these Concepts while sharing the Microsoft documentation so that you can self learn and also validate the answers and I am sure that you will appreciate these efforts by liking the video and subscribing to the channel so let's begin our learning so here comes the very first question for today question number 736 it says that which statements regarding Cosmos DB are correct and you have to choose two options your options are API selection determines the account type the second option is relationships can be defined third one is a structured schema is used and lastly we are given with encryption for data at rest is enabled by default and the correct answer for this question is option A API selection determines the account type and option D encryption for data address is enabled by default and friends in case you want to learn what is cosmos DB here is a quick documentation on it and it says that Azure Cosmos TB is a fully managed low SQL and relationship database for modern app development Azure Cosmos DB offers single digit millisecond response time automatic and instant scalability along with guaranteed speed at any scale business continuity is issued with SLA backed availability and Enterprise grade security and what are the key benefits of azure Cosmos DB well Azure Cosmos DB helps you real-time access with fast read and write latencies globally and throughput and consistency are backed by SLA also multi-region rights and data distribution to any Azure region with just a click of a button and you can independently and elastically scale storage and throughput across any Azure region even during unpredictable traffic bus for unlimited scale worldwide and we have done lot of questions on Azure Cosmos DB in the previous Parts as well so please do check out all those previous paths and now let's move on to the next question question number 737 it says that which service below is Microsoft managed network security service in Azure that protects Azure virtual network resources your options are Azure v-net or virtual Network Azure firewall network security group and the last one is application Security Group and the correct answer for this question is option C network security group and friends we have done so many questions on all these Services listed here lot of questions come from these services in AZ 900 exam so I encourage you to watch all the previous Parts links for all the previous parts are available in the description box moving on to the next question 738 it says content delivery Network or also known as CDN allows you to reduce the traffic coming from a web server for static and unchanging file such as images videos and PDFs you have to tell whether this statement is correct if yes then you have to select yes otherwise you have to select unknown so have you picked the correct answer well the correct answer is yes and this is because CDN definitely helps you to reduce traffic when it is coming from the web server for any static file such as images videos and PDFs so let's have a quick understanding on CDN on content delivery Network which is a distributed network of servers that can efficiently deliver web content to the users a CDN store cash in network content on edge servers in point of presence or pop locations that are close to end users to minimize the latency what are the benefits that CDN offers well better performance and improved user experience for the end users especially when applications where multiple round trips requests are required by the end users to load the content and secondly when you want to scale up and handle instant loads such as start of the product launch event for example you may have some sale or promotion going on maybe let's say that you have a Diwali sale or maybe some independent sale or Christmas sale all these are events when you want to scale up and make your application handle instant and high loads in that case CDN is a very handy tool the third benefit that it offers is distribution of user requests and serving of content directly from Edge servers so that less traffic gets sent to the origin server and here you can also understand exact concept why this image and other details are also given as always links to all the documentation that I'm referring in this episode is given in the description box and here comes question number 739 it says Azure active directory is a network Gateway that load balances user logins using CDN or content delivery Network yes or no and of course this is not a correct statement that's why no is the correct answer and yes friends I missed to mention in the opening part of the video but this would be our second last part of easy 900 2023 Series so after this part 39 I will take one more part part 40 in which I will concentrate on Azure security related questions and of course please do not miss to subscribe to the channel as we are launching a new series a new question announcer series on AWS Cloud practitioner exam and you do not want to miss any notification of this AWS Series so subscribe to the channel press that Bell icon so that you get all the timely notifications moving on with the question number 740 it says that the Azure app service is an HTTP based service for hosting web application rest apis and mobile backends yes or no and the correct answer for this question is yes so this is a true statement as you can use as Azure app service for hosting web application rest API and mobile backends Now quickly moving to the next question question number 741 says that which services are part of azure storage account service your options are option A Azure table storage option b Azure file storage option C Azure hard drive option D Azure queue storage option e Azure disk storage and lastly option F Azure blob storage and friends please mind that you have to pick all the services that are part of azure storage account and let me reveal the answer and you can match up your answers with this the first correct service is azure stable storage the second one is azure file storage and then we have Azure e-storage which comes at option D and the last correct service is option F which is azure block storage and you can validate the answer on this documentation here you can see what are the services we have Azure blobs Azure files Azure elastic sand which is not in included as a part of our question but never mind you know this is the part of azure storage and then we are given with Azure queues Azure tables and Azure managed disks so now here I showed that our answer is correct and here comes question