AZ-900: Microsoft Azure Fundamentals – Azure Governance and Security – Practice Test

For the AZ-900: Microsoft Azure Fundamentals exam, which covers various topics, I can provide 100 practice questions related to Azure Governance and Security. I’ll break them down into relevant categories, and for each question, I’ll give a brief, one-liner answer.

Azure Governance and Security

1. Azure Governance Basics

  1. What is Azure governance?
    Azure governance helps manage and control resources in Azure to meet business needs and ensure compliance.

  2. What is Azure Policy?
    Azure Policy allows you to enforce organizational standards and assess compliance across resources.

  3. What is the purpose of an Azure Management Group?
    Management Groups help organize resources and subscriptions hierarchically for governance.

  4. What is the Azure Resource Manager (ARM)?
    ARM is the deployment and management service for Azure resources.

  5. What are Azure Blueprints?
    Azure Blueprints help define a repeatable set of Azure resources and policies for deployments.

  6. What is a subscription in Azure?
    An Azure subscription is a container for Azure resources, including services and billing.

  7. How are resources organized in Azure?
    Resources are organized in resource groups within a subscription.

  8. What is Azure Resource Locks?
    Resource Locks prevent accidental deletion or modification of resources.

  9. What is a resource group in Azure?
    A resource group is a container that holds related Azure resources for management.

  10. What is the purpose of Azure Cost Management?
    Azure Cost Management helps track and manage Azure spending and optimize costs.

2. Role-Based Access Control (RBAC)

  1. What is Azure RBAC?
    Azure RBAC (Role-Based Access Control) allows you to assign roles to users to control access to resources.

  2. What are the different types of Azure RBAC roles?
    The types of roles are Owner, Contributor, and Reader, with additional custom roles.

  3. What is the difference between Owner and Contributor roles in Azure?
    Owner has full access, including permissions to manage roles, while Contributor can manage resources but not roles.

  4. What is the Reader role in Azure?
    The Reader role allows users to view resources but not modify them.

  5. What is a custom role in Azure RBAC?
    A custom role allows you to define specific permissions for a user or service principal.

  6. What is an Azure AD role?
    Azure AD roles manage access to Azure Active Directory resources, not Azure resources.

  7. What is the least privilege principle?
    The least privilege principle means granting the minimum level of access necessary to perform a job.

  8. What is a service principal in Azure?
    A service principal is an identity created for applications or services to access Azure resources.

  9. How can roles be assigned in Azure?
    Roles can be assigned at the subscription, resource group, or resource level.

  10. What is Azure AD Conditional Access?
    Conditional Access allows you to enforce policies based on user conditions, such as location or device compliance.

3. Security in Azure

  1. What is Azure Security Center?
    Azure Security Center provides unified security management and threat protection for Azure resources.

  2. What is the Azure Security Benchmark?
    The Azure Security Benchmark is a set of security controls and best practices for securing Azure environments.

  3. What is Azure Sentinel?
    Azure Sentinel is a cloud-native SIEM (Security Information and Event Management) service.

  4. What is Azure Key Vault?
    Azure Key Vault is a service that securely stores and manages sensitive information like keys and secrets.

  5. What are Azure Active Directory (Azure AD) users?
    Azure AD users represent identities that authenticate to Azure and other resources.

  6. What is multi-factor authentication (MFA) in Azure?
    MFA adds an extra layer of security by requiring two or more verification methods.

  7. What is the role of Azure AD Identity Protection?
    Azure AD Identity Protection helps detect potential vulnerabilities and risks in user identities.

  8. What is Azure Advanced Threat Protection (ATP)?
    Azure ATP detects and investigates advanced threats, compromised identities, and malicious insider actions.

  9. What is Azure Firewall?
    Azure Firewall is a managed network security service that protects Azure virtual networks.

  10. What is the purpose of Azure DDoS Protection?
    Azure DDoS Protection helps safeguard against Distributed Denial of Service (DDoS) attacks.

4. Monitoring and Reporting

  1. What is Azure Monitor?
    Azure Monitor collects, analyzes, and acts on telemetry from cloud and on-premises environments.

  2. What is Azure Log Analytics?
    Azure Log Analytics collects and analyzes data from resources in Azure to provide insights.

  3. What is Azure Application Insights?
    Azure Application Insights helps monitor application performance and usage.

  4. What is Azure Service Health?
    Azure Service Health provides personalized alerts and guidance when Azure services are affected.

