Questions I keep getting wrong on practice test

Traffic Manager

A ____ ___ allows users to access resources that are nearest them.

True

True or False Quotas for resources in Azure Resource Groups are per Region rather than per subscription.

False

True or False: They Hybrid Cloud allows you to deploy resources with no capital expenditure.

a. 12 months

Based on the Microsoft Azure Lifecycle Policy, how much advanced warning does Microsoft Give before retiring a guest Operating System? a. 12 months b. 24 months c. 6 months d. 60 days.

Correct

Is the statement below correct or incorrect: An Azure Multi-Factor Authentication (MFA) server is required for authentication when supporting users located on on-premises Active Directory (AD) only.

d. Azure Log Analytics.

Which Azure service should you use to correlate events from multiple resources into a centralized repository? a. Azure Event Hubs b. Azure Analysis Services. c. Azure Monitor. d. Azure Log Analytics.

HITRUST (Health Information Trust Alliance)

____ is a privetly held company that has established a Common Security Framework (CSF) to work with sensitive or regulated information

International Standard Organization (ISO)

____ is a standards-based non-regulatory agency based in Geneva, Switzerland.

region

Quotas for resources in Azure resource groups are per-______ accessible by your subscription, not per-subscription as the service management quotas are.

Service Health

____ tracks the state of Azure services. It allows administrators to be notified of events like planned maintenance, service outage, or resource usage quotas.

T

T or F Access to preview features can be configured at the organization or user level.

c. NIST

This is a standards-based non-regulatory agency based in the US. a. ISO b. GDRP c. NIST

a. Azure Germany

This service uses a physically isolated instance of Azure to meet strict government data privacy requirements. a. Azure Germany b. Azure Government

c. National Institute of Standards and Technology (NIST) 800-171

Which U.S. regulation addresses protecting unclassified information created by the government and stored in non-governmental system? a. Health Information Trust Alliance (HITRUST) b. General Data Protection Regulation (GDPR) c. National Institute of Standards and Technology (NIST) 800-171 d. Payment Card Industry Daata Security Standards (PCI DSS)

c. Application Insights

Which feature of Azure Monitor allows you to visually analyze telemetry data? a. Alerts b. Metrics c. Application Insights d. Service Health

No

Yes or No Does Azure Resource Manager allow you to manage Linux VMs that are already deployed and in use?

Application Insights

_____ ____ is an Application Performance Management (APM) service that detects performance in real time. It allows cloud and on-premises applications to send telemetry data to Azure.

b.Network Security Group

Choose the appropriate networking resource to deploy for the scenario below: You want to allow inbound traffic to an Azure VM from only specific IP addresses. a. Traffic Manager b.Network Security Group

Install and additional instance in a different Availability Zone in the same region. (An SLA of 99.99% requires that two or more VM instances in different availability zones in the same region.)

A company has a single instance Azure VM deployed in the North Central US region. You need to improve the Service Level Agreement (SLA) to guarantee 99.99% availability. You want to minimize the cost associated with the solution. What should you do?

d. Private and public cloud e. On-Premises infrastructure and public cloud.

Which two infrastructures are valid hybrid cloud infrastructures? Each correct answer presents part of the solution. a. Multiple private clouds. b. Multiple public clouds c. On-Premise infrastructure and private cloud. d. Private and public cloud e. On-Premises infrastructure and public cloud.

a. Load Balancer

Choose the appropriate Azure resource to deploy for the scenario below: You want to distribute TCP traffic to virtual machines evenly while providing one public IP address. a. Load Balancer b. Application Gateway c. Traffic Manager

b. Azure Firewall

Choose the appropriate networking resource to deploy for the scenario below: You want to create a rule that restricts network traffic across subscriptions. a. Application Gateway b. Azure Firewall c. Network Security Group

b. Load Balancer

Determine which type of Azure resource to deploy for the scenario below: You want to distribute TCP traffice to virtual machines (VMs) evenly while providing one public ip address. a. Application Gateway b. Load Balancer c. Traffic Manager

c. Cosmos DB

Determine which type of Azure resource to deploy for the scenario below: You want to store schema-less data that can be accessed via SQL queries. a. Azure SQL Database b. Blob Storage c. Cosmos DB

b. Azure Active Directory (Azure AD)

To what should an application connect to retrieve security tokens? a. An Azure storage account b. Azure Active Directory (Azure AD). c. A certificate store. d. An Azure Key Vault.

Applications Data Runtime Middleware Operating System

In the IaaS model, subscribers are responsible for management of what? (ADRMO)

d. Any user or enterprise that requires its data to reside in Germany.

This question requires that you evaluate the UPPER-CASED text surrounded by *** to determine if it is correct. Azure Germany can be used by *** LEGAL RESIDENTS OF GERMANY ONLY ***. Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. a. No change is needed. b. Only enterprises that are registered in Germany. c. Only enterprises that purchase their azure licenses from a partner based in Germany. d. Any user or enterprise that requires its data to reside in Germany.

c. Access your data stored in Azure.

This question requires that you evaluate the UPPER-CASED text surrounded by *** to determine if it is correct. Your Azure trial account expired last week. You are now unable to *** CREATE ADDITIONAL AZURE ACTIVE DIRECTORY (AZURE AD) USER ACCOUNTS ***. Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. a. No change is needed. b. Start an existing Azure virtual machine. c. Access your data stored in Azure. d. Access the Azure portal.

c. An Enterprise Agreement (EA) d. A Pay-as-you-go-subscription

What is required to use Azure Cost Management? a. A Dev/ Test subscription b. Software Assurance c. An Enterprise Agreement (EA) d. A Pay-as-you-go-subscription

b. Service Health

Which Azure Monitor feature sends an administrator an email when a virtual machine (VM) is about to exceed its usage quota for the month? a. Metrics b. Service Health c. Alerts d. Application Insights

Premium

You should use the ____ license when you want on-premises users to be able to reset their own passwords. (Basic, Free, or Premium)

Azure Service Health

____ ____ ____ provides info about planned maintenance and advisories such as deprecated offerings.

Log Analytics

____ ____ is a web tool used to write and execute Azure Monitor log queries. Open it by selecting Logs in the Azure Monitor menu. It starts with a new blank query.

ATP (Advanced Threat Protection)

____ is a cloud-based security solution designed to detect and help identify advanced threats and help to protect hybrid ( cloud and on-premises) computer environments. It also: - Monitors users, entity behavior, and activities. -Help protect user identities and credentials stored in Active Directory. -Provide clear Incident Information

NIST

_____ 800-171 is a US regulation that provides guidelines addressing control unclassified information (CUI) in non-federal information systems and organizations. It specifies how organizations that work with the US government need to set up their info systems and policies to protect CUI.

Azure Security Center

_____ ____ ____ supports monitoring, security recommendations, and advanced threat protection for cloud and on-premises VM resources. IT also provides native integration with Windows defender ATP. It automatically discovers and assesses security for new resources as they are deployed.

IoT Central

_____ is a solution that supports device-to cloud messaging and per-device identity. You can also use it to analyze telemetry data.

IoT Hub

_____ is a solution that supports device-to-cloud messaging and per-device identity. However, you cannot use it to analyze telemetry data.

Logic Apps

_____ provides for serverless workflow orchestration to let you integrate apps, data, systems, and services across enterprises or organizations.

c. File Storage

A company deploys an Azure VM running Windows. The VM hosts data files that must be available to other VMs running Windows, Linux, and macOS. Data must be secure both at rest and in-transit. You need to choose an appropriate storage product solution. Which storage product should you use? a. Archive Storage b. Disk storage c. File Storage d. Blob Storage

c. SMS e. Voice Call f. Password

A company has an Azure Active Directory (AD) Premium P1 subscription. The company has a hybrid environment that uses both Azure AD and on-premises federation AD using Active Directory Federation Services (AD FS). The company is upgrading its security and must configure Azure AD self-service password reset (SSPR) and Multi-Factor Authentication (MFA). You need to identify the authentication types that support both SSPR and MFA. Which three authentication types support both SSPR and MFA? a. Security Questions b. Email address c. SMS d. App password e. Voice Call f. Password

d. The Security Center blade from the Azure Portal.

What should you use to evaluate whether your company's Azure environment meets regulatory requirements? a. The Knowledge Center website. b. The Advisor blade from the Azure portal c. Compliance Manager from the Security Trust Portal. d. The Security Center blade from the Azure Portal.

d. Service Health

Which Azure Monitor feature sends an administrator an email when a virtual machine is about to exceed its usage quota for the month? a. Metrics b. Application Insights c. Alerts d. Service Health

a. MFA d. Security Center Standard tier e. Azure DNS

You are directed to determine SLA support for Azure services. You need to identify which Azure services have financially-backed SLA. Which three services have a financially-backed SLA? a. MFA b. Azure Advisor c. Container Registry d. Security Center Standard tier e. Azure DNS f. Azure Policy

a. Instance Type c. Number of Instances d. Operating System e. Region g. Tier

You are given the approval to move your company's web application to Azure as an App Service. However your manager wants to know the annual cost for one such move. You decide to use the Azure Pricing Calculator to estimate the cost. You need to determine which factors affect the cost. Which 5 factors affect the cost of an ap service? a. Instance Type b. Type of Application framework c. Number of Instances d. Operating System e. Region f. Number of WebJobs g. Tier

b. Metrics in Application Gateway.

You are troubleshooting a performance issue for an Azure Application Gateway. You need to compare the total requests to the failed requests during the past six hours. What should you use? a. NSG flow logs in Azure Network Watcher. b. Metrics in Application Gateway. c. Connection monitor in Azure Network Watcher. d. Diagnostics logs in Application Gateway.

d. Create a new support request.

You attempt to create several managed Microsoft SQL Server instances in an Azure environment and receive a message that you must increase your Azure Subscription Limits. What should you do to increase the limits? a. Create a service health alert b. Upgrade your support plan c. Modify an Azure policy d. Create a new support request.

a. Can be accessed over the Internet by IP. c. Can run on Windows or Linux e. Can scale out as needed. f. Represents a single app and its dependencies.

You consider moving some of your applications to Azure as container instances. However, your manager wants you to explain containers an their benefits first. You need to explain containers to your manager. Which four descriptions of containers are accurate? a. Can be accessed over the Internet by IP. b. Requires you to manually install dependencies. c. Can run on Windows or Linux d.Requires you to configure the host virtual machine. e. Can scale out as needed. f. Represents a single app and its dependencies.

c. 445

You create an Azure Storage account named contosostorage. You plan to create a file share named data. Users need to map a drive to the data file share from home computers that run Windows 10. Which outbound port should you open between the home computers and the data file share? a. 80 b. 443 c 445 d. 3389

a. An Azure Key Vault and an access policy

You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines. You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text. What should you create to store the password? a. An Azure Key Vault and an access policy b. A Recovery Service vault and a backup policy c. Azure Active Directory (AD) Identity Protetion and an Azure policy d. An Azure Storage account and an access oolicy.

a. An inbound NAT rule.

You have a public load balancer that balances ports 80 and 443 across three virtual machines. You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only. What should you configure? a. An inbound NAT rule. b. A load balancing rule. c. A new public load balancer for VM3 d. A frontend IP configuration.

d. Run Azure AD Connect and disable staging mode.

You have an Active Directory forest named contoso.com. You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled. You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs. You need to ensure that the synchronization completes successfully. What should you do? a. Run Azure AD Connect and set the SSO method to Pass-through Authentication. b.From Synchronization Service Manager, run a full import. c. From Azure PowerShell, run Start-AdSyncSyncCycle -PolicyType Initial. d. Run Azure AD Connect and disable staging mode.

a. TXT

You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com. Your company has a public DNS zone for contoso.com. You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name. Which type of DNS record should you create? a. TXT b. SRV c. DNSKEY d. NSEC e. RRSIG f. PTR

d. A virtual network e. A gateway subnet

You have an Azure environment that contains multiple Azure virtual machines. You plan to implement a solution that enables the client computer on your on-premises network to communicate to the Azure virtual machines. You need to recommend which Azure resources must be created for the planned solution. Which two Azure resources should you include in the recommendation? a. A Virtual network gateway b. A load balancer c. An application gateway d. A virtual network e. A gateway subnet

a. The AzurePerformanceDiagnostics extension.

You have an Azure subscription named Subscription1. You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1. What should you use? a. The AzurePerformanceDiagnostics extension. b. Azure HDInsight. c.Linux Diagnostic Extension (LAD) 3.0. d. Azure Analysis Services.

b. Create a route-based virtual network gateway. c. Delete GW1.

You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1. You need to ensure that you can configure a point-to-site connection from VNet1 to an on-premises computer. Which two actions should you perform? Each correct answer presents part of the solution. a. Reset GW1. b. Create a route-based virtual network gateway. c. Delete GW1 d. Add a public IP address space to VNet1. e. Add a connection to GW1. f. Add a service endpoint to VNet1.

a. On the peering connections, use remote gateways. c. On the peering connections, allow gateway transit.

You have an Azure subscription that contains three virtual networks named VNet1, VNet2, and VNet3. VNet2 contains a virtual appliance named VM2 that operates as a router. You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network. You plan to configure peering between VNet1 and Vnet2 and between VNet2 and VNet3. You need to provide connectivity between VNet1 and VNet3 through VNet2. Which two configurations should you perform? Each correct answer presents part of the solution. a. On the peering connections, use remote gateways. b. On the peering connections, allow forwarded traffic. c. On peering connections, allow gateway transit. d. Create routing tables and assign the table to subnets. e. Create a route filter.

d. Modify the backup policy

You have an Azure virtual machine named VM1 that you use for testing. VM1 is protected by Azure Backup. You delete VM1. You need to remove the backup data stored for VM1. What should you do first? a. Delete the Recovery Service vault. b. Delete the storage account. c. Stop the backup. d. Modify the backup policy

Yes

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json. You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately. Solution: From the Redeploy blade, you click Redeploy. Does this meet the goal? Yes or No

d. Create an NS record named research in adatum.com zone.

You have an azure DNS zone named adatum.com. You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure What should you do? a. Create an A record named *. Research in the adatum.com zone. b. Create a PTR record named research in adatum.com zone. c. Modify the SOA record of adatum.com. d. Create an NS record named research in adatum.com zone.

a. Detects threats and vulnerabilities b. Ensures fault tolerance c. Helps you reduce spending e. Protects data from accidental deletion f. Speeds up your applications

You have the green light to move some of your company's infrastructure to Azure. You are learning different features of Azure. You need to determine the features provided by Azure Advisor. Which 5 features are provided by Azure Advisor? a. Detects threats and vulnerabilities b. Ensures fault tolerance c. Helps you reduce spending d. Monitors on-premises services e. Protects data from accidental deletion f. Speeds up your applications g. Notifies you when to perform updates.

a. Azure Advanced Threat Protection (ATP)

You need an Azure security solution that is able to identify and investigate suspicious user activities. What should you use? a. Azure Advanced Threat Protection (ATP) b. Azure Security Center c. Azure Information Protection (AIP) d. Key Vault

c. HDInsight

You need to analyze large volumes of streaming data being collected from Internet of Things (IoT) devices. Which should you use? a. Machine Learning Service. b. Application Insights c. HDInsight d. Data Lake Analytics

d. Azure AD Identity Protection

You need to ensure that when Azure Active Directory users connect to Azure AD from the Internet by using an anonymous IP address, the users are prompted automatically to change their passwords. Which Azure service should you use? a. Azure AD Connect Health b. Azure AD Privileged Identity Management. c. Azure Advanced Threat Protection (ATP.) d. Azure AD Identity Protection

a. You deploy and configure Azure firewall as a traffic filter. c. You deploy and configure a Network Security Group (NSG) as the traffic filter.

You need to filter traffic between two subnets in an Azure deployment. Filtering should be based on: *Source IP address and port number. *Destination IP address and port number *TCP/IP Protocol in use Which solution(s) below meets this goal? a. You deploy and configure Azure firewall as a traffic filter. b. You deploy and configure Web Application Firewall (WAF) a the traffic filter. c. You deploy and configure a Network Security Group (NSG) as the traffic filter.

a. Use Azure Storage Explorer to copy the files

You need to move the blueprint files to Azure. What should you do? a. Use Azure Storage Explorer to copy the files b. Use the Azure Import/Export service. c. Generate a shared access signature. Map a drive, and then copy the file by using the File Explorer. d. Generate and access key. Map a drive, and then copy the files by using File Explorer.

a. Modify the extensionProfile section of the Azure Resource Manager template. d. Create a new virtual machine scale set in the Azure portal.

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. Which two actions should you perform? Each correct answer presents part of the solution. a. Modify the extensionProfile section of the Azure Resource Manager template. b. Create and automation account. c. Upload an configuration script. d. Create a new virtual machine scale set in the Azure portal. e. Crete and Azure policy.

a. Azure Data Lake c. Azure SQL Data Warehouse

You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft Power BI. You need to recommend a storage solution for the data. Which two solutions should you recommend? Each correct answer presents a complete solution. a. Azure Data Lake b. Azure Cosmos DB c. Azure SQL Data Warehouse d. Azure SQL Database e. Azure Database for PostgreSQL

a. A driveset CSV file e. A dataset CSV file.

You plan to use the Azure Import/Export service to copy files to a storage account. Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution. a. A driveset CSV file b. A JSON configuration file. c. A PowerShell PS1 file. d. An XML manifest file. e. A dataset CSV file.

Free

You should use the ____ license when you want to use on-premises directory synchronization. This license also supports SSO and user and group management. (Basic, Free, or Premium)

Basic

You should use the _____ license when you want to publish on-premises web apps using Azure AD. This functionality is provided by Azure AD Application Proxy. (Basic, Free, or Premium)

a. IoT Central

You want a SaaS solution that allows you to build Internet-Of Things (IoT) solutions without development expertise. Which resource should you pick? a. IoT Central b. IoT Hub

b. IoT Central

Your company is planning to build a solution for an automobile manufacturing company. The solution should allow vehicles to send on-board diagnostic (OBD) sensory and vehicle telemetry data to the cloud for analysis. You need to be able to identify individual vehicles from the data that is sent. What would be the most appropriate Azure solution? a. Notification Hub b. IoT Central c. Event Hub d. IoT Hub