【已結案_20230621】ESI證照 - AZ900

### 重點整理 #### 1. network security group(NSG) vs Azure Firewall - 看到【virtual network】選【Azure Firewall】，其餘選【network security group(NSG)】，例如【virtual network subnet】&【network interface】 #### 2. Azure資源管理器模板提供一個部署雲基礎結構並實現環境一致性的平台 Azure Resource Manager templates provides a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment. - Azure 資源管理器模板提供了一個通用平台，用於將對象部署到雲基礎結構並實現整個 Azure 環境的一致性。 Each business unit requires 20 different Azure resources for daily operation. All the business units require the same type of Azure resources. You can use Azure Resource Manager templates to automate the creation of the Azure resources. 每個業務部門的日常運營需要 20 種不同的 Azure 資源。所有業務部門都需要相同類型的 Azure 資源。可以使用 Azure 資源管理器模板自動創建 Azure 資源。 ##### Azure Resource Manager Azure 資源管理器 An organization deploys additional resource to Azure as it wants to expand its cloud presence. It is decided that templates based on existing resources will be used while deploying. Consistent deployment must be ensured as it is critical. - 組織在想要擴展其云存在時向 Azure 部署額外的資源。決定在部署時使用基於現有資源的模板。必須確保一致的部署，因為這很關鍵。 #### 3. Azure policies Azure 策略用於定義部署期間資源屬性和現有資源的要求 Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources. - Azure 策略可用於定義部署期間資源屬性和現有資源的要求。 Azure Policy控制資源的類型或位置等屬性。 #### 5. 資源組繼承(鎖會、標籤不會) - 資源級別設置的權限由資源組中的資源繼承。(包含鎖) A resource group can be used to scope access control for administrative actions. By default, permissions set at the resource level are inherited by the resources in the resource group. If you set permissions to a resource group, all the Azure resources in that resource group inherit the permissions. 如果為資源組設置權限，則該資源組中的所有 Azure 資源都會繼承權限。 - 資源標籤不會從其資源組繼承 Tags for Resources are not inherited by default from their Resource Group (X)If you assign a tag to a resource group, all the Azure resources in that resource group are assigned to the same tag. 如果將標籤分配給資源組，則該資源組中的所有 Azure 資源都會分配給同一個標籤。 #### 6. 訂閱與AAD的關係 - 一個訂閱不會關聯到多個AAD - 更改訂閱會關連到多個AAD - 訂閱到期AAD將不會自動刪除 #### 7. 虛擬機佈署到多個環境_可用區(availability zone)、區域(region)可以，規模集(scale set)不能 You deploy the virtual machines to two or more scale sets. 虛擬機部署到兩個或更多規模集。(X) You deploy the virtual machines to two or more availability zones. 您將虛擬機部署到兩個或更多可用區。(O) You deploy the virtual machines to two or more regions. 您將虛擬機部署到兩個或更多區域。(O) #### 8. 虛擬機佈署到個別環境_單獨的虛擬網絡 You plan to deploy 20 virtual machines to an Azure environment. To ensure that a virtual machine named VM1 cannot connect to the other virtual machines, VM1 must be deployed to a separate virtual network. - 您計劃將 20 台虛擬機部署到 Azure 環境。為確保名為 VM1 的虛擬機**無法連接**到其他虛擬機，必須將 VM1 部署到單獨的虛擬網絡。 #### 9. 同時委託多個虛擬機需部屬到資源組 When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines to the resource group. - 當您需要同時將權限委託給多個 Azure 虛擬機時，您必須將 Azure 虛擬機部署到資源組。 #### 10. 虛擬機使用_Bash&PowerShell&Azure portal - 可以在Azure Cloud Shell中使用 Bash - 可以在Azure Cloud Shell中使用 PowerShell 通過 Bash 使用 Azure Cloud Shell。通過 PowerShell 使用 Azure Cloud Shell。 #### 11. 