AZ-900: Microsoft Azure Fundamentals Certification Exam Questions and Answers

Question #81

DRAG DROP –
Match the term to the correct definition.
Instructions: To answer, drag the appropriate term from the column on the left to its description on the right. Each term may be used once, more than once, or not at all.
NOTE: Each correct match is worth one point.
Select and Place:

Correct Answer: Explanation

Question #82

Your company plans to deploy several web servers and several database servers to Azure.
You need to recommend an Azure solution to limit the types of connections from the web servers to the database servers.
What should you include in the recommendation?

  • A. network security groups (NSGs)
  • B. Azure Service Bus
  • C. a local network gateway
  • D. a route filter

Correct Answer: A

Question #83

To what should an application connect to retrieve security tokens?

  • A. an Azure Storage account
  • B. Azure Active Directory (Azure AD)
  • C. a certificate store
  • D. an Azure key vault

Correct Answer: B

Question #84

This question requires that you evaluate the underlined text to determine if it is correct.
Resource groups provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

  • A. No change is needed
  • B. Management groups
  • C. Azure policies
  • D. Azure App Service plans

Correct Answer: C

Question #85

Your network contains an Active Directory forest. The forest contains 5,000 user accounts.
Your company plans to migrate all network resources to Azure and to decommission the on-premises data center.
You need to recommend a solution to minimize the impact on users after the planned migration.
What should you recommend?

  • A. Implement Azure Multi-Factor Authentication (MFA)
  • B. Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
  • C. Instruct all users to change their password
  • D. Create a guest user account in Azure Active Directory (Azure AD) for each user

Correct Answer: B

Question #86

HOTSPOT –
You create a resource group named RG1 in Azure Resource Manager.
You need to prevent the deletion of the resources in RG1.
Which setting should you use? To answer, select the appropriate setting in the answer area.
Hot Area:

Correct Answer: Explanation

Question #87

Which Azure service should you use to store certificates?

  • A. Azure Security Center
  • B. an Azure Storage account
  • C. Azure Key Vault
  • D. Azure Information Protection

Correct Answer: C
References:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview

Question #88

You have a resource group named RG1.
You plan to create virtual networks and app services in RG1.
You need to prevent the creation of virtual machines only in RG1.
What should you use?

  • A. a lock
  • B. an Azure role
  • C. a tag
  • D. an Azure policy

Correct Answer: A
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

Question #89

What can Azure Information Protection encrypt?

  • A. network traffic
  • B. documents and email messages
  • C. an Azure Storage account
  • D. an Azure SQL database

Correct Answer: B
References:
https://docs.microsoft.com/en-us/azure/information-protection/compliance https://docs.microsoft.com/en-us/azure/information-protection/quickstart-label-dnf-protectedemail

Question #90

What should you use to evaluate whether your company’s Azure environment meets regulatory requirements?

  • A. the Knowledge Center website
  • B. the Advisor blade from the Azure portal
  • C. Compliance Manager from the Security Trust Portal
  • D. the Security Center blade from the Azure portal

Correct Answer: D
References:
https://azure.microsoft.com/en-us/blog/regulatory-compliance-dashboard-in-azure-security-center-now-available/

Question #91

HOTSPOT –
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer: 
References:
https://docs.microsoft.com/en-us/azure/advisor/advisor-overview https://microsoft.github.io/AzureTipsAndTricks/blog/tip173.html

Question #92

This question requires that you evaluate the underlined text to determine if it is correct.
Your company implements Azure policies to automatically add a watermark to Microsoft Word documents that contain credit card information.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

  • A. No change is needed.
  • B. DDoS protection
  • C. Azure Information Protection
  • D. Azure Active Directory (Azure AD) Identity Protection

Correct Answer: C
References:
https://docs.microsoft.com/en-us/azure/information-protection/infoprotect-quick-start-tutorial

Question #93

This question requires that you evaluate the underlined text to determine if it is correct.
From Azure Monitor, you can view which user turned off a specific virtual machine during the last 14 days.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

  • A. No change is needed
  • B. Azure Event Hubs
  • C. Azure Activity Log
  • D. Azure Service Health

Correct Answer: C
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-audit

Question #94

This question requires that you evaluate the underlined text to determine if it is correct.
You have an Azure virtual network named VNET1 in a resource group named RG1.
You assign an Azure policy specifying that virtual networks are not an allowed resource type in RG1. VNET1 is deleted automatically.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

  • A. No change is needed
  • B. has moved automatically to another resource group
  • C. continues to function normally
  • D. is now a read-only object

Correct Answer: A
References:
https://docs.microsoft.com/en-us/azure/governance/policy/overview

Question #95

HOTSPOT –
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer: 
References:
https://docs.microsoft.com/en-us/azure/security/azure-security-data-encryption-best-practices#protect-data-in-transit

Question #96

Your company has an Azure environment that contains resources in several regions.
A company policy states that administrators must only be allowed to create additional Azure resources in a region in the country where their office is located.
You need to create the Azure resource that must be used to meet the policy requirement.
What should you create?

  • A. a read-only lock
  • B. an Azure policy
  • C. a management group
  • D. a reservation

Correct Answer: B

Question #97

This question requires that you evaluate the underlined text to determine if it is correct.
Authorization is the process of verifying a user’s credentials.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

  • A. No change is needed
  • B. Authentication
  • C. Federation
  • D. Ticketing

Correct Answer: B

Question #98

You need to configure an Azure solution that meets the following requirements:
✑ Secures websites from attacks
✑ Generates reports that contain details of attempted attacks
What should you include in the solution?

  • A. Azure Firewall
  • B. a network security group (NSG)
  • C. Azure Information Protection
  • D. DDoS protection

Correct Answer: D

Question #99

HOTSPOT –
You plan to implement several security services for an Azure environment. You need to identify which Azure services must be used to meet the following security requirements:
✑ Monitor threats by using sensors
✑ Enforce azure Multi-Factor Authentication (MFA) based on a condition
Which Azure service should you identify for each requirement? To answer, select the appropriate option in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer: 

Question #100

HOTSPOT –
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer: 

Leave a Comment