number 742 which says that which node in Azure portal should you use to assign a user or read role for a resource Group to answer you have to select the node in the answer area here you can see this is the answer area and you are given with various roles or various nodes here and you have to pick the correct node and the correct answer for this question is Access Control IAM so Access Control IAM is the page that you typically use to assign user roles to Grant access to the Azure resources it is also known as identity and access management IAM and appears in several location in Azure portal as this is a very important service my friends to control the access management so let me tell you how can you access this so once you are in the Azure portal you can specify the scope of any resource at four levels from broad to narrow and what are these four levels so basically you can start the access control or access management of any resource on Management Group so this is the broadest level and then you come to the subscription one level down Resource Group one level go down and lastly you can control all the access on a resource definitely on the resource level and how exactly you do this well of course first you sign into the Azure portal then in the search box which is given at the top here you search for the scope that you want to give access to that particular resource for example you can search for Management Group subscriptions Resource Group or any specific resource once you point it then you have to click the specific resource for that scope and then you have to choose Access Control let me give you a screenshot from the Azure portal here you can see that I am on the subscription level and here you can see this Access Control so what I'm trying to demonstrate is that you can be on any level you can be at management level you can be at Resource Group level subscription level any level the four levels that I just showed you and you can control the access on that particular level that suits your application now let's move on with the next question question number 743 says that three keys are available in the properties blade of azure cognitive Services yes or no and the correct answer for this question is no why because only two keys are available in the properties blade of azure cognitive Services quickly moving to the next question question number 744 says that you can use Network Security Group to configure network security as an extension of an application structure yes or no and the correct answer for this question is no and in case you are wondering which service should you use to configure network security as an extension of application structure well that service is application Security Group moving on with the question number seven point 25 it says the Microsoft Sentinel service is a scalable Cloud native security information and event management and security orchestration Automation and response which is short form as soar so do you think this statement is a correct definition of Microsoft Sentinel yes or no and the correct answer for this question is yes and in case you want to learn more on Microsoft Sentinel then I will leave this documentation Link in the description box moving on to the next question question number 746 it says why are two keys available in the properties blade of azure cognitive services and your options are key for Windows and Linux platforms key safe keeping the third option is period key regeneration for security and lastly enhanced performance now I hope you remember just a while back in question number 743 I ask you whether they are three or two keys available in Azure cognitive services and the correct answer was two keys are available now let's find out why why these keys are needed well the correct answer for this question is option P for key safe keeping moving on with the question number 747 it says a Microsoft SQL Server database that is hosted in Cloud virtual machine is an example of infrastructure as a service platform as a service and software as a service and the correct answer most definitely is infrastructure as a service we have taken so many questions on virtual machine infrastructure as a service pass and software as a service in the previous Parts as well I really encourage you to watch all these previous Parts because there gonna be a lot of questions from all these concept areas moving on with the question number 748 it says which storage service given below is best for serving images or documents directly to a browser and for streaming video and audio your options are Azure blob storage Azure file storage virtual machine disk and last one is queue storage and the correct answer so for this question is azure blob storage so whenever my friends you have a requirement to serve images or videos directly to the browser then in that case you can use Azure blob storage and you know what my friends there is one very cool use of azure blob storage so in case you are creating some static website and you have some images or audios or videos to be delivered on the browser in that case you can connect Azure block storage as a base or as a storage for your images videos which can be directly streamed to your web browsers a really handy and neat feature of azure blob storage now coming to the question 749 it says a Microsoft SQL Server database that is hosted in the cloud and has software updates managed by Azure is an example of your options are infrastructure as a service platform as a service or software as a service now friends compare this question with a question number 747 that we just attend did where we were talking about Microsoft SQL Server that was being hosted on virtual machine now I have told you many times that whenever you see virtual machine or something that is hosted on virtual machine using virtual machine in that case your answer should always be infrastructure as a service however in this question we are talking about SQL Server database only but this question says that this one is hosted in the cloud and the software updates are managed by Azure and this is the hint that this is not infrastructure as a service because in this case updates are managed by Microsoft Azure so the correct answer for this question would be option B platform as a service and here comes question number 750 it says that you need to collect and automatically analyze security events from Azure active directory what should you use your options are Azure synapse analytics option b is azure ad connect option C is Azure keyboard