  5. What is Azure Activity Log?
    Azure Activity Log provides a record of operations on resources, such as create, delete, or update.

  6. What are Azure Alerts?
    Azure Alerts notify users of specific events or conditions in their resources.

  7. What is the purpose of Azure Automation?
    Azure Automation simplifies management and automation of Azure resources.

  8. What is Azure Network Watcher?
    Azure Network Watcher allows monitoring and diagnosing network issues in Azure.

  9. What is Azure Resource Graph?
    Azure Resource Graph provides exploration and query capabilities for large-scale Azure environments.

  10. What is Azure Security Center Standard Tier?
    The Standard Tier provides advanced security management and threat protection for Azure resources.

5. Identity and Access Management (IAM)

  1. What is Azure Active Directory (Azure AD)?
    Azure AD is a cloud-based identity and access management service.

  2. What is an Azure AD tenant?
    An Azure AD tenant represents an instance of Azure AD that holds and manages users and applications.

  3. What is Single Sign-On (SSO) in Azure?
    SSO enables users to log in once to access multiple applications without re-entering credentials.

  4. What is Azure AD B2C?
    Azure AD B2C enables you to provide access to your applications for external users.

  5. What is Azure AD Connect?
    Azure AD Connect is a tool that synchronizes on-premises directories with Azure AD.

  6. What is Azure AD Domain Services?
    Azure AD Domain Services provides domain-join, group policy, and other Active Directory features in Azure.

  7. What is Azure AD Privileged Identity Management (PIM)?
    PIM helps manage, control, and monitor access to critical Azure resources.

  8. What is a conditional access policy in Azure AD?
    Conditional access policies control access to applications based on certain conditions like location and device state.

  9. What is the purpose of Azure AD Application Proxy?
    Azure AD Application Proxy allows users to securely access on-premises applications from anywhere.

  10. What is Azure AD Connect Health?
    Azure AD Connect Health provides monitoring and insights into the health of your Azure AD Connect synchronization.

6. Compliance and Risk Management

  1. What is Azure Compliance Manager?
    Azure Compliance Manager helps manage compliance with regulations and standards within Azure.

  2. What is the purpose of Azure Blueprints in compliance?
    Azure Blueprints help ensure that Azure resources are deployed in compliance with organizational policies.

  3. What is Azure Policy Remediation?
    Remediation helps apply necessary changes to non-compliant resources to align with policy rules.

  4. What is the Azure Trust Center?
    The Azure Trust Center provides information on Azure’s compliance with security and privacy standards.

  5. What is a regulatory compliance certification in Azure?
    Regulatory compliance certifications are assessments verifying that Azure meets specific security and compliance requirements.

  6. What is the purpose of the Azure Compliance Certifications page?
    It provides a list of regulatory certifications Azure has obtained, helping organizations ensure compliance.

  7. What is the significance of Azure Government?
    Azure Government provides cloud services specifically for U.S. government customers with strict compliance needs.

  8. What is an audit log in Azure?
    An audit log records changes and access attempts within an Azure environment for compliance and security tracking.

  9. What is the purpose of Azure Resource Locks?
    Resource locks prevent critical resources from being accidentally deleted or modified.

  10. What is Azure Risk Management?
    Azure Risk Management helps identify, assess, and mitigate potential risks across your Azure environment.

7. Azure Security Best Practices

  1. What is Azure Security Center’s Secure Score?
    Secure Score evaluates the security state of your Azure environment and provides recommendations for improvement.

  2. What are the benefits of Azure AD Identity Protection?
    Identity Protection detects, investigates, and responds to risky behaviors and accounts in Azure AD.

  3. What is the role of Azure Firewall in security?
    Azure Firewall provides network security by filtering traffic to and from resources in Azure.

  4. What is Network Security Group (NSG) in Azure?
    NSG is used to filter network traffic to and from Azure resources.

  5. What is the purpose of Azure Bastion?
    Azure Bastion provides secure and seamless RDP and SSH connectivity to Azure VMs without public IP addresses.

  6. What is the role of VPN Gateway in Azure?
    VPN Gateway provides secure, encrypted connectivity between on-premises networks and Azure.

  7. What is the role of Azure Load Balancer in security?
    Azure Load Balancer distributes traffic across resources, helping to ensure the availability and security of applications.

