AZ-104 (101-200)
QUESTION 135 Drag and Drop Question Your network is configured as shown in the following exhibit. (see pdf) The firewalls are configured as shown in the following table. (see pdf) Prod1 contains a vCenter server. You install an Azure Migrate Collector on Test1. You need to discover the virtual machines. Which TCP port should be allowed on each firewall? To answer, drag the appropriate ports to the correct firewalls. Each port may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. TCP Ports A. Inbound 80 B. Inbound 995 C. Outbound 3389 D. Outbound 443
??
QUESTION 141 You have an Azure policy as shown in the following exhibit. (see pdf) Which of the following statements are true? A. You can create Azure SQL servers in ContosoRG1. B. You are prevented from creating Azure SQL servers anywhere in Subscription 1. C. You are prevented from creating Azure SQL Servers in ContosoRG1 only. D. You can create Azure SQL servers in any resource group within Subscription 1.
A
QUESTION 149 You plan to back up an Azure virtual machine named VM1. You discover that the Backup Pre-Check status displays a status of Warning. What is a possible cause of the Warning status? A. VM1 does not have the latest version of WaAppAgent.exe installed. B. VM1 has an unmanaged disk. C. VM1 is stopped. D. A Recovery Services vault is unavailable.
A
QUESTION 150 You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2. VM2 is protected by RSV1. You need to use RSV2 to protect VM2. What should you do first? A. From the RSV1 blade, click Backup items and stop the VM2 backup. B. From the RSV1 blade, click Backup Jobs and export the VM2 backup. C. From the RSV1 blade, click Backup. From the Backup blade, select the backup for the virtual machine, and then click Backup. D. From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault.
A
QUESTION 164 Note: This question is part of a series You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Logic App Contributor role to the Developers group. Does this meet the goal? A. Yes B. No
A
QUESTION 172 You have an Azure App Service plan named AdatumASP1 that uses the P2v2 pricing tier. AdatunASP1 hosts an Azure web app named adatumwebapp1. You need to delegate the management of adatumwebapp1 to a group named Devs. Devs must be able to perform the following tasks: - Add deployment slots. - View the configuration of AdatunASP1. - Modify the role assignment for adatumwebapp1. Which role should you assign to the Devs group? A. Owner B. Contributor C. Web Plan Contributor D. Website Contributor
A
QUESTION 173 You have an Azure App Service plan that hosts an Azure App Service named App1. You configure one production slot and four staging slots for App1. You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot. What should you add to App1? A. slots to the Testing in production blade B. a performance test C. a WebJob D. templates to the Automation script blade
A
QUESTION 177 You have an Azure subscription named Subscription1 that is used be several departments at your company. Subscription1 contains the resources in the following table: NAME---TYPE Storage1---Storage account RG1---Resource group Container1---Blob storage Share1---File share Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template. You need to view the template used for the deployment. From which blade can you view the template that was used for the deployment? A. RG1 B. VM1 C. Storage1 D. Container1
A
QUESTION 179 You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2016. Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1. What can you do from the Azure portal? A. Generate an automation script for RG1. B. View the keys of storageaccount1. C. Upload a blob to storageaccount1. D. Start VM1.
A
QUESTION 182 You sign up for Azure Active Directory (Azure AD) Premium. You need to add a user named [email protected] as an administrator on all the computers that will be joined to the Azure AD domain. What should you configure in Azure AD? A. Device settings from the Devices blade. B. General settings from the Groups blade. C. User settings from the Users blade. D. Providers from the MFA Server blade.
A
QUESTION 187 You have a virtual network named VNet1 as shown in the exhibit. (see pdf) No devices are connected to VNet1. You plan to peer VNet1 to another virtual network named Vnet2 in the same region. VNet2 has an address space of 10.2.0.0/16. You need to create the peering. What should you do first? A. Modify the address space of VNet1. B. Configure a service endpoint on VNet2 C. Add a gateway subnet to VNet1. D. Create a subnet on VNet1 and VNet2.
A
QUESTION 190 Note: This question is part of a series You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal? A. Yes B. No
A
QUESTION 114 Hotspot Question You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table. (see pdf) In Azure, you create a private DNS zone named adatum.com. You set the registration virtual network to VNet2. The adatum.com zone is configured as shown in the following exhibit. (see pdf) For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Statements The A record for VM5 will be registered automatically in the adatum.com.zone VM5 can resolve VM9.adatum.com VM6 can resolve VM9.adatum.com A. No No Yes B. Yes Yes No C. No Yes No D. Yes No Yes
A Correct Answer: VNet1 (NOT A Registration Netvork) : VM5 VNet2 (IS A Registration Netvork) : VM1, VM6 and VM9 So here we go: 1. VM5 is in VNet1 - answer is NO. 2. VM5 is in VNet1 - answer is NO. 3. VM6 is in VNet2 - answer is YES.
QUESTION 168 Note: This question is part of a series You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Network Watcher, you create a packet capture. Does this meet the goal? A. Yes B. No
A Correct answer is packet capture in Azure Network Watcher.
QUESTION 126 You are troubleshooting a performance issue for an Azure Application Gateway. You need to compare the total requests to the failed requests during the past six hours. What should you use? A. Metrics in Application Gateway B. Diagnostics logs in Application Gateway C. NSG flow logs in Azure Network Watcher D. Connection monitor in Azure Network Watcher
A Not sure about this one
QUESTION 161 Note: This question is part of a series You have an Azure web app named App1. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier. You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day. Solution: You change the pricing tier of Plan1 to Basic. Does this meet the goal? A. Yes B. No
A Not sure about this one
QUESTION 171 You are building a custom Azure function app to connect to Azure Event Grid. You need to ensure that resources are allocated dynamically to the function app. Billing must be based on the executions of the app. What should you configure when you create the function app? A. the Windows operating system and the Consumption plan hosting plan B. the Windows operating system and the App Service plan hosting plan C. the Docker container and an App Service plan that uses the B1 pricing tier D. the Docker container and an App Service plan that uses the S1 pricing tier
A Not sure about this one
QUESTION 175 You have a Microsoft SQL Server Always On availability group on Azure virtual machines. You need to configure an Azure internal load balancer as a listener for the availability group. What should you do? A. Enable Floating IP. B. Set Session persistence to Client IP and protocol. C. Set Session persistence to Client IP. D. Create an HTTP health probe on port 1433.
A The load balancing rules configure how the load balancer routes traffic to the SQL Server instances. For this load balancer, you enable direct server return because only one of the two SQL Server instances owns the availability group listener resource at a time. >> Floating IP (direct server return) Enabled
QUESTION 113 Hotspot Question You plan to deploy five virtual machines to a virtual network subnet. Each virtual machine will have a public IP address and a private IP address. Each virtual machine requires the same inbound and outbound security rules. What is the minimum number of network interfaces and network security groups that you require? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Minimum number of network interfaces: A. 5 B. 10 C. 15 D. 20 Minimum number of network security groups: A. 1 B. 2 C. 5 D. 10
AA Box 1: 5 A public and a private IP address can be assigned to a single network interface. By default a NIC is associated to one IP address. Anyway nothing prevents a NIC to have MORE THAN ONE IP address. So to the VM's NIC, you can associate the public and the private IP at the same time. You are not forced to have one NIC for the public IP and one NIC for the private IP. Box 2: 1 You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose.
QUESTION 138 Hotspot Question You plan to use Azure Network Watcher to perform the following tasks: Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine. Task2: Validate outbound connectivity from an Azure virtual machine to an external host. Which feature should you use for each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Task1: A. IP flow verify B. Next hop C. Packet capture D. Security Group view E. Traffic Analytics Task2: A. Connection troubleshoot B. IP flow verify C. Next hop D. NSG flow logs E. Traffic Analytics
AA Box 1: IP flow verify At some point, a VM may become unable to communicate with other resources, because of a security rule. The IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify then tests the communication and informs you if the connection succeeds or fails. If the connection fails, IP flow verify tells you which. Box 2: Connection troubleshoot Diagnose outbound connections from a VM: The connection troubleshoot capability enables you to test a connection between a VM and another VM, an FQDN, a URI, or an IPv4 address. The test returns similar information returned when using the connection monitor capability, but tests the connection at a point in time, rather than monitoring it over time, as connection monitor does. Learn more about how to troubleshoot connections using connection-troubleshoot.
QUESTION 197 You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute. You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Create a local site VPN gateway. B. Create a VPN gateway that uses the VpnGw1 SKU. C. Create a VPN gateway that uses the Basic SKU. D. Create a gateway subnet. E. Create a connection.
ABE For a site to site VPN, you need: - a local gateway - a gateway subnet - a VPN gateway - a connection to connect the local gateway and the VPN gateway
QUESTION 116 Hotspot Question You have peering configured as shown in the following exhibit. (see pdf) Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Hosts on vNET6 can communicate with hosts on [answer choice] A. vNET6 only B. vNET6 and vNET1 only C. vNET6, vNET1, and vNET2 only D. all the virtual networks in the subscription To change the status of the peering connection to vNET1 to Connected, you must first [answer choice] A. add a service endpoint B. add a subnet C. delete peering1 D. modify the address space
AC Box 1: vNET6 only Peering status to both VNet1 and Vnet2 are disconnected. So, only communication inside vNET6. Box 2: delete peering1 Peering to vNET1 is enabled but disconnected. We need to delete the peering from both virtual networks, and then re-create them. You can't add address ranges to or delete address ranges from a virtual network's address space once a virtual network is peered with another virtual network. To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering.
QUESTION 188 You have an Azure subscription that contains three virtual networks named VNet1, VNet2, VNet3. VNet2 contains a virtual appliance named VM2 that operates as a router. You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network. You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3. You need to provide connectivity between VNet1 and VNet3 through VNet2. Which two configurations should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. On the peering connections, allow forwarded traffic. B. On the peering connections, allow gateway transit. C. Create route tables and assign the table to subnets. D. Create a route filter. E. On the peering connections, use remote gateways.
AC Not sure about this one
QUESTION 137 Hotspot Question You have an Azure Active Directory (Azure AD) tenant. You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal. Which three settings should you configure? To answer, select the appropriate settings in the answer area. (see pdf helpful) Name: Policy1 Assignments and Access Controls A. Users and Groups B. Cloud Apps C. Conditions D. Grant E. Session
ACD Select Users & Groups : Where you have to choose all users. Select Cloud apps or actions: To specify the Azure portal Select Grant: To grant the MFA.
QUESTION 120 Hotspot Question You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table. (see pdf) You create two user accounts that are configured as shown in the following table. (see pdf) To which groups do User1 and User2 belong? To answer. select the appropriate options in the answer area. User1 A. Group1 only B. Group2 only C. Group3 only D. Group 1 and Group2 only E. Group1 and Group3 only F. Group2 and Group3 only G. Group1, Group2, and Group3 User2 A. Group1 only B. Group2 only C. Group3 only D. Group 1 and Group2 only E. Group1 and Group3 only F. Group2 and Group3 only G. Group1, Group2, and Group3
AD
QUESTION 122 You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com. You need to enable two-step verification for Azure users. What should you do? A. Configure a playbook in Azure AD conditional access policy. B. Create an Azure AD conditional access policy. C. Create and configure the Identify Hub. D. Install and configure Azure AD Connect.
B
QUESTION 163 Note: This question is part of a series You have an Azure web app named App1. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier. You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day. Solution: You change the pricing tier of Plan1 to Shared. Does this meet the goal? A. Yes B. No
B
QUESTION 170 A web developer creates a web application that you plan to deploy as an Azure web app. Users must enter credentials to access the web application. You create a new web app named WebApp1 and deploy the web application to WebApp1. You need to disable anonymous access to WebApp1. What should you configure? A. Advanced Tools B. Authentication/Authorization C. Access control (IAM) D. Deployment credentials
B
QUESTION 183 Note: This question is part of a series Your company registers a domain name of contoso.com. You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10. You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address. You need to resolve the name resolution issue. Solution: You create a PTR record for www in the contoso.com zone. Does this meet the goal? A. Yes B. No
B
QUESTION 189 Note: This question is part of a series You have an Azure web app named App1. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier. You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day. Solution: You add a continuous WebJob to App1. Does this meet the goal? A. Yes B. No
B
QUESTION 195 Note: This question is part of a series You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Network Watcher, you create a connection monitor. Does this meet the goal? A. Yes B. No
B We need to inspect all the network traffic "from" VM1 "to" VM2 and not between the 2 VMs. Even if we were using Connection monitor, this one would inspect only network traffic over a specific port. And for a period of 3 hours, packet capture session time limit default value is 18000 seconds or 5 hours.
QUESTION 185 You have an Azure DNS zone named adatum.com. You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure. What should you do? A. Create an PTR record named research in the adatum.com zone. B. Create an NS record named research in the adatum.com zone. C. Modify the SOA record of adatum.com. D. Create an A record named ".research in the adatum.com zone.
B An NS record or (name server record) tells recursive name servers which name servers are authoritative for a zone. You can have as many NS records as you would like in your zone file. The benefit of having multiple NS records is the redundancy of your DNS service. You need to create a name server (NS) record for the zone.
QUESTION 200 You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2. VM1 hosts a frontend application that connects to VM2 to retrieve data. Users report that the frontend application is slower than usual. You need to view the average round-trip time (RTT) of the packets from VM1 to VM2. Which Azure Network Watcher feature should you use? A. IP flow verify B. Connection monitor C. Connection troubleshoot D. NSG flow logs
B Connection monitor lets you know the round-trip time to make the connection, in milliseconds. Connection monitor probes the connection every 60 seconds, so you can monitor latency over time.
QUESTION 167 Note: This question is part of a series You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Performance Monitor, you create a Data Collector Set (DCS). Does this meet the goal? A. Yes B. No
B Correct answer is packet capture in Azure Network Watcher.
QUESTION 186 Note: This question is part of a series You manage a virtual network named Vnet1 that is hosted in the West US Azure region. VNet hosts two virtual machines named VM1 and VM2 run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Network Watcher, you create a connection monitor. Does this meet the goal? A. YES B. NO
B Creating a connection monitor in Azure Network Watcher will not meet the goal of inspecting all the network traffic from VM1 to VM2 for a period of three hours. Connection monitors in Azure Network Watcher are used to monitor the connectivity between two points in a network, but they do not capture and inspect the actual network traffic. To inspect network traffic between VM1 and VM2, you would need to use a network capture tool or software that can capture and analyze network packets. Azure Network Watcher itself does not have the capability to capture network traffic.
QUESTION 147 You have an Azure subscription that contains 100 virtual machines. You regularly create and delete virtual machines. You need to identify unattached disks that can be deleted. What should you do? A. From Microsoft Azure Storage Explorer, view the Account Management properties. B. From the Azure portal, configure the Advisor recommendations. C. From Azure Cost Management, open the Optimizer tab and create a report. D. From Azure Cost Management, create a Cost Management report.
B From Home -> Cost Management + Billing -> Cost Management, scroll down on the options and select View Recommendations
QUESTION 148 Note: This question is part of a series You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json. You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately. Solution: From the Overview blade, you move the virtual machine to a different subscription. Does this meet the goal? A. Yes B. No
B No Changing Subscription won't affect the downtime, it will just you change the billing. You would need to redeploy the VM. After you redeploy a VM, the temporary disk is lost, and dynamic IP addresses associated with virtual network interface are updated. From Overview there is no option to move the VM to another hardware to skip the maintenance. Ideally you need an Availability Set and defining the Update Domains.
QUESTION 139 You have an Azure tenant that contains two subscriptions named Subscription1 and Subscription2. In Subscription1, you deploy a virtual machine named Server1 that runs Windows Server 2016. Server1 uses managed disks. You need to move Server1 to Subscription2. The solution must minimize administration effort. What should you do first? A. In Subscription2, create a copy of the virtual disk. B. From Azure PowerShell, run the Move-AzureRmResource cmdlet. C. Create a snapshot of the virtual disk. D. Create a new virtual machine in Subscription2.
B Not sure about this one
QUESTION 162 Note: This question is part of a series You have an Azure web app named App1. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier. You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day. Solution: You add a triggered WebJob to App1. Does this meet the goal? A. Yes B. No
B Not sure about this one
QUESTION 180 You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com. You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources. What should you do first? A. From the on-premises network, deploy Active Directory Federation Services (AD FS). B. From Azure AD, add and verify a custom domain name. C. From the on-premises network, request a new certificate that contains the Active Directory domain name. D. From the server that runs Azure AD Connect, modify the filtering options.
B Not sure about this one
QUESTION 181 You have two Azure Active Directory (Azure AD) tenants named contoso.com and fabrikam.com. You have a Microsoft account that you use to sign in to both tenants. You need to configure the default sign-in tenant for the Azure portal. What should you do? A. From the Azure portal, configure the portal settings. B. From the Azure portal, change the directory. C. From Azure Cloud Shell, run Set-AzureRmContext. D. From Azure Cloud Shell, run Set-AzureRmSubscription.
B Not sure about this one
QUESTION 199 You are troubleshooting a performance issue for an Azure Application Gateway. You need to compare the total requests to the failed requests during the past six hours. What should you use? A. Connection monitor in Azure Network Watcher. B. Metrics in Application Gateway C. Diagnostics logs in Application Gateway D. NSG flow logs in Azure Network Watcher
B Not sure about this one
QUESTION 166 Note: This question is part of a series You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Devresource group. Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group. Does this meet the goal? A. Yes B. No
B The Azure DevTest Labs is a role used for Azure DevTest Labs, not for Logic Apps. DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest Labs. The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app.
QUESTION 184 Note: This question is part of a series You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: You assign a built-in policy definition to the subscription. Does this meet the goal? A. Yes B. No
B You need to use a custom policy definition, because there is not a built-in policy and Resource Lock is an irrelevant solution.
QUESTION 169 Note: This question is part of a series You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Monitor, you create a metric on Network In and Network Out. Does this meet the goal? A. Yes B. No
B You use the Packet Capture, not Connection Monitor nor Network watcher
QUESTION 165 Note: This question is part of a series You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Subscription1, you assign the Logic App Operator role to the Developers group. Does this meet the goal? A. Yes B. No
B You would need the Logic App Contributor role. Logic App Operator - Lets you read, enable, and disable logic apps, but not edit or update them. Logic App Contributor - Lets you create, manage logic apps, but not access to them.
QUESTION 136 Drag and Drop Question You have an on-premises network that includes a Microsoft SQL Server instance named SQL1. You create an Azure Logic App named App1. You need to ensure that App1 can query a database on SQL1. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. A. From the Azure portal, create an on-prem data gateway B. From an on-prem computer, install an on-prem data gateway C. Create an Azure virtual machine that runs Windows Server 2016 D. From an Azure virtual machine, install an on-prem data gateway E. From the Logic Apps Designer in the Azure portal, add a connector
BAE Not sure about this one
QUESTION 101 Hotspot Question You have an Azure subscription named Subscription1. In Subscription1, you create an Azure file share named share1. You create a shared access signature (SAS) named SAS1 as shown in the following exhibit. (see pdf) To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. If on Sept. 2, 2018, you ran Microsoft Azure Storage Explorer on a computer that has an IP address of 193.77.134.1, and you use SAS1 to connect to the storage account, you [answer choice] A. will be prompted for credentials B. will have no access C. Will have read, write, and list access D. will have read-only access If on Sept 10, 2018, you run the net use command on a computer that has an IP address of 193.77.134.50, and you use SAS1 as the password to connect to share1, you [answer choice] A. will be prompted for credentials B. will have no access C. Will have read, write, and list access D. will have read-only access
BB Box 1: will have no access The IP 193.77.134.1 does not have access on the SAS, because it is not matching the SAS requirements. IP is out of range. Box 2: will have no access The SAS token is not supported in mounting Azure File share currently, it just supports the Azure storage account key. Since it is using "net use" where it uses SMB, the SMB (Server Message Broker) protocol does not support SAS. it still asks for username/password. Accordingly, it will give error wrong username/pass and will not provide access.
QUESTION 115 Hotspot Question You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1. You install and configure a web server and a DNS server on VM1. VM1 has the effective network security rules shown in the following exhibit. (see pdf) Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Internet users [answer choice] A. can connect to only the DNS server on VM1 B. can connect to only the web server on VM1 C. can connect to the web server and the DNS server on VM1 D. cannot connect to the web server and the DNS server on VM1 If you delete Rule2, Internet users [answer choice] A. can connect to only the DNS server on VM1 B. can connect to only the web server on VM1 C. can connect to the web server and the DNS server on VM1 D. cannot connect to the web server and the DNS server on VM1
BC Box 1: Rule2 blocks ports 50-60, which includes port 53, the DNS port. Internet users can reach to the Web server, since it uses port 80. Box 2: If Rule2 is removed internet users can reach the DNS server as well.
QUESTION 110 Drag and Drop Question You have an availability set named AS1 that contains three virtual machines named VM1, VM2, and VM3. You attempt to reconfigure VM1 to use a larger size. The operation fails and you receive an allocation failure message. You need to ensure that the resize operation succeeds. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. A. Start VM1, VM2, and VM3 B. Stop VM1, VM2, and VM3 C. Start VM2 and VM3 D. Resize VM1 E. Stop VM2 and VM3 F. Start VM1
BDA Not sure about this one
QUESTION 127 Drag and Drop Question You have two Azure virtual machines named VM1 and VM2. VM1 has a single data disk named Disk1. You need to attach Disk1 to VM2. The solution must minimize downtime for both virtual machines. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. A. Start VM2 B. Stop VM1 C. Start VM1 D. Detach Disk1 from VM1 E. Attach Disk1 to VM2 F. Stop VM2
BDCE Not sure about this one
QUESTION 102 Drag and Drop Question You have an on-premises file server named Server1 that runs Windows Server 2016. You have an Azure subscription that contains an Azure file share. You deploy an Azure File Sync Storage Sync Service, and you create a sync group. You need to synchronize files from Server1 to Azure. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. A. Create an Azure on-prem data gateway B. Install the Azure File Sync agent on Server1 C. Create a Recovery Services vault D. Register server1 E. Install the DFS Replication server role on Server1 F. Create a sync group and a cloud endpoint
BDF Step 1: Install the Azure File Sync agent on Server1. The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share. Step 2: Register Server1. Register Windows Server with Storage Sync Service. Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server and the Storage Sync Service. Step 3: Create a sync group and a cloud endpoint. A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.
QUESTION 140 You have an Azure subscription that contains a resource group named RG1. RG1 contains 100 virtual machines. Your company has three cost centers named Manufacturing, Sales, and Finance. You need to associate each virtual machine to a specific cost center. What should you do? A. Add an extension to the virtual machines. B. Modify the inventory settings of the virtual machine. C. Assign tags to the virtual machines. D. Configure locks for the virtual machine.
C
QUESTION 151 You have an Azure virtual machine named VM1 that you use for testing. VM1 is protected by Azure Backup. You delete VM1. You need to remove the backup data stored for VM1. What should you do first? A. Modify the backup policy. B. Delete the Recovery Services vault. C. Stop the backup. D. Delete the storage account.
C
QUESTION 191 You have an Azure Logic App named App1. App1 provides a response when an HTTP POST request or an HTTP GET request is received. During peak periods, App1 is expected to receive up to 200,000 requests in a five-minute period. You need to ensure that App1 can handle the expected load. What should you configure? A. Access control (IAM) B. API connections C. Workflow settings D. Access keys
C
QUESTION 193 You have an Azure App Service plan named AdatumASP1 that hosts several Azure web apps. You discover that the web apps respond slowly. You need to provide additional memory and CPU resources to each instance of the web app. What should you do? A. Scale out AdatumASP1. B. Add continuous WebJobs that use the multi-instance scale. C. Scale up AdatumASP1. D. Add a virtual machine scale set.
C
QUESTION 194 You have an Azure web app named App1 that streams video content to users. App1 is located in the East US Azure region. Users in North America stream the video content without any interruption. Users in Asia and Europe report that the video buffer often and do not play back smoothly. You need to recommend a solution to improve video streaming to the European and Asian users. What should you recommend? A. Scale out the App Service plan. B. Scale up the App Service plan. C. Configure an Azure Content Delivery Network (CDN) endpoint. D. Configure Azure File Sync.
C
QUESTION 117 Hotspot Question You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table. (see pdf) Subscription1 contains the virtual machines in the following table: (see pdf) The firewalls on all the virtual machines are configured to allow all ICMP traffic. You add the peerings in the following table. (see pdf) For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Statements VM1 can ping VM3 VM2 can ping VM3 VM2 can ping VM1 A. No No Yes B. Yes to all C. Yes No No D. No Yes No
C Not sure about this one
QUESTION 123 From the MFA Server blade, you open the Block/unblock users blade as shown in the exhibit. Block/unblock users A blocked user will not receive Multi-Factor Authentication requests. Authentication attempts for that user will be automatically denied. A user will remain blocked for 90 days from the time they are blocked. To manually unblock a user, click the "Unblock" action. (see pdf) What caused AlexW to be blocked? A. The user entered an incorrect PIN four times within 10 minutes. B. The user account password expired. C. An administrator manually blocked the user. D. The user reported a fraud alert when prompted for additional authentication.
C Not sure about this one
QUESTION 124 You have the Azure virtual networks shown in the following table. NAME---Address space---Subnet---Resource group Azure region VNet1---10.11.0.0/16---10.11.0.0/17---West US Vnet2---10.11.0.0/17---10.11.0.0/25---West US Vnet3---10.10.0.0/22---10.10.1.0/24---East US Vnet4---192.168.16.0/22---192.168.16.0/24---North Europe To which virtual networks can you establish a peering connection from VNet1? A. VNet2 and VNet3 only B. VNet2 only C. VNet3 and VNet4 only D. VNet2, VNet3, and VNet4
C VNet1 10.11.0.0/16 = 10.11.0.1 - 10.11.255.255 (overlap VNet2) VNet2 10.11.0.0/17 = 10.11.0.1 - 10.11.127.254 (overlap VNet1) VNet3 10.10.0.0/22 = 10.10.0.1 - 10.10.3.254 (no overlap) VNet4 192.168.16.0/22 = 192.168.16.1 - 192.168.19.254 (no overlap) Possible peerings are: VNet1 -> Vnet3 VNet1 -> Vnet4 If a virtual network has address ranges that overlap with another virtual network or on-premises network, the two networks can't be connected.
QUESTION 178 You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table. NAME---Azure Region---Policy RG1---West Europe---Policy1 RG2---North Europe---Policy2 RG3---France Central---POlicy3 RG1 has a web app named WebApp1. WebApp1 is located in West Europe. You move WebApp1 to RG2. What is the effect of the move? A. The App Service plan to WebApp1 moves to North Europe. Policy2 applies to WebApp1. B. The App Service plan to WebApp1 moves to North Europe. Policy1 applies to WebApp1. C. The App Service plan to WebApp1 remains to West Europe. Policy2 applies to WebApp1. D. The App Service plan to WebApp1 remains to West Europe. Policy1 applies to WebApp1.
C You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group and geographical region. The region in which your app runs is the region of the App Service plan it's in. However, you cannot change an App Service plan's region.
QUESTION 159 Hotspot Question You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit. (see pdf) Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. If Scale1 is utilized at 85 % for six minutes, Scale 1 will be running... A. 2 vms B. 4 vms C. 6 vms D. 10 vms E. 20 vms If Scale1 is first utilized at 25% for six minutes, and then utilized at 50 % for six minutes, Scale1 will be running... A. 2 vms B. 4 vms C. 6 vms D. 10 vms E. 20 vms
CA Box 1: 6 virtual machines The Autoscale scale out rule increases the number of VMs by 2 if the CPU threshold is 80% or higher. The initial instance count is 4 and rises to 6 when the 2 extra instances of VMs are added. Box 2: 2 virtual machnes The Autoscale scale in rule decreases the number of VMs by 4 if the CPU threshold is 30% or lower. The initial instance count is 4 and thus cannot be reduced to 0 as the minimum instances is set to 2. Instances are only added when the CPU threshold reaches 80%.
QUESTION 109 Hotspot Question You purchase a new Azure subscription named Subscription1. You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup. You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Location in which to store the backups: A. a blob container B. a file share C. a Recovery services Vault D. a storage account Object to use to configure the protection for VM1 A. a backup policy B. a batch job C. a batch schedule D. a recovery plan
CA Box 1: A Recovery Services vault You can set up a Recovery Services vault and configure backup for multiple Azure VMs. Box 2: A backup policy In Choose backup policy, do one of the following: ✑ Leave the default policy. This backs up the VM once a day at the time specified, and retains backups in the vault for 30 days. ✑ Select an existing backup policy if you have one. ✑ Create a new policy, and define the policy settings.
QUESTION 107 Hotspot Question You have an Azure subscription named Subscription1. You plan to deploy an Ubuntu Server virtual machine named VM1 to Subscription1. You need to perform a custom deployment of the virtual machine. A specific particular root certification authority (CA) must be added during the deployment. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. File to create: A. Answer.ini B. Autounattend.conf C. Cloud-init.txt D. Unattend.xml Tool to use to deploy the virtual machine: A. The az vm create command B. The Azure Portal C. The New-AzureRmVM cmdlet
CA Once Cloud-init.txt has been created, you can deploy the VM with az vm create cmdlet, using the --custom-data parameter to provide the full path to the cloud- init.txt file. The az vm create command. The az vm create command is the most flexible way to create an Azure virtual machine. It allows you to specify a wide range of options, including the trusted root CA.
QUESTION 129 Hotspot Question You have a virtual network named VNet1 that has the configuration shown in the following exhibit. (see pdf) Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Before a virtual machine on VNet1 can receive an IP addres from 192.168.1.0/24, you must first A. add a network interface B. add a subnet C. add an address space D. delete a subnet E. delete an address space Before a virtual machine on VNet1 can receive an IP addres from 10.2.1.0/24, you must first A. add a network interface B. add a subnet C. add an address space D. delete a subnet E. delete an address space
CB
QUESTION 160 Hotspot Question You have an Azure subscription. You need to implement a custom policy that meet the following requirements: * Ensures that each new resource group in the subscription has a tag named organization set to a value of Contoso. * Ensures that resource group can be created from the Azure portal. * Ensures that compliance reports in the Azure portal are accurate. How should you complete the policy? To answer, select the appropriate options in the answers area. (see pdf for policy context) [ANSWER CHOICE1] A. "Microsoft.Resources./deplopyments" B. "Microsoft.Resources./subscriptions" C. "Microsoft.Resources./subscriptions/resourceGroups" [ANSWER CHOICE2] A. "Append", B. "Deny", C. "DeployifNotExists",
CC
QUESTION 119 Hotspot Question You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table. NAME---TYPE RG1---Resource Group RG2---Resource Group VNet1---Virtual network VNet2---Virtual network VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and Vnet2. An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. M1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1. You need to move the custom application to Vnet2. The solution must minimize administrative effort. Which two actions should you perform? To answer, select the appropriate options in the answer area. First Action A. Create a network interface in RG2 B. Detach a network interface C. Delete VM1 D. Move a network interface to RG2 Second Action A. Attach a network interface B. Create a network interface in RG2 C. Create a new virtual machine D. Move VM1 to RG2
CC We cannot just move a virtual machine between networks. What we need to do is identify the disk used by the VM, delete the VM itself while retaining the disk, and recreate the VM in the target virtual network and then attach the original disk to it. Note: You can change the Subnet a VM is connected to after it's created, but you cannot change the VNet.
QUESTION 134 Hotspot Question You have an Azure subscription named Subscription1. You have a virtualization environment that contains the virtualization servers in the following table. (see pdf) The virtual machines are configured as shown in the following table. (see pdf) All the virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker). You plan to use Azure Site Recovery to migrate the virtual machines to Azure. Which virtual machines can you migrate? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Virtual machines that can be migrated from Server1: A. VM1 B. VM2 C. VM3 D. VM1 and VM2 only E. VM1 and VM3 only F. VM1, VM2, and VM3 Virtual machines that can be migrated from Server2: A. VMA only B. VMB only C. VMC only D. VMA and VMB only E. VMA and VMC only F. VMA and VMB and VMC
CD Not sure about this one
QUESTION 111 Drag and Drop Question You have an Azure subscription. The subscription includes a virtual network named VNet1. Currently, VNet1 does not contain any subnets. You plan to create subnets on VNet1 and to use application security groups to restrict the traffic between the subnets. You need to create the application security groups and to assign them to the subnets. Which four cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order. A. New-AzureRmVirtualNetwork B. New-AzureRmNetworkSecurityGroup C. New-AzureRmApplicationSecurityGroup D. New-AzureRmNetworkSecurityRuleConfig E. Add-AzureRmVirtualNetworkSubnetConfig
CDBE Not sure about this question
Question 104 Drag and Drop Question You have an Azure subscription named Subscription1. You create an Azure Storage account named contosostorage, and then you create a file share named data. Which UNC path should you include in a script that references files from the data file share? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Answer area \\ [VALUE] . [VALUE] \ [VALUE] Values A. blob B. blob.core.windows.net C. contosostorage D. data E. file F. file.core.windows.net G. portal.azure.com H. subscription1
CFD Box 1: contosostorage - The name of account - Box 2: file.core.windows.net - Box 3: data - The name of the file share is data.
QUESTION 121 You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? A. Idle Time-out (minutes) to 20 B. Floating IP (direct server return) to Disabled C. Floating IP (direct server return) to Enabled D. Session persistence to Client IP and protocol
D
QUESTION 192 You have a Basic App Service plan named ASP1 that hosts an Azure App Service named App1. You need to configure a custom domain and enable backups for App1. What should you do first? A. Configure a WebJob for App1. B. Scale up ASP1. C. Scale out ASP1. D. Configure the application settings for App1.
D
QUESTION 198 You have an Azure subscription named Subscription1 that contains two Azure virtual networks named VNet1 and VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1. On a computer named Client1 that runs Windows10, you configure a point-to-site VPN connection to VNet1. You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2. You need to ensure that you can connect Client1 to VNet2. What should you do? A. Select Allow gateway transit on VNet2. B. Enable BGP on VPNGW1. C. Select Allow gateway transit on VNet1. D. Download and re-install the VPN client configuration package on Client1.
D
QUESTION 143 You have an Azure subscription named Subscription1. You have 5 TB of data that you need to transfer to Subscription. You plan to use an Azure Import/Export job. What can you use as the destination of the imported data? A. Azure SQL Database B. Azure Data Factory C. A virtual machine D. Azure Blob storage
D Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter. The maximum size of an Azure Files Resource of a file share is 5 TB.
QUESTION 125 You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2. VM1 hosts a frontend application that connects to VM2 to retrieve data. Users report that the frontend application is slower than usual. You need to view the average round-trip time (RTT) of the packets from VM1 to VM2. Which Azure Network Watcher feature should you use? A. NSG flow logs B. Connection troubleshoot C. IP flow verify D. Connection monitor
D Connection monitor lets you know the round-trip time to make the connection, in milliseconds. Connection monitor probes the connection every 60 seconds, so you can monitor latency over time.
QUESTION 152 You have an Azure subscription. You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit. (see pdf) You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines. What should you modify on VM1? A. Integration Services B. the network adapters C. the memory D. the hard drive E. the processor
D The Virtual hard disk is VHDx, it should be formated to VHD before migration from on-premises to Azure. Azure supports only generation 1 VMs that are in the VHD file format and have a fixed sized disk. The maximum size allowed for the VHD is 1,023 GB. You can convert a generation 1 VM from the VHDX file system to VHD and from a dynamically expanding disk to fixed-sized.
QUESTION 112 Hotspot Question You have an Azure subscription named Subscription1. Subscription1 contains the virtual machines in the following table. (see pdf) Subscription1 contains a virtual network named VNet1 that has the subnets in the following table. (see pdf) VM3 has a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3. You create a route table named RT1. RT1 is associated to Subnet1 and Subnet2 and contains the routes in the following table. (see pdf) You apply RT1 to Subnet1. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Statements Network traffic from VM3 can reach VM1 If VM3 is turned off, network traffic from VM2 can reach VM1 Network traffic from VM1 can reach VM2 A. No Yes No B. Yes to all C. No to all D. Yes No Yes
D Y = RT is not applied to VM3. VM3 will have the default route between subnets in a vnet. N = VM2 > Subnet2 has RT applied to it. VM3 is the next hop which is turned off. Y = VM3 has has IP forwarding enabled which can fwd traffic from VM1 to VM2.
QUESTION 158 Hotspot Question You plan to deploy 20 Azure virtual machines by using an Azure Resource Manager template. The virtual machines will run the latest version of Windows Server 2016 Datacenter by using an Azure Marketplace image. You need to complete the storageProfile section of the template. How should you complete the storageProfile section? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. "storageProfile": { "imageReference": { "publisher": "MicrosoftWindowsServer", "offer": [ANSWER CHOICE] A. "2016-Datacenter", B. "WindowsClient", C. "Windows-Hub"' D. "WindowsServer", E. "WindowsServerEssentials", F. "WindowsServerSemiAnnual", "sku": [ANSWER CHOICE] "version": "latest" }, ... A. "2016-Datacenter", B. "WindowsClient", C. "Windows-Hub"' D. "WindowsServer", E. "WindowsServerEssentials", F. "WindowsServerSemiAnnual",
DA Not sure about this one
QUESTION 157 Hotspot Question You plan to create an Azure Storage account in the Azure region of East US 2. You need to create a storage account that meets the following requirements: - Replicates synchronously - Remains available if a single data center in the region fails How should you configure the storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Replication: A. Geo-redundant storage (GRS) B. Locally redundant storage (LRS) C. Read-access geo-redundant storage (RA GRS) D. Zone-redundant storage (ZRS) Account Kind A. Blob storage B. Storage (general purpose V1) C. StorageV2 (general purpose V2)
DC
QUESTION 103 Hotspot Question You plan to create an Azure Storage account in the Azure region of East US 2. You need to create a storage account that meets the following requirements: - Replicates synchronously - Remains available if a single data center in the region fails. How should you configure the storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Replication: A. Geo-redundant storage (GRS) B. Locally-redundant storage (LRS) C. Read-access geo-redundant storage (RA GRS) D. Zone-redundant storage (ZRS) Account kind: A. Blob storage B. Storage (general purpose v1) C. StorageV2 (general purpose v2)
DC Box 1: Zone-redundant storage (ZRS) Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region. LRS would not remain available if a data center in the region fails GRS and RA GRS use asynchronous replication. Box 2: StorageV2 (general purpose V2) ZRS only support GPv2.
QUESTION 105 Hotspot Question You have an Azure Storage accounts as shown in the following exhibit. (see pdf) Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. You can use [answer choice] for Azure Table Storage A. storageaccount1 only B. storageaccount2 only C. storageaccount3 only D. storageaccount1 and storageaccount2 only E. storageaccount2 and storageaccount3 only You can use [answer choice] for Azure Blob storage A. storageaccount3 B. storageaccount2 and storageaccount3 C. storageaccount1 and storageaccount2 D. all storage accounts
DD
QUESTION 132 Hotspot Question You have an Azure Migrate project that has the following assessment properties: Target location: East US Storage redundancy: Locally redundant. Comfort factor: 2.0 Performance history: 1 month Percentile utilization: 95th Pricing tier: Standard Offer: Pay as you go You discover the following two virtual machines: A virtual machine named VM1 that runs Windows Server 2016 and has 10 CPU cores at 20 percent utilization A virtual machine named VM2 that runs Windows Server 2012 and has four CPU cores at 50 percent utilization How many CPU cores will Azure Migrate recommend for each virtual machine? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. VM1: A. 1 B. 2 C. 3 D. 4 VM2: A. 1 B. 2 C. 3 D. 4
DD Not sure about this one
QUESTION 196 You have an Azure subscription. Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs. You have a line-of-business app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016. You need to ensure that the connections to App1 are spread across all the virtual machines. What are two possible Azure services that you can use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. a public load balancer B. Traffic Manager C. an Azure Content Delivery Network (CDN) D. an internal load balancer E. an Azure Application Gateway
DE D: The customer sites are connected through VPNs, so an internal load balancer is enough. E: Azure Application Gateway is a valid option, as it provides load balancing in addition to routing and security functions
QUESTION 128 Drag and Drop Question You have an Azure subscription that is used by four departments in your company. The subscription contains 10 resource groups. Each department uses resources in several resource groups. You need to send a report to the finance department. The report must detail the costs for each department. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. A. Assign a tag to each resource group B. Open the Resource costs blade of each resource group C. Download the usage report D. Assign a tag to each resource E. From the cost analysis blade, filter the view by tag
DEC Box 1: Assign a tag to each resource. You apply tags to your Azure resources giving metadata to logically organize them into a taxonomy. After you apply tags, you can retrieve all the resources in your subscription with that tag name and value. Each resource or resource group can have a maximum of 15 tag name/value pairs. Tags applied to the resource group are not inherited by the resources in that resource group. Box 2: From the Cost analysis blade, filter the view by tag After you get your services running, regularly check how much they're costing you. You can see the current spend and burn rate in Azure portal. 1. Visit the Subscriptions blade in Azure portal and select a subscription. You should see the cost breakdown and burn rate in the popup blade. 2. Click Cost analysis in the list to the left to see the cost breakdown by resource. Wait 24 hours after you add a service for the data to populate. 3. You can filter by different properties like tags, resource group, and timespan. Click Apply to confirm the filters and Download if you want to export the view to a Comma-Separated Values (.csv) file. Box 3: Download the usage report
QUESTION 130 Hotspot Question You have an Azure subscription named Subscrption1 that is associated to an Azure Active Directory (Azure AD) tenant named AAD1. (see pdf) You plan to create a single backup policy for Vault1. To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. You can create an Azure backup policy for: A. AAD1 only B. Account1 only C. RG1 only D. Share1 only E. AAD1 and Share1 only F. AAD1, Share1, and Account1 only G. AAD1, Share1, Account1, and RG1 In the backup policy that you create, you can configure the backups to be retained for up to: A. 7 days B. 31 days C. 90 days D. 120 days E. 365 days F. 99 years
DF Not sure about this one
QUESTION 174 You have an Azure Service Bus. You need to implement a Service Bus queue that guarantees first-in-first-out (FIFO) delivery of messages. What should you do? A. Set the Lock Duration setting to 10 seconds. B. Enable duplicate detection. C. Set the Max Size setting of the queue to 5 GB. D. Enable partitioning. E. Enable sessions.
