AZ-303

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

To start the lab - You may start the lab by clicking the Next button. You need to create a function app named corp8548987n1 that supports sticky sessions. The solution must minimize the Azure-related costs of the App Service plan. What should you do from the Azure portal?

"1) Create Function App 2) Hosting Plan: App Service Plan ( required for sticky sessions ) 3) ASP pricing Tier : Free"

To start the lab - You may start the lab by clicking the Next button. You plan to deploy several Azure virtual machines and to connect them to a virtual network named VNET1007. You need to ensure that future virtual machines on VNET1007 can register their name in an internal DNS zone named corp8548984.com. The zone must NOT be hosted on a virtual machine. What should you do from Azure Cloud Shell? To complete this task, start Azure Cloud Shell and select PowerShell (Linux), Click Show Advanced settings, and then enter corp8548984n1 in the Storage account text box and File1 share text box. Click Create storage, and then complete the task.

$vnet = Get-AzVirtualNetwork -Name "VNET1007" New-AzDnsZone -Name "corp8548984.com" -ResourceGroupName "myCloudShell" -ZoneType Private -RegistrationVirtualNetworkId $vnet.Id

To start the lab - You may start the lab by clicking the Next button. You need to deploy an Azure load balancer named ib1016 to your Azure subscription. The solution must meet the following requirements: ✑ Support the load balancing of IP traffic from the Internet to Azure virtual machines connected to VNET1016\subnet0. ✑ Provide a Service Level Agreement (SLA) of 99,99 percent availability for the Azure virtual machines. ✑ Minimize Azure-related costs. What should you do from the Azure portal? To complete this task, you do NOT need to wait for the deployment to complete. Once the deployment starts in Azure, you can move to the next task.

1) Create Azure Load Balancer 2) Type: Public 3) SKU: Standard 4) Public IP Address : New one ( Standard ) 5) Availability zone: Zone-redundant

To start the lab - You may start the lab by clicking the Next button. You plan to create 100 Azure virtual machines on each of the following three virtual networks: - VNET1005a - VNET1005b - VNET1005c All the network traffic between the three virtual networks will be routed through VNET1005a. You need to create the virtual networks, and then to ensure that all the Azure virtual machines can connect to other virtual machines by using their private IP address. The solutions must NOT require any virtual gateways and must minimize the number of peerings. What should you do from the Azure portal before you configuring IP routing?

1- Create the 3 VNETs ( if not done already ) 2- Create VNet Peering between VNET1005a & VNET1005b ( 2-way ) 3- on VNET1005b Peering, enable "Allow forwarded traffic from VNET1005a toVNET1005b" 4- Create VNet Peering between VNET1005a & VNET1005c ( 2-way ) 5- on VNET1005c Peering, enable "Allow forwarded traffic from VNET1005a to VNET1005c"

To start the lab - You may start the lab by clicking the Next button. You plan to connect several virtual machines to the VNET01-USEA2 virtual network. In the Web-RGlod8322489 resource group, you need to create a virtual machine that uses the Standard_B2ms size named Web01 that runs Windows Server 2016. Web01 must be added to an availability set. What should you do from the Azure portal?

1. Create vNet as VNET01-USEA2 under Resource Group Web-RGlod8322489. 2. Create VM names as Web01 under Resource Group Web-RGlod8322489 by selecting- 3. Select Region as your vNet Region 4. Select Availability option as Availability Set. 5. Create New Availability set as standard because no parameters given on updates etc. and assign. 6. Select Image as Windows Server 2016 Datacenters 7. Select Size Standard_B2ms size by clicking on Select size. 8. Give username and password for VM 9. Go to networking tab and make sure the created vnet is assigned. 10. Validate and Create.

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. A company backs up data to on-premises servers at their main facility. The company currently has 30 TB of archived data that infrequently used. The facility has download speeds of 100 Mbps and upload speeds of 20 Mbps. You need to securely transfer all backups to Azure Blob Storage for long-term archival. All backup data must be sent within seven days. Solution: Backup data to local disks and use the Azure Import/Export service to send backups to Azure Blob Storage. Does this meet the goal? A. Yes B. No

A

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal? A. Yes B. No

A

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Deployments. Does this meet the goal? A. Yes B. No

A

You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com. You need to enable two-step verification for Azure users. What should you do? A. Create an Azure AD conditional access policy. B. Configure a playbook in Azure Security Center. C. Enable Azure AD Privileged Identity Management. D. Install an MFA Server.

A

You develop an entertainment application where users can buy and trade virtual real estate. The application must scale to support thousands of users. The current architecture includes five Azure virtual machines (VM) that connect to an Azure SQL Database for account information and Azure Table Storage for backend services. A user interacts with these components in the cloud at any given time. ✑ Routing Service "" Routes a request to the appropriate service and must not persist data across sessions. ✑ Account Service "" Stores and manages all account information and authentication and requires data to persist across sessions ✑ User Service "" Stores and manages all user information and requires data to persist across sessions. ✑ Housing Network Service "" Stores and manages the current real-estate economy and requires data to persist across sessions. Trade Service "" Stores and manages virtual trade between accounts and requires data to persist across sessions. Due to volatile user traffic, a microservices solution is selected for scale agility. You need to migrate to a distributed microservices solution on Azure Service Fabric. Solution: Create a Service Fabric Cluster with a stateless Reliable Service for Routing Service. Create stateful Reliable Services for all other components. Does the solution meet the goal? A. Yes B. No

A

You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines. You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text. What should you create to store the password? A. an Azure Key Vault and an access policy. B. an Azure Storage account and an access policy. C. Azure Active Directory (AD) Identity Protection and an Azure policy. D. a Recovery Services vault and a backup policy.

A

You have a web app named WebApp1 that uses an Azure App Service plan named Plan1. Plan1 uses the D1 pricing tier and has an instance count of 1. You need to ensure that all connections to WebApp1 use HTTPS. What should you do first? A. Scale up Plan1. B. Modify the connection strings for WebApp1. C. Scale out Plan1. D. Disable anonymous access to WebApp1.

A

You have an Azure Active Directory (Azure AD) domain that contains 5,000 user accounts. You create a new user account named AdminUser1. You need to assign the User administrator administrative role to AdminUser1. What should you do from the user account properties? A. From the Directory role blade, modify the directory role B. From the Licenses blade, assign a new license C. From the Groups blade, invite the user account to a new group

A

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1. Subscription1 has a user named User1. User1 has the following roles: ✑ Reader ✑ Security Admin ✑ Security Reader You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do? A. Assign User1 the Owner role for VNet1. B. Assign User1 the Network Contributor role for VNet1. C. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1. D. Remove User1 from the Security Reader and Reader roles for Subscription1.

A

You plan to back up an Azure virtual machine named VM1. You discover that the Backup Pre-Check status displays a status of Warning. What is a possible cause of the Warning status? A. VM1 does not have the latest version of WaAppAgent.exe installed B. A Recovery Services vault is unavailable C. VM1 has an unmanaged disk D. VM1 is stopped

A

You create the following Azure role definition. { "Name": "Role1", "Id": "80808080-8080-8080-8080-808080808080", IsCustom : false, "Description": "", "Actions" : [ "Microsoft.Storage/*/read", "Microsoft.Network/*/read", "Microsoft.Compute/*/read", "Microsoft.Compute/virtualMachines/start/action", "Microsoft.Compute/virtualMachines/restart/action", "Microsoft.Authorization/*/read"], "NotActions": [], "DataActions": [], "NotDataActions": [], "AssignableScopes": [] } You need to create Role1 by using the role definition. Which two values should you modify before you create Role1? Each correct answer presents part of solution. NOTE: Each correct selection is worth one point. A. IsCustom B. DataActions C. Id D. AssignableScopes E. Description

A and D

You plan to use the Azure Import/Export service to copy files to a storage account. Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. a dataset CSV file B. an XML manifest file C. a driveset CSV file D. a PowerShell PS1 file E. a JSON configuration file

A: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file C: Modify the driveset.csv file in the root folder where the tool resides.

An app uses a virtual network with two subnets. One subnet is used for the application server. The other subnet is used for a database server. A network virtual appliance (NVA) is used as a firewall. Traffic destined for one specific address prefix is routed to the NVA and then to an on-premises database server that stores sensitive data. A Border Gateway Protocol (BGP) route is used for the traffic to the on-premises database server. You need to recommend a method for creating the user-defined route. Which two options should you recommend? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. For the virtual network configuration, use a VPN. B. For the next hop type, use virtual network peering. C. For the virtual network configuration, use Azure ExpressRoute. D. For the next hop type, use a virtual network gateway.

AD, and here is why The virtual network gateway must be created with type VPN. You cannot specify a virtual network gateway created as type ExpressRoute in a user-defined route because with ExpressRoute, you must use BGP for custom routes. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

To start the lab - You may start the lab by clicking the Next button. You recently created a virtual machine named Web01. You need to attach a new 80-GB standard data disk named Web01-Disk1 to Web01. What should you do from the Azure portal?

Add a data disk - Step 1: In the Azure portal, from the menu on the left, select Virtual machines. Step 2: Select the Web01 virtual machine from the list. Step 3: On the Virtual machine page, , in Essentials, select Disks. Step 4: On the Disks page, select the Web01-Disk1 from the list of existing disks. Step 5: In the Disks pane, click + Add data disk. Step 6: Click the drop-down menu for Name to view a list of existing managed disks accessible to your Azure subscription. Select the managed disk Web01-Disk1 to attach:

You have an on-premises network that contains a Hyper-V host named Host1. Host1 runs Windows Server 2016 and hosts 10 virtual machines that run Windows Server 2016. You plan to replicate the virtual machines to Azure by using Azure Site Recovery. You create a Recovery Services vault named ASR1 and a Hyper-V site named Site1. You need to add Host1 to ASR1. What should you do? A. ✑ Download the installation file for the Azure Site Recovery Provider. ✑ Download the storage account key. ✑ Install the Azure Site Recovery Provider on each virtual machine and register the virtual machines. B. ✑ Download the installation file for the Azure Site Recovery Provider. ✑ Download the vault registration key. ✑ Install the Azure Site Recovery Provider on Host1 and register the server. C. ✑ Download the installation file for the Azure Site Recovery Provider. ✑ Download the storage account key. ✑ Install the Azure Site Recovery Provider on Host1 and register the server. D. ✑ Download the installation file for the Azure Site Recovery Provider. ✑ Download the vault registration key. ✑ Install the Azure Site Recovery Provider on each virtual machine and register the virtual machines.

Ans. B Azure Portal Azure Site Recovery -> Prepare Infrastructure -> Source Prepare Download Site Recovery Provider Download Vault Registration Key Install the provider on Host1

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Logic App Contributor role to the Developers group. Does this meet the goal? A. Yes B. No

Answer A. Logic App Contributor: Lets you manage logic apps, but you can't change access to them. Logic App Operator: Lets you read, enable, and disable logic apps, but you can't edit or update them.

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: You create a resource lock, and then you assign the lock to the subscription. Does this meet the goal? A. Yes B. No

Answer B - Locks can be applied to resource, resource group, or subscription. However, it doesn't validate that NSGs have specific rules. Its simply prevents you from changing or deleting resources.

You have an Azure subscription named Subscription1 that is used by several departments at your company. Subscription1 contains the resources in the following table. Name Type Storage1 Storage Account RG1 Resource Group Container1 Blob Container Share1 File Share Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template. You need to view the template used for the deployment. From which blade can you view the template that was used for the deployment? A. Container1 B. VM1 C. Storage2 D. RG1

Answer D: Choose 'Deployments' from the Resource Group blade

You are creating an IoT solution using Azure Time Series Insights. You configure the environment to ensure that all data for the current year is available. What should you do? A. Add a disaster recovery (DR) strategy. B. Set a value for the Data retention time setting. C. Change the pricing tier. D. Create a reference data set.

Answer is B Each of your Azure Time Series Insights environments has a setting that controls Data retention time. The value spans from 1 to 400 days. The data is deleted based on the environment storage capacity or retention duration, whichever comes first. Ref: https://docs.microsoft.com/en-us/azure/time-series-insights/time-series-insights-concepts-retention

You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com. You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources. What should you do first? A. From on-premises network, deploy Active Directory Federation Services (AD FS). B. From Azure AD, add and verify a custom domain name. C. From on-premises network, request a new certificate that contains the Active Directory domain name. D. From the server that runs Azure AD Connect, modify the filtering options.

Answer is B https://docs.microsoft.com/bs-latn-ba/azure/active-directory/hybrid/tshoot-connect-objectsync#upn-suffix-is-not-verified-with-azure-ad-tenant

You have an Azure Active Directory (Azure AD) tenant. All administrators must enter a verification code to access the Azure portal. You need to ensure that the administrators can access the Azure portal only from your on-premises network. What should you configure? A. the default for all the roles in Azure AD Privileged Identity Management B. an Azure AD Identity Protection user risk policy C. an Azure AD Identity Protection sign-in risk policy D. the multi-factor authentication service settings

Answer is C Administrators can also choose to create a custom Conditional Access policy including sign-in risk as an assignment condition. Ref: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies

You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2016. Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1. What can you do from the Azure portal? A. Start VM1 B. Upload a blob to storageaccount1 C. View the keys of storageaccount1 D. generate an automation script for RG1

Answer is D. Once the Read-only lock is applied, Go to Resource Group -> Settings -> Export Template. Then it will generate the template to automate the deployment process.

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs). A monitoring solution on a different network will need access to the VMs inside the scale set. You need to define public access to the VMs. Solution: Deploy a standalone VM that has a public IP address to the virtual network. Does the solution meet the goal? A. Yes B. No

Answer is Yes (A) Instead, deploy a standalone VM that has a public IP address to the virtual network.

You have an Azure subscription that contains the resources shown in the following table. Name Type Address Space VNET1 Virtual Network 10.1.1.0/24 Subnet1 Subnet 10.1.1.0/24 VM1 Virtual Machine N/A Subnet1 is on VNET1. VM1 connects to Subnet1. You plan to create a virtual network gateway on VNET1. You need to prepare the environment for the planned virtual network gateway. What are two ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Modify the address space used by VNET1. B. Modify the address space used by Subnet1. C. Create a subnet named GatewaySubnet on VNET1. D. Create a local network gateway. E. Delete Subnet1.

Answer is correct [ A, E ] , will explain : A. Modify the address space used by VNET1 >>> an option B. Modify the address space used by Subnet1 >>> not an option as you can't modify subnet address after creating it, you can only delete the whole subnet. C. Create a subnet named GatewaySubnet on VNET1 >>> this is an implementation step for the GW and the question asking for preparation steps, not implementation steps. D. Create a local network gateway. >>> >> this is an implementation step for the GW and the question asking for preparation steps, not implementation steps E. Delete Subnet1. >> an option ( as then you have free space to create the GatewaySubnet and also you can later create small subnet for the VMs )

You have an Azure subscription that contains 100 virtual machines. You regularly create and delete virtual machines. You need to identify unattached disks that can be deleted. What should you do? A. From Microsoft Azure Storage Explorer, view the Account Management properties. B. From Azure Cost Management, create a Cost Management report. C. From the Azure portal, configure the Advisor recommendations. D. From Azure Cost Management, open the Optimizer tab and create a report.

Answer: A https://cloud.netapp.com/blog/reduce-azure-storage-costs

You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant. Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16. Subscription2 contains a virtual network named VNet2. Vnet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24. You need to connect VNet1 to VNet2. What should you do first? A. Modify the IP address space of VNet2. B. Move VM1 to Subscription2. C. Provision virtual network gateways. D. Move VNet1 to Subscription2.

Answer: C As tubadc linked ... vnet peering or gateways ... gateway was the only option given.

To start the lab - You may start the lab by clicking the Next button. You plan to allow connections between the VNET01-USEA2 and VNET01-USWE2 virtual networks. You need to ensure that virtual machines can communicate across both virtual networks by using their private IP address. The solution must NOT require any virtual network gateways. What should you do from the Azure portal?

Assumption: Both VNETS already exists. Go to any VNET -> Peerings -> Add -> Give a name -> select the other VNEt -> give a name for the peering from other side -> make sure allow vnet access as enabled (both) -> Click OK. If VNETs do not exist, make sure to create two VNETs with non-overlapping address space, else you won't be able to Peer and you will get an error and it won't let you create peering.

You are responsible for mobile app development for a company. The company develops apps on Windows Mobile, IOS, and Android. You plan to integrate push notifications into every app. You need to be able to send users alerts from a backend server. Which two options can you use to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Azure Web App B. Azure Mobile App Service C. Azure SQL Database D. Azure Notification Hubs E. a virtual machine

B and D

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. A company backs up data to on-premises servers at their main facility. The company currently has 30 TB of archived data that infrequently used. The facility has download speeds of 100 Mbps and upload speeds of 20 Mbps. You need to securely transfer all backups to Azure Blob Storage for long-term archival. All backup data must be sent within seven days. Solution: Use the Set-AzureStorageBlobContent Azure PowerShell command to copy all backups asynchronously to Azure Blob Storage. Does this meet the goal? A. Yes B. No

B

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group. Does this meet the goal? A. Yes B. No

B

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Automation script. Does this meet the goal? A. Yes B. No

B

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1. Solution: From the Subscription blade, you select the subscription, and then click Resource providers. Does this meet the goal? A. Yes B. No

B

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest named fabrikam.com. The forest contains two child domains named corp.fabrikam.com and research.fabrikam.com. You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. You install Azure AD Connect and sync all the on-premises user accounts to the Azure AD tenant. You implement seamless single sign-on (SSO). You plan to change the source of authority for all the user accounts in research.fabrikam.com to Azure AD. You need to prevent research.fabrikam.com from resyncing to Azure AD. Solution: You use Active Directory Domains and Trusts from a computer joined to fabrikam.com. Does this meet the goal? A. Yes B. No

B

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest named fabrikam.com. The forest contains two child domains named corp.fabrikam.com and research.fabrikam.com. You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. You install Azure AD Connect and sync all the on-premises user accounts to the Azure AD tenant. You implement seamless single sign-on (SSO). You plan to change the source of authority for all the user accounts in research.fabrikam.com to Azure AD. You need to prevent research.fabrikam.com from resyncing to Azure AD. Solution: You use the Azure AD Connect wizard. Does this meet the goal? A. Yes B. No

B

You are designing an Azure solution. The solution must meet the following requirements: Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules Provide SSL offloading capabilities You need to recommend a solution to distribute network traffic. Which technology should you recommend? A. server-level firewall rules B. Azure Application Gateway C. Azure Traffic Manager D. Azure Load Balancer

B

You develop an entertainment application where users can buy and trade virtual real estate. The application must scale to support thousands of users. The current architecture includes five Azure virtual machines (VM) that connect to an Azure SQL Database for account information and Azure Table Storage for backend services. A user interacts with these components in the cloud at any given time. ✑ Routing Service "" Routes a request to the appropriate service and must not persist data across sessions. ✑ Account Service "" Stores and manages all account information and authentication and requires data to persist across sessions ✑ User Service "" Stores and manages all user information and requires data to persist across sessions. ✑ Housing Network Service "" Stores and manages the current real-estate economy and requires data to persist across sessions. ✑ Trade Service "" Stores and manages virtual trade between accounts and requires data to persist across sessions. Due to volatile user traffic, a microservices solution is selected for scale agility. You need to migrate to a distributed microservices solution on Azure Service Fabric. Solution: Create a Service Fabric Cluster with a stateful Reliable Service for each component. Does the solution meet the goal? A. Yes B. No

B

You have an Azure App Service named WebApp1. You plan to add a WebJob named WebJob1 to WebApp1. You need to ensure that WebJob1 is triggered every 15 minutes. What should you do? A. Change the Web.config file to include the 1-31 1-12 1-7 0*/15* CRON expression B. From the properties of WebJob1, change the CRON expression to 0*/15****. C. Add a file named Settings.job to the ZIP file that contains the WebJob script. Add the CRON expression to the JOB file 1-31 1-12 1-7 0*/15* D. Create an Azure Automation account and add a schedule to the account. Set the recurrence for the schedule

B

You have an Azure solution that uses Multi-Factor Authentication for added security when users are outside of the office. The usage model has been set to Per Authentication. Your company acquires another company and adds the new staff to Azure Active Directory (Azure AD). New staff members must use Multi-Factor Authentication. You need to change the usage model to Per Enabled User. What should you recommend? A. Create a new Multi-Factor Authentication provider and reconfigure the usage model. B. Create a new Multi-Factor Authentication provider with a backup from the current Multi-Factor Authentication provider data. C. Use the Azure portal to change the current usage model. D. Use Azure CLI to change the current usage model.

B

You have an Azure subscription named Subscription1 that contains two Azure networks named VNet1 and VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1. On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1. You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2. You need to ensure that you can connect Client1 to VNet2. What should you do? A. Select Allow gateway transit on VNet1. B. Download and re-install the VPN client configuration package on Client1. C. Enable BGP on VPNGW1. D. Select Allow gateway transit on VNet2.

B

You have an Azure subscription that contains an Azure Service Fabric cluster and a Service Fabric application named FabricApp. You develop and package a Service Fabric application named AppPackage. AppPackage is saved in a compressed folder named AppPackage.zip. You upload AppPackage.zip to an external store. You need to register AppPackage in the Azure subscription. What should you do first? A. Run the New-ServiceFabricApplication cmdlet. B. Repackage the application in a file named App.sfpkg. C. Create a new Service Fabric cluster. D. Copy AppPackage.zip to a blob storage account.

B

You have an on-premises network and an Azure subscription. The on-premises network has several branch offices. A branch office in Toronto contains a virtual machine named VM1 that is configured as a file server. Users access the shared files on VM1 from all the offices. You need to recommend a solution to ensure that the users can access the shares files as quickly as possible if the Toronto branch office is inaccessible. What should you include in the recommendation? A. a Recovery Services vault and Azure Backup B. an Azure file share and Azure File Sync C. Azure blob containers and Azure File Sync D. a Recovery Services vault and Windows Server Backup

B

You have the Azure virtual machines shown in the following table. Name Azure Region VM1 West Europe VM2 West Europe VM3 North Europe VM4 North Europe You have a Recovery Services vault that protects VM1 and VM2. You need to protect VM3 and VM4 by using Recovery Services. What should you do first? A. Create a new backup policy B. Create a new Recovery Services vault C. Configure the extensions for VM3 and VM4 D. Create a storage account

B

You have two Azure Active Directory (Azure AD) tenants named contoso.com and fabrikam.com. You have a Microsoft account that you use to sign in to both tenants. You need to configure the default sign-in tenant for the Azure portal. What should you do? A. From the Azure portal, configure the portal settings B. From the Azure portal, change the directory C. From Azure Cloud Shell, run Set-AzureRmContext D. From Azure Cloud Shell, run Set-AzureRmSubscription

B

You set the multi-factor authentication status for a user named [email protected] to Enabled. Admin1 accesses the Azure portal by using a web browser. Which additional security verifications can Admin1 use when accessing the Azure portal? A. an app password, a text message that contains a verification code, and a verification code sent from the Microsoft Authenticator app B. a phone call, a text message that contains a verification code, and a notification or a verification code sent from the Microsoft Authenticator app C. a phone call, an email message that contains a verification code, and a text message that contains an app password D. an app password, a text message that contains a verification code, and a notification sent from the Microsoft Authenticator app

B

You have an Azure subscription named Subscription1. You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1. What should you use? A. the AzurePerformanceDiagnostics extension B. Linux Diagnostic Extension (LAD) 3.0 C. Azure Analysis Services D. Azure HDInsight

B Linux Diagnostic Extension LAD 3.0 - source A only works on Windows computers. https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/diagnostics-linux

You have an Azure subscription that contains a resource group named RG1. RG1 contains 100 virtual machines.Your company has three cost centers named Manufacturing, Sales, and Finance.You need to associate each virtual machine to a specific cost center.What should you do? A. Add an extension to the virtual machines B. Modify the inventory settings of the virtual machine C. Assign tags to the virtual machines D. Configure locks for the virtual machine Reveal Solution Discussion 4

C

You develop an entertainment application where users can buy and trade virtual real estate. The application must scale to support thousands of users. The current architecture includes five Azure virtual machines (VM) that connect to an Azure SQL Database for account information and Azure Table Storage for backend services. A user interacts with these components in the cloud at any given time. ✑ Routing Service "" Routes a request to the appropriate service and must not persist data across sessions. ✑ Account Service "" Stores and manages all account information and authentication and requires data to persist across sessions ✑ User Service "" Stores and manages all user information and requires data to persist across sessions. ✑ Housing Network Service "" Stores and manages the current real-estate economy and requires data to persist across sessions. ✑ Trade Service "" Stores and manages virtual trade between accounts and requires data to persist across sessions. Due to volatile user traffic, a microservices solution is selected for scale agility. You need to migrate to a distributed microservices solution on Azure Service Fabric. Solution: Create a Service Fabric Cluster with a stateful Reliable Service for Routing Service. Deploy a Guest Executable to Service Fabric for each component. Does the solution meet the goal? A. Yes B. No

B Routing Service requirement = "must not persist data across sessions." Stateful would keep that data

You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2. VM2 is protected by RSV1. You need to use RSV2 to protect VM2. What should you do first? A. From the RSV2 blade, click Backup. From the Backup blade, select the backup for the virtual machine, and then click Backup B. From the RSV1 blade, click Backup items and stop the VM2 backup C. From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault D. From the RSV1 blade, click Backup Jobs and export the VM2 job

B You need to stop a backup and then you are able to change the recovery vault.

You develop an entertainment application where users can buy and trade virtual real estate. The application must scale to support thousands of users. The current architecture includes five Azure virtual machines (VM) that connect to an Azure SQL Database for account information and Azure Table Storage for backend services. A user interacts with these components in the cloud at any given time. ✑ Routing Service "" Routes a request to the appropriate service and must not persist data across sessions. ✑ Account Service "" Stores and manages all account information and authentication and requires data to persist across sessions ✑ User Service "" Stores and manages all user information and requires data to persist across sessions. ✑ Housing Network Service "" Stores and manages the current real-estate economy and requires data to persist across sessions. ✑ Trade Service "" Stores and manages virtual trade between accounts and requires data to persist across sessions. Due to volatile user traffic, a microservices solution is selected for scale agility. You need to migrate to a distributed microservices solution on Azure Service Fabric. Solution: Deploy a Windows container to Azure Service Fabric for each component. Does the solution meet the goal? A. Yes B. No

B Since routing service is stateless

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest named fabrikam.com. The forest contains two child domains named corp.fabrikam.com and research.fabrikam.com. You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. You install Azure AD Connect and sync all the on-premises user accounts to the Azure AD tenant. You implement seamless single sign-on (SSO). You plan to change the source of authority for all the user accounts in research.fabrikam.com to Azure AD. You need to prevent research.fabrikam.com from resyncing to Azure AD. Solution: You use the Synchronization Service Manager. Does this meet the goal? A. Yes B. No

B .....could be A need to investigate

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. A company backs up data to on-premises servers at their main facility. The company currently has 30 TB of archived data that infrequently used. The facility has download speeds of 100 Mbps and upload speeds of 20 Mbps. You need to securely transfer all backups to Azure Blob Storage for long-term archival. All backup data must be sent within seven days. Solution: Create a file share in Azure Files. Mount the file share to the server and upload the files to the file share. Transfer the files to Azure Blob Storage. Does this meet the goal? A. Yes B. No

B is correct would not meet the deadline of 7 days

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. You add the users in the following table. User Role User1 Owner User2 Security admin User3 Network Contributer Which user can perform each configuration? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.

Box1: User 1 & User 3 Box2: User 1

Department Requirements - Humongous Insurance identifies the following requirements for the company's departments: - Web administrators will deploy Azure web apps for the marketing department. Each web app will be added to a separate resource group. The initial configuration of the web apps will be identical. The web administrators have permission to deploy web apps to resource groups. - During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week. Authentication Requirements - Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure. Question You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name should you use? A. ad.humongousinsurance.com B. humongousinsurance.local C. humongousinsurance.com D. humongousinsurance.onmicrosoft.com

C

Department Requirements - Humongous Insurance identifies the following requirements for the company's departments: - Web administrators will deploy Azure web apps for the marketing department. Each web app will be added to a separate resource group. The initial configuration of the web apps will be identical. The web administrators have permission to deploy web apps to resource groups. - During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week. Authentication Requirements - Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure. Question You need to resolve the licensing issue before you attempt to assign the license again. What should you do? A. From the Directory role blade, modify the directory role B. From the Groups blade, invite the user accounts to a new group C. From the Profile blade, modify the usage location

C

You are building a custom Azure function app to connect to Azure Event Grid. You need to ensure that resources are allocated dynamically to the function app. Billing must be based on the executions of the app. What should you configure when you create the function app? A. the Windows operating system and the App Service plan hosting plan B. the Docker container and an App Service plan that uses the B1 pricing tier C. the Windows operating system and the Consumption plan hosting plan D. the Docker container and an App Service plan that uses the S1 pricing tier

C

You create an Azure Storage account named contosostorage. You plan to create a file share named data. Users need to map a drive to the data file share from home computers that run Windows 10. Which outbound port should you open between the home computers and the data file share? A. 80 B. 443 C. 445 D. 3389

C

You have an Azure subscription that contains 100 virtual machines. You plan to design a data protection strategy to encrypt the virtual disks. You need to recommend a solution to encrypt the disks by using Azure Disk Encryption. The solution must provide the ability to encrypt operating system disks and data disks. What should you include in the recommendation? A. a passphrase B. a certificate C. a key D. a secret

C

You have an Azure subscription. You have 100 Azure virtual machines. You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering. Which blade should you use? A. Customer insights B. Monitor C. Advisor D. Metrics

C

You have an Azure subscription that contains 10 virtual machines. You need to ensure that you receive an email message when any virtual machines are powered off, restarted, or deallocated. What is the minimum number of rules and action groups that you require? A. three rules and three action groups B. one rule and one action group C. three rules and one action group D. one rule and three action groups

C 1 action group to send an email alert 3 rules - Each rule can only monitor a single signal, so one will be needed for each signal type (Restart, Shutdown, Deallocated)

You have an Azure subscription named Subscription1. You have 5 TB of data that you need to transfer to Subscription1. You plan to use an Azure Import/Export job. What can you use as the destination of the imported data? A. an Azure Cosmos DB database B. Azure SQL Database C. Azure File Storage D. Azure Data Lake Store

C Import /Export job only covers for Blob and File Storage. Hence the answer is C .File storage.

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Upload a configuration script. B. Create an automation account. C. Create a new virtual machine scale set in the Azure portal. D. Create an Azure policy. E. Modify the extensionProfile section of the Azure Resource Manager template.

C & E Look good. As the VM is native Azure image, it comes with the Azure VM agent on it that can be used to install and software. Custom scripts and extensions are needed when the default Azure VM agent is not enough. In this case, installing web server components is a native thing that can be done on the server so no custom script should be needed. https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/features-windows

You have an Azure App Service API that allows users to upload documents to the cloud with a mobile device. A mobile app connects to the service by using REST API calls. When a new document is uploaded to the service, the service extracts the document metadata. Usage statistics for the app show significant increases in app usage. The extraction process is CPU-intensive. You plan to modify the API to use a queue. You need to ensure that the solution scales, handles request spikes, and reduces costs between request spikes. What should you do? A. Configure a CPU Optimized virtual machine (VM) and install the Web App service on the new instance. B. Configure a series of CPU Optimized virtual machine (VM) instances and install extraction logic to process a queue. C. Move the extraction logic into an Azure Function. Create a queue triggered function to process the queue. D. Configure Azure Container Service to retrieve items from a queue and run across a pool of virtual machine (VM) nodes using the extraction logic.

C is the correct answer - Azure function reduces cost as it is stateless

You manage a solution in Azure that consists of a single application which runs on a virtual machine (VM). Traffic to the application has increased dramatically. The application must not experience any downtime and scaling must be dynamically defined. You need to define an auto-scale strategy to ensure that the VM can handle the workload. Which three options should you recommend? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Deploy application automatic vertical scaling. B. Create a VM availability set. C. Create a VM scale set. D. Deploy application automatic horizontal scaling. E. Deploy a custom auto-scale implementation.

C, D, & E because the answer cannot be A as a vertical scale change would require a restart of the VM thus violating the requirement of "must not experience any downtime". The answer cannot be B as an availability set is more of an HA solution than a scaling solution.

You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1. You need to ensure that you can configure a point-to-site connection from VNet1 to an on-premises computer. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Add a service endpoint to VNet1. B. Add a public IP address space to VNet1. C. Create a route-based virtual network gateway. D. Reset GW1. E. Delete GW1. F. Add a connection to GW1.

CE

To start the lab - You may start the lab by clicking the Next button. You plan to back up all the Azure virtual machines in your Azure subscription at 02:00 Coordinated Universal Time (UTC) daily. You need to prepare the Azure environment to ensure that any new virtual machines can be configured quickly for backup. The solution must ensure that all the daily backups performed at 02:00 UTC are stored for only 90 days. What should you do from your Recovery Services vault on the Azure portal?

Correct Answer: 1- Open the Recovery Service Vault ( if not there then create one ) 2- Click on Backup policies 3- Create New Policy ( Frequency: Daily, Time: 2 AM UTC, Retention Range: 90 days) 4- Uncheck other weekly, monthly, etc...

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest named fabrikam.com. The forest contains two child domains named corp.fabrikam.com and research.fabrikam.com. You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. You install Azure AD Connect and sync all the on-premises user accounts to the Azure AD tenant. You implement seamless single sign-on (SSO). You plan to change the source of authority for all the user accounts in research.fabrikam.com to Azure AD. You need to prevent research.fabrikam.com from resyncing to Azure AD. Solution: From the Azure Active Directory admin center, you delete a custom domain. Does this meet the goal? A. Yes B. No

Correct Answer: B Instead you should customize the default synchronization rule.

You have an Azure subscription that contains the resources in the following table. Name Type RG1 Resource Group Store1 Azure Storage Account Sync1 Azure File Sync Store1 contains a file share named Data. Data contains 5,000 files. You need to synchronize the files in Data to an on-premises server named Server1. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Download an automation script B. Create a sync group C. Install the Azure File Sync agent on Server1 D. Create a container instance E. Register Server1

Correct Answer: BCE Step 1 (C): Install the Azure File Sync agent on Server1 The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share Step 2 (E): Register Server1. Register Windows Server with Storage Sync Service Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service. Step 3 (B): Create a sync group and a cloud endpoint. A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.

A company is migrating an existing on-premises third-party website to Azure. The website is stateless. The company does not have access to the source code for the website. They do not have the original installer. The number of visitors at the website varies throughout the year. The on-premises infrastructure was resized to accommodate peaks but the extra capacity was not used. You need to implement a virtual machine scale set instance. What should you do? A. Use an autoscale setting to scale instances vertically B. Create 100 autoscale settings per resource C. Scale out by one instance when the average CPU usage of one of the instances is over 80 percent D. Use Azure Monitor to create autoscale settings using custom metrics E. Use an autoscale setting with unlimited maximum number of instances F. Use a webhook to log autoscale failures

D

You have an Azure subscription that contains three virtual networks named VNet1, VNet2, and VNet3. VNet2 contains a virtual appliance named VM2 that operates as a router. You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network. You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3. You need to provide connectivity between VNet1 and VNet3 through VNet2. Which two configurations should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. On the peering connections, allow forwarded traffic B. Create a route filter C. On the peering connections, allow gateway transit D. Create route tables and assign the table to subnets E. On the peering, use remote gateways

Correct answer is AD. A: Vnet2 where the NVA is placed need to be allowed to forward traffic from Vnet1 to Vnet3 and vica versa B: User Defined Route (UDR) must be created on each Subnet in Vnet1 and Vnet3 to override system (default) routes and send traffic between these Vnet's via the NVA

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs). A monitoring solution on a different network will need access to the VMs inside the scale set. You need to define public access to the VMs. Solution: Implement an Azure Load Balancer. Does the solution meet the goal? A. Yes B. No

Correct answer: B Load balance indeed removes the necessity of assigning public IP, but the requirement here is that the monitoring agent requires ACCESS to the VMs. This is not a purpose of a load balancer. A load balancer is only used to balance/distribute SERVICE REQUEST to underlying VMs. Its not/never used for ACCESS PROVISIONING which is the requirement here. Hence correct answer is B

A company hosts virtual machines (VMs) in an on-premises datacenter and in Azure. The on-premises and Azure-based VMs communicate using ExpressRoute. The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the Internet and must not require Multiprotocol Label Switching (MPLS) support. You need to recommend a solution that provides continued operations. What should you recommend? A. Set up a second ExpressRoute connection. B. Increase the bandwidth of the existing ExpressRoute connection. C. Increase the bandwidth for the on-premises internet connection. D. Set up a VPN connection.

D

You create a social media application that users can use to upload images and other content. Users report that adult content is being posted in an area of the site that is accessible to and intended for young children. You need to automatically detect and flag potentially offensive content. The solution must not require any custom coding other than code to scan and evaluate images. What should you implement? A. Bing Visual Search B. Bing Image Search C. Custom Vision Search D. Computer Vision API

D

You create an Azure Time Series Insights event handler. You need to send data over the network as efficiently as possible and optimize query performance. What should you do? A. Create a query plan B. Send all properties C. Use a Tag ID D. Use reference data

D

You have a Microsoft SQL Server Always On availability group on Azure virtual machines.You need to configure an Azure internal load balancer as a listener for the availability group.What should you do? A. Create an HTTP health probe on port 1433. B. Set Session persistence to Client IP. C. Set Session persistence to Client IP and protocol. D. Enable Floating IP.

D

You have an Active Directory forest named contoso.com. You install and configure AD Connect to use password hash synchronization as the single sign-on(SSO) method. Staging mode is enabled. You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs. You need to ensure that the synchronization completes successfully. What should you do? A. From Azure PowerShell, run Start-AdSyncSycnCycle ""PolicyType Initial. B. Run Azure AD Connect and set the SSO method to Pass-through Authentication. C. From Synchronization Service Manager, run a full import. D. Run Azure AD Connect and disable staging mode.

D

You have an Azure Service Bus. You need to implement a Service Bus queue that guarantees first-in-first-out (FIFO) delivery of messages. What should you do? A. Enable partitioning B. Enable duplicate detection C. Set the Lock Duration setting to 10 seconds D. Enable sessions E. Set the Max Size setting of the queue to 5 GB

D

You have an Azure tenant that contains two subscriptions named Subscription1 and Subscription2. In Subscription1, you deploy a virtual machine named Server1 that runs Windows Server 2016. Server1 uses managed disks. You need to move Server1 to Subscription2. The solution must minimize administration effort. What should you do first? A. Create a new virtual machine in Subscription2 B. In Subscription2, create a copy of the virtual disk C. Create a snapshot of the virtual disk D. From Azure PowerShell, run the Move-AzureRmResource cmdlet

D

Your network contains an on-premises Active Directory and an Azure Active Directory (Azure AD) tenant. You deploy Azure AD Connect and configure pass-through authentication? Your Azure subscription contains several web apps that are accessed from the Internet. You plan to enable Azure Multi-Factor Authentication (MFA) for the Azure tenant. You need to recommend a solution to prevent users from being prompted for Azure MFA when they access the web apps from the on-premises network. What should you include in the recommendation? A. a site-to-site VPN between the on-premises network and Azure B. an Azure policy C. an Azure ExpressRoute circuit D. trusted IPs

D

You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines. You need to delete the Recovery Services vault. What should you do first? A. From the Recovery Service vault, delete the backup data B. Modify the disaster recovery properties of each virtual machines C. Modify the locks of each virtual machine D. From the Recovery Service vault, stop the backup of each backup item

D is correct https://www.youtube.com/watch?v=vceB8mvIQJE 1. Stop backup 2. Delete backup data 3. Disable Soft Delete 4.Delete dependencies 5. Delete Vault

You have an Azure Active Directory (Azure AD) tenant. You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations. You need to ensure that members of the Global Administrators group will also be forced to use multi-factor authentication when authenticating from untrusted locations. What should you do? A. From the Azure portal, modify session control of Policy1. B. From multi-factor authentication page, modify the user settings. C. From multi-factor authentication page, modify the service settings. D. From the Azure portal, modify grant control of Policy1.

D is correct. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/controls

You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.RG1 has a web app named WebApp1. WebApp1 is located in West Europe. Name Azure Region Policy RG1 West Europe Policy1 RG2 North Europe Policy2 RG3 France Central Policy3 You move WebApp1 to RG2.What is the effect of the move? A. The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1. B. The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1. C. The App Service plan for WebApp1 moves to North Europe. Policy2 applies to WebApp1. D. The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.

D. The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.

You have an Azure subscription that contains several resource groups. Including a resource group named RG1. RG1 contains several business-critical resources. A user named admin1 is assigned the Owner role to the subscription. You need to prevent admin1 from modifying the resources in RG1. The solution must ensure that admin1 can manage the resources in the other resource groups. What should you use? A. a management group B. an Azure policy C. a custom role D. an Azure blueprint

D: It's typically possible for someone with appropriate role-based access control (RBAC) on the subscription, such as the 'Owner' role, to be allowed to alter or delete any resource. This access isn't the case when Azure Blueprints applies locking as part of a deployed assignment. If the assignment was set with the Read Only or Do Not Delete option, not even the subscription owner can perform the blocked action on the protected resource. https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking

You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication (MFA) in Azure Active Directory (Azure AD). You need to select authentication mechanisms that can be used for both MFA and SSPR. Which two authentication methods should you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. • A. Short Message Service (SMS) messages • B. Authentication app • C. Email addresses • D. Security questions • E. App passwords

Expose Correct Answer Answer : AB

You have an Azure virtual machine named VM1 that you use for testing. VM1 is protected by Azure Backup. You delete VM1. You need to remove the backup data stored for VM1. What should you do first? A. Delete the storage account B. Stop the backup C. Modify the backup policy D. Delete the Recovery Services vault

I think it is B. you need to stop backup and the you will be able to remove it

You have an Azure Kubernetes Service (AKS) cluster named Clus1 in a resource group named RG1. An administrator plans to manage Clus1 from an Azure AD-joined device. You need to ensure that the administrator can deploy the YAML application manifest file for a container application. You install the Azure CLI on the device. Which command should you run next? A. kubectl get nodes B. az aks install-cli C. kubectl apply ""f appl.yaml D. az aks get-credentials --resource-group RG1 --name Clus1

Installing Azure CLI doesn't mean that Azure Kubernates client is installed. So before running the application, we have install kubectl, the Kubernetes command-line client. az aks install-cli So, the answer is B.

You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1. VM1 runs services that will be used to deploy resources to RG1. You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1. What should you do first? A. From the Azure portal, modify the Access control (IAM) settings of RG1. B. From the Azure portal, modify the Policies settings of RG1. C. From the Azure portal, modify the Access control (IAM) settings of VM1. D. From the Azure portal, modify the value of the Managed Service Identity option for VM1.

Its "D" Reason - "manage the resources in RG1 by using the identity of VM1" It never says that managed identity is enabled. Process is : 1. Enable Managed Identity on VM. 2. Modify IAM. 3. Enable Required Access

To start the lab - You may start the lab by clicking the Next button. You need to create a web app named corp8548987n2 than can be scaled horizontally. The solution must use the lowest possible pricing tier for the App Service plan. What should you do from the Azure portal?

Step 1: In the Azure Portal, click Create a resource > Web + Mobile > Web App. Step 2: Use the Webb app settings as listed below. Web App name: corp8548987n2 Hosting plan: Azure App Service plan Pricing tier of the Pricing Tier: Standard Change your hosting plan to Standard, you can't setup auto-scaling below standard tier. Step 3: Select Create to provision and deploy the Web app.

To start the lab - You may start the lab by clicking the Next button. You need to create a virtual network named VNET1008 that contains three subnets named subnet0, subnet1, and subnet2. The solution must meet the following requirements: ✑ Connections from any of the subnets to the Internet must be blocked ✑ Connections from the Internet to any of the subnets must be blocked ✑ The number of network security groups (NSGs) and NSG rules must be minimized What should you do from the Azure portal?

Step 1: Click Create a resource in the portal. Step 2: Enter Virtual network in the Search the Marketplace box at the top of the New pane that appears. Click Virtual network when it appears in the search results. Step 3: Select Classic in the Select a deployment model box in the Virtual Network pane that appears, then click Create. Step 4: Enter the following values on the Create virtual network (classic) pane and then click Create: Name: VNET1008 Address space: 10.0.0.0/16 Subnet name: subnet0 Resource group: Create new Subnet address range: 10.0.0.0/24 Subscription and location: Select your subscription and location. Step 5: In the portal, you can create only one subnet when you create a virtual network. Click Subnets (in the SETTINGS section) on the Create virtual network (classic) pane that appears. Click +Add on the VNET1008 - Subnets pane that appears. Step 6: Enter subnet1 for Name on the Add subnet pane. Enter 10.0.1.0/24 for Address range. Click OK. Step 7: Create the third subnet: Click +Add on the VNET1008 - Subnets pane that appears. Enter subnet2 for Name on the Add subnet pane. Enter 10.0.2.0/24 for Address range. Click OK.

You have an Azure subscription named Subscription1. You create several Azure virtual machines in Subscription1. All of the virtual machines belong to the same virtual network. You have an on-premises Hyper-V server named Server1. Server1 hosts a virtual machine named VM1. You plan to replicate VM1 to Azure. You need to create additional objects in Subscription1 to support the planned deployment. Which three objects should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Hyper-V site B. Azure Recovery Services Vault C. storage account D. replication policy E. Azure Traffic Manager instance F. endpoint

Storage account is not explicity created.. its all handled internally while creating recovery service vault. So A, B & D Is correct "There's no need to specify storage accounts to store the backup data. The Recovery Services vault and the Azure Backup service handle that automatically." (Source: https://docs.microsoft.com/en-us/azure/backup/backup-create-rs-vault)

You have an Azure subscription that contains two storage accounts named storagecontoso1 and storagecontoso2. Each storage account contains a queue service, a table service, and a blob service. You develop two apps named App1 and App2. You need to configure the apps to store different types of data to all the storage services on both the storage accounts. How many endpoints should you configure for each app? A. 2 B. 3 C. 6 D. 12

The combination of the unique account name and the Azure Storage service endpoint forms the endpoints for your storage account. For example, if your storage account is named mystorageaccount, then the default endpoints for that account are: Blob storage: http://mystorageaccount.blob.core.windows.net Table storage: http://mystorageaccount.table.core.windows.net Queue storage: http://mystorageaccount.queue.core.windows.net Azure Files: http://mystorageaccount.file.core.windows.net Based on that, you will need 6 endpoints as we have 2 different storage accounts, and each has 3 storage types. So correct answer is : C

DRAG DROP - You have an on-premises network that you plan to connect to Azure by using a site-to-site VPN. In Azure, you have an Azure virtual network named VNet1 that uses an address space of 10.0.0.0/16. VNet1 contains a subnet named Subnet1 that uses an address space of 10.0.0.0/24. You need to create a site-to-site VPN to Azure. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select. Select and Place

There is no drag and drop but here is the correct order for creating S2S VPN between Azure VNET and on-premises VPN server. 1) Create VNET (if not created already) 2) Create Gateway subnet 3) Create Virtual Network gateway of VPN type, assign Public IP to it in a process of creation 4) Create Local gateway (to represent on-premises VPN server and far end subnets) 5) Create VPN connection

You have an Azure Active Directory (Azure AD) tenant that has the initial domain name.You have a domain name of contoso.com registered at a third-party registrar.You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.Which three actions should you perform in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.Select and Place:

There is no reference about what has to be moved but my guess is it is cmdlets. 1) New-AzureADDomain Creates a custom domain in Azure AD 2) Get-AzureADDomainVerificationDnsRecord Retrieve the domain verification DNS record from Azure for a custom domain < make changes to the Public DNS zone as per p.2> 3) Confirm-AzureADDomain Validate the ownership of a domain.

To start the lab - You may start the lab by clicking the Next button. Your company plans to host in Azure the source files of several line-of-business applications. You need to create an Azure file share named corpsoftware in the storagelod8322489 storage account. The solution must ensure that corpsoftware can store only up to 250 GB of data. What should you do from the Azure portal?

Under given Storage account- 1. Select File Share 2. Name file share as corpsoftware 3. Assign Quota 233 GiB

To start the lab - You may start the lab by clicking the Next button. You plan to create several virtual machines in different availability zones, and then to configure the virtual machines to load balanced connections from the internet. You need to create an IP address resource named ip1006 to support the planned load balancing solution. The solution must minimize costs. What should you do from the Azure portal?

We should create a public IP address. Step 1: At the top, left corner of the portal, select + Create a resource. Step 2: Enter public ip address in the Search the Marketplace box. When Public IP address appears in the search results, select it. Step 3: Under Public IP address, select Create. Step 4: Enter, or select values for the following settings, under Create public IP address, then select Create: Name: ip1006 SKU: Basic SKU IP Version: IPv6 IP address assignment: Dynamic Subscription: Select appropriate Resource group: Select appropriate

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs). A monitoring solution on a different network will need access to the VMs inside the scale set. You need to define public access to the VMs. Solution: Design a scale set to automatically assign public IP addresses to all VMs. Does the solution meet the goal? A. Yes B. No

Yes, the correct answer is A A scale set is created inside a virtual network, and individual VMs in the scale set are not allocated public IP addresses by default. This policy avoids the expense and management overhead of allocating separate public IP addresses to all the nodes in your compute grid. If you do need direct external connections to scale set VMs, you can configure a scale set to automatically assign public IP addresses to new VMs. https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-overview


Ensembles d'études connexes

LAZARUS AND FOLKMAN'S TRANSACTIONAL MODEL OF STRESS AND COPING

View Set

Chapter 16: Fluid, Electrolyte, and Acid-Base Imbalances Lewis: Medical-Surgical Nursing, 10th Edition

View Set

ACCT 2100 (W01) - Quizzes Review

View Set

Med Surg - Chapter 45 - Care of Critically Ill Patients with Neurologic Problem

View Set

Chapter 41: Professional Roles and Leadership

View Set