and lastly we are given with Azure Sentinel and the correct answer for sure for this question is option T Azure Sentinel and you can use the same documentation that I showed in the question number 745 to gain more insights on Azure Sentinel [Music] hello and welcome back to the Tech Blackboard in the last episode 39 I promised you that today in this episode 40 we will concentrate all our focus on Azure security Now Microsoft has so many services providing security to your application network data and pretty much everything and due to this vast array of services it's very confusing for anyone who starts to learn Azure or preparing for AZ 900 and because Azure security is such an important part of any application I get so many questions and emails then I should focus one episode just for Azure security and that's why I gathered a lot of questions around each service so that you are prepared for the exam no matter how twisted the questions are and friends all these questions will give you a broader perspective and understanding on different Security Services and along the way we will also prepare for easy 900 and I'm gonna give you a lot of Microsoft documentation so that you validate the answer and also so do some self-learning so what are we waiting for let's dive in so here comes the very first question for today question number 751 it says which Azure automatic tool can monitor all the services and rapidly responds to the threads your options are Microsoft authenticator Microsoft Defender for cloud option 3 is multi-factor authentication and lastly Azure firewall and the correct answer for this question is option b Microsoft Defender for cloud let me take one more question and then I will give you documentation on Microsoft Defender so here comes the question number 752 it says that Microsoft Defender for cloud is a cloud native application protection platform with a set of security measures and practices designed to protect cloud-based application from various cyber threats and vulnerabilities yes or no so you have to tell whether this definition is right in context of Microsoft Defender and yes my friends this is a correct statement that's why yes is the correct answer and friends if you want to Deep dive on Microsoft Defender this is the documentation here you can read the definition of The Defender as we just saw in the presentation as well but what are the capabilities of Microsoft Defender that you can read here it says a development security operations devop solution that unifies Security Management at code level across multi-cloud and multi-pipeline environments so these are some of the scenarios or some of the capabilities that Microsoft Defender offers you I will not go in the details of every capabilities you can of course read the link is right there in the description box now here comes the next question question number 753 it says that which service enables you to achieve those goals in Secure score this is a very latest question and has appeared lately in AZ 900 so please pay attention and your options are Microsoft authenticator Microsoft Defender for cloud option 3 is multi-factor authentication and lastly the Azure scoreboard and the correct answer for this once again is option b Microsoft Defender for cloud so let's validate our answer on this documentation first of all you can already observe that this documentation is coming under Microsoft Defender for cloud let's read what it says it says that Microsoft Defender for the cloud has two main goals to help you understand your current security situation and to help you efficiently and effectively improve your security and finally you can read and validate here it says that the central feature of Defender for the cloud that enables you to achieve those goals is secure score so now you know to achieve these goals you need to use Microsoft Defender for cloud coming up is question number 754 it says Defender for cloud continually accesses your cross Cloud resources for security issues yes or no and the correct answer for this question is yes question number 755 says that which azure service is a cloud native and intelligent Network firewall security service that provides threat protection for your Cloud workloads running in Azure your options are Microsoft authenticator Microsoft Defender for cloud the third option is multi-factor authentication and lastly Azure firewall so have you already picked the right answer let's match off the correct answer for this question is option D Azure firewall so what is azure firewall well Azure firewall is a cloud native and intelligent Network firewall security service that provides the best of the breed threat protection for your Cloud workloads running in Azure and please note my friends that Azure firewall is fully stateful you may get some question in Easy 900 asking if Azure firewall is stateful or not and then it says that firewall as a service with built-in High availability and unrestricted Cloud scalability you can read more on this Azure firewall I will not go in depth the link right there in the description box so coming to the next question question 756 says that which Azure service is managed cloud-based network security service that protects your Azure virtual network resources your options once again are Microsoft authenticator Microsoft Defender for cloud multi-factor authentication and last one is azure firewall and the correct answer for this question again is option D Azure firewall and friends I am sure that you're already observing that how I am keeping these related questions together so that you understand all these Services when they are used and why their use I hope this grouping of questions this grouping of services will really help you understand the concept and of course in Easy 900 you will be able to recall the answer in more efficient way and with this we have reached to the question number 757 once again as I said there would be a question here it is azure firewall is fully stateful yes or know and now most definitely you already know the answer the correct answer is yes okay so have you read the Azure firewall documentation carefully let's check out let's check your knowledge once again so here comes the question 758 it says Azure firewall is scalable yes or no and if you have read the documentation carefully yes is the correct answer moving on with the question number 759 it says that by default all the traffic through the firewall is blocked a rule must be added in order to enable traffic flow yes or no and yes my friends this is a correct statement so you must understand when you provision the Azure firewall by default all the traffic will be blocked but in case you want to enable traffic then in that case you have to add a rule and what is that rule well you have to set the rule to deny and please Focus my friends the default rule of azure firewall is always set to deny that's why it blocks all the traffic through the firewall I hope you understood the concepts around firewall and why we should use and when should we use okay so now let's move on to the question number 760 it says that you have an Azure environment that contains 10 virtual networks and 100 virtual machines now you have to limit the amount of inbound traffic to all the virtual Network what should you create your options are one application Security Group the second option is 10 virtual Network gateways third option is 10 Azure express route circuits and lastly one Azure firewall and those who have read the documentation well enough they would already know the correct answer is option D one Azure firewall but as firewall is such an important Concept in Azure let me summarize it for you so an Azure firewall is a feature in Azure as we just read that allows you to control inbound and outbound Network traffic to and from Azure resources and you can create rules tools that specifies ports protocols and sources that can be used to access your virtual Network and virtual machine and you can also apply a firewall to all the virtual networks in your environment and what will you achieve with this well it will allow you to create network filtering rules at Network level which can limit the traffic to the entire virtual network not just a single virtual machine now here comes question number 761 it says that if you need basic network access control basis on IP address and TCP or UDP protocols which service should you use your options are Microsoft Defender application security group network security group or Azure firewall and the correct answer for this question is option D Azure firewall no that's not the correct answer I was just checking you the actual correct answer is option C network security group and once again my friends Network Security Group is very important whenever you're dealing with networks so let's briefly understand what is Network Security Group here you can read that you can use Azure Network Security Group to filter Network traffic between Azure resources in an Azure virtual Network and as I just mentioned network security group contains security rules that allow or deny inbound traffic to an outbound traffic from several types of azure resources for each rule you can specify source and destination port and protocol so friends very important Concept in Azure security and Azure Network please read the documentation and now let's jump on to the next question question 762 says that which service can you use for clouds just in time or jit access to protect your Azure virtual machines from unauthorized network access your options are application Security Group Network Security Group Azure firewall and lastly Microsoft Defender and the correct answer for this question is option D Microsoft Defender and friends this is also one of the very latest questions that have appeared lately in AC 900 and that's why I wanted you to have a correct documentation on the same so here you can read that you can use Microsoft Defender for clouds just in time access to protect your virtual machines from unauthorized network access and that's how we can validate our answer moving on with the question number 763 once again very latest question it says that cross original resource sharing or course is a mechanism that allows domains to give each other permission for accessing each other's resources and you have to tell whether it's a correct statement or a incorrect one and definitely this is a correct statement that's why yes is the correct answer and I am sure you're already looking forward for the documentation so here it is here you can read that course is an HTTP feature that enables a web application running under one domain to access resources in another domain and you can find all the details around course in this documentation and as I just mentioned this topic is the latest edition in the easy 900 so that's why please read the documentation but for now let's quickly jump to the question number 764 that says which Azure service allows you to store application secrets in a centralized Cloud location to securely control access permissions and access login and your options are Azure firewall Azure keyboard or Microsoft Defender and the correct answer for the same is option b as your keyboard and Friends Azure keyboard is one of the several Key Management Solutions in Azure and how does it help you well it helps you in secret management key management and certificate management and of course you can read all about keyboard in this documentation and now on your screen is question number 765 which says that which service provides a user-friendly multi-factor authentic education experience that works with both Microsoft active directory and Microsoft accounts and includes support for variables and fingerprint based approvals and yes my friends this is also one of the very latest questions in AZ 900 what are the options for you well the first option given is azure Fireball then we have Azure keyboard thirdly we have Microsoft Defender and lastly Microsoft authenticator and the correct answer for this question is could you guess the answer well it is option D Microsoft authenticator and friends I want to remind you once again that we are soon launching a similar question and answer series on AWS Cloud practitioner exam and I am sure that you are as excited as me to learn AWS and that's why you do not want to miss any timely notifications for any of those videos so please subscribe to the channel and press that Bell icon so that you are the first one to receive the timely notifications of all our upcoming AWS videos and one more announcement I want to make that we are working on bringing the very latest questions on easy104 that is Microsoft administrator exam and friends my humble request if you have gained any knowledge from this video please make sure to like this video and share our videos on your social media platforms share it with your friends colleagues and relatives to help them learn Cloud Technologies and get certified that's all for today I will see you in the next video till then stay fit keep learning and thanks for watching