AZ-303 II (REAL)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named contoso.com. A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other identity Governance settings are available. Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that Admin1 can create access reviews in contoso.com. Solution: You purchase an Azure Directory Premium P2 license for contoso.com. Does this meet the goal? A. Yes B. No
YES: User is member of user administrator prequisites -Azure AD Premium P2 -Global administrator or User administrator REVIEW
You have an Azure subscription that contains two storage accounts named storagecontoso1 and storagecontoso2. Each storage account contains a queue service, a table service, and a blob service. You develop two apps named App1 and App2. You need to configure the apps to store different types of data to all the storage services on both the storage accounts. How many endpoints should you configure for each app? A. 2 B. 3 C. 6 D. 12
n C - 6 is correct answer. 2 storage account x 3 types (blob, table and queue) = 6 endpoints per App.
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Upload a configuration script. B. Create an Azure policy. C. Modify the extensionProfile section of the Azure Resource Manager template. D. Create a new virtual machine scale set in the Azure portal. E. Create an automation account.
A & C in the question it states that "You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image" D defeats the purpose of the automation requirement, so C is 100% correct. Install an app with the Custom Script Extension The Custom Script Extension downloads and executes scripts on Azure VMs. This extension is useful for post deployment configuration, software installation, or any other configuration / management task. Scripts can be downloaded from Azure storage or GitHub, or provided to the Azure portal at extension run-time. https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-deploy-app#already-provisioned Also check this https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template#what-is-the-azure-custom-script-extension
You have an Azure subscription named Subscription1 that includes an Azure File share named share1.You create several Azure virtual machines in Subscription1. All of the virtual machines belong to the same virtual network.You have an on-premises Hyper-V server named Server1. Server1 hosts a virtual machine named VM1.You plan to replicate VM1 to Azure.You need to create additional objects in Subscription1 to support the planned deployment. Which three objects should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Hyper-V site B. Azure Recovery Services Vault C. storage account D. replication policy E. Azure Traffic Manager instance F. endpoint
ABD
You plan to use the Azure Import/Export service to copy files to a storage account. Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. a dataset CSV file B. an XML manifest file C. a driveset CSV file D. a PowerShell PS1 file E. a JSON configuration file
AC
You have an Azure subscription that contains 100 virtual machines. You have a set of PowerShell scripts that validate the virtual machine environment. You need to run the scripts whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs. Which three resources should you use to implement the scripts? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. an alert action group B. an Azure Monitor query C. an Azure Automation runbook D. a virtual machine that has network access to the 100 virtual machines E. an alert rule
ACE
Your company has an Azure subscription. You enable multi-factor authentication (MFA) for all users. The company's help desk reports an increase in calls from users who receive MFA requests while they work from the company's main office. You need to prevent the users from receiving MFA requests when they sign in from the main office. What should you do? A. From Conditional access in Azure Active Directory (Azure AD), create a named location. B. From the MFA service settings, create a trusted IP range. C. From Conditional access in Azure Active Directory (Azure AD), create a custom control. D. From Azure Active Directory (Azure AD), configure organizational relationships.
B
Your network contains an on-premises Active Directory and an Azure Active Directory (Azure AD) tenant. You deploy Azure AD Connect and configure pass-through authentication. Your Azure subscription contains several web apps that are accessed from the Internet. You plan to use Azure Multi-Factor Authentication (MFA) with the Azure Active Directory tenant. You need to recommend a solution to prevent users from being prompted for Azure MFA when they access the web apps from the on-premises network. What should you include in the recommendation? A. an Azure policy B. trusted IPs C. a site-to-site VPN between the on-premises network and Azure D. an Azure ExpressRoute circuit
B
You have the following Azure Active Directory (Azure AD) tenants: ✑ Contoso.onmicrosoft.com: Linked to a Microsoft Office 365 tenant and syncs to an Active Directory forest named contoso.com by using password hash synchronization ✑ Contosoazure.onmicrosoft.com: Linked to an Azure subscription named Subscription1 You need to ensure that you can assign the users in contoso.com access to the resources in Subscription1. What should you do? A. Configure contoso.onmicrosoft.com to use pass-through authentication. B. Associate Subscription1 to contoso.onmicrosoft.com. Reassign all the roles in Subscription1. C. Deploy a second Azure AD Connect server and sync contoso.com to contosoazure.onmicrosoft.com. D. Configure the existing Azure AD Connect server to sync contoso.com to contosoazure.onmicrosoft.com.
C
You have an Azure key vault named KV1. You need to ensure that applications can use KV1 to provision certificates automatically from an external certification authority (CA). Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. From KV1, create a certificate issuer resource. B. Obtain the CA account credentials. C. Obtain the root CA certificate. D. From KV1, create a certificate signing request (CSR). E. From KV1, create a private key,
CD
You create an Azure Kubernetes Service (AKS) cluster and an Azure Container Registry. You need to perform continuous deployments of a containerized application to the AKS cluster as soon as the image updates in the registry. What should you use to perform the deployments? A. an Azure Automation runbook B. a kubectl script from a CRON job C. an Azure Resource Manager template D. an Azure Pipelines release pipeline
D
You have an Azure App Service app. You need to implement tracing for the app. The tracing information must include the following: ✑ Usage trends ✑ AJAX call responses ✑ Page load speed by browser ✑ Server and browser exceptions What should you do? A. Configure IIS logging in Azure Log Analytics. B. Configure a connection monitor in Azure Network Watcher. C. Configure custom logs in Azure Log Analytics. D. Enable the Azure Application Insights site extension.
D
You have an Azure SQL database named Db1 that runs on an Azure SQL server named SQLserver1. You need to ensure that you can use the query editor on the Azure portal to query Db1. What should you do? A. Copy the ADO.NET connection string of Db1 and paste the string tot the query editor. B. Approve private endpoint connections for SQLserver1. C. Modify the Advanced Data Security settings of Db1. D. Configure the Firewalls and virtual networks settings for SQLserver1.
D
You have an Azure subscription that contains 10 virtual machines on a virtual network. You need to create a graph visualization to display the traffic flow between the virtual machines. What should you do from Azure Monitor? A. From Activity log, use quick insights. B. From Metrics, create a chart. C. From Logs, create a new query. D. From Workbooks, create a workbook.
D
You have an Azure subscription. You create a custom role in Azure by using the following Azure Resource Manager template. { JSON Object } You assign the role to a user named User1. Which action can User1 perform? A. Delete virtual machines. B. Create resource groups. C. Create virtual machines. D. Create support requests.
D
You have an Azure subscription. You have 100 Azure virtual machines. You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering. Which blade should you use? A. Metrics B. Customer insights C. Monitor D. Advisor
D
You have an Azure tenant that contains two subscriptions named Subscription1 and Subscription2. In Subscription1, you deploy a virtual machine named Server1 that runs Windows Server 2016. Server1 uses managed disks. You need to move Server1 to Subscription2. The solution must minimize administration effort. What should you do first? A. Create a new virtual machine in Subscription2 B. In Subscription2, create a copy of the virtual disk C. Create a snapshot of the virtual disk D. From Azure PowerShell, run the Move-AzureRmResource cmdlet
D
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image. You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image. Solution: You add the following line to the Dockerfile. COPY File1.txt /Folder1/ You then build the container image. Does this meet the goal? A. Yes B. No
A
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2. You plan to move DB1 and DB2 to Azure. You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2. Solution: You deploy DB1 and DB2 to SQL Server on an Azure virtual machine. Does this meet the goal? A. Yes B. No
A
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You manage an Active Directory domain named contoso.local. You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts. You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD. Solution: You use Synchronization Rules Editor to create a synchronization rule. Does this meet the goal? A. Yes B. No
A
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs). A monitoring solution on a different network will need access to the VMs inside the scale set. You need to define public access to the VMs. Solution: Deploy a standalone VM that has a public IP address to the virtual network. Does the solution meet the goal? A. Yes B. No
A
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Deployments. Does this meet the goal? A. Yes B. No
A
You are designing an Azure solution. The solution must meet the following requirements: ✑ Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules. ✑ Provide SSL offloading capabilities. You need to recommend a solution to distribute network traffic. Which technology should you recommend? A. Azure Application Gateway B. Azure Load Balancer C. Azure Traffic Manager D. server-level firewall rules
A
You have an Active Directory forest named contoso.com. You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled. You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs. You need to ensure that the synchronization completes successfully. What should you do? A. Run Azure AD Connect and disable staging mode. B. From Synchronization Service Manager, run a full import. C. Run Azure AD Connect and set the SSO method to Pass-through Authentication. D. From Azure PowerShell, run Start-AdSyncSyncCycle ""PolicyType Initial.
A
You have an Azure subscription that contains 100 virtual machines. You regularly create and delete virtual machines. You need to identify unattached disks that can be deleted. What should you do? A. From Microsoft Azure Storage Explorer, view the Account Management properties. B. From Azure Cost Management, create a Cost Management report. C. From the Azure portal, configure the Advisor recommendations. D. From Azure Cost Management, open the Optimizer tab and create a report.
A
You have an Azure subscription that contains an Azure Log Analytics workspace. You have a resource group that contains 100 virtual machines. The virtual machines run Linux. You need to collect events from the virtual machines to the Log Analytics workspace. Which type of data source should you configure in the workspace? A. Syslog B. Linux performance counters C. custom fields
A
You have an Azure subscription that contains an Azure Sentinel workspace. Sentinel is configured to monitor several Azure resources. You need to send notification emails to resource owners when alerts or recommendations are generated for a resource. What should you use? A. Logic Apps Designer B. Azure Security Center C. Azure Pipelines D. Azure Machine Learning Studio
A
You have an Azure subscription that contains the storage accounts shown in the following table. Name Account Kind Size 1 General Pur v1 15 TB 2 General Pur v1 1 TB 3 General Pur v2 15 TB 4 General Pur v2 1 TB 5 blobstorage 5 TB All storage accounts contain blobs only.You need to implement several lifecycle management rules for all storage accounts.What should you do first? A. Upgrade contosostorage1 and contosostorage2 to General Purpose V2 accounts. B. Move 5 TB of blob data from contosostorage3 to contosostorage4. C. Move 5 TB of blob data from contosostorage1 to contosostorage2. D. Recreate contosostorage5 as a General Purpose V2 account.
A
You have an Azure web app that runs in a Premium App Service plan. Developers plan to update the app weekly. You need to ensure that the app can be switched from the current version to the new version. The solution must meet the following requirements: ✑ Provide the developers with the ability to test the app in Azure prior to switching versions. Testing must use the same app instance. ✑ Ensure that the app version can be rolled back. ✑ Minimize downtime. What should you do? A. Create a deployment slot. B. Copy the App Service plan. C. Add an instance of the app to the scale set. D. Create an Azure Active Directory (Azure AD) enterprise application.
A
You have several Azure web apps that use access keys to access databases. You plan to migrate the access keys to Azure Key Vault. Each app must authenticate by using Azure Active Directory (Azure AD) to gain access to the access keys. What should you create in Azure to ensure that the apps can access the access keys? A. managed identities B. managed applications C. Azure policies D. an App Service plan
A
You have an Azure subscription that contains three virtual networks named VNet1, VNet2, and VNet3. VNet2 contains a virtual appliance named VM2 that operates as a router. You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network. You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3. You need to provide connectivity between VNet1 and VNet3 through VNet2. Which two configurations should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. On the peering connections, allow forwarded traffic B. Create a route filter C. On the peering connections, allow gateway transit D. Create route tables and assign the table to subnets E. On the peering connections, use remote gateways
A. On the peering connections, allow forwarded traffic D. Create route tables and assign the table to subnets
You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication (MFA) in Azure Active Directory (Azure AD). You need to select authentication mechanisms that can be used for both MFA and SSPR. Which two authentication methods should you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Short Message Service (SMS) messages B. Authentication app C. Email addresses D. Security questions E. App passwords
AB
Your company plans to develop an application that will use a NoSQL database. The database will be used to store transactions and customer information by using JSON documents. Which two Azure Cosmos DB APIs can developers use for the application? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Gremlin (graph) B. MongoDB C. Cassandra D. Core (SQL) E. Azure Table
AD
You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication (MFA) in Azure Active Directory (Azure AD). You need to select authentication mechanisms that can be used for both MFA and SSPR. Which two authentication methods should you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Authenticator app B. Email addresses C. App passwords D. Short Message Service (SMS) messages E. Security questions
AD A. Authenticator app : Its there for both Self Service Password Reset (SSPR ) & MFA B. Email addresses : There in SSPR not MFA C. App passwords : It's there in MFA D. Short Message Service (SMS) messages : Its in both E. Security questions : Its in SSPR
An app uses a virtual network with two subnets. One subnet is used for the application server. The other subnet is used for a database server. A network virtual appliance (NVA) is used as a firewall. Traffic destined for one specific address prefix is routed to the NVA and then to an on-premises database server that stores sensitive data. A Border Gateway Protocol (BGP) route is used for the traffic to the on-premises database server. You need to recommend a method for creating the user-defined route. Which two options should you recommend? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. For the virtual network configuration, use a VPN. B. For the next hop type, use a virtual network peering. C. For the virtual network configuration, use Azure ExpressRoute. D. For the next hop type, use a virtual network gateway.
AD or AC
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Upload a configuration script. B. Create an automation account. C. Create a new virtual machine scale set in the Azure portal. D. Create an Azure policy. E. Modify the extensionProfile section of the Azure Resource Manager template.
AE
You have an Azure subscription that contains the virtual networks shown in the following table. You need to recommend a connectivity solution that will enable the virtual machines on VNET1 and VNET2 to communicate through the Microsoft backbone infrastructure. What should you include in the recommendation? A. Azure ExpressRoute B. peering C. a site-to-site VPN D. a point-to-site VPN
B
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs). A monitoring solution on a different network will need access to the VMs inside the scale set. You need to define public access to the VMs. Solution: Implement an Azure Load Balancer. Does the solution meet the goal? A. Yes B. No
B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image. You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image. Solution: You add the following line to the Dockerfile. Copy-Item File1.txt C:\Folder1\File1.txt You then build the container image. Does this meet the goal? A. Yes B. No
B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image. You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image. Solution: You add the following line to the Dockerfile. XCOPY File1.txt C:\Folder1\ You then build the container image. Does this meet the goal? A. Yes B. No
B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named contoso.com. A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other identity Governance settings are available. Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that Admin1 can create access reviews in contoso.com. Solution: You assign the Global administrator role to Admin1. Does this meet the goal? A. Yes B. No
B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named contoso.com. A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other identity Governance settings are available. Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that Admin1 can create access reviews in contoso.com. Solution: You create an access package. Does this meet the goal? A. Yes B. No
B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2. You plan to move DB1 and DB2 to Azure. You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2. Solution: You deploy DB1 and DB2 as Azure SQL databases each on a different Azure SQL Database server. Does this meet the goal? A. Yes B. No
B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2. You plan to move DB1 and DB2 to Azure. You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2. Solution: You deploy DB1 and DB2 as Azure SQL databases on the same Azure SQL Database server. Does this meet the goal? A. Yes B. No
B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You manage an Active Directory domain named contoso.local. You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts. You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD. Solution: You use the Synchronization Service Manager to modify the Active Directory Domain Services (AD DS) Connector. Does this meet the goal? A. Yes B. No
B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You manage an Active Directory domain named contoso.local. You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts. You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD. Solution: You use the Synchronization Service Manager to modify the Metaverse Designer tab. Does this meet the goal? A. Yes B. No
B
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs). A monitoring solution on a different network will need access to the VMs inside the scale set. You need to define public access to the VMs. Solution: Design a scale set to automatically assign public IP addresses to all VMs. Does the solution meet the goal? A. Yes B. No
B
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs). A monitoring solution on a different network will need access to the VMs inside the scale set. You need to define public access to the VMs. Solution: Use Remote Desktop Protocol (RDP) to connect to the VM in the scale set. Does the solution meet the goal? A. Yes B. No
B
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Automation script. Does this meet the goal? A. Yes B. No
B
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1. Solution: From the Subscription blade, you select the subscription, and then click Resource providers. Does this meet the goal? A. Yes B. No
B
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: You create a resource lock, and then you assign the lock to the subscription. Does this meet the goal? A. Yes B. No
B
You have an Azure Cosmos DB account named Account1. Account1 includes a database named DB1 that contains a container named Container1. The partition key for Container1 is set to /city.You plan to change the partition key for Container1.What should you do first? A. Delete Container1. B. Create a new Azure Cosmos DB account. C. Implement the Azure Cosmos DB.NET.SDK. D. Regenerate the keys for Account1.
B
You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com. You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources. What should you do first? A. From on-premises network, deploy Active Directory Federation Services (AD FS). B. From Azure AD, add and verify a custom domain name. C. From on-premises network, request a new certificate that contains the Active Directory domain name. D. From the server that runs Azure AD Connect, modify the filtering options.
B
You have an Azure Active Directory (Azure AD) tenant linked to an Azure subscription. The tenant contains a group named Admins. You need to prevent users, except for the members of Admins, from using the Azure portal and Azure PowerShell to access the subscription. What should you do? A. From Azure AD, configure the User settings. B. From Azure AD, create a conditional access policy. C. From the Azure subscription, assign an Azure policy. D. From the Azure subscription, configure Access control (IAM).
B
You have an Azure Cosmos DB account named Account1. Account1 includes a database named DB1 that contains a container named Container1. The partition key for Container1 is set to /city. You plan to change the partition key for Container1. What should you do first? A. Delete Container1. B. Create a new container in DB1. C. Implement the Azure Cosmos DB.NET.SDK. D. Regenerate the keys for Account1.
B
You have an Azure virtual machine named VM1 and an Azure Active Directory (Azure AD) tenant named adatum.com. VM1 has the following settings: ✑ IP address: 10.10.0.10 ✑ System-assigned managed identity: On You need to create a script that will run from within VM1 to retrieve the authentication token of VM1. Which address should you use in the script? A. vm1.adatum.com.onmicrosoft.com B. 169.254.169.254 C. 10.10.0.10 D. vm1.adatum.com
B
You have an application named App1 that does not support Azure Active Directory (Azure AD) authentication. You need to ensure that App1 can send messages to an Azure Service Bus queue. The solution must prevent App1 from listening to the queue. What should you do? A. Configure Access control (IAM) for the Service Bus. B. Add a shared access policy to the queue. C. Modify the locks of the queue. D. Configure Access control (IAM) for the queue.
B
You plan to create an Azure Storage account named storage1 that will store blobs and be accessed by Azure Databricks. You need to ensure that you can set permissions for individual blobs by using Azure Active Directory (Azure AD) authentication. Which Advanced setting should you enable for storage1? A. Large file shares B. Hierarchical namespace C. NFS v3 D. Blob soft delete
B
You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute. You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Create a gateway subnet. B. Create a VPN gateway that uses the VpnGw1 SKU. C. Create a connection. D. Create a local site VPN gateway. E. Create a VPN gateway that uses the Basic SKU.
B C D We cannot use the BasicSKU since that doesn't support coexisting with expressroute. Gateway subnet already exit as there is ExpressRoute configured and working. So no need to create a subnet.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You manage an Active Directory domain named contoso.local. You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts. You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD. Solution: You use Azure AD Connect to customize the synchronization options. Does this meet the goal? A. Yes B. No
B Still Double check https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#outbound-filtering
Your on-premises network contains 100 virtual machines that run Windows Server 2019.You have an Azure subscription that contains an Azure Log Analytics workspace named Workspace1.You need to collect errors from the Windows event logs on the virtual machines. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Create an Azure Event Grid domain. B. Deploy the Microsoft Monitoring Agent. C. Configure Windows Event Forwarding on the virtual machines. D. Create an Azure Sentinel workspace. E. Configure the Data Collection settings for Workspace1.
B and E
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image. You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image. Solution: You add the following line to the Dockerfile. ADD File1.txt C:/Folder1/ You then build the container image. Does this meet the goal? A. Yes B. No
B though need to (REVIEW)
A company plans to use third-party application software to perform complex data analysis processes. The software will use up to 500 identical virtual machines (VMs) based on an Azure Marketplace VM image. You need to design the infrastructure for the third-party application server. The solution must meet the following requirements: ✑ The number of VMs that are running at any given point in time must change when the user workload changes. ✑ When a new version of the application is available in Azure Marketplace it must be deployed without causing application downtime. ✑ Use VM scale sets. ✑ Minimize the need for ongoing maintenance. Which two technologies should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. single storage account B. autoscale C. single placement group D. managed disks
BD
You have 10 Azure virtual machines on a subnet named Subnet1. Subnet1 is on a virtual network named VNet1. You plan to deploy a public Azure Standard Load Balancer named LB1 to the same Azure region as the 10 virtual machines. You need to ensure that traffic from all the virtual machines to the internet flows through LB1. The solution must prevent the virtual machines from being accessible on the internet. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Add health probes to LB1. B. Add the network interfaces of the virtual machines to the backend pool of LB1. C. Add an inbound rule to LB1. D. Add an outbound rule to LB1. E. Associate a network security group (NSG) to Subnet1. F. Associate a user-defined route to Subnet1.
BDE https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections
A company hosts virtual machines (VMs) in an on-premises datacenter and in Azure. The on-premises and Azure-based VMs communicate using ExpressRoute. The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the Internet and must not require Multiprotocol Label Switching (MPLS) support. You need to recommend a solution that provides continued operations. What should you recommend? A. Increase the bandwidth of the existing ExpressRoute connection. B. Increase the bandwidth for the on-premises internet connection. C. Set up a VPN connection. D. Set up a second ExpressRoute connection.
C
You have an Azure subscription. You have 100 Azure virtual machines. You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering. Which blade should you use? A. Customer insights B. Monitor C. Advisor D. Metrics
C
You create a container image named Image1 on a developer workstation. You plan to create an Azure Web App for Containers named WebAppContainer that will use Image1. You need to upload Image1 to Azure. The solution must ensure that WebAppContainer can use Image1. To which storage type should you upload Image1? A. an Azure Storage account that contains a blob container B. Azure Container Instances C. Azure Container Registry D. an Azure Storage account that contains a file share
C
You create an Azure Storage account named contosostorage. You plan to create a file share named data. Users need to map a drive to the data file share from home computers that run Windows 10. Which outbound port should you open between the home computers and the data file share? A. 80 B. 443 C. 445 D. 3389
C
You create an Azure virtual machine named VM1 in a resource group named RG1. You discover that VM1 performs slower than expected. You need to capture a network trace on VM1. What should you do? A. From Diagnostic settings for VM1, configure the performance counters to include network counters. B. From the VM1 blade, configure Connection troubleshoot. C. From the VM1 blade, install performance diagnostics and run advanced performance analysis D. From Diagnostic settings for VM1, configure the log level of the diagnostic agent.
C
You create an Azure virtual machine named VM1 in a resource group named RG1. You discover that VM1 performs slower than expected. You need to capture a network trace on VM1. What should you do? A. From the VM1 blade, configure Connection troubleshoot. B. From Diagnostic settings for VM1, configure the performance counters to include network counters. C. From the VM1 blade, install performance diagnostics and run advanced performance analysis. D. From Diagnostic settings for VM1, configure the log level of the diagnostic agent.
C
You have SQL Server on an Azure virtual machine named SQL1. You need to automate the backup of the databases on SQL1 by using Automated Backup v2 for the virtual machines. The backups must meet the following requirements: ✑ Meet a recovery point objective (RPO) of 15 minutes. ✑ Retain the backups for 30 days. ✑ Encrypt the backups at rest. What should you provision as part of the backup solution? A. Elastic Database jobs B. Azure Key Vault C. an Azure Storage account D. a Recovery Services vault
C
You have a resource group named RG1 that contains the following: ✑ A virtual network that contains two subnets named Subnet1 and AzureFirewallSubnet ✑ An Azure Storage account named contososa1 ✑ An Azure firewall deployed to AzureFirewallSubnet You need to ensure that contososa1 is accessible from Subnet1 over the Azure backbone network. What should you do? A. Modify the Firewalls and virtual networks settings for contososa1. B. Create a stored access policy for contososa1. C. Implement a virtual network service endpoint. D. Remove the Azure firewall.
C
You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.) No devices are connected to VNet1. You plan to peer VNet1 to another virtual network named VNet2 in the same region. VNet2 has an address space of 10.2.0.0/16. You need to create the peering. What should you do first? A. Add a gateway subnet to VNet1. B. Create a subnet on VNet1 and VNet2 C. Modify the address space of VNet1 D. Configure a service endpoint on VNet2
C
You have an Azure Kubernetes Service (AKS) cluster named Clus1 in a resource group named RG1. An administrator plans to manage Clus1 from an Azure AD-joined device. You need to ensure that the administrator can deploy the YAML application manifest file for a container application. You install the Azure CLI on the device. Which command should you run next? A. kubectl get nodes B. az aks get-credentials --resource-group RG1 --name Clus1 C. az aks install-cli D. kubectl apply ""f app1.yaml
C
You have an Azure Kubernetes Service (AKS) cluster named Clus1 in a resource group named RG1. An administrator plans to manage Clus1 from an Azure AD-joined device. You need to ensure that the administrator can deploy the YAML application manifest file for a container application. You install the Azure CLI on the device. Which command should you run next? A. kubectl get nodes B. az aks install-cli C. kubectl apply ""f appl.yaml D. az aks get-credentials --resource-group RG1 --name Clus1
C
You have an Azure key vault named KV1. You need to implement a process that will digitally sign the blobs stored in Azure Storage. What is required in KV1 to sign the blobs? A. a key B. a secret C. a certificate
C
You have an Azure subscription named Subscription1. You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1. What should you use? A. Azure HDInsight B. Azure Analysis Services C. Linux Diagnostic Extension (LAD) 3.0 D. the AzurePerformanceDiagnostics extension
C
You have an Azure subscription that contains 10 virtual machines. You need to ensure that you receive an email message when any virtual machines are powered off, restarted, or deallocated. What is the minimum number of rules and action groups that you require? A. three rules and three action groups B. one rule and one action group C. three rules and one action group D. one rule and three action groups
C
You have an Azure subscription that contains a resource group named RG1. RG1 contains 100 virtual machines. Your company has three cost centers named Manufacturing, Sales, and Finance. You need to associate each virtual machine to a specific cost center. What should you do? A. Add an extension to the virtual machines B. Modify the inventory settings of the virtual machine C. Assign tags to the virtual machines D. Configure locks for the virtual machine
C
You have an Azure subscription that contains a resource group named RG1. RG1 contains multiple resources. You need to trigger an alert when the resources in RG1 consume $1,000 USD. What should you do? A. From Cost Management + Billing, add a cloud connector. B. From the subscription, create an event subscription. C. From Cost Management + Billing, create a budget. D. From RG1, create an event subscription.
C
You have resources in three Azure regions. Each region contains two virtual machines. Each virtual machine has a public IP address assigned to its network interface and a locally installed application named App1. You plan to implement Azure Front Door-based load balancing across all the virtual machines. You need to ensure that App1 on the virtual machines will only accept traffic routed from Azure Front Door. What should you implement? A. Azure Private Link B. service endpoints C. network security groups (NSGs) with service tags D. network security groups (NSGs) with application security groups
C
You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant. Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16. Subscription2 contains a virtual network named VNet2. Vnet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24. You need to connect VNet1 to VNet2. What should you do first? A. Modify the IP address space of VNet2. B. Move VM1 to Subscription2. C. Provision virtual network gateways. D. Move VNet1 to Subscription2.
C
You manage an Active Directory domain named contoso.local. You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts. You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD. What should you do? A. Use the Synchronization Service Manager to modify the Metaverse Designer tab. B. Use Azure AD Connect to customize the synchronization options. C. Use the Synchronization Rules Editor to create a synchronization rule. D. Use Synchronization Service Manager to modify the Active Directory Domain Services (AD DS) Connector.
C
A company plans to use third-party application software to perform complex data analysis processes. The software will use up to 500 identical virtual machines (VMs) based on an Azure Marketplace VM image. You need to design the infrastructure for the third-party application server. The solution must meet the following requirements: ✑ The number of VMs that are running at any given point in time must change when the user workload changes. ✑ When a new version of the application is available in Azure Marketplace it must be deployed without causing application downtime. ✑ Use VM scale sets. ✑ Minimize the need for ongoing maintenance. Which two technologies should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. single placement group B. single storage account C. managed disks D. autoscale
C & D https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview "Using managed disks, you can create up to 50,000 VM disks of a type in a subscription per region, allowing you to create thousands of VMs in a single subscription. This feature also further increases the scalability of virtual machine scale sets by allowing you to create up to 1,000 VMs in a virtual machine scale set using a Marketplace image."
You have Azure virtual machines deployed to three Azure regions. Each region contains a single virtual network that has four virtual machines on the same subnet. Each virtual machine runs an application named App1. App1 is accessible by using HTTPS. Currently, the virtual machines are inaccessible from the internet. You need to use Azure Front Door to load balance requests for App1 across all the virtual machines. Which additional Azure service should you provision? A. Azure Traffic Manager B. an internal Azure Load Balancer C. a public Azure Load Balancer D. Azure Private Link
C is the correct answer as the MS article clearly states that a publicly available DNS name must be used, that is only available on an External LB, not an Internal LB
You manage a solution in Azure that consists of a single application which runs on a virtual machine (VM). Traffic to the application has increased dramatically. The application must not experience any downtime and scaling must be dynamically defined. You need to define an auto-scale strategy to ensure that the VM can handle the workload. Which three options should you recommend? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Deploy application automatic vertical scaling. B. Create a VM availability set. C. Create a VM scale set. D. Deploy application automatic horizontal scaling. E. Deploy a custom auto-scale implementation.
CDE
You have an Azure subscription that contains 100 virtual machines. You have a set of Pester tests in PowerShell that validate the virtual machine environment. You need to run the tests whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs. Which three resources should you use to implement the tests? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Azure Automation runbook B. an alert rule C. an Azure Monitor query D. a virtual machine that has network access to the 100 virtual machines E. an alert action group
Correct Answer: ABE
An administrator plans to create a function app in Azure that will have the following settings: ✑ Runtime stack: .NET Core ✑ Operating System: Linux ✑ Plan type: Consumption ✑ Enable Application Insights: Yes You need to ensure that you can back up the function app. Which settings should you recommend changing before creating the function app? A. Runtime stack B. Enable Application Insights C. Operating System D. Plan type
D
You have an Active Directory forest named contoso.com. You install and configure Azure AD Connect to use password hash synchronization as the single sign-on(SSO) method. Staging mode is enabled. You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs. You need to ensure that the synchronization completes successfully. What should you do? A. From Azure PowerShell, run Start-AdSyncSyncCycle ""PolicyType Initial. B. Run Azure AD Connect and set the SSO method to Pass-through Authentication. C. From Synchronization Service Manager, run a full import. D. Run Azure AD Connect and disable staging mode.
D
You have an Azure Active Directory (Azure AD) tenant. You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations. You need to ensure that members of the Global Administrators group will also be forced to use multi-factor authentication when authenticating from untrusted locations. What should you do? A. From the Azure portal, modify session control of Policy1. B. From multi-factor authentication page, modify the user settings. C. From multi-factor authentication page, modify the service settings. D. From the Azure portal, modify grant control of Policy1.
D
You have two Azure SQL Database managed instances in different Azure regions. You plan to configure the managed instances in an instance failover group. What should you configure before you can add the managed instances to the instance failover group? A. an internal Azure Load Balancer instance that has managed instance endpoints in a backend pool B. Azure Private Link that has endpoints on two virtual networks C. an Azure Application Gateway that has managed instance endpoints in a backend pool D. a Site-to-Site VPN between the virtual networks that contain the instances
D
You set the multi-factor authentication status for a user named [email protected] to Enabled. Admin1 accesses the Azure portal by using a web browser. Which additional security verifications can Admin1 use when accessing the Azure portal? A. a phone call, an email message that contains a verification code, and a text message that contains an app password. B. an app password, a text message that contains a verification code, and a verification code sent from the Microsoft Authenticator app. C. an app password, a text message that contains a verification code, and a notification sent from the Microsoft Authenticator app. D. a phone call, a text message that contains a verification code, and a notification or a verification code sent from the Microsoft Authenticator app.
D