能否指定資源類型需先通過Azure策略 > Case1 You have an Azure virtual network named VNET1 in a resource group named RG1. You assign an Azure policy definition of Not Allowed Resource Type and specify that virtual networks are not an allowed resource type in RG1. VNET1 continues to function normally. 在名為 RG1 的資源組中有一個名為 VNET1 的 Azure 虛擬網絡。您分配不允許的資源類型的 Azure 策略定義，並指定虛擬網絡不是 RG1 中允許的資源類型。 VNET1 繼續正常運行。 > Case2 You have an Azure virtual network named VNET1 in a resource group named RG1.You assign an Azure policy specifying that virtual networks are not an allowed resource type in RG1. VNET1 is deleted automatically. 在名為 RG1 的資源組中有一個名為 VNET1 的 Azure 虛擬網絡。您分配一個 Azure 策略，指定虛擬網絡不是 RG1 中允許的資源類型。 VNET1 被自動刪除。 #### 12. log : Windows_Event vs Linux_Syslog - Windows Event Logs : Event - Linux Log Analytics : Syslog #### 13. Azure 存儲帳戶_備份三個副本而非數據中心 - Azure存儲帳戶的數據會自動維護至少三個副本 - Azure存儲帳戶的數據不會自動備份到另一個 Azure 數據中心 #### 14. 並非所有的Azure 安全中心功能都是免費的 All Azure Security Center Features are free.(X) #### 15. 訂閱包含資源組，資源組不包含訂閱。 - 一個Azure資源組不能包含多個Azure的訂閱 Resource groups are logical containers for Azure resources. However, resource groups do not contain subscriptions. Subscriptions contain resource groups. 資源組是 Azure 資源的邏輯容器。但是，資源組不包含訂閱。訂閱包含資源組。 #### 16. Application Gateway 應用網關_均勻分佈跨可用區配置網路產品 - 應用網關能跨多個可用區部屬Web應用程序的多個實例，然後組織配置Azure網路產品，以服務請求均勻分佈在所有實例。 An organization is operating with three Availability Zones (AZ). It is decided to deploy multiple instances of a web application across all three AZs. An Azure networking product is then configured by the organization so the service requests can be evenly distributed across all the three instances. Can you identify the Azure networking product that will be used? 一個組織使用三個可用區 (AZ) 進行運營。決定跨所有三個可用區部署 Web 應用程序的多個實例。然後組織配置 Azure 網絡產品，以便服務請求可以均勻分佈在所有三個實例中。你能確定將要使用的 Azure 網絡產品嗎？ #### 17. Authentication驗證 vs Authorization授權 - 驗證是認證用戶憑據的過程(C) Authentication is the process of verifying a user’s credentials. - 識別用戶或服務的訪問級別的過程。(Z) Authorization is the process of identifying the access level of a user or service. #### 18. RBAC_各種組和用戶提供訪問權限的策略 vs 用戶和群組管_將費用保持在最低水平之平台 - Role-based access control(RBAC)為以詳細的方式限制對資源組和資源範圍的訪問，將向各種組和用戶提供訪問權限的策略 - User and Group management(用戶和群組管理)作為在應用程序最終發布之前將費用保持在最低水平之平台 A new policy has been implemented in your organization that limits access to resource group and resource scopes in a detailed, granular way. Various groups and users will be provided access. What would you choose to use if you want to implement the new policy? 您的組織中實施了一項新策略，以詳細、精細的方式限制對資源組和資源範圍的訪問。將向各種組和用戶提供訪問權限。如果要實施新政策，您會選擇使用什麼？ An organization wants to develop and deploy web apps, for which it subscribes to Azure as a platform. It is desired to keep the expenses to a minimum before the app is finally released. You have to identify the features available in Azure Active Directory (AD) Free edition. 組織想要開發和部署 Web 應用程序，為此它訂閱了 Azure 作為平台。希望在應用程序最終發布之前將費用保持在最低水平。您必須確定 Azure Active Directory (AD) 免費版中可用的功能。 #### 19. Azure安全中心能使用自動縮放並實現最佳成本&評估符合法規 vs Azure顧問_提供優化資源的建議 - Azure Advisor(Azure 顧問)提供優化 Azure 資源的建議 Azure Security Center can uses autoscale ,and to minimize costs and bring in optimum performance levels Azure Advisor provides recommendations for optimizing your Azure resources. Azure Service Health provides information about the health of Azure services and helps you prepare for, and respond to, Azure service incidents. Azure Network Watcher provides monitoring and diagnostics for your Azure network. Azure 顧問提供優化 Azure 資源的建議。 Azure 服務運行狀況提供有關 Azure 服務運行狀況的信息，並幫助你準備和響應 Azure 服務事件。 Azure 網絡觀察程序為你的 Azure 網絡提供監視和診斷。 #### 20.Azure Monitor管理員_用於發送警報 vs Azure Service Health_提供帳戶異常通知 - Azure Monitor(Azure 管理員) 可用於發送警報 Azure Monitor can be used to automatically send an alert if an administrator stops an Azure virtual machine. With Azure Monitor, you can set up alerts based on metrics and log data, and you can receive notifications through email, SMS, webhooks, and other channels. In the case of an Azure virtual machine, you can use Azure Monitor to set up an alert that triggers if the virtual machine goes down or becomes unavailable. This way, you can receive an alert as soon as the virtual machine stops, allowing you to take prompt action and resolve the issue. 如果管理員停止 Azure 虛擬機，Azure Monitor 可用於自動發送警報。借助 Azure Monitor，您可以根據指標和日誌數據設置警報，並且可以通過電子郵件、SMS、webhook 和其他渠道接收通知。對於 Azure 虛擬機，您可以使用 Azure Monitor 設置在虛擬機出現故障或變得不可用時觸發的警報。這樣，您可以在虛擬機停止時立即收到警報，以便您迅速採取措施並解決問題。 **Azure服務健康**情況通知有多種類別： - **需採取動作：** Azure 可能注意到您的**帳戶中發生異常狀況**，並協助您解決這個問題。 Azure 會傳送**通知**給您，其中會詳述您需要採取的動作，或 Azure 工程或支援的連絡方式。 - **附帶事件 (Incident)︰**影響服務的事件 (event) 目前正在影響您訂用帳戶下一個或多個資源。 - **維護︰**可能會影響您訂用帳戶下一個或多個資源的計劃性維護活動。 - **資訊：**潛在的最佳化作業，可能有助於提升資源使用效率。 - **安全性︰**緊急的安全性相關資訊，關係到 Azure 上執行的解決方案。 #### 21. PaaS平台即服務可以通過更改定價層為應用程序提供額外的內存 A Platform as a Service (PaaS) solution provides additional memory to apps by changing pricing tiers. (O) 平台即服務 (PaaS) 解決方案通過更改定價層為應用程序提供額外的內存。 #### 22. Availability Zones in Azure Azure可用區_數據中心可以、區域不可以 - 可以保護Azure虛擬機及託管磁盤的數據中心免受故障 - 不可以保護Azure虛擬機區域免受故障 Availability Zones in Azure to protect Azure virtual machines from a datacenter failure (O) Azure 中的可用區以保護 Azure 虛擬機免受數據中心故障的影響 (O) Availability Zones in Azure to protect Azure virtual machines from a region failure (X) Azure 中的可用區以保護 Azure 虛擬機免受區域故障 (X) Availability Zones in Azure to protect Azure managed disks from a datacenter failure (O) Azure 中的可用區以保護 Azure 託管磁盤免受數據中心故障 (O) #### 23. Azure Sentinel 用作安全信息和事件管理 (SIEM) 解決方案 You can use Azure Sentinel as a security information and event management (SIEM) solution. #### 24. Azure 資源保證正常運行時間可透過多個區域而非多個訂閱 Companies can increase the Service Level Agreement guaranteed uptime by adding Azure resources to **multiple regions**. Companies can increase the Service Level Agreement guaranteed uptime by purchasing **multiple subscriptions**. 公司可以通過將 Azure 資源添加到**多個區域**來增加服務水平協議保證的正常運行時間。公司可以通過購買**多個訂閱**來增加服務水平協議保證的正常運行時間。 #### 25. 應用洞察幫助業務分析實際返回應用程序的用戶數量 Application Insights helps business analyse how many users actually return to the application. #### 26. 使用流量管理器配置文件和故障轉移路由策略可以確保滿足冗餘要求 Using a Traffic Manager profile along with the failover routing policy can ensure the requirement for redundancy is fulfilled. ### 難搞題目 - 4vs243vs274 network security group(NSG) vs Azure Firewall - virtual network subnet (O) - network interface(O) - virtual network (X) ->Azure Firewall > Azure firewall >> You have an Azure environment that contains 10 **virtual networks** and 100 virtual machines. You need to limit the amount of inbound traffic to all the Azure **virtual networks**. - 11&12 Azure Resource Manager Azure 資源管理器模板 - Azure Resource Manager templates provides a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment. - Azure 資源管理器模板提供了一個通用平台，用於將對象部署到雲基礎結構並實現整個 Azure 環境的一致性。 - Each business unit requires 20 different Azure resources for daily operation. All the business units require the same type of Azure resources. You can use Azure Resource Manager templates to automate the creation of the Azure resources. - 每個業務部門的日常運營需要 20 種不同的 Azure 資源。所有業務部門都需要相同類型的 Azure 資源。可以使用 Azure 資源管理器模板自動創建 Azure 資源。 - 20 Azure policies Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources. Azure 策略可用於定義部署期間資源屬性和現有資源的要求。 Azure Policy 控制資源的類型或位置等屬性。 - 38vs221 1- YES Azure 資源從其資源組繼承鎖。 2- NO If you assign a tag to a resource group, all the Azure resources in that resource group are assigned to the same tag. 如果將標籤分配給資源組，則該資源組中的所有 Azure 資源都會分配給同一個標籤。 Tags for Resources are not inherited by default from their Resource Group 默認情況下，資源標籤不會從其資源組繼承 3-YES If you set permissions to a resource group, all the Azure resources in that resource group inherit the permissions. 如果為資源組設置權限，則該資源組中的所有 Azure 資源都會繼承權限。 A resource group can be used to scope access control for administrative actions. By default, permissions set at the resource level are inherited by the resources in the resource group. 資源組可用於確定管理操作的訪問控制範圍。默認情況下，在資源級別設置的權限由資源組中的資源繼承。 - 58~60 You deploy the virtual machines to two or more scale sets. 虛擬機部署到兩個或更多規模集。(X) You deploy the virtual machines to two or more availability zones. 您將虛擬機部署到兩個或更多可用區。(O) You deploy the virtual machines to two or more regions. 您將虛擬機部署到兩個或更多區域。(O) - 68 You plan to deploy 20 virtual machines to an Azure environment. To ensure that a virtual machine named VM1 cannot connect to the other virtual machines, VM1 must be deployed to a separate virtual network. 您計劃將 20 台虛擬機部署到 Azure 環境。為確保名為 VM1 的虛擬機無法連接到其他虛擬機，必須將 VM1 部署到單獨的虛擬網絡。 - 77 You have an Azure environment. You need to create a new Azure virtual machine from an Android laptop. Solution: You use Bash in Azure Cloud Shell. Does this meet the goal? A. Yes 你有一個 Azure 環境。您需要從 Android 筆記本電腦創建新的 Azure 虛擬機。解決方案：在 Azure Cloud Shell 中使用 Bash。這是否達到目標？ A. 是的 - 93vs219 > 93 >> You have an Azure virtual network named VNET1 in a resource group named RG1.You assign an Azure policy specifying that virtual networks are not an allowed resource type in RG1. VNET1 is deleted automatically. >> 在名為 RG1 的資源組中有一個名為 VNET1 的 Azure 虛擬網絡。您分配一個 Azure 策略，指定虛擬網絡不是 RG1 中允許的資源類型。 VNET1 被自動刪除。 > > 219 >> You have an Azure virtual network named VNET1 in a resource group named RG1. You assign an Azure policy definition of Not Allowed Resource Type and specify that virtual networks are not an allowed resource type in RG1. VNET1 continues to function normally. >> 在名為 RG1 的資源組中有一個名為 VNET1 的 Azure 虛擬網絡。您分配不允許的資源類型的 Azure 策略定義，並指定虛擬網絡不是 RG1 中允許的資源類型。 VNET1 繼續正常運行。 - 123vs126 Log - Windows Event Logs : Event - Linux Log Analytics : Syslog - 134 複製到 Azure 存儲帳戶的數據會自動維護至少三個副本。(O) 複製到 Azure 存儲帳戶的所有數據都會自動備份到另一個 Azure 數據中心。(X) - 143 All Azure Security Center Features are free.(X) 所有 Azure 安全中心功能都是免費的。 - 149 一個 Azure 資源組包含多個 Azure 訂閱。(X) Resource groups are logical containers for Azure resources. However, resource groups do not contain subscriptions. Subscriptions contain resource groups. 資源組是 Azure 資源的邏輯容器。但是，資源組不包含訂閱。訂閱包含資源組。 - 173 An organization deploys additional resource to Azure as it wants to expand its cloud presence. It is decided that templates based on existing resources will be used while deploying. Consistent deployment must be ensured as it is critical. Which of the following would you suggest the organization should use? 組織在想要擴展其云存在時向 Azure 部署額外的資源。決定在部署時使用基於現有資源的模板。必須確保一致的部署，因為這很關鍵。您建議組織應該使用以下哪項？ Azure Resource Manager Azure 資源管理器 - 175 An organization is operating with three Availability Zones (AZ). It is decided to deploy multiple instances of a web application across all three AZs. An Azure networking product is then configured by the organization so the service requests can be evenly distributed across all the three instances. Can you identify the Azure networking product that will be used? 一個組織使用三個可用區 (AZ) 進行運營。決定跨所有三個可用區部署 Web 應用程序的多個實例。然後組織配置 Azure 網絡產品，以便服務請求可以均勻分佈在所有三個實例中。你能確定將要使用的 Azure 網絡產品嗎？ Application Gateway 應用網關 - 214vs - 驗證是驗證用戶憑據的過程 - - 221 Azure 資源從其資源組繼承鎖。 - 228 An Azure subscription can be associated to multiple Azure Active Directory tenants. You can change the Azure Active Directory tenant to which an Azure subscription is associated. When an Azure subscription expires, the associated Azure Active Directory tenant is deleted automatically. (X)一個 Azure 訂閱可以關聯到多個 Azure Active Directory 租戶。 (O)您可以更改 Azure 訂閱關聯的 Azure Active Directory 租戶。 (X)當 Azure 訂閱到期時，關聯的 Azure Active Directory 租戶將自動刪除。 - 248vs252 Role-based access control(RBAC) vs Azure Policies > Role-based access control(RBAC) > A new policy has been implemented in your organization that limits access to resource group and resource scopes in a detailed, granular way. Various groups and users will be provided access. What would you choose to use if you want to implement the new policy? > 您的組織中實施了一項新策略，以詳細、精細的方式限制對資源組和資源範圍的訪問。將向各種組和用戶提供訪問權限。如果要實施新政策，您會選擇使用什麼？ > User and Group management 用戶和群組管理 > An organization wants to develop and deploy web apps, for which it subscribes to Azure as a platform. It is desired to keep the expenses to a minimum before the app is finally released. You have to identify the features available in Azure Active Directory (AD) Free edition. > 組織想要開發和部署 Web 應用程序，為此它訂閱了 Azure 作為平台。希望在應用程序最終發布之前將費用保持在最低水平。您必須確定 Azure Active Directory (AD) 免費版中可用的功能。 - 271 Azure Monitor can be used to automatically send an alert if an administrator stops an Azure virtual machine. With Azure Monitor, you can set up alerts based on metrics and log data, and you can receive notifications through email, SMS, webhooks, and other channels. In the case of an Azure virtual machine, you can use Azure Monitor to set up an alert that triggers if the virtual machine goes down or becomes unavailable. This way, you can receive an alert as soon as the virtual machine stops, allowing you to take prompt action and resolve the issue. Azure Advisor provides recommendations for optimizing your Azure resources. Azure Service Health provides information about the health of Azure services and helps you prepare for, and respond to, Azure service incidents. Azure Network Watcher provides monitoring and diagnostics for your Azure network. 如果管理員停止 Azure 虛擬機，Azure Monitor 可用於自動發送警報。借助 Azure Monitor，您可以根據指標和日誌數據設置警報，並且可以通過電子郵件、SMS、webhook 和其他渠道接收通知。對於 Azure 虛擬機，您可以使用 Azure Monitor 設置在虛擬機出現故障或變得不可用時觸發的警報。這樣，您可以在虛擬機停止時立即收到警報，以便您迅速採取措施並解決問題。 Azure 顧問提供優化 Azure 資源的建議。 Azure 服務運行狀況提供有關 Azure 服務運行狀況的信息，並幫助你準備和響應 Azure 服務事件。 Azure 網絡觀察程序為你的 Azure 網絡提供監視和診斷。 - 276 A Platform as a Service (PaaS) solution provides additional memory to apps by changing pricing tiers. (O) 平台即服務 (PaaS) 解決方案通過更改定價層為應用程序提供額外的內存。 - 283 - Availability Zones in Azure to protect Azure virtual machines from a datacenter failure (O) - Azure 中的可用區以保護 Azure 虛擬機免受數據中心故障的影響 (O) - Availability Zones in Azure to protect Azure virtual machines from a region failure (X) - Azure 中的可用區以保護 Azure 虛擬機免受區域故障 (X) - Availability Zones in Azure to protect Azure managed disks from a datacenter failure (O) - Azure 中的可用區以保護 Azure 託管磁盤免受數據中心故障 (O) - 284 When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines to the resource group. 當您需要同時將權限委託給多個 Azure 虛擬機時，您必須將 Azure 虛擬機部署到資源組。 - 332 You can use Azure Sentinel as a security information and event management (SIEM) solution. 可以將 Azure Sentinel 用作安全信息和事件管理 (SIEM) 解決方案。 ### 20230606 修改 - 4 What are two characteristics of the public cloud? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. 公有云的兩個特點是什麼？每個正確答案都代表一個完整的解決方案。注意：每個正確的選擇都值得一分。 A. dedicated hardware B. unsecured connections C. limited storage D. metered pricing E. self-service management A、專用硬件 B. 不安全的連接 C. 有限存儲 D、計量定價 E. 自助管理 - 32 A. Azure Logic Apps B. Azure Machine Learning Studio C. Azure Batch D. Azure Cosmos DB - 318 A. Azure subscriptions B. Azure Security Center C. Azure Marketplace D. Microsoft Store ### 備考準備事項 1. 一天準備20題(348/18) 2. 攜帶身分證(員工證也可帶) ### 報考資訊 - 20230529 ![](https://hackmd.io/_uploads/Bkdh1gGI3.png) ![](https://hackmd.io/_uploads/r1ARyeMLn.png) Skills measured The English language version of this exam was updated on October 28, 2022. Review the study guide linked in the preceding “Tip” box for details about the skills measured and latest changes. Describe cloud concepts (25–30%) Describe Azure architecture and services (35–40%) Describe Azure management and governance (30–35%) 衡量技能該考試的英語版本已於 2022 年 10 月 28 日更新。查看前面“提示”框中鏈接的學習指南，了解有關所測技能和最新變化的詳細信息。描述雲概念 (25–30%) 描述 Azure 架構和服務 (35–40%) 描述 Azure 管理和治理 (30–35%) ### Mail form茹敏 - 20230522 Dear all, 微軟認證考試相關注意事項如下，另提醒大家，考試可選擇至恆逸或在家考試，若選擇在家考試，請參考以下「考試當天」的說明。處長指示，請大家仍於6月底前完成考試認證。微軟認證考試報名注意事項： 1. 微軟認證考試報名網站僅限”個人帳號”登入，請勿使用”公司帳號”，並請於公司以外網路完成報名程序，例如使用家裡WIFI 或以NB連接手機上網。 2. “公司帳號”或”個人帳號” 可於 “個人帳號”登入後，於”個人檔案設定”的地方設定相關連(兩個帳號屬於同一個人)。如原已設定兩個帳號(公司&個人)為同一電子郵件地址，請參考附件說明重新命名”個人帳號”。 3. 報名完成，收到確認信後，信內有一個”環境檢查”的按鈕，可用於檢查考試時所用的設備是否符合考試所需(作業系統版本、網路速度、錄音、錄影…)，請務必於考試日期前幾天檢查完成。 4.每人同一科目可重考5次，1-2次需間隔一週，2次以上需間隔二週，請勿缺席，無故缺席需自行負擔考試費用。「考試當天」 1. 將桌面清空，座位前後左右雜物清空，只留筆電、手機及身份證件在桌上，筆電不可連接電源線。 2. 務必於考試前30分鐘登入系統，會需進行一系列的認證作業。甲、依畫面需求拍證件照、自拍、考試環境前、後、左、右場景照。乙、筆電只開啟考試所需的軟體，其餘一律關閉，並將手機收起來，置於考試座位外3公尺處。丙、監考人員查驗所有上傳相片資料無誤後，即自動開始考試。丁、考試時，不可出聲音(唸題目唸太大聲)，人像不可離開鏡頭視窗的範圍，若有，系統會出告警訊息，兩次以上會取消考試。戊、試題答完，即知結果；試後的問卷，可作可不作；考完約莫一小時後，可收到認證成功徽章email。亦可以參考這個網站的介紹~~ https://blog.alantsai.net/posts/2020/06/microsoft-certification-04-how-to-take-exam-from-home-or-office --- Dear all, 1. 下表之同仁，即日起可進行認證考試，每一課程均有對應之Voucher Number，請務必使用對應的編號進行考試，如有使用錯誤或未使用，將產生自費考試費用，請務必謹慎，提供附檔PPT參考，若使用正確Voucher Number，帶出的報名費應為USD 0.00元。 2. 認證考試請於2023/10/31前完成，取得證照後，請mail通知我(截止日期不得再延長，請儘量提早完成)。 3. 再次提醒，請各科長鼓勵未在表列內之同仁主動至ESI網站上課與報名認證 Enterprise Skills Initiative: Welcome (microsoft.com)，再提供下表新增上課之名單給我，並另索取Voucher Number。 35 金融技術部李冠旻 Fundamentals AZ-900 報名上課 MSCP755F1222 　 AZ-900 Azure Fundamentals 36 金融技術部李冠旻 Fundamentals PL-900 出席上課 MSCP75626C80 　 Microsoft Power Platform Fundamentals ### 證照(AZ900)考試經驗分享_NICK - 20230511 #. 九月雲端開放 - Sinopac 0. 講者 : 濬澄 1. 時程規劃 1-1. 考前約一個月前報名 1-2. 2. 模擬測驗 2-1. 微軟模擬測驗 2-2. 考題不從裡面出 (與實際考題差異度) 3. 考試資訊 3-1. 70%及格 3-2. 考試比例有公布 3-3. 可選中文考題(可切換英文) 4. 考試地點 4-1. 推薦現場實體考試(電腦問題多) 4-2. 身分確認 4-3. 隨身物品 5. 使用私人帳號報考並連結公司信箱 --- 有可能是工作與個人帳戶用了同一組Email Address，請參考以下官網說明變更個人帳戶所使用的Email Address。 PS：建議使用個人網路存取個人帳號後變更，公司網路會擋個人帳戶存取。 https://support.microsoft.com/zh-tw/office/%E6%82%A8%E8%A6%81%E4%BD%BF%E7%94%A8%E5%93%AA%E7%A8%AE%E5%B8%B3%E6%88%B6-2b5bbd7a-7df6-4283-beff-8015e28eb7b9 ### Mil濬澄分享考試密技_20230511 - 20230508 #### 參加者：凡被追踪在案要考AZ900的同仁 #### 其他同仁選擇參加 ### AZ900_86~90 - 20230522 QUESTION 86 This question requires that you evaluate the underlined text to determine if it is correct. After you create a virtual machine, you need to modify the **network security group (NSG)** to allow connections from TCP port 8080 to the virtual machine. Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed B. virtual network gateway C. virtual network D. route table Answer: A QUESTION 87 Which Azure service should you use to store certificates? A. Azure Security Center B. an Azure Storage account C. Azure Key Vault D. Azure Information Protection Answer: C Explanation: Azure Key Vault is a secure store for storage various types of sensitive information including passwords and certificates. Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets. Secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and hardware security modules (HSMs). The HSMs used are Federal Information Processing Standards (FIPS) 140-2 Level 2 validated. Access to a key vault requires proper authentication and authorization before a caller (user or application) can get access. Authentication establishes the identity of the caller, while authorization determines the operations that they are allowed to perform. References: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview QUESTION 88 You have a resource group named RG1. You plan to create virtual networks and app services in RG1. You need to prevent the creation of virtual machines only in RG1. What should you use? A. a lock B. an Azure role C. a tag D. an Azure policy Answer: D Explanation: Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources. Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. In this question, we would create an Azure policy assigned to the resource group that denies the creation of virtual machines in the resource group. You could place a read-only lock on the resource group. However, that would prevent the creation of any resources in the resource group, not virtual machines only. Therefore, an Azure Policy is a better solution. Reference: https://docs.microsoft.com/en-us/azure/governance/policy/overview QUESTION 89 What can Azure Information Protection encrypt? A. network traffic B. documents and email messages C. an Azure Storage account D. an Azure SQL database Answer: B Explanation: Azure Information Protection can encrypt documents and emails. Azure Information Protection is a cloud-based solution that helps an organization to classify and optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations. The protection technology uses Azure Rights Management (often abbreviated to Azure RMS). This technology is integrated with other Microsoft cloud services and applications, such as Office 365 and Azure Active Directory. This protection technology uses encryption, identity, and authorization policies. Similarly to the labels that are applied, protection that is applied by using Rights Management stays with the documents and emails, independently of the location inside or outside your organization, networks, file servers, and applications. References: https://docs.microsoft.com/en-us/azure/information-protection/compliance https://docs.microsoft.com/en-us/azure/information-protection/quickstart-label-dnf-protectedemail QUESTION 90 What should you use to evaluate whether your company's Azure environment meets regulatory requirements? A. the Knowledge Center website B. the Advisor blade from the Azure portal C. Compliance Manager from the Security Trust Portal D. the Security Center blade from the Azure portal Answer: C Explanation: Compliance Manager in the Service Trust Portal is a workflow-based risk assessment tool that helps you track, assign, and verify your organization's regulatory compliance activities related to Microsoft Cloud services, such as Microsoft 365, Dynamics 365, and Azure. Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide