AZ 104

¡Supera tus tareas y exámenes ahora con Quizwiz!

You have an Azure web app named webapp1.Users report that they often experience HTTP 500 errors when they connect to webapp1.You need to provide the developers of webapp1 with real-time access to the connection errors. The solution must provide all the connection error details.What should you do first? A. From webapp1, enable Web server logging B. From Azure Monitor, create a workbook C. From Azure Monitor, create a Service Health alert D. From webapp1, turn on Application Logging

Correct Answer: A

Your company has a Microsoft SQL Server Always On availability group configured on their Azure virtual machines (VMs).You need to configure an Azure internal load balancer as a listener for the availability group.Solution: You enable Floating IP.Does the solution meet the goal? A. Yes B. No

Correct Answer: A

Your company has an Azure Active Directory (Azure AD) subscription.You want to implement an Azure AD conditional access policy.The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy.Does the solution meet the goal? A. Yes B. No

Correct Answer: A

Your company has an Azure Active Directory (Azure AD) tenant that is configured for hybrid coexistence with the on-premises Active Directory domain.The on-premise virtual environment consists of virtual machines (VMs) running on Windows Server 2012 R2 Hyper-V host servers.You have created some PowerShell scripts to automate the configuration of newly created VMs. You plan to create several new VMs.You need a solution that ensures the scripts are run on the new VMs.Which of the following is the best solution? A. Configure a SetupComplete.cmd batch file in the %windir%setupscripts directory. B. Configure a Group Policy Object (GPO) to run the scripts as logon scripts. C. Configure a Group Policy Object (GPO) to run the scripts as startup scripts. D. Place the scripts in a new virtual hard disk (VHD).

Correct Answer: A

Your company's Azure subscription includes Azure virtual machines (VMs) that run Windows Server 2016.One of the VMs is backed up every day using Azure Backup Instant Restore.When the VM becomes infected with data encrypting ransomware, you decide to recover the VM's files.Which of the following is TRUE in this scenario? A. You can only recover the files to the infected VM. B. You can recover the files to any VM within the company's subscription. C. You can only recover the files to a new VM. D. You will not be able to recover the files.

Correct Answer: A

You are planning the move of App1 to Azure.You create a network security group (NSG).You need to recommend a solution to provide users with access to App1.What should you recommend? A. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers. B. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers. C. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets. D. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

Correct Answer: A Explanation/Reference:Explanation:Incoming and the web server subnet only, as users access the web front end by using HTTPS only.Note Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:A SQL databaseA web front endA processing middle tierEach tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.01 - Monitor and back up Azure resources

Your company's Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB.VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to-site VPN connection exists between your company's on-premises network and VirtualNetworkA.You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering between VirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company's on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation.You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation.Solution: You download and re-install the VPN client configuration package on the Windows 10 workstation.Does the solutio

Correct Answer: A Explanation/Reference:Reference:https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account.You want to review the ARM template that was used by Jon Ross.Solution: You access the Resource Group blade.Does the solution meet the goal? A. Yes B. No

Correct Answer: A Reference:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template

Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises Active Directory domain.You have a server named DirSync1 that is configured as a DirSync server.You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately.Solution: You run the Start-ADSyncSyncCycle -PolicyType Initial PowerShell cmdlet.Does the solution meet the goal? A. Yes B. No

Correct Answer: A Explanation/Reference:Reference:https://blog.kloud.com.au/2016/03/08/azure-ad-connect-manual-sync-cycle-with-powershell-start-adsyncsynccycle/

Your company's Azure solution makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model.After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication.To achieve this, the Per Enabled User setting must be set for the usage model.Solution: You create a new Multi-Factor Authentication provider with a backup from the existing Multi-Factor Authentication provider data.Does the solution meet the goal? A. Yes B. No

Correct Answer: A Explanation/Reference:Since it is not possible to change the usage model of an existing provider as it is right now, you have to create a new one and reactivate your existing server with activation credentials from the new provider.Reference:https://365lab.net/2015/04/11/switch-usage-model-in-azure-multi-factor-authentication-server/

Your company has a Microsoft SQL Server Always On availability group configured on their Azure virtual machines (VMs).You need to configure an Azure internal load balancer as a listener for the availability group.Solution: You set Session persistence to Client IP.Does the solution meet the goal? A. Yes B. No

Correct Answer: B

Your company has an Azure Active Directory (Azure AD) subscription.You want to implement an Azure AD conditional access policy.The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy.Does the solution meet the goal? A. Yes B. No

Correct Answer: B

Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises Active Directory domain.You have a server named DirSync1 that is configured as a DirSync server.You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately.Solution: You use Active Directory Sites and Services to force replication of the Global Catalog on a domain controller.Does the solution meet the goal? A. Yes B. No

Correct Answer: B

Your company has an Azure Active Directory (Azure AD) tenant that is configured for hybrid coexistence with the on-premises Active Directory domain.You plan to deploy several new virtual machines (VMs) in Azure. The VMs will have the same operating system and custom software requirements.You configure a reference VM in the on-premise virtual environment. You then generalize the VM to create an image.You need to upload the image to Azure to ensure that it is available for selection when you create the new Azure VMs.Which PowerShell cmdlets should you use? A. Add-AzVM B. Add-AzVhd C. Add-AzImage D. Add-AzImageDataDisk

Correct Answer: B

Your company has an Azure subscription.You need to deploy a number of Azure virtual machines (VMs) using Azure Resource Manager (ARM) templates. You have been informed that the VMs will be included in a single availability set.You are required to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintenance.Which of the following is the value that you should configure for the platformUpdateDomainCount property? A. 10 B. 20 C. 30 D. 40

Correct Answer: B

You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.What should you include in the recommendation? A. Azure AD B2C B. dynamic groups and conditional access policies C. Azure AD Identity Protection D. an Azure logic app and the Microsoft Identity Management (MIM) client

Correct Answer: B Explanation/Reference:Explanation:Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other conditions.Reference:https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstatesMix Questions

Your company has a main office in London that contains 100 client computers.Three years ago, you migrated to Azure Active Directory (Azure AD).The company's security policy states that all personal devices and corporate-owned devices must be registered or joined to Azure AD.A remote user named User1 is unable to join a personal device to Azure AD from a home network.You verify that User1 was able to join devices to Azure AD in the past.You need to ensure that User1 can join the device to Azure AD.What should you do? A. Assign the User administrator role to User1. B. From the Device settings blade, modify the Maximum number of devices per user setting. C. Create a point-to-site VPN from the home network of User1 to Azure. D. From the Device settings blade, modify the Users may join devices to Azure AD setting.

Correct Answer: B Explanation/Reference:Explanation:The Maximum number of devices setting enables you to select the maximum number of devices that a user can have in Azure AD. If a user reaches this quota, they will not be able to add additional devices until one or more of the existing devices are removed.Incorrect Answers:C: Azure AD Join enables users to join their devices to Active Directory from anywhere as long as they have connectivity with the Internet.D: The Users may join devices to Azure AD setting enables you to select the users who can join devices to Azure AD. Options are All, Selected and None. The default is All.Reference:https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portalhttp://techgenix.com/pros-and-cons-azure-ad-join/

Your company's Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB.VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to-site VPN connection exists between your company's on-premises network and VirtualNetworkA.You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering between VirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company's on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation.You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation.Solution: You choose the Allow gateway transit setting on VirtualNetworkA.Does the solution meet the goal? A. Yes B. No

Correct Answer: B Explanation/Reference:Reference:https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

Your company has a Microsoft Azure subscription.The company has datacenters in Los Angeles and New York.You are configuring the two datacenters as geo-clustered sites for site resiliency.You need to recommend an Azure storage redundancy option.You have the following data storage requirements:Data must be stored on multiple nodes.Data must be stored on nodes in separate geographic locations.Data can be read from the secondary location as well as from the primary location.Which of the following Azure stored redundancy options should you recommend? A. Geo-redundant storage B. Read-only geo-redundant storage C. Zone-redundant storage D. Locally redundant storage

Correct Answer: B Explanation/Reference:RA-GRS allows you to have higher read availability for your storage account by providing "read only" access to the data replicated to the secondary location. Once you enable this feature, the secondary location may be used to achieve higher availability in the event the data is not available in the primary region. This is an "opt-in" feature which requires the storage account be geo-replicated.Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy

Your company has a Microsoft SQL Server Always On availability group configured on their Azure virtual machines (VMs).You need to configure an Azure internal load balancer as a listener for the availability group.Solution: You create an HTTP health probe on port 1433.Does the solution meet the goal? A. Yes B. No

Correct Answer: B Explanation/Reference:Reference:https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-portal-sql-alwayson-int-listener

Your company's Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB.VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to-site VPN connection exists between your company's on-premises network and VirtualNetworkA.You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering between VirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company's on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation.You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation.Solution: You choose the Allow gateway transit setting on VirtualNetworkB.Does the solution meet the goal? A. Yes B. No

Correct Answer: B Explanation/Reference:Reference:https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

Your company's Azure solution makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model.After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication.To achieve this, the Per Enabled User setting must be set for the usage model.Solution: You reconfigure the existing usage model via the Azure CLI.Does the solution meet the goal? A. Yes B. No

Correct Answer: B Explanation/Reference:Since it is not possible to change the usage model of an existing provider as it is right now, you have to create a new one and reactivate your existing server with activation credentials from the new provider.Reference:https://365lab.net/2015/04/11/switch-usage-model-in-azure-multi-factor-authentication-server/

Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises Active Directory domain.You have a server named DirSync1 that is configured as a DirSync server.You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately.Solution: You restart the NetLogon service on a domain controller.Does the solution meet the goal? A. Yes B. No

Correct Answer: B Explanation/Reference:Topic 2, Implement and manage storage

You have an Azure virtual machine (VM) that has a single data disk. You have been tasked with attaching this data disk to another Azure VM.You need to make sure that your strategy allows for the virtual machines to be offline for the least amount of time possible.Which of the following is the action you should take FIRST? A. Stop the VM that includes the data disk. B. Stop the VM that the data disk must be attached to. C. Detach the data disk. D. Delete the VM that includes the data disk.

Correct Answer: C

Your company has serval departments. Each department has a number of virtual machines (VMs).The company has an Azure subscription that contains a resource group named RG1.All VMs are located in RG1.You want to associate each VM with its respective department.What should you do? A. Create Azure Management Groups for each department. B. Create a resource group for each department. C. Assign tags to the virtual machines. D. Modify the settings of the virtual machines.

Correct Answer: C

Your company has three virtual machines (VMs) that are included in an availability set.You try to resize one of the VMs, which returns an allocation failure message.It is imperative that the VM is resized.Which of the following actions should you take? A. You should only stop one of the VMs. B. You should stop two of the VMs. C. You should stop all three VMs. D. You should remove the necessary VM from the availability set.

Correct Answer: C

You have an Azure subscription that contains the identities shown in the following table. Name Type Member of User1 User None User2 User Group1 Principal1 Managed identity None Principal2 Managed identity Group1 User1, Principal1, and Group1 are assigned the Monitoring Reader role.An action group named AG1 has the Email Azure Resource Manager Role notification type and is configured to email the Monitoring Reader role.You create an alert rule named Alert1 that uses AG1.You need to identity who will receive an email notification when Alert1 is triggered.Who should you identify?A. User1 and Principal1 onlyB. User1, User2, Principal1, and Principal2C. User1 onlyD. User1 and User2 only

Correct Answer: C Explanation/Reference:Explanation:Email will only be sent to Azure AD user members of the Monitoring Reader role. Email will not be sent to Azure AD groups or service principals.Reference:https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups02 - Monitor and back up Azure resources

You have an existing Azure subscription that contains 10 virtual machines.You need to monitor the latency between your on-premises network and the virtual machines.What should you use? A. Service Map B. Connection troubleshoot C. Network Performance Monitor D. Effective routes

Correct Answer: C Explanation/Reference:Explanation:Network Performance Monitor is a cloud-based hybrid network monitoring solution that helps you monitor network performance between various points in your network infrastructure. It also helps you monitor network connectivity to service and application endpoints and monitor the performance of Azure ExpressRoute.You can monitor network connectivity across cloud deployments and on-premises locations, multiple data centers, and branch offices and mission-critical multitier applications or microservices. With Performance Monitor, you can detect network issues before users complain.Reference:https://docs.microsoft.com/en-us/azure/azure-monitor/insights/network-performance-monitor

You are planning to deploy an Ubuntu Server virtual machine to your company's Azure subscription.You are required to implement a custom deployment that includes adding a particular trusted root certification authority (CA).Which of the following should you use to create the virtual machine? A. The New-AzureRmVm cmdlet. B. The New-AzVM cmdlet. C. The Create-AzVM cmdlet. D. The az vm create command.

Correct Answer: C Explanation/Reference:Once Cloud-init.txt has been created, you can deploy the VM with az vm create cmdlet, using the -custom-data parameter to provide the full path to the cloud-init.txt file.Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-automate-vm-deployment

You need to ensure that VM1 can communicate with VM4. The solution must minimize the administrative effort.What should you do? A. Create an NSG and associate the NSG to VM1 and VM4. B. Establish peering between VNET1 and VNET3. C. Assign VM4 an IP address of 10.0.1.5/24. D. Create a user-defined route from VNET1 to VNET3.

Correct Answer: C Explanation/Reference:Reference:https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal03 - Configure and manage virtual networking

Your company has an Azure Active Directory (Azure AD) subscription.You need to deploy five virtual machines (VMs) to your company's virtual network subnet.The VMs will each have both a public and private IP address. Inbound and outbound security rules for all of these virtual machines must be identical.Which of the following is the least amount of security groups needed for this configuration? A. 4 B. 3 C. 2 D. 1

Correct Answer: D

Your company has an Azure subscription.You need to deploy a number of Azure virtual machines (VMs) using Azure Resource Manager (ARM) templates. You have been informed that the VMs will be included in a single availability set.You are required to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintenance.Which of the following is the value that you should configure for the platformFaultDomainCount property? A. 10 B. 30 C. Min Value D. Max Value

Correct Answer: D

You have an Azure virtual machine named VM1.Azure collects events from VM1.You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the System event log of VM1.Which target resource should you monitor in the alert rule? A. virtual machine extension B. virtual machine C. metric alert D. Azure Log Analytics workspace

Correct Answer: D Explanation/Reference:Explanation:For the first step to create the new alert tule, under the Create Alert section, you are going to select your Log Analytics workspace as the resource, since this is a log based alert signal.Reference:https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/configure-azure-monitor

You have an Azure subscription that contains 100 virtual machines.You regularly create and delete virtual machines.You need to identify unattached disks that can be deleted.What should you do? A. From Azure Cost Management, view Cost Analysis B. From Azure Advisor, modify the Advisor configuration C. From Microsoft Azure Storage Explorer, view the Account Management properties D. From Azure Cost Management, view Advisor Recommendations

Correct Answer: D Explanation/Reference:Explanation:From Home -> Cost Management + Billing -> Cost Management, scroll down on the options and select View Recommendations:Azure Cost Management / AdvisorFrom here you will see the recommendations for your subscription, if you have orphaned disks, they will be listed.Reference:https://codeserendipity.com/2020/07/08/microsoft-azure-find-unattached-disks-that-can-be-deleted-and-other-recommendations/

HOTSPOTYou need to implement Role1.Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: -Name "Reader" Find-Role Capability ConvertFrom-Json Get-AzureADDirectoryRole ConvertFrom-String Get-AzRoleDefinition ConvertTo-Json Get-AzResourceProvider ConvertTo-XML

Get-AzRoleDefinition ConvertTo-Json

You purchase a new Azure subscription named Subscription1.You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: Location in which to store the backups: A blob container A file share A Recovery Services vault A storage account Object to use to configure the protection for VM1: A backup policy A batch job A batch schedule A recovery plan

Location in which to store the backups: A Recovery Services vault Object to use to configure the protection for VM1: A backup policy xplanation/Reference:Explanation:Box 1: A Recovery Services vaultYou can set up a Recovery Services vault and configure backup for multiple Azure VMs.Box 2: A backup policyIn Choose backup policy, do one of the following:Leave the default policy. This backs up the VM once a day at the time specified, and retains backups in the vault for 30 days.Select an existing backup policy if you have one.Create a new policy, and define the policy settings.Reference:https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm

DRAG DROP You have an Azure Linux virtual machine that is protected by Azure Backup.One week ago, two files were deleted from the virtual machine.You need to restore the deleted files to an on-premises Windows Server 2016 computer as quickly as possible.Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place: Download and run the script to mount a drive on the local computer Select a restore point that contains the deleted files From the Azure portal, click Restore VM from the vault From the Azure portal, click File Recovery from the vault Mount a VHD Copy the files by using AZCopy Copy the files by using File Explorer

Select a restore point that contains the deleted files Download and run the script to mount a drive on the local computer Copy the files by using File Explorer

Case study OverviewLitware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.All the resources used by Litware are hosted on-premises.Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The tenant uses the P1 pricing tier.Existing EnvironmentThe network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the litware.com DNS zone.Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their re

Your ****ed

Case study OverviewContoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.Contoso products are manufactured by using blueprint files that the company authors and maintains.Existing EnvironmentCurrently, Contoso uses multiple types of servers for business operations, including the following:File serversDomain controllersMicrosoft SQL Server serversYour network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.You have a public-facing application named App1. App1 is comprised of the following three tiers:A SQL databaseA web front endA processing middle tierEach tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.RequirementsPlanned ChangesContoso plans to implement the following changes to the infrastructure:Move all the tiers

Yourfuced

Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.All the resources used by Litware are hosted on-premises.Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The tenant uses the Premium P1 pricing tier.Existing EnvironmentThe network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the litware.com DNS zone.Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective dep

crap

You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com: Name Role Scope User1 Global Administrator Azure Active Directory User2 Global Administrator Azure Active Directory User3 User Administrator Azure Active Directory User4 Owner Azure Subscription User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.You need to create new user accounts in external.contoso.onmicrosoft.com.Solution: You instruct User1 to create the user accounts.Does that meet the goal?A. YesB. No

Correct Answer: A Explanation/Reference:Explanation:Only a global administrator can add users to this tenant.Reference:https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad

Your company has an Azure Active Directory (Azure AD) subscription.You want to implement an Azure AD conditional access policy.The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.Solution: You access the multi-factor authentication page to alter the user settings.Does the solution meet the goal? A. Yes B. No

Correct Answer: B

You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.From Azure, you download and install the VPN client configuration package on a computer named Computer2.You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.Solution: On Computer2, you set the Startup type for the IPSec Policy Agent service to Automatic.Does this meet the goal? A. Yes B. No

Correct Answer: B Explanation/Reference:Explanation:Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate is not installed, authentication fails.Reference:https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site02 - Configure and manage virtual networking

Your company makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model.After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication.To achieve this, the Per Enabled User setting must be set for the usage model.Solution: You reconfigure the existing usage model via the Azure portal.Does the solution meet the goal? A. Yes B. No

Correct Answer: B Explanation/Reference:Since it is not possible to change the usage model of an existing provider as it is right now, you have to create a new one and reactivate your existing server with activation credentials from the new provider.Reference:https://365lab.net/2015/04/11/switch-usage-model-in-azure-multi-factor-authentication-server/

A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account.You want to review the ARM template that was used by Jon Ross.Solution: You access the Virtual Machine blade.Does the solution meet the goal? A. Yes B. No

Correct Answer: B Explanation/Reference:You should use the Resource Group bladeReference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template

A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account.You want to review the ARM template that was used by Jon Ross.Solution: You access the Container blade.Does the solution meet the goal? A. Yes B. No

Correct Answer: B Explanation/Reference:You should use the Resource Group bladeReference:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template

Your company has virtual machines (VMs) hosted in Microsoft Azure. The VMs are located in a single Azure virtual network named VNet1.The company has users that work remotely. The remote workers require access to the VMs on VNet1.You need to provide access for the remote workers.What should you do? A. Configure a Site-to-Site (S2S) VPN. B. Configure a VNet-toVNet VPN. C. Configure a Point-to-Site (P2S) VPN. D. Configure DirectAccess on a Windows Server 2012 server VM. E. Configure a Multi-Site VPN

Correct Answer: C Explanation/Reference:A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer.Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways

Your company has two on-premises servers named SRV01 and SRV02. Developers have created an application that runs on SRV01. The application calls a service on SRV02 by IP address.You plan to migrate the application on Azure virtual machines (VMs). You have configured two VMs on a single subnet in an Azure virtual network.You need to configure the two VMs with static internal IP addresses.What should you do? A. Run the New-AzureRMVMConfig PowerShell cmdlet. B. Run the Set-AzureSubnet PowerShell cmdlet. C. Modify the VM properties in the Azure Management Portal. D. Modify the IP properties in Windows Network and Sharing Center. E. Run the Set-AzureStaticVNetIP PowerShell cmdlet.

Correct Answer: E Explanation/Reference:Specify a static internal IP for a previously created VMIf you want to set a static IP address for a VM that you previously created, you can do so by using the following cmdlets. If you already set an IP address for the VM and you want to change it to a different IP address, you'll need to remove the existing static IP address before running these cmdlets. See the instructions below to remove a static IP.For this procedure, you'll use the Update-AzureVM cmdlet. The Update-AzureVM cmdlet restarts the VM as part of the update process. The DIP that you specify will be assigned after the VM restarts. In this example, we set the IP address for VM2, which is located in cloud service StaticDemo.Get-AzureVM -ServiceName StaticDemo -Name VM2 | Set-AzureStaticVNetIP -IPAddress 192.168.4.7 | Update-AzureVM Reference: https://docs.microsoft.com/en-us/powershell/module/servicemanagement/azure/set-azurestaticvnetip?view=azuresmps-4.0.0


Conjuntos de estudio relacionados

RHIT - Information Technology Domain 4

View Set

MANA3335 MindTap Case Activity: Chapter 10: Managing Employee Motivation and Performance

View Set

Mental Health Disorders & Addictions

View Set

100 core Hindi Words - Hindi Pod 101

View Set

Sociology of Culture final review compilation

View Set

El Conditional Tense. Realidades 3 pag. 352 "You use the conditional in Spanish to express what a person would do or what a situation would be like"

View Set

CodePath Data Structure Patterns

View Set