AZ 304
A company named Contoso Ltd., has a single-domain Active Directory forest named contoso.com. Contoso is preparing to migrate all workloads to Azure. Contoso wants users to use single sign-on (SSO)when they access cloud-based services that integrate with Azure Active Directory (Azure AD).You need to identify any objects in Active Directory that will fail to synchronize to Azure AD due to formatting issues. The solution must minimize costs. What should you include in the solution? A. Azure AD Connect Health B. Microsoft Office 365 IdFix C. Azure Advisor D. Password Export Server version 3.1 (PES v3.1) in Active Directory Migration Tool (ADMT)
B
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity. Several VMs are exhibiting network connectivity issues. You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs. Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic. Does the solution meet the goal? A. Yes B. No
A
Your company, named Contoso, Ltd, implements several Azure logic apps that have HTTP triggers: The logic apps provide access to an on-premises web service. Contoso establishes a partnership with another company named Fabrikam, Inc. Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth2.0 identity management to authenticate its users. Developers at Fabrikam plan to use a subset of the logics apps to build applications that will integrate with the on-premises web service of Contoso. You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements: - Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso. - The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logicapps. - The solution must NOT require changes to the logic apps. - The solution must NOT use Azure AD guest accounts. What should you include in the solution? A. Azure AD business-to-business (B2B) B. Azure Front Door C. Azure API Management D. Azure AD Application Proxy
C
Your company has several Azure subscriptions that are part of a Microsoft Enterprise Agreement. The company's compliance team creates automatic alerts by using Azure Monitor. You need to recommend a solution to apply the alerts automatically when new subscriptions are added to the Enterprise Agreement. What should you include in the recommendation? A. Azure Automation runbooks B. Azure Log Analytics alerts C. Azure Monitor action groups D. Azure Resource Manager templates E. Azure Policy
E
You are developing a sales application that will contain several Azure cloud services and will handle different components of a transaction. Different cloud services will process customer orders, billing, payment, inventory, and shipping. You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using REST messages. What should you include in the recommendation? A. Azure Service Bus B. Azure Blob storage C. Azure Notification Hubs D. Azure Application Gateway
A
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts. You discover several login attempts to the Azure portal from countries where administrative users do NOT work. You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA). Solution: Implement Azure AD Privileged Identity Management. Does this solution meet the goal? A. Yes B. No
A
You plan to store data in Azure Blob storage for many years. The stored data will be accessed rarely. You need to ensure that the data in Blob storage is always available for immediate access. The solution must minimize storage costs. Which storage tier should you use? A. Cool B. Archive C. Hot
A
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment. Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network. You need to enable single sign-on (SSO) for company users. Solution: Install and configure an Azure AD Connect server to use password hash synchronization and select the Enable single sign-on option. Does the solution meet the goal? A. Yes B. No
A
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM). Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant. The company is developing an application named Application1. Application1 will be hosted in Azure by using10 virtual machines that run Windows Server 2016. Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks. You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption(BitLocker). Solution: - Deploy one Azure Key Vault to each region - Export two security keys from the on-premises HSM - Import the security keys from the HSM into each Azure Key Vault - Create two Azure AD service principals - Configure the virtual machines to use Azure Disk Encryption - Specify a different service principal for the virtual machines in each region Does this meet the goal? A. Yes B. No
A
Your network contains an on-premises Active Directory forest. You discover that when users change jobs within your company, the membership of the user groups are not being updated. As a result, the users can access resources that are no longer relevant to their job. You plan to integrate Active Directory and Azure Active Directory (Azure AD) by using Azure AD Connect. You need to recommend a solution to ensure that group owners are emailed monthly about the group memberships they manage. What should you include in the recommendation? A. Azure AD access reviews B. Tenant Restrictions C. Azure AD Identity Protection D. conditional access policies
A
You are designing a large Azure environment that will contain many subscriptions. You plan to use Azure Policy as part of a governance solution. To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution. A. management groups B. subscriptions C. Azure Active Directory (Azure AD) tenants D. resource groups E. Azure Active Directory (Azure AD) administrative units F. compute resources
ABD
A company named Contoso Ltd., has a single-domain Active Directory forest named contoso.com. Contoso is preparing to migrate all workloads to Azure. Contoso wants users to use single sign-on (SSO)when they access cloud-based services that integrate with Azure Active Directory (Azure AD).You need to identify any objects in Active Directory that will fail to synchronize to Azure AD due to formatting issues. The solution must minimize costs. What should you include in the solution? A. Azure Advisor B. Microsoft Office 365 IdFix C. Azure AD Connect Health D. Password Export Server version 3.1 (PES v3.1) in Active Directory Migration Tool (ADMT)
B
A company named Contoso, Ltd. has an Azure Active Directory (Azure AD) tenant that is integrated with Microsoft Office 365 and an Azure subscription. Contoso has an on-premises identity infrastructure. The infrastructure includes servers that run Active Directory Domain Services (AD DS), Active Directory Federation Services (AD FS), Azure AD Connect, and Microsoft Identity Manager (MIM). Contoso has a partnership with a company named Fabrikam, Inc. Fabrikam has an Active Directory forest and an Office 365 tenant. Fabrikam has the same on-premises identity infrastructure as Contoso. A team of 10 developers from Fabrikam will work on an Azure solution that will be hosted in the Azure subscription of Contoso. The developers must be added to the Contributor role for a resource group in the Contoso subscription. You need to recommend a solution to ensure that Contoso can assign the role to the 10 Fabrikam developers. The solution must ensure that the Fabrikam developers use their existing credentials to access resources. What should you recommend? A. Configure an AD FS claims provider trust between the AD FS infrastructures of Fabrikam and Contoso. B. In the Azure AD tenant of Contoso, enable Azure Active Directory Domain Services (Azure AD DS). Createa one-way forest trust that uses selective authentication between the Active Directory forests of Contosoand Fabrikam. C. In the Azure AD tenant of Contoso, create guest accounts for the Fabrikam developers. D. In the Azure AD tenant of Contoso, create cloud-only user accounts for the Fabrikam developers.
B
You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS)cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network. You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements: - Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication. - The number of incoming microservice calls must be rate-limited. - Costs must be minimized. What should you include in the solution? A. Azure App Gateway with Azure Web Application Firewall (WAF) B. Azure API Management Premium tier with virtual network connection C. Azure API Management Standard tier with a service endpoint D. Azure Front Door with Azure Web Application Firewall (WAF)
B
You deploy two instances of an Azure web app. One instance is in the East US Azure region and the other instance is in the West US Azure region. The web app uses Azure Blob storage to deliver large files to end users. You need to recommend a solution for delivering the files to the users. The solution must meet the following requirements: - Ensure that the users receive files from the same region as the web app that they access. - Ensure that the files only need to be uploaded once. Minimize costs. What should you include in the recommendation? A. Distributed File System (DFS) B. read-access geo-redundant storage (RA-GRS) C. Azure File Sync D. geo-redundant storage (GRS)
B
You manage a single-domain, on-premises Active Directory forest named contoso.com. The forest functional level is Windows Server 2016.You have several on-premises applications that depend on Active Directory. You plan to migrate the applications to Azure. You need to recommend an identity solution for the applications. The solution must meet the following requirements: - Eliminate the need for hybrid network connectivity. - Minimize management overhead for Active Directory. What should you recommend? A. In Azure, deploy an additional child domain to the contoso.com forest. B. In Azure, deploy additional domain controllers for the contoso.com domain. C. Implement a new Active Directory forest in Azure. D. Implement Azure Active Directory Domain Services (Azure AD DS).
B
You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployments in your subscription. What should you include in the recommendation? A. Azure Analysis Services B. Azure Activity Log C. Azure Monitor action groups D. Azure Advisor E. Azure Monitor metrics F. Azure Log Analytics G. Application Insights
B
A company has a hybrid ASP.NET Web API application that is based on a software as a service (SaaS) offering. Users report general issues with the data. You advise the company to implement live monitoring and use ad hoc queries on stored JSON data. You also advise the company to set up smart alerting to detect anomalies in the data. You need to recommend a solution to set up smart alerting. What should you recommend? A. Azure Site Recovery and Azure Monitor Logs B. Azure Data Lake Analytics and Azure Monitor Logs C. Azure Application Insights and Azure Monitor Logs D. Azure Security Center and Azure Data Lake Store
C
The developers at your company are building a containerized Python Django app. You need to recommend platform to host the app. The solution must meet the following requirements: - Support autoscaling. - Support continuous deployment from an Azure Container Registry. - Provide built-in functionality to authenticate app users by using Azure Active Directory (Azure AD). Which platform should you include in the recommendation? A. Azure Container instances B. an Azure App Service instance that uses containers C. Azure Kubernetes Service (AKS)
C
You are designing a microservices architecture that will support a web application. The solution must meet the following requirements: - Allow independent upgrades to each microservice. - Deploy the solution on-premises and to Azure. - Set policies for performing automatic repairs to the microservices. - Support low-latency and hyper-scale operations. You need to recommend a technology. A. Azure Container Instance B. Azure Virtual Machine Scale Set C. Azure Service Fabric D. Azure Logic App
C
You are designing an Azure web app. You need to ensure that users who have impaired vision can use the app. Which reference material should you use when designing the app? A. Accessibility in Windows Dev Center B. Azure Application Architecture Guide C. Web Content Accessibility Guidelines D. Cloud Application Architecture Guide
C
You have an app named App1 that uses two on-premises Microsoft SQL Server databases named DB1and DB2.You plan to migrate DB1 and DB2 to Azure. You need to recommend an Azure solution to host DB1 and DB2. The solution must meet the following requirements: - Support server-side transactions across DB1 and DB2.Minimize administrative effort to update the solution. What should you recommend? A. two Azure SQL databases in an elastic pool B. two Azure SQL databases on different Azure SQL Database servers C. two Azure SQL databases on the same Azure SQL Database managed instance D. two SQL Server databases on an Azure virtual machine
C
You have data files in Azure Blob storage. You plan to transform the files and move them to Azure Data Lake Storage. You need to transform the data by using mapping data flow. Which Azure service should you use? A. Azure Data Box Gateway B. Azure Storage Sync C. Azure Data Factory D. Azure Databricks
C
You are designing a storage solution that will use Azure Blob storage. The data will be stored in a cool access tier or an archive access tier based on the access patterns of the data. You identify the following types of infrequently accessed data: - Telemetry data: Deleted after two years - Promotional material: Deleted after 14 days - Virtual machine audit data: Deleted after 200 days A colleague recommends using the archive access tier to store the data. Which statement accurately describes the recommendation? A. Storage costs will be based on a minimum of 30 days. B. Access to the data is guaranteed within five minutes. C. Access to the data is guaranteed within 30 minutes. D. Storage costs will be based on a minimum of 180 days.
D
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant. The subscription contains 10 resource groups, one for each department at your company. Each department has a specific spending limit for its Azure resources. You need to ensure that when a department reaches its spending limit, the compute resources of the department shut down automatically. Which two features should you include in the solution? Each correct answer presents part of the solution. A. Azure Logic Apps B. Azure Monitor alerts C. the spending limit of an Azure account D. Cost Management budgets E. Azure Log Analytics alerts
CD
You have an on-premises Hyper-V cluster. The cluster contains Hyper-V hosts that run Windows Server2016 Datacenter. The hosts are licensed under a Microsoft Enterprise Agreement that has Software Assurance. The Hyper-V cluster contains 30 virtual machines that run Windows Server 2012 R2. Each virtual machine runs a different workload. The workloads have predictable consumption patterns. You plan to replace the virtual machines with Azure virtual machines that run Windows Server 2016. The virtual machines will be sized according to the consumption pattern of each workload. You need to recommend a solution to minimize the compute costs of the Azure virtual machines. Which two recommendations should you include in the solution? Each correct answer presents part of the solution. A. Configure a spending limit in the Azure account center. B. Create a virtual machine scale set that uses autoscaling. C. Activate Azure Hybrid Benefit for the Azure virtual machines. D. Purchase Azure Reserved Virtual Machine Instances for the Azure virtual machines. E. Create a lab in Azure DevTest Labs and place the Azure virtual machines in the lab.
CD
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains several administrative user accounts. You need to recommend a solution to identify which administrative user accounts have NOT signed in during the previous 30 days. Which service should you include in the recommendation? A. Azure AD Identity Protection B. Azure Activity Log C. Azure Advisor D. Azure AD Privileged Identity Management (PIM)
D
Your network contains an on-premises Active Directory forest named contoso.com. The forest is synced to an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure AD Domain Services (Azure ADDS) domain named contoso-aad.com. You have an Azure Storage account named Storage1 that contains a file share named Share1. You configure NTFS permissions on Share1. You plan to deploy a virtual machine that will be used by several users to access Share1. You need to ensure that the users can access Share1.Which type virtual machine should you deploy? A. a virtual machine that runs Windows Server 2016 and is joined to the contoso.com domain B. a virtual machine that runs Windows 10 and is joined to the contoso-add.com domain C. a virtual machine that runs Windows 10 and is hybrid Azure AD joined to the contoso.com domain D. an Azure virtual machine that runs Windows Server 2016 and is joined to the contoso-add.com domain
D
You have an Azure subscription that contains a resource group named RG1.You create an Azure Active Directory (Azure AD) group named ResearchUsers that contains the user accounts of all researchers. You need to recommend a solution that meets the following requirements: - The researchers must be allowed to create Azure virtual machines. - The researchers must only be able to create Azure virtual machines by using specific Azure ResourceManager templates. Solution: On RG1, assign the Contributor role to the ResearchUsers group. Create a custom Azure Policy definition and assign the policy to RG1. Does this meet the goal? A. Yes B. No
A
A company deploys Azure Active Directory (Azure AD) Connect to synchronize identity information from the iron-premises Active Directory Domain Services (AD DS) directory to their Azure AD tenant. The identity information that is synchronized includes user accounts , credential hashes for authentication (password sync), and group memberships. The company plans to deploy several Windows and Linux virtual machines(VMs) to support their applications. The VMs have the following requirements: - Support domain join, LDAP read, LDAP bind, NTLM and Kerberos authentication, and Group Policy. - Allow users to sign in to the domain using their corporate credentials and connect remotely to the VM by using Remote Desktop. You need to support the VM deployment. Which service should you use? A. Azure AD Domain Services B. Azure AD Privileged Identity Management C. Azure AD Managed Service Identity D. Active Directory Federation Services (AD FS)
A
You are developing a web application that provides streaming video to users. You configure the application to use continuous integration and deployment. The app must be highly available and provide a continuous streaming experience for users. You need to recommend a solution that allows the application to store data in a geographical location that is closest to the user. What should you recommend? A. Azure Content Delivery Network (CDN) B. Azure Redis Cache C. Azure App Service Web Apps D. Azure App Service Isolated
A
You have an Azure subscription that contains a storage account. An application sometimes writes duplicate files to the storage account. You have a PowerShell script that identifies and deletes duplicate files in the storage account. Currently, the script is run manually after approval from the operations manager. You need to recommend a serverless solution that performs the following actions: - Runs the script once an hour to identify whether duplicate files exist - Sends an email notification to the operations manager requesting approval to delete the duplicate files - Processes an email response from the operations manager specifying whether the deletion was approved - Runs the script if the deletion was approved What should you include in the recommendation? A. Azure Logic Apps and Azure Functions B. Azure Pipelines and Azure Service Fabric C. Azure Logic Apps and Azure Event Grid D. Azure Functions and Azure Batch
A
You have an Azure subscription that contains resources in three Azure regions. You need to implement Azure Key Vault to meet the following requirements: - In the event of a regional outage, all keys must be readable. - All the resources in the subscription must be able to access Key Vault. - The number of Key Vault resources to be deployed and managed must be minimized. How many instances of Key Vault should you implement? A. 1 B. 2 C. 3 D. 6
A
You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux. You plan to migrate the virtual machines to an Azure subscription. You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks. Solution: You recommend implementing a Recovery Services vault, and then using Azure Site Recovery. Does this meet the goal? A. Yes B. No
A
You have an on-premises network and an Azure subscription. The on-premises network has several branch offices. A branch office in Toronto contains a virtual machine named VM1 that is configured as a file server. Users access the shared files on VM1 from all the offices. You need to recommend a solution to ensure that the users can access the shared files as quickly as possible if the Toronto branch office is inaccessible. What should you include in the recommendation? A. an Azure file share and Azure File Sync B. a Recovery Services vault and Windows Server Backup C. a Recovery Services vault and Azure Backup D. Azure blob containers and Azure File Sync
A
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements: - Provide access to the full .NET framework. - Provide redundancy if an Azure region fails. - Grant administrators access to the operating system to install custom application dependencies. Solution: You deploy two Azure virtual machines to two Azure regions, and create a Traffic Manager profile. Does this meet the goal? A. Yes B. No
A
You need to design a highly available Azure SQL database that meets the following requirements: - Failover between replicas of the database must occur without any data loss. - The database must remain available in the event of a zone outage. - Costs must be minimized. Which deployment option should you use? A. Azure SQL Database Standard B. Azure SQL Database Business Critical C. Azure SQL Database Managed Instance Business Critical D. Azure SQL Database Basic
A
You use Azure virtual machines to run a custom application that uses an Azure SQL Database instance on the back end. The IT department at your company recently enabled forced tunneling. Since the configuration change, developers have noticed degraded performance when they access the database from the Azure virtual machine. You need to recommend a solution to minimize latency when accessing the database. The solution must minimize costs. What should you include in the recommendation? A. Virtual Network (VNET) service endpoints B. Azure virtual machines that run Microsoft SOL Server servers C. Azure SQL Database Managed Instance D. Always On availability groups
A
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment. Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network. You need to enable single sign-on (SSO) for company users. Solution: Install and configure an Azure AD Connect server to use pass-through authentication and select the Enable single sign-on option. Does the solution meet the goal? A. Yes B. No
A
You architect a solution that calculates 3D geometry from height-map data. You have the following requirements: - Perform calculations in Azure. - Each node must communicate data to every other node. - Maximize the number of nodes to calculate multiple scenes as fast as possible. - Require the least amount of effort to implement. You need to recommend a solution. Which two actions should you recommend? Each correct answer presents part of the solution. A. Create a render farm that uses Azure Batch. B. Create a render farm that uses virtual machines (VMs). C. Enable parallel task execution on compute nodes. D. Create a render farm that uses virtual machine (VM) scale sets. E. Enable parallel file systems on Azure.
AC
You have an on-premises Hyper-V cluster. The cluster contains Hyper-V hosts that run Windows Server 2016 Datacenter. The hosts are licensed under a Microsoft Enterprise Agreement that has Software Assurance. The Hyper-V cluster hosts 30 virtual machines that run Windows Server 2012 R2. Each virtual machine runs a different workload. The workloads have predictable consumption patterns. You plan to replace the virtual machines with Azure virtual machines that run Windows Server 2016. The virtual machines will be sized according to the consumption pattern of each work load. You need to recommend a solution to minimize the compute costs of the Azure virtual machines. Which two recommendations should you include in the solution? Each correct answer presents part of the solution. A. Purchase Azure Reserved Virtual Machine Instances for the Azure virtual machines B. Create a virtual machine scale set that uses autoscaling C. Configure a spending limit in the Azure account center D. Create a lab in Azure DevTest Labs and place the Azure virtual machines in the lab E. Activate Azure Hybrid Benefit for the Azure virtual machines
AE
You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2014 instances. The instances host databases that have the following characteristics: - The largest database is currently 3 TB. None of the databases will ever exceed 4 TB. - Stored procedures are implemented by using CLR. You plan to move all the data from SQL Server to Azure. You need to recommend an Azure service to host the databases. The solution must meet the following requirements: - Whenever possible, minimize management overhead for the migrated databases. - Minimize the number of database changes required to facilitate the migration. Ensure that users can authenticate by using their Active Directory credentials. What should you include in the recommendation? A. Azure SQL Database elastic pools B. Azure SQL Database Managed Instance C. Azure SQL Database single databases D. SQL Server 2016 on Azure virtual machines
B
You have a hybrid deployment of Azure Active Directory (Azure AD).You need to recommend a solution to ensure that the Azure AD tenant can be managed only from the computers on your on-premises network. What should you include in the recommendation? A. Azure AD roles and administrators B. a conditional access policy C. Azure AD Application Proxy D. Azure AD Privileged Identity Management
B
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains two administrative user accounts named Admin1 and Admin2.You create two Azure virtual machines named VM1 and VM2.You need to ensure that Admin1 and Admin2 are notified when more than five events are added to the security log of VM1 or VM2 during a period of 120 seconds. The solution must minimize administrative tasks. What should you create? A. two action groups and one alert rule B. one action group and one alert rule C. five action groups and one alert rule D. two action groups and two alert rules
B
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains two administrative user accounts named Admin1 and Admin2.You create two Azure virtual machines named VM1 and VM2.You need to ensure that Admin1 and Admin2 are notified when more than five events are added to the security log of VM1 or VM2 during a period of 120 seconds. The solution must minimize administrative tasks. What should you create? A. two action groups and two alert rules B. one action group and one alert rule C. five action groups and one alert rule D. two action groups and one alert rule
B
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts. You discover several login attempts to the Azure portal from countries where administrative users do NOT work. You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA). Solution: Create an Access Review for Group1. Does this solution meet the goal? A. Yes B. No
B
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts. You discover several login attempts to the Azure portal from countries where administrative users do NOT work. You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA). Solution: You implement an access package. Does this solution meet the goal? A. Yes B. No
B
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts. You discover several login attempts to the Azure portal from countries where administrative users do NOT work. You need to ensure that all login attempts to the Azure portal from those countries require Azure MultiFactor Authentication (MFA). Solution: Create an Access Review for Group1. Does this solution meet the goal? A. Yes B. No
B
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts. You discover several login attempts to the Azure portal from countries where administrative users do NOT work. You need to ensure that all login attempts to the Azure portal from those countries require Azure MultiFactor Authentication (MFA). Solution: You implement an access package. Does this meet the goal? A. Yes B. No
B
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts. You discover several login attempts to the Azure portal from countries where administrative users do NOT work. You need to ensure that all login attempts to the Azure portal from those countries require Azure MultiFactor Authentication (MFA). Solution: Implement Azure AD Identity Protection for Group1. Does this solution meet the goal? A. Yes B. No
B
You have an Azure Storage v2 account named storage1.You plan to archive data to storage1.You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data. Solution: You create a file share and snapshots. Does this meet the goal? A. Yes B. No
B
You have an Azure Storage v2 account named storage1.You plan to archive data to storage1.You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data. Solution: You create a file share, and you configure an access policy. Does this meet the goal? A. Yes B. No
B
You have an Azure Storage v2 account named storage1.You plan to archive data to storage1.You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data. Solution: You create an Azure Blob storage container, and you configure a legal hold access policy. Does this meet the goal? A. Yes B. No
B
You have an Azure subscription named Project1. Only a group named Project1admins is assigned roles in theProject1 subscription. The Project1 subscription contains all the resources for an application namedApplication1. Your company is developing a new application named Application2. The members of the Application2 development team belong to an Azure Active Directory (Azure AD) group named App2Dev. You identify the following requirements for Application2: - The members of App2Dev must be prevented from changing the role assignments in Azure. - The members of App2Dev must be able to create new Azure resources required by Application2. - All the required role assignments for Application2 will be performed by the members of Project1admins. You need to recommend a solution for the role assignments of Application2. Solution: In Project1, create a network security group (NSG) named NSG1. Assign Project1admins the Owner role for NSG1. Assign App2Dev the Contributor role for NSG1. Does this meet the goal? A. Yes B. No
B
You have an Azure subscription that contains 100 virtual machines. You plan to design a data protection strategy to encrypt the virtual disks. You need to recommend a solution to encrypt the disks by using Azure Disk Encryption. The solution must provide the ability to encrypt operating system disks and data disks. What should you include in the recommendation? A. a certificate B. a key C. a passphrase D. a secret
B
You have an Azure subscription that contains a resource group named RG1. You create an Azure Active Directory (Azure AD) group named ResearchUsers that contains the user accounts of all researchers. You need to recommend a solution that meets the following requirements: - The researchers must be allowed to create Azure virtual machines. - The researchers must only be able to create Azure virtual machines by using specific Azure ResourceManager templates. Solution: On RG1, assign a custom role-based access control (RBAC) role to the ResearchUsers group. Does this meet the goal? A. Yes B. No
B
You have an Azure subscription. You need to recommend a solution to provide developers with the ability to provision Azure virtual machines. The solution must meet the following requirements: - Only allow the creation of the virtual machines in specific regions. - Only allow the creation of specific sizes of virtual machines. What should include in the recommendation? A. conditional access policies B. Azure Policy C. Azure Resource Manager templates D. role-based access control (RBAC)
B
You have an Azure subscription. You need to recommend a solution to provide developers with the ability to provision Azure virtual machines. The solution must meet the following requirements: - Only allow the creation of the virtual machines in specific regions. - Only allow the creation of specific sizes of virtual machines. What should you include in the recommendation? A. Azure Resource Manager templates B. Azure Policy C. conditional access policies D. role-based access control (RBAC)
B
You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux. You plan to migrate the virtual machines to an Azure subscription. You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks. Solution: You recommend implementing an Azure Storage account that has a file service and a blob service, and then using the Data Migration Assistant. Does this meet the goal? A. Yes B. No
B
You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux. You plan to migrate the virtual machines to an Azure subscription. You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks. Solution: You recommend implementing an Azure Storage account, and then running AzCopy. Does this meet the goal? A. Yes B. No
B
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements: - Provide access to the full .NET framework. - Provide redundancy if an Azure region fails. - Grant administrators access to the operating system to install custom application dependencies. Solution: You deploy a virtual machine scale set that uses autoscaling. Does this meet the goal? A. Yes B. No
B
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements: - Provide access to the full .NET framework. - Provide redundancy if an Azure region fails. - Grant administrators access to the operating system to install custom application dependencies. Solution: You deploy two Azure virtual machines to two Azure regions, and you deploy an Azure Application Gateway. Does this meet the goal? A. Yes B. No
B
You store web access logs data in Azure Blob storage. You plan to generate monthly reports from the access logs. You need to recommend an automated process to upload the data to Azure SQL Database every month. What should you include in the recommendation? A. Microsoft SQL Server Migration Assistant (SSMA) B. Azure Data Factory C. Data Migration Assistant D. AzCopy
B
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment. Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network. You need to enable single sign-on (SSO) for company users. Solution: Configure an AD DS server in an Azure virtual machine (VM). Configure bidirectional replication. Does the solution meet the goal? A. Yes B. No
B
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM). Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant. The company is developing an application named Application1. Application1 will be hosted in Azure by using 10 virtual machines that run Windows Server 2016. Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks. You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption(BitLocker). Solution: Deploy one Azure Key Vault to each region. Create two Azure AD service principals. Configure the virtual machines to use Azure Disk Encryption and specify a different service principal for the virtual machines in each region. Does this meet the goal? A. Yes B. No
B
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM). Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant. The company is developing an application named Application1. Application1 will be hosted in Azure by using10 virtual machines that run Windows Server 2016. Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks. You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption(BitLocker). Solution: Export a security key from the on-premises HSM. Create one Azure AD service principal. Configure the virtual machines to use Azure Storage Service Encryption. Does this meet the goal? A. Yes B. No
B
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity. Several VMs are exhibiting network connectivity issues. You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs. Solution: Install and configure the Log Analytics and Dependency Agents on all VMs. Use the Wire Data solution in Azure Log Analytics to analyze the network traffic. Does the solution meet the goal? A. Yes B. No
B
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity. Several VMs are exhibiting network connectivity issues. You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs. Solution: Use Azure Advisor to analyze the network traffic. Does the solution meet the goal? A. Yes B. No
B
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity. Several VMs are exhibiting network connectivity issues. You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs. Solution: Use the Azure traffic analytics solution in Azure Log Analytics to analyze the network traffic. Does the solution meet the goal? A. Yes B. No
B
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases. The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region. You need to recommend a solution to meet the regulatory requirement. Solution: You recommend using the Regulatory compliance dashboard in Azure Security Center. Does this meet the goal? A. Yes B. No
B
Your network contains an Active Directory domain named contoso.com that is federated to an Azure Active Directory (Azure AD) tenant. The on-premises domain contains a VPN server named Server1 that runs Windows Server 2016. You have a single on-premises location that uses an address space of 172.16.0.0/16. You need to implement two-factor authentication for users who establish VPN connections to Server1. What should you include in the implementation? A. In Azure AD, create a conditional access policy and a trusted named location B. Install and configure Azure MFA Server on-premises C. Configure an Active Directory Federation Services (AD FS) server on-premises D. In Azure AD, configure the authentication methods. From the multi-factor authentication (MFA) service settings, create a trusted IP range
B
Your network contains an on-premises Active Directory forest. You discover that when users change jobs within your company, the membership of the user groups are not being updated. As a result, the users can access resources that are no longer relevant to their job. You plan to integrate Active Directory and Azure Active Directory (Azure AD) by using Azure AD Connect. You need to recommend a solution to ensure that group owners are emailed monthly about the group memberships they manage. What should you include in the recommendation? A. Azure AD Identity Protection B. Azure AD access reviews C. Tenant Restrictions D. conditional access policies
B
You have an on-premises network to which you deploy a virtual appliance. You plan to deploy several Azure virtual machines and connect the on-premises network to Azure by using a Site-to-Site connection. All network traffic that will be directed from the Azure virtual machines to a specific subnet must flow through the virtual appliance. You need to recommend solutions to manage network traffic. Which two options should you recommend? Each correct answer presents a complete solution. A. Configure Azure Traffic Manager. B. Implement Azure ExpressRoute. C. Configure a routing table. D. Implement an Azure virtual network.
BC
You are designing an Azure resource deployment that will use Azure Resource Manager templates. The deployment will use Azure Key Vault to store secrets. You need to recommend a solution to meet the following requirements: - Prevent the IT staff that will perform the deployment from retrieving the secrets directly from Key Vault. - Use the principle of least privilege. Which two actions should you recommend? Each correct answer presents part of the solution. A. Create a Key Vault access policy that allows all get key permissions, get secret permissions, and get certificate permissions. B. From Access policies in Key Vault, enable access to the Azure Resource Manager for template deployment. C. Create a Key Vault access policy that allows all list key permissions, list secret permissions, and list certificate permissions. D. Assign the IT staff a custom role that includes the Microsoft.KeyVault/Vaults/Deploy/Action permission. E. Assign the Key Vault Contributor role to the IT staff.
BD
You are designing a security solution for a company's Azure Active Directory (Azure AD). The company currently uses Azure AD Premium for all employees. Contractors will periodically access the corporate network based on demand. You must ensure that all employees and contractors are required to log on by using two-factor authentication. The solution must minimize costs. You need to recommend a solution. What should you recommend? A. Purchase Azure Multi-Factor Authentication licenses for the employees and the contractors B. Use the Multi-Factor Authentication provider in Azure and configure the usage model for each authentication type C. Use the Multi-Factor Authentication provider in Azure and configure the usage model for each enabled user D. Purchase Azure Multi-Factor Authentication licenses for the contractors only
C
You are planning the implementation of an order processing web service that will contain microservices hosted in an Azure Service Fabric cluster. You need to recommend a solution to provide developers with the ability to proactively identify and fix performance issues. The developers must be able to simulate user connections to the order processing webservice from the Internet, as well as simulate user transactions. The developers must be notified if the goals for the transaction response times are not met. What should you include in the recommendation? A. container health B. Azure Network Watcher C. Application Insights D. Service Fabric Analytics
C
You are planning to deploy an application named App1 that will run in containers on Azure Kubernetes Service (AKS) clusters. The AKS clusters will be distributed across four Azure regions. You need to recommend a storage solution for App1. Updated container images must be replicated automatically to all the AKS clusters. Which storage solution should you recommend? A. Azure Cache for Redis B. Azure Content Delivery Network (CDN) C. Premium SKU Azure Container Registry D. geo-redundant storage (GRS) accounts
C
You have 70 TB of files on your on-premises file server. You need to recommend solution for importing data to Azure. The solution must minimize cost. What Azure service should you recommend? A. Azure StorSimple B. Azure Batch C. Azure Data Box D. Azure Stack
C
You have a .NET web service named Service1 that has the following requirements: - Must read and write temporary files to the local file system. - Must write to the Application event log. You need to recommend a solution to host Service1 in Azure. The solution must meet the following requirements: - Minimize maintenance overhead. - Minimize costs. What should you include in the recommendation? A. an App Service Environment B. an Azure web app C. an Azure virtual machine scale set D. an Azure function
C
You have an Azure Active Directory (Azure AD) tenant. You plan to deploy Azure Cosmos DB databases that will use the SQL API. You need to recommend a solution to provide specific Azure AD user accounts with read access to the Cosmos DB databases. What should you include in the recommendation? A. shared access signatures (SAS) and conditional access policies B. certificates and Azure Key Vault C. a resource token and an Access control (IAM) role assignment D. master keys and Azure Information Protection policies
C
You have an Azure Active Directory (Azure AD) tenant. You plan to provide users with access to shared files by using Azure Storage. The users will be provided with different levels of access to various Azure file shares based on their user account or their group membership. You need to recommend which additional Azure services must be used to support the planned deployment. What should you include in the recommendation? A. an Azure AD enterprise application B. Azure Information Protection C. an Azure AD Domain Services (Azure AD DS) instance D. an Azure Front Door instance
C
You have an Azure subscription that contains an Azure SQL database named DB1.Several queries that query the data in DB1 take a long time to execute. You need to recommend a solution to identify the queries that take the longest to execute. What should you include in the recommendation? A. SQL Database Advisor B. Azure Monitor C. Performance Recommendations D. Query Performance Insight
D
You have an Azure subscription that contains a custom application named Application1. Application1 was developed by an external company named Fabrikam, Ltd. Developers at Fabrikam were assigned role based access control (RBAC) permissions to the Application1 components. All users are licensed for the Microsoft 365 E5 plan. You need to recommend a solution to verify whether the Fabrikam developers still require permissions to Application1. The solution must meet the following requirements: - To the manager of the developers, send a monthly email message that lists the access permissions to Application1. - If the manager does not verify an access permission, automatically revoke that permission. - Minimize development effort. What should you recommend? A. Create an Azure Automation runbook that runs the Get-AzureADUserAppRoleAssignment cmdlet. B. Create an Azure Automation runbook that runs the Get-AzureRoleAssignment cmdlet. C. In Azure Active Directory (Azure AD), create an access review of Application1. D. In Azure Active Directory (AD) Privileged Identity Management, create a custom role assignment for theApplication1 resources.
C
You need to recommend a solution to deploy containers that run an application. The application has two tiers. Each tier is implemented as a separate Docker Linux-based image. The solution must meet the following requirements: - The front-end tier must be accessible by using a public IP address on port 80. - The backend tier must be accessible by using port 8080 from the front-end tier only. - Both containers must be able to access the same Azure file share. - If a container fails, the application must restart automatically. - Costs must be minimized. What should you recommend using to host the application? A. Azure Kubernetes Service (AKS) B. Azure Service Fabric C. Azure Container instances
C
You plan to deploy 200 Microsoft SQL Server databases to Azure by using Azure SQL Database and Azure SQL Database Managed Instance. You need to recommend a monitoring solution that provides a consistent monitoring approach for all deployments. The solution must meet the following requirements: - Support current-state analysis based on metrics collected near real-time, multiple times per minute, and maintained for up to one hour - Support longer term analysis based on metrics collected multiple times per hour and maintained for up to two weeks. - Support monitoring of the number of concurrent logins and concurrent sessions. What should you include in the recommendation? A. dynamic management views B. trace flags C. Azure Monitor D. SQL Server Profiler
C
Your company plans to publish APIs for its services by using Azure API Management. You discover that service responses include the AspNet-Version header. You need to recommend a solution to remove AspNet-Version from the response of the published APIs. What should you include in the recommendation? A. a new product B. a modification to the URL scheme C. a new policy D. a new revision
C
Your company purchases an app named App1.You plan to run App1 on seven Azure virtual machines in an Availability Set. The number of fault domains is set to 3. The number of update domains is set to 20.You need to identify how many App1 instances will remain available during a period of planned maintenance. How many App1 instances should you identify? A. 1 B. 2 C. 6 D. 7
C
Your company uses Microsoft System Center Service Manager on its on-premises network. You plan to deploy several services to Azure. You need to recommend a solution to push Azure service health alerts to Service Manager. What should you include in the recommendation? A. Azure Notification Hubs B. Azure Event Hubs C. IT Service Management Connector (ITSM) D. Application Insights Connector
C
You have an on-premises Active Directory forest and an Azure Active Directory (Azure AD) tenant. All Azure AD users are assigned a Premium P1 license. You deploy Azure AD Connect. Which two features are available in this environment that can reduce operational overhead for your company's help desk? Each correct answer presents part of the solution. A. Azure AD Privileged Identity Management policies B. access reviews C. self-service password reset D. Microsoft Cloud App Security Conditional Access App Control E. password writeback
CE
You are designing a SQL database solution. The solution will include 20 databases that will be 20 GB each and have varying usage patterns. You need to recommend a database platform to host the databases. The solution must meet the following requirements: - The compute resources allocated to the databases must scale dynamically. - The solution must meet an SLA of 99.99% uptime. - The solution must have reserved capacity. - Compute charges must be minimized. What should you include in the recommendation? A. 20 databases on a Microsoft SQL server that runs on an Azure virtual machine in an availability set B. 20 instances of Azure SQL Database serverless C. 20 databases on a Microsoft SQL server that runs on an Azure virtual machine D. an elastic pool that contains 20 Azure SQL databases
D
You are designing a message application that will run on an on-premises Ubuntu virtual machine. The application will use Azure Storage queues. You need to recommend a processing solution for the application to interact with the storage queues. The solution must meet the following requirements: - Create and delete queues daily. - Be scheduled by using a CRON job. - Upload messages every five minutes. What should developers use to interact with the queues? A. Azure CLI B. AzCopy C. Azure Data Factory D. .NET Core
D
You are designing an Azure solution. The network traffic for the solution must be securely distributed by providing the following features: - HTTPS protocol - Round robin routing - SSL offloading You need to recommend a load balancing option. What should you recommend? A. Azure Load Balancer B. Azure Internal Load Balancer (ILB) C. Azure Traffic Manager D. Azure Application Gateway
D
You deploy Azure App Service Web Apps that connect to on-premises Microsoft SQL Server instances by using Azure ExpressRoute. You plan to migrate the SQL Server instances to Azure. Migration of the SQL Server instances to Azure must: - Support automatic patching and version updates to SQL Server. Provide automatic backup services. - Allow for high-availability of the instances. - Provide a native VNET with private IP addressing. - Encrypt all data in transit. - Be in a single-tenant environment with dedicated underlying infrastructure (compute, storage).You need to migrate the SQL Server instances to Azure. Which Azure service should you use? A. SQL Server in a Docker container running on Azure Container Instances (ACI) B. SQL Server in Docker containers running on Azure Kubernetes Service (AKS) C. SQL Server Infrastructure-as-a-Service (IaaS) virtual machine (VM) D. Azure SQL Database Managed Instance E. Azure SQL Database with elastic pools
D
You have an Azure Storage v2 account named storage1.You plan to archive data to storage1.You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data. What should you do? A. You create an Azure Blob storage container, and you configure a legal hold access policy. B. You create a file share and snapshots. C. You create a file share, and you configure an access policy. D. You create an Azure Blob storage container, and you configure a time-based retention policy and lock the policy.
D
You have an Azure subscription that contains a custom application named Application1. Application1 was developed by an external company named Fabrikam, Ltd. Developers at Fabrikam were assigned role-based access control (RBAC) permissions to the Application1 components. All users are licensed for the Microsoft365 E5 plan. You need to recommend a solution to verify whether the Fabrikam developers still require permissions toApplication1. The solution must meet the following requirements: - To the manager of the developers, send a monthly email message that lists the access permissions toApplication1. - If the manager does not verify an access permission, automatically revoke that permission. - Minimize development effort. What should you recommend? A. In Azure Active Directory (AD) Privileged Identity Management, create a custom role assignment for theApplication1 resources B. Create an Azure Automation runbook that runs the Get-AzureADUserAppRoleAssignment cmdlet C. Create an Azure Automation runbook that runs the Get-AzureRmRoleAssignment cmdlet D. In Azure Active Directory (Azure AD), create an access review of Application1
D
You have an Azure subscription. The subscription has a blob container that contains multiple blobs. Ten users in the finance department of your company plan to access the blobs during the month of April. You need to recommend a solution to enable access to the blobs during the month of April only. Which security solution should you include in the recommendation? A. access keys B. conditional access policies C. certificates D. shared access signatures (SAS)
D
You have an Azure virtual machine named VM1 that runs Windows Server 2019 and contains 500 GB of data files. You are designing a solution that will use Azure Data Factory to transform the data files, and then load the files to Azure Data Lake Storage. What should you deploy on VM1 to support the design? A. the Azure Pipelines agent B. the Azure File Sync agent C. the On-premises data gateway D. the self-hosted integration runtime in Azure
D
You need to design a solution that will execute custom C# code in response to an event routed to Azure Event Grid. The solution must meet the following requirements: - The executed code must be able to access the private IP address of a Microsoft SQL Server instance that runs on an Azure virtual machine. - Costs must be minimized. What should you include in the solution? A. Azure Logic Apps in the integrated service environment B. Azure Functions in the Dedicated plan and the Basic Azure App Service plan C. Azure Logic Apps in the Consumption plan D. Azure Functions in the Consumption plan
D
You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployments in your subscription. What should you include in the recommendation? A. the Change Tracking management solution B. Application Insights C. Azure Monitor action groups D. Azure Activity Log
D
You plan to deploy an application named App1 that will run on five Azure virtual machines. Additional virtual machines will be deployed later to run App1.You need to recommend a solution to meet the following requirements for the virtual machines that will runApp1: - Ensure that the virtual machines can authenticate to Azure Active Directory (Azure AD) to gain access to an Azure key vault, Azure Logic Apps instances, and an Azure SQL database. - Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines. - Avoid storing secrets and certificates on the virtual machines. - Minimize administrative effort for managing identities. Which type of identity should you include in the recommendation? A. a service principal that is configured to use a certificate B. a system-assigned managed identity C. a service principal that is configured to use a client secret D. a user-assigned managed identity
D