AZ-900 Microsoft Azure Fundamentals exam is a hot Microsoft certification exam, Exam4Training offers you the latest free online AZ-900 dumps to practice. You can get online training in the following questions, all these questions are verified by Microsoft experts. If this exam changed, we will share new update questions.
DRAG DROP
Match the Azure service to the correct definition.
Instructions: To answer, drag the appropriate Azure service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all. NOTE: Each correct match is worth one point.
Answer: 
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
Solution: You modify an Azure Traffic Manager profile.
Does this meet the goal?
A . Yes
B . No
Answer: B
This question requires that you evaluate the underlined text to determine if it is correct.
When you are implementing a software as a service (SaaS) solution, you are responsible for configuring high availability.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
A . No change is needed.
B . defining scalability rules
C . installing the SaaS solution
D . configuring the SaaS solution
Answer: D
You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft Power BI.
You need to recommend a storage solution for the data.
Which two solutions should you recommend? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A . Azure SQL Database
B . Azure Cosmos DB
C . Azure SQL Data Warehouse
D . Azure Database for PostgreSQL
E . Azure Data Lake
Answer: CE
Your company plans to deploy several web servers and several database servers to Azure.
You need to recommend an Azure solution to limit the types of connections from the web servers to the database servers.
What should you include in the recommendation?
A . network security groups (NSGs)
B . Azure Service Bus
C . a local network gateway
D . a route filter
Answer: A
Explanation:
A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
This question requires that you evaluate the underlined text to determine if it is correct.
Your Azure trial account expired last week. You are now unable to create additional Azure Active Directory (Azure AD) user accounts.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
A . No change is needed
B . start an existing Azure virtual machine
C . access your data stored in Azure
D . access the Azure portal
Answer: B
Explanation:
A stopped (deallocated) VM is offline and not mounted on an Azure host server. Starting a VM mounts the VM on a host server before the VM starts. As soon as the VM is mounted, it becomes chargeable. For this reason, you are unable to start a VM after a trial has expired.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an Azure subscription that contains the following unused resources:
* 20 user accounts in Azure Active Directory (Azure AD)
* Five groups in Azure AD
* 10 public [P addresses
* 10 network interfaces
You need to reduce the Azure costs for the company.
Solution: You remove the unused groups.
Does this meet the goal?
A . Yes
B . No
Answer: B
Explanation:
You are not charged for Azure Active Directory Groups. Therefore, deleting unused groups will not reduce your Azure costs.
References: https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations#reduce-costs-by-deleting-or-reconfiguring-idle-virtual-network-gateways
This question requires that you evaluate the underlined text to determine if it is correct.
Azure policies provide a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment.
Instructions: Review the undefined text If it makes the statement correct, select "No change is needed." If the statement is incorrect select the answer choice that makes the statement correct.
A . No change is needed.
B . Resource groups provide
C . Azure Resource Manager provides
D . Management groups provide
Answer: C
You need to ensure that when Azure Active Directory (Azure AD) users connect to Azure AD from the Internet by using an anonymous IP address, the users are prompted automatically to change their password.
Which Azure service should you use?
A . Azure AD Connect Health
B . Azure AD Privileged Identity Management
C . Azure Advanced Threat Protection (ATP)
D . Azure AD Identity Protection
Answer: D
Explanation:
Azure AD Identity Protection includes two risk policies: sign-in risk policy and user risk policy. A sign-in risk represents the probability that a given authentication request isn’t authorized by the identity owner.
There are several types of risk detection. One of them is Anonymous IP Address. This risk detection type indicates sign-ins from an anonymous IP address (for example, Tor browser or anonymous VPN). These IP addresses are typically used by actors who want to hide their login telemetry (IP address, location, device, etc.) for potentially malicious intent.
You can configure the sign-in risk policy to require that users change their password.
References: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Answer: 