Second 50 Flashcards by Ovais Shah

Q51 /page 45

You have an Azure subscription that contains a resource group named RG1. RG1 contains 100 virtual machines.
Your company has three cost centers named Manufacturing, Sales, and Finance.
You need to associate each virtual machine to a specific cost center.
What should you do?
A. Add an extension to the virtual machines
B. Modify the inventory settings of the virtual machine
C. Assign tags to the virtual machines
D. Configure locks for the virtual machine

C. Assign tags to the virtual machines

How well did you know this?

Not at all

Perfectly

Your company has a virtualization environment that contains the virtualization hosts shown in the following table.
Server1 ->VMware—vm1,vm2,vm3
Server2->Hyperv—vma,vmb,vmc

All the virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker).
You plan to migrate the virtual machines to Azure by using Azure Site Recovery.
You need to identify which virtual machines can be migrated.
Which virtual machines should you identify for each server? To answer, select the appropriate options in the answer area.

vm1= mem 4gb,osdisk=200gb,datadisk=800gb
vm2= mem 4gb,osdisk=3tb,datadisk=200gb
vm3= mem 4gb,osdisk=200gb,datadisk=1tb
vma= mem 4gb,osdisk=200gb,datadisk=2tb
vmb= mem 4gb,osdisk=150gb,datadisk=3gb
vmc= mem 4gb,osdisk=200gb,datadisk=6tb
(data disk allowed is less than 4tb)
 (OS  disk allowed upto 2tb)

vm3 only (OS  disk allowed upto 2tb)
vma and vmb only (data disk allowed is less than 4tb)

How well did you know this?

Not at all

Perfectly

You have an Azure subscription that contains multiple resource groups. You create an availability set as shown in the following exhibit.
You deploy 10 virtual machines to AS1.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

During Planned maintanes at least (4,5,6,8) virtual machines will be available

To add another Virtual machines to ASI ,the VMs must be added to ( The west eourope region any resource group) or
( the West Europe region and the RG1 resource group)

Box 1: 6 -
Two out of three update domains would be available, each with at least 3 VMs.
An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time.
As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these update domains. This approach ensures that at least one instance of your application always remains running as the Azure platform undergoes periodic maintenance.
Box 2: the West Europe region and the RG1 resource group

How well did you know this?

Not at all

Perfectly

You have an Azure subscription that contains two storage accounts named storagecontoso1 and storagecontoso2. Each storage account contains a queue service, a table service, and a blob service.
You develop two apps named App1 and App2. You need to configure the apps to store different types of data to all the storage services on both the storage accounts.
How many endpoints should you configure for each app?
A. 2
B. 3
C. 6
D. 12

Correct Answer: A

Each app needs a service endpoint in each Storage Account.

How well did you know this?

Not at all

Perfectly

To start the lab -
You may start the lab by clicking the Next button.
You plan to migrate a large amount of corporate data to Azure Storage and to back up files stored on old hardware to Azure Storage.
You need to create a storage account named corpdata8548984n1, in the corpdatalod8548984 resource group. The solution must meet the following requirements:
- corpdata8548984n1 must be able to host the virtual disk files for Azure virtual machines
- The cost of accessing the files must be minimized
- Replication costs must be minimized
What should you do from the Azure portal?

How well did you know this?

Not at all

Perfectly

To start the lab -
You may start the lab by clicking the Next button.
You plan to move backup files and documents from an on-premises Windows file server to Azure Storage. The backup files will be stored as blobs.
You need to create a storage account named corpdata8548984n2. The solution must meet the following requirements:
- Ensure that the documents are accessible via drive mappings from Azure virtual machines that run Windows Server 2016
- Provide the highest possible redundancy for the documents
- Minimize storage access costs
What should you do from the Azure portal?

Step 1: In the Azure portal, click All services. In the list of resources, type Storage Accounts. As you begin typing, the list filters based on your input. Select
Storage Accounts.
Step 2: On the Storage Accounts window that appears, choose Add.
Step 3: Select the subscription in which to create the storage account.
Step 4: Under the Resource group field, select Create New. Create a new Resource
Step 5: Enter a name for your storage account: corpdata8548984n2
Step 6: For Account kind select: General-purpose v2 accounts (recommended for most scenarios)
General-purpose v2 accounts is recommended for most scenarios. General-purpose v2 accounts deliver the lowest per-gigabyte capacity prices for Azure
Storage, as well as industry-competitive transaction prices.
Step 7: For replication select: Read-access geo-redundant storage (RA-GRS)
Read-access geo-redundant storage (RA-GRS) maximizes availability for your storage account. RA-GRS provides read-only access to the data in the secondary location, in addition to geo-replication across two regions.

How well did you know this?

Not at all

Perfectly

To start the lab -
You may start the lab by clicking the Next button.
You need to deploy two Azure virtual machines named VM1003a and VM1003b based on an Ubuntu Server image. The deployment must meet the following requirements:
- Provide a Service Level Agreement (SLA) of 99.95 percent availability
- Use managed disks
What should you do from the Azure portal?

Correct Answer: See solution below.
Step 1: Open the Azure portal.
Step 2: On the left menu, select All resources. You can sort the resources by Type to easily find your images.
Step 3: Select the image you want to use from the list. The image Overview page opens.
Step 4: Select Create VM from the menu.
Step 5: Enter the virtual machine information. Select VM1003a as the name for the first Virtual machine.The user name and password entered here will be used to log in to the virtual machine. When complete, select OK. You can create the new VM in an existing resource group, or choose Create new to create a new resource group to store the VM.
Step 6: Select a size for the VM. To see more sizes, select View all or change the Supported disk type filter.
Step 7: Under Settings, make changes as necessary and select OK.
Step 8: On the summary page, you should see your image name listed as a Private image. Select Ok to start the virtual machine deployment.
Repeat the procedure for the second VM and name it VM1003b.

How well did you know this?

Not at all

Perfectly

To start the lab -
You may start the lab by clicking the Next button.
You need to deploy an Azure virtual machine named VM1004a based on an Ubuntu Server image, and then to configure VM1004a to meet the following requirements:
- The virtual machines must contain data disks that can store at least 15 TB of data
- The data disk must be able to provide at least 2,000 IOPS
- Storage costs must be minimized
What should you do from the Azure portal?

Step 1: Open the Azure portal.
Step 2: On the left menu, select All resources. You can sort the resources by Type to easily find your images.
Step 3: Select the image you want to use from the list. The image Overview page opens.
Step 4: Select Create VM from the menu.
Step 5: Enter the virtual machine information. Select VM1004a as the name for the first Virtual machine.The user name and password entered here will be used to log in to the virtual machine. When complete, select OK. You can create the new VM in an existing resource group, or choose Create new to create a new resource group to store the VM.
Step 6: Select a size for the VM. To see more sizes, select View all or change the Supported disk type filter.To support 15 TB of data you would need a Premium disk.
Step 7: Under Settings, make changes as necessary and select OK.
Step 8: On the summary page, you should see your image name listed as a Private image. Select Ok to start the virtual machine deployment.

How well did you know this?

Not at all

Perfectly

To start the lab -
You may start the lab by clicking the Next button.
You plan to create 100 Azure virtual machines on each of the following three virtual networks:
- VNET1005a
- VNET1005b
- VNET1005c
All the network traffic between the three virtual networks will be routed through VNET1005a.
You need to create the virtual networks, and then to ensure that all the Azure virtual machines can connect to other virtual machines by using their private IP address. The solutions must NOT require any virtual gateways and must minimize the number of peerings.
What should you do from the Azure portal before you configuring IP routing?

Step 1: Click Create a resource in the portal.
Step 2: Enter Virtual network in the Search the Marketplace box at the top of the New pane that appears. Click Virtual network when it appears in the search results.
Step 3: Select Classic in the Select a deployment model box in the Virtual Network pane that appears, then click Create.
Step 4: Enter the following values on the Create virtual network (classic) pane and then click Create:

Name: VNET1005a -

Address space: 10.0.0.0/16 -

Subnet name: subnet0 -

Resource group: Create new -
Subnet address range: 10.0.0.0/24
Subscription and location: Select your subscription and location.
Step 5: Repeat steps 3-5 for VNET1005b (10.1.0.0/16, 10.1.0.0/24), and for VNET1005c 10.2.0.0/16, 10.2.0.0/24).

