Practice Free AZ-900 Exam Online Questions
You have an Azure environment that contains multiple Azure virtual machines.
You plan to implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines.
You need to recommend which Azure resources must be created for the planned solution.
Which two Azure resources should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . a virtual network gateway
- B . a load balancer
- C . an application gateway
- D . a virtual network
- E . a gateway subnet
A, E
Explanation:
To implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines, you need to configure a VPN (Virtual Private Network) to connect the on-premises network to the Azure virtual network.
The Azure VPN device is known as a Virtual Network Gateway. The virtual network gateway needs to be located in a dedicated subnet in the Azure virtual network. This dedicated subnet is known as a gateway subnet and must be named ‘GatewaySubnet’.
Note: a virtual network (answer D) is also required. However, as we already have virtual machines deployed in a Azure, we can assume that the virtual network is already in place.
Reference: https://docs.microsoft.com/en-us/office365/enterprise/connect-an-on-premises-network-to-a-microsoft-azure-virtual-network
HOTSPOT
To complete the sentence, select the appropriate option in the answer area.
Explanation:
Azure Cosmos DB is an example of a platform as a service (PaaS) cloud database provider.
Reference: https://docs.microsoft.com/en-us/azure/cosmos-db/database-security
DRAG DROP
Match the Azure services to the correct descriptions.
Instructions: To answer, drag the appropriate Azure service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all. NOTE: Each correct match is worth one point
HOTSPOT
You need to manage Azure by using Azure Cloud Shell.
Which Azure portal icon should you select? To answer, select the appropriate icon in the answer area.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each connect selection is worth one point.
What is used to grant permission to Azure Virtual Desktop resources?
- A . role-based access control (RBAC) roles
- B . application security groups
- C . tags
- D . resource groups
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: No
Azure firewall does not encrypt network traffic. It is used to block or allow traffic based on source/destination IP address, source/destination ports and protocol.
Box 2: No
A network security group does not encrypt network traffic. It works in a similar way to a firewall in that it is used to block or allow traffic based on source/destination IP address, source/destination ports and protocol.
Box 3: No
The question is rather vague as it would depend on the configuration of the host on the Internet. Windows Server does come with a VPN client and it also supports other encryption methods such IPSec encryption or SSL/TLS so it could encrypt the traffic if the Internet host was configured to require or accept the encryption. However, the VM could not encrypt the traffic to an Internet host that is not configured to require the encryption.
Reference: https://docs.microsoft.com/en-us/azure/security/azure-security-data-encryption-best-practices#protect-data-in-transit
HOTSPOT
To answer, select the appropriate option in the answer area.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You plan to deploy several Azure virtual machines.
You need to control the ports that devices on the internet can use to access the virtual machines.
What should you use?
- A . an Azure Active Directory (AzureAD) role
- B . an Azure key vault
- C . an Azure Active Directory group
- D . a network security group (NSG)
D
Explanation:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview