az-104-skillcertpro-questions

Ace your homework & exams now with Quizwiz!

A company currently has the following networks defined in AzureName Address space skillcertlab-vnet1 10.1.0.0/16 skillcertlab-vnet2 10.2.0.0/16 skillcertlab-vnet3 10.3.0.0/16 All virtual networks are hosting virtual machines with varying workloads. A virtual machine named "skillcertlab-detect" hosted in skillcertlab-vnet2. This virtual machine will have an intrusion detection software installed on it. All traffic on all virtual networks need to be routed via this virtual machine. You need to complete the required steps for implementing this requirement Which of the following needs to be enabled on the virtual machine "skillcertlab-detect"? A. Enable IP forwarding B. Enable the identity for the virtual machine C. Add an extension to the virtual machine D. Change the size of the virtual machine

A. Enable IP forwarding

"Your on-premises network contains an SMB share named Share1. You have an Azure subscription that contains the following resources: 1) A web app named webapp1 2)A virtual network named VNET1 3) You need to ensure that webapp1 can connect to Share1. 4) What should you deploy?

" "Azure Virtual Network Gateway. A Site-to-Site VPN gateway connection can be used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device, a VPN gateway, located on-premises that has an externally facing public IP address assigned to it.

" "Subscription1 contains an Azure virtual machine named VM1 that has the following configurations: -> Private IP address: 10.0.0.4 (dynamic) -> Network security group (NSG): NSG1 -> Public IP address: None -> Availability set: AVSet -> Subnet: 10.0.0.0/24 -> Managed disks: No Location: East US - You need to record all the successful and failed connection attempts to VM1. Which three actions should you perform? Enable Azure Network Watcher in the East US Azure region. Add an Azure Network Watcher connection monitor. Register the MicrosoftLogAnalytics provider. Create an Azure Storage account. Register the Microsoft.Insights resource provider. Enable Azure Network Watcher flow logs.

" "Enable Azure Network Watcher in the East US Azure region. Enable Azure Network Watcher in the East US Azure region.

" "You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named preparationlabs.com and an Azure Kubernetes Service (AKS) cluster named AKS1. An administrator reports that she is unable to grant access to AKS1 to the users in preparationlabs.com. You need to ensure that access to AKS1 can be granted to the preparationlabs.com users. What should you do first? From preparationlabs.com, modify the Organization relationships settings. From preparationlabs.com, create an OAuth 2.0 authorization endpoint. Recreate AKS1. From AKS1, create a namespace.

" "From preparationlabs.com, create an OAuth 2.0 authorization endpoint. In this regard, Kubernetes does not have objects which represent normal user accounts. Normal users cannot be added to a cluster through an API call. Kubernetes uses client certificates, bearer tokens, an authenticating proxy, or HTTP basic auth to authenticate API requests through authentication plugins.

"You plan to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template. what two resource are needed for the ResourceID for the Network Interface Card (NIC) depends on? Microsoft.Network/publicIPAddresses Microsoft.Network/virtualNetworks Microsoft.Network/virtualNetworks/subnets Microsoft.Network/networkInterfaces Microsoft.Storage/storageaccounts

" "Microsoft.Network/publicIPAddresses Microsoft.Network/virtualNetworks

" "You plan to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template. what two resource are needed for the ResourceID for the Virtual Machine(VM) depends on? Microsoft.Network/publicIPAddresses Microsoft.Network/virtualNetworks Microsoft.Network/virtualNetworks/subnets Microsoft.Network/networkInterfaces Microsoft.Storage/storageaccounts

" "Microsoft.Storage/storageaccounts Microsoft.Network/networkInterfaces

"You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VNet1 contains one subnet named Sunet1. Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool. You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data. What should you do? Resource to create: An Azure Event Grid Resource to create: An Azure Log Analytics workspace Resource to create: An Azure Storage account Resource on which you enable diagnostics: ILB1 Resource on which you enable diagnostics: NSG1 Resource on which you enable diagnostics: Azure Virtual Machines

" "Resource to create: An Azure Log Analytics workspace Resource on which you enable diagnostics: ILB1

" "VM1 is located in the East US region. You have added a premium SSD data disk to VM1, but the IOPS are not satisfying the needs of your application, how can you change the speed of the disk? Create a new disk and migrate the data Shut down (Deallocate) the VM Select the disk configuration and increase the size Export the disk and convert to VHD

" "Shut down (Deallocate) the VM Select the disk configuration and increase the size Premium disk performance increases based on the size of the disk, while standard disks have consistent performance for all disk sizes.

"You have an Azure Active Directory (Azure AD) tenant. You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal. Which three settings should you configure? Users and Groups Cloud Apps Conditions Grant Session

" "Users and Groups Cloud Apps Grant

" "You have an Azure subscription and an on-premises environment that is connected via ExpressRoute circuit. You have two additional branch offices that you need to connect to the network. You also have several remote employees that change locations frequently but still need access to Azure resources. What is the solution that will provide the quickest setup at the lowest cost? Point-to-Site VPN Site-to-Site VPN Virtual WAN Hub-and-Spoke Network Topology

" "Virtual WAN The Virtual WAN architecture is a hub and spoke architecture for branches and users.

"You plan to use the Azure Import/Export service to copy files to a storage account. Which two files should you create before you prepare the drives for the import job? an XML manifest file a dataset CSV file a JSON configuration file a PowerShell PS1 file a driveset CSV file

" "a dataset CSV file a driveset CSV file While preparing drives for the import job, first we need to generate a journal file. The journal file stores basic information such as drive serial number, encryption key, and storage account details.

"ou have an Azure subscription. Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs. You have a line-of-business-app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016. You need to ensure that the connections to App1 are spread across all the virtual machines. What are two possible Azure services that you can use? an internal load balancer a public load balancer an Azure Content Delivery Network (CDN) Traffic Manager an Azure Application Gateway

" "an internal load balancer an Azure Application Gateway

" "You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The virtual machines will host a web app named App1. You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable. What should you deploy? all three virtual machines in a single Availability Zone all virtual machines in a single Availability Set each virtual machine in a separate Availability Zone each virtual machine in a separate Availability Set

" "each virtual machine in a separate Availability Zone An Availability Zone is a high-availability offering that protects your applications and data from datacenter failures. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there's a minimum of three separate zones in all enabled regions.

"You have an on-premises virtual machine named VM1. You need to ensure that you can use the vhdx disks attached to VM1 as a template for Azure virtual machines. What should you modify on VM1? the memory the network adapters the hard drive the processor Integration Services

" "the hard drive Before you upload a Windows virtual machine (VM) from on-premises to Azure, you must prepare the virtual hard disk (VHD or VHDX).

"You have an Azure virtual machine named VM1 that runs Windows Server 2019. You sign in to VM1 as a user named User1 and perform the following actions: Create files on drive C. Create files on drive D. Modify the screen saver timeout. Change the desktop background. You plan to redeploy VM1. Which changes will be lost after you redeploy VM1? the modified screen saver timeout the new desktop background the new files on drive D the new files on drive C

" "the new files on drive D On Windows VMs the temporary disk is D: by default.

" "Your company has three offices. The offices are located in Miami, Los Angeles, and New York. Each office contains datacenter. You have an Azure subscription that contains resources in the East US and West US Azure regions. Each region contains a virtual network. The virtual networks are peered. You need to connect the datacenters to the subscription. The solution must minimize network latency between the datacenters. What should you create? three Azure Application Gateways and one On-premises data gateway two virtual hubs and one virtual WAN three virtual WANs and one virtual hub three On-premises data gateways and one Azure Application Gateway

" "two virtual hubs and one virtual WAN A virtual hub is a Microsoft-managed virtual network. The hub contains various service endpoints to enable connectivity. From your on-premises network (vpnsite), you can connect to a VPN Gateway inside the virtual hub, connect ExpressRoute circuits to a virtual hub, or even connect mobile users to a Point-to-site gateway in the virtual hub.

" "How many times does Locally redundant storage (LRS) copy your data synchronously? 1 2 3 4

" 3

"Rate limiting for Voice, SMS, emails, Azure App push notifications and webhook posts what is the rate limit for Email messages per hour? 1) 120 2) 60 3) 80 4) 100

" 4) 100

"Rate limiting for Voice, SMS, emails, Azure App push notifications and webhook posts what is the rate limit for SMS messages per hour? 1) 60 2) 30 3) 6 4) 12

" 4) 12

"Rate limiting for Voice, SMS, emails, Azure App push notifications and webhook posts what is the rate limit for Voice messages per hour? 1) 60 2) 30 3) 6 4) 12

" 4) 12

"You have an Azure subscription that contains a user named User1. You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege. Which role-based access control (RBAC) role should you assign to User1? Virtual Machine Contributor Contributor Virtual Machine Administrator Login

" Contributor

" "You need to deploy an Azure virtual machine scale set that contains five instances as quickly as possible. What should you do? Deploy five virtual machines. Modify the Availability Zones settings for each virtual machine. Deploy five virtual machines. Modify the Size setting for each virtual machine. Deploy one virtual machine scale set that is set to VM (virtual machines) orchestration mode. Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode.

" Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode.

" "You have an Azure subscription named Subscription1 and an on-premises deployment of Microsoft System Center Service Manager. Subscription1 contains a virtual machine named VM1. You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent. What should you do first? Create an automation runbook Deploy a function app Deploy the IT Service Management Connector (ITSM) Create a notification

" Deploy the IT Service Management Connector (ITSM)

" "You recently created a new Azure subscription that contains a user named Admin1. Admin1 attempts to deploy an Azure Marketplace resource by using an Azure Resource Manager template. Admin1 deploys the template by using Azure PowerShell and receives the following error message: "User failed validation to purchase resources. Error message: "Legal terms have not been accepted for this item on this subscription. To accept legal terms, please go to the Azure portal (http://go.microsoft.com/fwlink/?LinkId=534873) and configure programmatic deployment for the Marketplace item or create it there for the first time." You need to ensure that Admin1 can deploy the Marketplace resource successfully. What should you do? From Azure PowerShell, run the Set-AzApiManagementSubscription cmdlet From the Azure portal, register the Microsoft.Marketplace resource provider From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet From the Azure portal, assign the Billing administrator role to Admin1

" From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet

" "You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines. You need to delete the Recovery Services vault. What should you do first? From the Recovery Service vault, delete the backup data. Modify the disaster recovery properties of each virtual machine. Modify the locks of each virtual machine. From the Recovery Service vault, stop the backup of each backup item.

" From the Recovery Service vault, stop the backup of each backup item.

"You have an Azure virtual machine named VM1 that runs Windows Server 2016. You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour. Solution: You create an event subscription on VM1. You create an alert in Azure Monitor and specify VM1 as the source Does this meet the goal?

" No

You have an Azure subscription that contains a resource group named TestRG. You use TestRG to validate an Azure deployment. TestRG contains the following resources: You need to delete TestRG. What should you do first? 1) Modify the backup configurations of VM1 and modify the resource lock type of VNET1 2) Remove the resource lock from VNET1 and delete all data in Vault1 3) Turn off VM1 and remove the resource lock from VNET1 4) Turn off VM1 and delete all data in Vault1

2) Remove the resource lock from VNET1 and delete all data in Vault1 ou can't delete a vault that contains backup data. You must remove the delete locks before trying to delete a resource group.

You have an Azure Storage account named storage-01 that uses Azure File storage. You need to use AzCopy to copy data to the file storage in storage-01.Which authentication method should you use for file storage? 1) Azure Active Directory (Azure AD) only 2) Shared Access Signatures (SAS) only 3) Access keys and Shared Access Signatures (SAS) only 4) Azure Active Directory (Azure AD) and Shared Access Signatures (SAS) only 5) Azure Active Directory (Azure AD), access keys and Shared Access Signatures (SAS)

2) Shared Access Signatures (SAS) only

You have an Azure subscription named New-Subscription. New-Subscription contains two Azure virtual machines VM-01 and VM-02. VM-01 and VM-02 run Windows Server 2016. VM-01 is backed up daily by Azure Backup without using the Azure Backup agent.VM-01 data has been compromised by a Ransomware attack, that encrypted all the data. VM-01 is not working, you need to restore the latest backup of VM-01.To which location can you restore the backup?You can perform a file recovery of VM-01 to .......... .Please select the answer that completes the statement correctly. 1) VM-01 only 2) VM-02 only 3) VM-01 or a new Azure virtual machine only 4) VM-01 and VM-02 5) A new Azure virtual machine only 6) Any Windows computer that has Internet connectivity

2) VM-02 only

You have a public load balancer that balances ports 80 and 443 across three virtual machines. You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only. What should you configure? 1) a new public load balancer for VM3 2) an inbound NAT rule 3) a frontend IP configuration 4)a load balancing rule,

2) an inbound NAT rule. Port forwarding lets you connect to virtual machines (VMs) in an Azure virtual network by using an Azure Load Balancer public IP address and port number. To set up port forwarding on an Azure Load Balancer, you must create inbound NAT port-forwarding rules.

You need to create an Azure virtual machine named VM1 that requires a static private IP address configured inside the IP address space for the VNet in which the VM resides. How do you configure a static IP address for this Azure VM? 1) After the VM has been created, create a new network interface and configure a static IP address for that network interface 2) When creating a VM in the portal, select New next to private ip address and choose static after assigning the correct IP address 3) When creating the VM in the portal, change the setting from dynamic to static on the networking tab under private IP address 4) After the VM has been created, go to the network interface attached to the VM and change the IP configuration to static assignment

4) After the VM has been created, go to the network interface attached to the VM and change the IP configuration to static assignment

You have an Azure Storage account named storage-01 that uses Azure Blob storage. You need to use AzCopy to copy data to blob storage, in storage account storage-01.Which authentication method should you use for blob storage? 1) Azure Active Directory (Azure AD) only 2) Shared Access Signatures (SAS) only 3) Access Keys and Shared Access Signatures (SAS) only 4) Azure Active Directory (Azure AD) and Shared Access Signatures (SAS) only 5) Azure Active Directory (Azure AD), access keys and Shared Access Signatures (SAS)

4) Azure Active Directory (Azure AD) and Shared Access Signatures (SAS) only

You have a .NET Core application running in Azure App Services. You are expecting a huge influx of traffic to your application in the coming days. When your application experiences this spike in traffic, you want to detect any anomalies such as request errors or failed queries immediately. What service can you use to assure that you know about these types of errors related to your .NET application immediately? 1) Application Insights Search 2) Log analytics workspace 3) Client-side monitoring 4) Live Metrics Stream in Application Insights

4) Live Metrics Stream in Application Insights

A company has deployed the following Azure Load Balancer resources to their Azure subscriptionName SKUskillcertlabload1 Basicskillcertlabload2 StandardThe load balancers would need to load balance requests across six virtual machines.Each load balancer would have to load balance requests across three virtual machines.Which of the following has to be implemented to ensure skillcertlabload2 can load balance requests across the three virtual machines? A. Ensure the virtual machines are running the same operating system B. Ensure the virtual machines are created in the same resource group C. Ensure the virtual machines are created in the same virtual network D. Ensure the virtual machines are created in the same availability set or virtual machine scale set

C. Ensure the virtual machines are created in the same virtual network

A company has the following set of Virtual Machines defined in the Azure accountName Regionskillcertlabs-vm1 East USskillcertlabs-vm2 Central USThe company wants to move skillcertlabs-vm1 to another subscription. Which of the following can be implemented to fulfill this requirement? A. Move the Virtual Machine to the Central US region first B. You cannot move the Virtual Machine across subscriptions. You would need to delete and recreate the VM in the new subscription C. Use the Move-AzResource powershell command to move the Virtual Machine D. Use the Move-VMResource powershell command to move the Virtual Machine

C. Use the Move-AzResource powershell command to move the Virtual Machine

skillcertlabapp1 - Be able to see if users are progressing through the entire business process for the application skillcertlabapp2 - Here one should be able to analyse the load times and other properties that could influence conversion rates for the application skillcertlabapp3 - Here one should be able to analyse how many users return to the application skillcertlabapp4 - Here one should be able to see the places where users repeat the same action over and over again Which of the following feature of Application Insights could be used for the application skillcertlabapp4? A. Impact B. Retention C. User Flows D. Funnels

C. User Flows

You have an Azure subscription that contains an Azure Storage account. You need to create an Azure container instance that will use a Docker image. The image contains a Microsoft SQL Server instance that requires persistent storage.You need to configure a storage service for your container. What Azure service should you use? 1) Azure Files 2) Azure Blob Storage 3) Azure Queue Storage 4) Azure Table Storage

1) Azure Files

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute. You plan to prepare the environment for automatic failover in case of ExpressRoute failure.You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.Which three actions should you perform? Each correct answer presents part of the solution. 1) Create a connection 2) Create a local site VPN gateway 3) Create a VPN gateway that uses the VpnGw1 SKU 4) Create a gateway subnet 5) Create a VPN gateway that uses the Basic SKU

1) Create a connection 2) Create a local site VPN gateway 3) Create a VPN gateway that uses the VpnGw1 SKU

You have a general purpose v1 storage account named storageaccount1 that has a private container named container1. You need to allow read access to the data inside container1, but only within a 14 day window. How do you accomplish this? 1) Create a stored access policy 2) Create a service SAS 3) Create a shared access signatures 4) Upgrade the storage account to general purpose v2

1) Create a stored access policy 3) Create a shared access signatures A Stored Access Policy allows granular control over a single storage container using a Shared Access Signature (SAS).

You have an Azure subscription that contains an Azure file share. You have an on-premises server named Server1 that runs Windows Server 2016. You plan to set up Azure File Sync between Server1 and the Azure file share.You need to prepare the subscription for the planned Azure File Sync.Which two actions should you perform to configure Azure File Sync? (Select two) 1) First Action - Create a Storage Sync Service 2) First Action - Install Azure File Sync Agent 3) First Action - Create a sync group 4) First Action - Run Server Registration 5) Second Action - Create a Storage Sync Service 6) Second Action - Install Azure File Sync Agent

1) First Action - Create a Storage Sync Service 2) Second Action - Install Azure File Sync Agent

How many times does Locally redundant storage (LRS).LRS copy data for a single physical location? 1) 1 2) 2 3) 3 4) 4

3) 3

You purchase a new Azure subscription named Subscription1.You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days.What should you do? 1) Location in which to store the backups: A blob container 2) Location in which to store the backups: A fileshare 3) Location in which to store the backups: A Recovery services vault 4) Location in which to store the backups: A storage account 5) Object to use to configure the protection for VM1: A backup policy 6) Object to use to configure the protection for VM1: A batch schedule

3) Location in which to store the backups: A Recovery services vault 5) Object to use to configure the protection for VM1: A backup policy

You have an Azure subscription named Subscription-Prod that contains a resource group named RG-01.In RG-01, you create an internal load balancer named LB-01. You need to ensure that an administrator named Admin-01 can manage LB-01 and is allowed to add a backend pool to LB-01. The solution must follow the principle of least privilege.Which role should you assign to Admin-01 ? 1) Contributor on LB-01 2) Network Contributor on LB-01 3) Network Contributor on RG-01 4) Owner on LB-01

3) Network Contributor on RG-01

A company is planning on using the Azure Import/Export service to move data out of their Azure Storage account. Which of the following service could be used when defining the Azure Export job? A. BLOB storage B. File storage C. Queue storage D. Table storage

A. BLOB storage

az group create --name whizlab-rg --location "central US" az group **SLOT 1** create \ --name whizlabdeployment \ --resource-group whizlab-rg \ **SLOT 2** whizlabvm.json what goes in SLOT 1? A. template B. deployment C. resource D. vm

B. deployment

A team is currently making use of an Azure storage account as shown belowA file named audio.log has been uploaded to a container called demo.Which of the following is a valid URL which could be used to access the file? A. https://skillcertlabstore/demo/audio.log B. https://skillcertlabstore.blob.core.windows.net/audio.log C. https://skillcertlabstore.blob.core.windows.net/demo/audio.log D. https://skillcertlabstore/audio.log

C. https://skillcertlabstore.blob.core.windows.net/demo/audio.log

" You have an Azure subscription named Subscription1 that contains two Azure virtual networks named VNet1 and VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1. On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1. You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2. You need to ensure that you can connect Client1 to VNet2. What should you do?

Download and re-install the VPN client configuration package on Client1.

You have an Azure Linux virtual machine that is protected by Azure Backup. One week ago, two files were deleted from the virtual machine. You need to restore the deleted files to an on-premises computer as quickly as possible. Which four actions would you perform for this requirement? A. Mount a VHD B. Copy the files by using File Explorer C. Download and run a script D. Select a restore point E. Copy the files by using AZCopy F. From the Azure portal, click File Recovery from the vault

E. Copy the files by using AZCopy

A Read-Only Lock on a Resource Group prevents movement of a resource to that Resource Group? True / False

False, a Read Only lock prevents deletion and modification but does not restrict movement to the resource

" You have an Azure subscription named Subscription1 that contains a resource group named RG1. In RG1, you create an internal load balancer named LB1 and a public load balancer named LB2. You need to ensure that an administrator named Admin1 can manage LB1 and LB2. The solution must follow the principle of least privilege. Which role should you assign to Admin1 to add a health probe to LB2?

Network Contributor on RG1. The load balancer is of type Microsoft.Network/loadBalancers. The network contributor role allows you to manage networks. A network contributor can create and managed networks (Microsoft.Network/*). Therefore, adding Admin1 as Network Contributor on resource group will suffice the requirement.

When a device is joined to Azure AD, is the Cloud device administrator is added as a local administrator? True/False

True

When a device is joined to Azure AD, is the user who joins the computer to the domain added as a local administrator? True/False

True

"VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and VNet2. An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1. You need to move the custom application to VNet2. The solution must minimize administrative effort. Which two actions should you perform? Detach VM1 network interface Attach a new network interface Move network interface to RG2 Move VM1 to RG2 Delete VM1 Create a new virtual machine in VNet2

" "1. Detach VM1 network interface 2. Create a new virtual machine in VNet2

" "You plan to create an Azure Web App in the East US region. You need to ensure that this web app scales out with demand, to prevent downtime. You also need to ensure that the data that resides inside of the application will remain secure and never become exposed to anyone outside of the organization. Which App Service plan SKU will you chose that will meet these requirements and also save on cost? B1 Shared I1 FREE

" "1I The I1 SKU allows your app to run on dedicated hardware, and also provides network isolation on top of compute isolation to protect your app.

" "You have 10 Azure virtual machines on a subnet named Subnet1. Subnet1 is on a virtual network named VNet1. You plan to deploy a public Azure Standard Load Balancer named LB1 to the same Azure region as the 10 virtual machines. You need to ensure that traffic from all the virtual machines to the internet flows through LB1. The solution must prevent the virtual machines from being accessible on the internet. Which three actions should you perform? Each correct answer presents part of the solution. Add health probes to LB1. Add the network interfaces of the virtual machines to the backend pool of LB1. Add an inbound rule to LB1. Add an outbound rule to LB1. Associate a network security group (NSG) to Subnet1. Associate a user-defined route to Subnet1.

" "Add the network interfaces of the virtual machines to the backend pool of LB1. Add an outbound rule to LB1. Associate a network security group (NSG) to Subnet1.

"You have several servers running a microservice, and you want to make sure that all the servers have connectivity to each other. You need to calculate network performance metrics like packet loss and link latency. Which two Azure resources do you need to meet this requirement? Azure Traffic Manager Azure Monitor Network Performance Monitor Log Analytics Workspace

" "Azure Monitor Log Analytics Workspace

" "You have an Azure virtual machine named VM1 that runs Windows Server 2016. You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour. Solution: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source. Does this meet the goal?

" Yes

" "You need to create an Azure Storage account that meets the following requirements: Minimizes costs Supports hot, cool, and archive blob tiers Provides fault tolerance if a disaster affects the Azure region where the account resides How should you complete the command? az storage account create -n storageaccount1 -g RG1 --kind BlobStorage --sku Standard_GRS az storage account create -n storageaccount1 -g RG1 --kind Storage --sku Standard_GRS az storage account create -n storageaccount1 -g RG1 --kind StorageV2 --sku Standard_GRS az storage account create -n storageaccount1 -g RG1 --kind StorageV2 --sku Standard_LRS az storage account create -n storageaccount1 -g RG1 --kind StorageV2 --sku Standard_GAGRS

" az storage account create -n storageaccount1 -g RG1 --kind StorageV2 --sku Standard_GRS

"You have an Azure virtual machine named VM1 that runs Windows Server 2019. You save VM1 as a template named Template1 to the Azure Resource Manager library. You plan to deploy a virtual machine named VM2 from Template1. What can you configure during the deployment of VM2? operating system administrator username virtual machine size resource group

" resource group

" You have an Azure web app named webapp1. Users report that they often experience HTTP 500 errors when they connect to webapp1. You need to provide the developers of webapp1 with real-time access to the connection errors. The solution must provide all the connection error details. What should you do first?

"From webapp1, enable Web server logging. Web server logging - Raw HTTP request data in the W3C extended log file format. Each log message includes data such as the HTTP method, resource URI, client IP, client port, user agent, response code, and so on.

You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.VM1 runs services that will be used to deploy resources to RG1.You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.What should you do first? 1)From the Azure portal, modify the Managed Identity settings of VM1 2) From the Azure portal, modify the Access control (IAM) settings of RG1 3) From the Azure portal, modify the Access control (IAM) settings of VM1 4) From the Azure portal, modify the Policies settings of RG1

1)From the Azure portal, modify the Managed Identity settings of VM1 First step is to enable managed identity on the VM. Managed identities for Azure resources provides Azure services with an automatically managed identity in Azure Active Directory.

You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs a financial reporting app named App1 that does not support multiple active instances. At the end of each month, CPU usage for VM1 peaks when App1 runs.You need to create a scheduled runbook to increase the processor performance of VM1 at the end of each month.What task should you include in the runbook? 1) Add the Azure Performance Diagnostics agent to VM1. 2) Modify the VM size property of VM1. 3) Add VM1 to a scale set. 4) Increase the vCPU quota for the subscription. 5) Add a Desired State Configuration (DSC) extension to VM1.

2) Modify the VM size property of VM1.

A company currently has the following networks defined in AzureName Address space skillcertlab-vnet1 10.1.0.0/16 skillcertlab-vnet2 10.2.0.0/16 skillcertlab-vnet3 10.3.0.0/16 All virtual networks are hosting virtual machines with varying workloads. A virtual machine named "skillcertlab-detect" hosted in skillcertlab-vnet2. This virtual machine will have an intrusion detection software installed on it. All traffic on all virtual networks need to be routed via this virtual machine. You need to complete the required steps for implementing this requirement Which of the following would you need to create additional to ensure traffic is sent via the virtual machine hosting the intrusion software? A. A new route table B. Add an address space C. Add DNS servers D. Add a service endpoint

A. A new route table

Your company has an Azure account and an Azure subscription. They have created a Virtual Network named skillcertlabs-net. The following users have been setupUser Roleskillcertlabs-usr1 Ownerskillcertlabs-usr2 Security adminskillcertlabs-usr3 Network ContributorWhich of the following users would be able to add the Reader role access for a user to the Virtual Network? A. skillcertlabs-usr1 only B. skillcertlabs-usr2 only C. skillcertlabs-usr3 only D. skillcertlabs-usr1 and skillcertlabs-usr2 only E. skillcertlabs-usr1 and skillcertlabs-usr3 only F. skillcertlabs-usr2 and skillcertlabs-usr3 only

A. skillcertlabs-usr1 only The Network Contributor does not have access to assign roles.

A company is planning on deploying an application to a set of Virtual Machines in an Azure network. The company needs to have an SLA of 99.99% for the application hosted on the Virtual machines. Which of the following should be implemented to guarantee an SLA of 99.99% on the infrastructure level? A. Make the virtual machines part of an availability set B. Deploy the virtual machines across availability zones C. Assign a standard public IP address to the virtual machines D. Deploy single virtual machines across multiple regions

B. Deploy the virtual machines across availability zones You can achieve 99.99% SLA on the infrastructure level for your virtual machines by deploying them across availability zones.

You have an Azure subscription named skillcertlabstaging. Under the subscription, you go ahead and create a resource group named skillcertlabs-rg.You then go ahead and create an Azure policy based on the "Not allowed resources types" definition. Here you define the parameters as Microsoft.Network.virtualNetworks as the not allowed resource type. You assign this policy to the Tenant Root Group.Would you be able to create a virtual machine in the skillcertlabs-rg resource group? A. Yes B. No

B. No

You need to deploy two Azure virtual machines named VM1 and VM2 based on the Windows server 2016. The deployment must meet the following requirements: Provide a Service Level Agreement (SLA) of 99.95 percent availability. Use managed disks You propose a solution to create a scale set for the requirement. Would the solution meet the goal? A. Yes B. No

B. No Scale sets are used to scale the Virtual machines based on load. But here to achieve the desired level of availability, you also need to use an Availability set.

A company has the following resources defined in AzureA Virtual Network named skillcertpro-net which connects to an on-premise network using a site-to-site VPNThe Virtual Network contains a subnet named SubnetAThe subnet is associated with a network security group named skillcertpro-nsgThe subnet contains a basic internal load balancer named skillcertprolgThe Load balancer has three Azure virtual machines in the backend poolThe company has the requirement to collect data about the IP addresses that connects to the Load balancer. The company also wants their data team to run interactive queries from the Azure portal against the collected dataOn which of the following resources would you need to enable diagnostics? A. The Load Balancer B. The Network Security Group C. The Azure Virtual Machines D. None of the above

B. The Network Security Group

az group create --name whizlab-rg --location "central US" az group **SLOT 1** create \ --name whizlabdeployment \ --resource-group whizlab-rg \ **SLOT 2** whizlabvm.json what goes in SLOT 2? A. --template B. --template-uri C. --template-file D. --template-resource

C. --template-file

A company has deployed the following Azure Load Balancer resources to their Azure subscriptionName SKUskillcertlabload1 Basicskillcertlabload2 StandardThe load balancers would need to load balance requests across six virtual machines.Each load balancer would have to load balance requests across three virtual machines.Which of the following has to be implemented to ensure skillcertlabload1 can load balance requests across the three virtual machines? A. Ensure the virtual machines are running the same operating system B. Ensure the virtual machines are created in the same resource group C. Ensure the virtual machines are created in the same virtual network D. Ensure the virtual machines are created in the same availability set or virtual machine scale set

D. Ensure the virtual machines are created in the same availability set or virtual machine scale set Basic is limited to availability set or scale set standard is limted to the entire VNET

skillcertlabapp1 - Be able to see if users are progressing through the entire business process for the application skillcertlabapp2 - Here one should be able to analyse the load times and other properties that could influence conversion rates for the application skillcertlabapp3 - Here one should be able to analyse how many users return to the application skillcertlabapp4 - Here one should be able to see the places where users repeat the same action over and over again Which of the following feature of Application Insights could be used for the application skillcertlabapp1? A. Impact B. Retention C. User Flows D. Funnels

D. Funnels

A company has the following storage accounts in place as part of their Azure subscription Name Storage Account Typeskillcertlabstore1 General Purpose V1skillcertlabstore2 General Purpose V2skillcertlabstore3 Blob Storage Which of the following storage account/accounts could be used to store objects as part of the Archive tier? A. skillcertlabstore1 only B. skillcertlabstore2 only C. skillcertlabstore3 only D. skillcertlabstore1 and skillcertlabstore2 only E. skillcertlabstore1 and skillcertlabstore3 only

F. skillcertlabstore2 and skillcertlabstore3 only

VNET1 is in RG1. VNET2 is in RG2. There is no connectivity between VNET1 and VNET2. An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNET1. Admin1 then installs a custom application in VM1.You need to move the custom application to VNET2. The solution must minimize administrative effort.Which two actions should you perform? (SELECT TWO) First action: Create a network interface in RG2 First action: Detach a network interface First action: Delete VM1 First action: Move a network interface to RG2 Second action: Attach a network interface Second action: Create a new virtual machine

First action: Delete VM1 Second action: Create a new virtual machine We cannot just move a virtual machine between networks. What we need to do is identify the disk used by VM1, delete the VM1 itself while retaining the disk, and recreate the VM in the target virtual network - VNET2 and then attach the original disk to it.


Related study sets

Business Law Chapter 38: Antitrust Law and Promoting Competition

View Set

Combo with "Infectious" and 13 others

View Set

Intro to Dance Final Exam Review

View Set

Just studying for Anesthesia (from handouts)

View Set

VNSG1423 MODULE2: with ASSIGNMENT for Y's

View Set

B&G Chapter 6 Practice Questions

View Set

The Safe & Effective Care Environment: The Management of Care Practice Questions

View Set

Musculoskeletal modalities Prep U

View Set

International Business Chapter 6 (Trade Protectionism)

View Set