AZ-900: Microsoft Azure Fundamentals
Where can you obtain details about the personal data Microsoft processes, how Microsoft processes it, and for what purposes?
Microsoft Privacy Statement
Compliance Manager
Azure Service Health
Answer is Microsoft Privacy Statement. The Microsoft Privacy Statement explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes.
Which of the following can be used to help you enforce resource tagging so you can manage billing?
Azure Policy
Azure Service Health
Compliance Manager
Answer is Azure Policy. Azure Policy can be used to enforce tagging values and rules on resources.
Which of the following lets you grant users only the rights they need to perform their jobs?
Azure Policy
Compliance Manager
Role-Based Access Control
Answer is Role-Based Access Control (RBAC). RBAC lets you to grant users only the rights they need to perform their jobs.
Which of these options helps you most easily disable an account when an employee leaves your company?
Enforce multi-factor authentication (MFA)
Monitor sign-on attempts
Use single sign-on (SSO)
Answer is Use single sign-on (SSO). SSO centralizes user identity, so you can disable an inactive account in a single step.
What is Azure Information Protection?
AIP is a cloud-based solution that helps organizations classify and (optionally) protect its documents and emails by applying labels. Labels can be applied automatically (by administrators who define rules and conditions), manually (by users), or with a combination of both (where users are guided by recommendations).
AIP is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
AIP is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises.
Answer is AIP is a cloud-based solution that helps organizations classify and (optionally) protect its documents and emails by applying labels. Labels can be applied automatically (by administrators who define rules and conditions), manually (by users), or with a combination of both (where users are guided by recommendations).
AIP helps you to track and secure the usage of your company's intellectual property.
Which of the following items would be good use of a resource lock?
An ExpressRoute circuit with connectivity back to your on-premises network
A non-production virtual machine used to test occasional application builds
A storage account used to temporarily store images processed in a development environment
Answer is An ExpressRoute circuit with connectivity back to your on-premises network
Protection this mission critical resource from accidental deletion is a great idea.
Which of the following approaches would be the most efficient way to ensure a naming convention was followed across your subscription?
Send out an email with the details of your naming conventions and hope it is followed.
Create a policy with your naming requirements and assign it to the scope of your subscription
Give all other users except for yourself read-only access to the subscription. Have all requests to create resources sent to you so you can review the names being assigned to resources, and then create them.
Answer is Create a policy with your naming requirements and assign it to the scope of your subscription
Using Azure Policy ensures that you can not only recommend a naming standard but report on its adoption.
Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
What are two possible solutions?
Modify an Azure Traffic Manager profile
Modify a network security group (NSG)
Modify a DDoS protection plan
Modify an Azure firewall
Answers are
Modify a network security group (NSG)
Modify an Azure firewall
A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.
You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 80 (HTTP).
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
To complete the sentence, select the appropriate option in the answer area.
Azure automatically routes traffic between subnets in a virtual network. Therefore, all virtual machines in a virtual network can connect to the other virtual machines in the same virtual network. Even if the virtual machines are on separate subnets within the virtual network, they can still communicate with each other.
To ensure that a virtual machine cannot connect to the other virtual machines, the virtual machine must be deployed to a separate virtual network.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
To complete the sentence, select the appropriate option in the answer area.
A resource group is a logical container for Azure resources. Resource groups make the management of Azure resources easier.
With a resource group, you can allow a user to manage all resources in the resource group, such as virtual machines, websites, and subnets. The permissions you apply to the resource group apply to all resources contained in the resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview