AZ-900: Microsoft Azure Fundamentals
To complete the sentence, select the appropriate option in the answer area.
Azure automatically routes traffic between subnets in a virtual network. Therefore, all virtual machines in a virtual network can connect to the other virtual machines in the same virtual network. Even if the virtual machines are on separate subnets within the virtual network, they can still communicate with each other.
To ensure that a virtual machine cannot connect to the other virtual machines, the virtual machine must be deployed to a separate virtual network.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
To complete the sentence, select the appropriate option in the answer area.
A resource group is a logical container for Azure resources. Resource groups make the management of Azure resources easier.
With a resource group, you can allow a user to manage all resources in the resource group, such as virtual machines, websites, and subnets. The permissions you apply to the resource group apply to all resources contained in the resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
Your company has virtual machines (VMs) hosted in Microsoft Azure. The VMs are located in a single Azure virtual network named VNet1.
The company has users that work remotely. The remote workers require access to the VMs on VNet1.
You need to provide access for the remote workers.
What should you
Configure a Site-to-Site (S2S) VPN.
Configure a VNet-toVNet VPN.
Configure a Point-to-Site (P2S) VPN.
Configure DirectAccess on a Windows Server 2012 server VM.
Configure a Multi-Site VPN
Answer is Configure a Point-to-Site (P2S) VPN.
A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer.
P2S VPN is also a useful solution to use instead of S2S VPN when you have only a few clients that need to connect to a VNet.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/design
How can the IT department ensure that employees at the company's retail stores can access company applications only from approved tablet devices?
SSO
Conditional Access
Multifactor authentication
Answer is Conditional Access
Conditional Access enables you to require users to access your applications only from approved, or managed, devices.
How can the IT department use biometric properties, such as facial recognition, to enable delivery drivers to prove their identities?
SSO
Conditional Access
Multifactor authentication
Answer is Multifactor authentication
Authenticating through multifactor authentication can include something the user knows, something the user has, and something the user is.
How can the IT department reduce the number of times users must authenticate to access multiple applications?
SSO
Conditional Access
Multifactor authentication
Answer is SSO
SSO enables a user to remember only one ID and one password to access multiple applications.
How can companies allow some users to control the virtual machines in each environment but prevent them from modifying networking and other resources in the same resource group or Azure subscription?
Create a role assignment through Azure role-based access control (Azure RBAC).
Create a policy in Azure Policy that audits resource usage.
Split the environment into separate resource groups.
Answer is Create a role assignment through Azure role-based access control (Azure RBAC).
Azure RBAC enables you to create roles that define access permissions. You might create one role that limits access only to virtual machines and a second role that provides administrators with access to everything.
Which is the best way for companies to ensure that they only deploy cost-effective virtual machine SKU sizes?
Create a policy in Azure Policy that specifies the allowed SKU sizes.
Periodically inspect the deployment manually to see which SKU sizes are used.
Create an Azure RBAC role that defines the allowed virtual machine SKU sizes.
Answer is Create a policy in Azure Policy that specifies the allowed SKU sizes.
After you enable this policy, that policy is applied when you create new virtual machines or resize existing ones. Azure Policy also evaluates any current virtual machines in your environment.
Which is likely the best way for companies to identify which billing department each Azure resource belongs to?
Track resource usage in a spreadsheet.
Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department.
Apply a tag to each resource that includes the associated billing department.
Answer is Apply a tag to each resource that includes the associated billing department.
Tags provide extra information, or metadata, about your resources. They might create a tag that's named BillingDept whose value would be the name of the billing department. You can use Azure Policy to ensure that the proper tags are assigned when resources are provisioned.
Where can the company access details about the personal data Microsoft processes and how the company processes it, including for Cortana?
Microsoft Privacy Statement
The Azure compliance documentation
Microsoft compliance offerings
Answer is Microsoft Privacy Statement
The Microsoft Privacy Statement provides information that's relevant to specific services, including Cortana.