  8. What is the purpose of the Azure AD Conditional Access?
    Conditional Access ensures users meet certain requirements before accessing resources.

  9. What is the role of a Web Application Firewall (WAF) in Azure?
    WAF protects web applications by filtering and monitoring HTTP traffic for malicious activity.

  10. What is Azure Application Gateway?
    Azure Application Gateway provides web traffic load balancing and WAF features for your web applications.

8. Data Security

  1. What is Azure Storage Encryption?
    Azure Storage Encryption automatically encrypts data at rest within Azure Storage accounts.

  2. What is Azure Disk Encryption?
    Azure Disk Encryption provides encryption for Windows and Linux virtual machine disks.

  3. What is Azure Security Center’s data encryption feature?
    It ensures sensitive data is encrypted at rest, transit, and at runtime.

  4. What is Azure Information Protection?
    Azure Information Protection helps classify, label, and protect data based on sensitivity.

  5. What is Azure Rights Management?
    Azure Rights Management allows the protection of sensitive information by restricting access based on policies.

  6. What is Azure Key Vault’s role in data protection?
    Azure Key Vault securely stores and controls access to secrets, keys, and certificates.

  7. What is the Azure Storage Access Key?
    The access key provides full access to Azure Storage accounts, enabling programmatic access to the storage resources.

  8. What is Azure SQL Database Transparent Data Encryption (TDE)?
    TDE helps protect SQL databases by encrypting data at rest.

  9. What is Azure Disk Encryption for VMs?
    Azure Disk Encryption encrypts Windows and Linux OS disks and data disks in Azure VMs.

  10. What is the purpose of Azure Data Lake Storage?
    Azure Data Lake Storage provides a scalable and secure platform for storing large amounts of data.

9. Encryption and Key Management

  1. What is the Azure Encryption Key Vault?
    It securely manages and controls access to cryptographic keys used for data encryption.

  2. What is Azure Key Vault Managed HSM?
    Managed HSM is a fully managed hardware security module (HSM) that supports key management in the cloud.

  3. What is Bring Your Own Key (BYOK) in Azure Key Vault?
    BYOK allows customers to use their own encryption keys within Azure Key Vault for greater control.

  4. What is the difference between Key Vault and Azure AD?
    Key Vault manages cryptographic keys and secrets, while Azure AD handles identity and access management.

  5. What is the role of encryption at rest in Azure?
    Encryption at rest ensures data is securely encrypted when stored in Azure services.

  6. What is encryption in transit in Azure?
    Encryption in transit protects data during transfer between systems.

  7. What is Azure Key Vault’s role in secure application development?
    It helps developers securely store sensitive application information, such as API keys, connection strings, and passwords.

  8. What is customer-managed key encryption in Azure?
    It allows customers to control and manage the encryption keys used to protect their data in Azure.

  9. What is Azure Key Vault’s key rotation?
    Key rotation helps maintain the security of encryption keys by periodically changing them.

  10. What are the compliance standards related to encryption in Azure?
    Azure follows various encryption and security standards like FIPS 140-2, GDPR, and ISO/IEC standards.

10. Incident Response and Disaster Recovery

  1. What is Azure Backup?
    Azure Backup provides a simple and reliable cloud-based backup solution for Azure resources.

  2. What is Azure Site Recovery?
    Azure Site Recovery provides disaster recovery as a service, ensuring business continuity.

  3. What is the role of Azure Security Center in incident response?
    It provides security recommendations and alerts about potential security incidents in Azure.

  4. What is the Azure Incident Response plan?
    It outlines steps to detect, respond to, and recover from security incidents.

  5. What is the Azure Security Center’s Threat Protection feature?
    It helps detect and mitigate potential threats, such as malware and malicious activity.

  6. What are Azure backup recovery points?
    Recovery points are saved versions of data that can be used to restore the system during a disaster.

  7. What is Azure disaster recovery in the context of a virtual machine?
    It involves replicating VMs to another region for high availability in case of a failure.

  8. What is Azure Monitor’s role in incident response?
    Azure Monitor provides metrics and logs that help identify and troubleshoot potential security incidents.

  9. What is the purpose of security alerts in Azure Security Center?
    Security alerts inform you about potential security issues and allow you to take appropriate action.

  10. What is a recovery plan in Azure Site Recovery?
    A recovery plan is a set of automated actions for recovering your application in case of a disaster.

Related Posts