more information.
1 20. A. The most cost‐effective option is to use Azure SQL Database. See Chapter 2 for more information.
1 21. D. Azure NSGs do not provide load‐balancing capability. See Chapter 4 for more information.
1 22. C. Azure Application Gateway provides URL‐based routing. See Chapter 4 for more information.
1 23. C. Azure ExpressRoute is the appropriate solution to provide VPN across the Internet, managed by a third party. See Chapter 4 for more information.
1 24. B. Azure ExpressRoute Direct provides similar capabilities as Azure ExpressRoute but is not routed across the Internet. See Chapter 4 for more information.
1 25. C. Azure Content Delivery Network (CDN) enables you to place replicas of content geographically near the users who need to consume the content. See Chapter 4 for more information.
1 26. A. An Azure NSG enables you to restrict access to the VM based on port, and RBAC enables you to restrict access to specific individuals. See Chapter 4 for more information.
1 27. B. To implement custom routing, create a user‐defined route and apply it to all relevant virtual networks. See Chapter 4 for more information.
1 28. D. No change is needed, since DDoS Standard provides alerting to ongoing distributed denial‐of‐service (DDoS) attacks. It also provides alerting and mitigation reporting. See Chapter 4 for more information.
1 29. D. In this example, the first three options are examples of authentication (identifying the holder), but do not authorize the user. The visa provides that authorization for entering the country. See Chapter 4 for more information.
1 30. B. Adding the capability to synchronize password changes to on‐premises AD requires Azure AD Premium. See Chapter 4 for more information.
1 31. C. Security Center provides recommendations on improving security, as well as monitoring and alerts. See Chapter 4 for more information.
1 32. D. Azure Key Vault is the appropriate place to store secrets such as security credentials in Azure. See Chapter 4 for more information.
1 33. D. Azure Information Protection (AIP) provides the capability to protect emails and documents using policies, identities, and encryption. See Chapter 4 for more information.
1 34. B. Advanced Threat Protection (ATP) provides protection from many kinds of security threats, including pass‐the‐hash, pass‐the‐token, and others. See Chapter 4 for more information.
1 35. B. A honeytoken attack is an attempt to authenticate to a fake account that you have created as a “honeypot” to attract attackers. See Chapter 4 for more information.
1 36. C. You can use Azure Policies to enforce restrictions on VM resources. See Chapter 4 for more information.
1 37. A. You can apply policies at the resource or resource group levels, and if at the resource group, the policies apply to all resources in the group. See Chapter 4 for more information.
1 38. C. Locking a resource with the CanNotDelete lock prevents resources in the resource group from being deleted. The lock must be removed before a resource in the group can be deleted. See Chapter 4 for more information.
1 39. D. Blueprints enable you to create large, repeatable deployments of resources in Azure with corresponding role and policy assignments. See Chapter 4 for more information.
1 40. B. You do not need to configure Azure Monitor for it to begin monitoring a resource. Instead, Azure Monitor begins monitoring as soon as you create a resource. See Chapter 4 for more information.
1 41. B. Azure Service Health enables you to view status information for resources that you host in Azure. See Chapter 4 for more information.
1 42. C. Azure Service Health enables you to view information about planned maintenance in Azure. See Chapter 4 for more information.
1 43. A. ISO and NIST are both standards‐based, nonregulatory agencies. General Data Protection Regulation (GDPR) defines data protection and privacy requirements as a regulation in European Union law. See Chapter 4 for more information.
1 44. A, C. Microsoft can share your personal information with vendors and third parties without your consent, including in response to legal actions. You can use a work email when setting up a Microsoft account. See Chapter 4 for more information.
1 45. A. IoT Hub provides bidirectional communication between IoT devices in Azure. See Chapter 5 for more information.
1 46. B. IoT Central enables you to monitor and control IoT devices. See Chapter 5 for more information.
1 47. C. Cognitive Services provides human‐like analysis services in Azure. See Chapter 5 for more information.
1 48. C. Azure Bot Services provides human‐like interaction, including natural language question‐and‐answer capabilities. See Chapter 5 for more information.
1 49. A. Azure Logic Apps enables you to create serverless workflow solutions in Azure. See