E Not sure about this one
QUESTION 176 Hotspot Question Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com. Adatum.com contains the user accounts in the following table. (see pdf) Adatum.onmicrosoft.com contains the user accounts in the following table. (see pdf) You need to implement Azure AD Connect. The solution must follow the principle of least privilege. Which user accounts should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Adatum.com: A. User1 B. User2 C. User3 D. User4 E. User5 Adatum.onmicrosoft.com: A. UserA B. UserB C. UserC D. UserD
EA Not sure about this one
QUESTION 133 Hotspot Question You have an Azure subscription named Subscroption1. In Subscription1, you create an alert rule named Alert1. The Alert1 action group is configured as shown in the following exhibit. (see pdf) Alert1 alert criteria is triggered every minute. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. The number of email messages that Alert1 will send in an hour is [answer choice] A. 0 B. 4 C. 6 D. 12 E. 60 The number of SMS messages that ALert1 will send in an hour is [answer choice] A. 0 B. 4 C. 6 D. 12 E. 60
ED Box 1: 60 - One alert per minute will trigger one email per minute. Box 2: 12 - No more than 1 SMS every 5 minutes can be send, which equals 12 per hour. Note: Rate limiting is a suspension of notifications that occurs when too many are sent to a particular phone number, email address or device. Rate limiting ensures that alerts are manageable and actionable. The rate limit thresholds are: ✑ SMS: No more than 1 SMS every 5 minutes. ✑ Voice: No more than 1 Voice call every 5 minutes. ✑ Email: No more than 100 emails in an hour. ✑ Other actions are not rate limited.
QUESTION 108 Hotspot Question You have an Azure subscription named Subscription1. Subscription1 contains two Azure virtual machines named VM1 and VM2. VM1 and VM2 run Windows Server 2016. VM1 is backed up daily by Azure Backup without using the Azure Backup agent. VM1 is affected by ransomware that encrypts data. You need to restore the latest backup of VM1. To which location can you restore the backup? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. You can perform a file recovery of VM1 to: A. VM1 only B. VM2 only C. VM1 and VM2 only D. A new Azure virtual machine only E. Any Windows computer that has internet connectivity You can restore VM1 to: A. VM1 only B. VM2 only C. VM1 and VM2 only D. VM1 or a new Azure virtual machine only E. Any Windows computer that has internet connectivity
ED Box 1: Any Windows computer that has Internet connectivity For files recovery, you download and run a windows executable to map a network drive. It can only run when the OS meets the requirements. Any computer running Windows Server 2016 or Windows 10 is suitable. File recovery can be done from any machine on the Internet. Note: There might be compatibility issues with any Windows computer, so consider VM1 and VM2 only as an answer. Box 2: VM1 or a new Azure virtual machine only For restoring a VM, you can choose 'Create new' or 'Replace existing'.
QUESTION 118 Drag and Drop Question You have an Azure Active Directory (Azure AD) tenant that has the initial domain name. You have a domain name of contoso.com registered at a third-party registrar. You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com. Which three actions should you perform in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order. A. Configure company branding B. Add an Azure AD tenant C. Verify the domain D. Create an Azure DNS zone E. Add a custom domain name F. Add a record to the public contoso.com DNS zone
EFC
QUESTION 106 Drag and Drop Question You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs Windows Server 2016 and is part of an availability set. VM1 has virtual machine-level backup enabled. VM1 is deleted. You need to restore VM1 from the backup. VM1 must be part of the availability set. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. A. From the Restore configuration blade, set Restore type to Create Virtual Machine B. From the VM1 blade, edit the disk settings of the OS disk C. From the Restore configuration blade, set Restore type to Restore disks D. From the Recovery Services vault, deploy a template E. From the VM1 blade, add a disk F. From the Recovery Services vault, select a restore point for the VM
FCD Not sure about this one Step 1: From the Azure portal, click File Recovery from the vault Step 2. Select a restore point that contains the deleted files Step 3: Download and run the script to mount a drive on the local computer (LINUX!!!) Step 4. Copy the files by using AZCopy (yes, to blob storage and next to Windows 2016)
QUESTION 131 Drag and Drop Question You have an Azure Linux virtual machine that is protected by Azure Backup. One week ago, two files were deleted from the virtual machine. You need to restore the deleted files to an on-premises computer as quickly as possible. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. A. Mount a VHD B. Copy the files by using File Explorer C. Download and run a script D. Select a restore point E. Copy the files using AZCopy F. From the Azure portal, click Restore VM from the vault G. From the Azure portal, click File Recovery from the vault
GDCE Step 1: From the Azure portal, click File Recovery from the vault Step 2. Select a restore point that contains the deleted files Step 3: Download and run the script to mount a drive on the local computer (LINUX!!!) Step 4. Copy the files by using AZCopy (yes, to blob storage and next to Windows 2016)