How well did you know this?

Not at all

Perfectly

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. You add the users in the following table.
User 1 Owner
user 2 Secuirty Admin
user 3 Network Contributer

Correct Answer: Explanation
Box 1: User1 and User3 only.
The Owner Role lets you manage everything, including access to resources.
The Network Contributor role lets you manage networks, but not access to them.

Box 2: User1 and User2 only -
The Security Admin role: In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations.

How well did you know this?

Not at all

Perfectly

You have an Azure subscription that contains three virtual networks named VNet1, VNet2, and VNet3. VNet2 contains a virtual appliance named VM2 that operates as a router.
You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network.
You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3.
You need to provide connectivity between VNet1 and VNet3 through VNet2.
Which two configurations should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. On the peering connections, allow forwarded traffic
B. Create a route filter
C. On the peering connections, allow gateway transit
D. Create route tables and assign the table to subnets
E. On the peering, use remote gateways

Correct Answer: CE
Allow gateway transit: Check this box if you have a virtual network gateway attached to this virtual network and want to allow traffic from the peered virtual network to flow through the gateway.
The peered virtual network must have the Use remote gateways checkbox checked when setting up the peering from the other virtual network to this virtual network.

How well did you know this?

Not at all

Perfectly

DRAG DROP -
You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.
The virtual networks have the address spaces and the subnets configured as shown in the following table.
Vnet1 ->10.1.0.0/16 subnet = 10.1.0.0/24,10.1.1.0/26 peering vnet2
Vnet2 ->10.1.0.0/16 subnet = 10.1.0.0/24, peering vnet1

You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Step 1: Remove peering between Vnet1 and VNet2.
You can’t add address ranges to, or delete address ranges from a virtual network’s address space once a virtual network is peered with another virtual network.
To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering.
Step 2: Add the 10.44.0.0/16 address space to VNet1.
Step 3: Recreate peering between VNet1 and VNet2

How well did you know this?

Not at all

Perfectly

You are designing a virtual network to support a web application. The web application uses Blob storage to store large images. The web application will be deployed to an Azure App Service Web App.
You have the following requirements:
Secure all communications by using Secured Socket Layer (SSL)

✑ SSL encryption and decryption must be processed efficiently to support high traffic load on the web application
✑ Protect the web application from web vulnerabilities and attacks without modification to backend code
✑ Optimize web application responsiveness and reliability by routing HTTP requests and responses to the endpoint with the lowest network latency for the client.
You need to configure the Azure components to meet the requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

SSL Encrypt/Decrypt
Azure App gateway
Azure monitor
Azure Security Center
Azure Traffic Manager

Protect from Web Vulnerabilities
Azure App gateway
Azure monitor
Azure Security Center
Azure Traffic Manager

Optimize responsiveness and reliability
Azure App gateway
Azure monitor
Azure Security Center
Azure Traffic Manager

Box 1: Azure Application Gateway
Azure Application Gateway supports end-to-end encryption of traffic. Application Gateway terminates the SSL connection at the application gateway. The gateway then applies the routing rules to the traffic, re-encrypts the packet, and forwards the packet to the appropriate back-end server based on the routing rules defined.
Any response from the webserver goes through the same process back to the end-user.

Box 2: Azure Security Center -
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they’re in Azure or not - as well as on-premises.

Box 3: Azure Traffic Manager -
Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions while providing high availability and responsiveness.

How well did you know this?

Not at all

Perfectly

You have Azure Storage accounts as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Note: The three different storage account options are: General-purpose v2 (GPv2) accounts,
General-purpose v1 (GPv1) accounts, and
Blob storage accounts.
✑ General-purpose v2 (GPv2) accounts are storage accounts that support all of the latest features for blobs, files, queues, and tables.
✑ Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs.
✑ General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.

Storage account1 and Storage account2 only

All the storage accounts

How well did you know this?

Not at all

Perfectly

You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs).
A monitoring solution on a different network will need access to the VMs inside the scale set.
You need to define public access to the VMs.
Solution: Deploy a standalone VM that has a public IP address to the virtual network.
Does the solution meet the goal?
A. Yes
B. No

A. Yes

How well did you know this?

Not at all

Perfectly

You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs).
A monitoring solution on a different network will need access to the VMs inside the scale set.
You need to define public access to the VMs.
Solution: Implement an Azure Load Balancer.
Does the solution meet the goal?
A. Yes
B. No

B. No

How well did you know this?

Not at all

Perfectly

You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs).
A monitoring solution on a different network will need access to the VMs inside the scale set.
You need to define public access to the VMs.
Solution: Design a scale set to automatically assign public IP addresses to all VMs.
Does the solution meet the goal?
A. Yes
B. No

B. No

How well did you know this?

Not at all

Perfectly

You have an on-premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
You need to create a site-to-site VPN. The solution must ensure that is a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area.

Public IPs: 1,2,3,4
Virtual network gateway: 1,2,3,4,
Local Network Gateway: 1,2,3,4

Public IPs: 4
Virtual network gateway: 2
Local Network Gateway: 2

How well did you know this?

Not at all

Perfectly

You have peering configured as shown in the following exhibit.
VNET1 peering 1 disconnected vnet1 enabled
test VNET1 peering 2 disconnected vnet2 disabled
VNET1
VNET6

Host on VNET6 can communicate with host on
Vnet6 only,
Vnet6 and vnet1 only
To change the status of the peering connection to vnet1 to connected , you must first
delete peering 1
add a subnet
Modify the address space

Vnet6 only,

Modify the address space (The virtual networks you peer must have non-overlapping IP address spaces.)

How well did you know this?

Not at all

Perfectly

You have an Azure Kubernetes Service (AKS) cluster named Clus1 in a resource group named RG1.
An administrator plans to manage Clus1 from an Azure AD-joined device.
You need to ensure that the administrator can deploy the YAML application manifest file for a container application.
You install the Azure CLI on the device.
Which command should you run next?
A. kubectl get nodes
B. az aks install-cli
C. kubectl apply ““f appl.yaml
D. az aks get-credentials –resource-group RG1 –name Clus1

Correct Answer: C

kubectl apply ““f appl.yaml applies a configuration change to a resource from a file or stdin.

How well did you know this?

Not at all

Perfectly

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named
Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Contributor role to the Developers group.
Does this meet the goal?
A. Yes
B. No

A. Yes

How well did you know this?

Not at all

Perfectly

A company backs up data to on-premises servers at their main facility. The company currently has 30 TB of archived data that infrequently used. The facility has download speeds of 100 Mbps and upload speeds of 20 Mbps.
You need to securely transfer all backups to Azure Blob Storage for long-term archival. All backup data must be sent within seven days.
Solution: Backup data to local disks and use the Azure Import/Export service to send backups to Azure Blob Storage.
Does this meet the goal?
A. Yes
B. No

A. Yes

How well did you know this?

Not at all

Perfectly

A company backs up data to on-premises servers at their main facility. The company currently has 30 TB of archived data that infrequently used. The facility has download speeds of 100 Mbps and upload speeds of 20 Mbps.
You need to securely transfer all backups to Azure Blob Storage for long-term archival. All backup data must be sent within seven days.
Solution: Create a file share in Azure Files. Mount the file share to the server and upload the files to the file share. Transfer the files to Azure Blob Storage.
Does this meet the goal?
A. Yes
B. No

B. No

How well did you know this?

Not at all

Perfectly

A company backs up data to on-premises servers at their main facility. The company currently has 30 TB of archived data that infrequently used. The facility has download speeds of 100 Mbps and upload speeds of 20 Mbps.
You need to securely transfer all backups to Azure Blob Storage for long-term archival. All backup data must be sent within seven days.
Solution: Use the Set-AzureStorageBlobContent Azure PowerShell command to copy all backups asynchronously to Azure Blob Storage.
Does this meet the goal?
A. Yes
B. No

B. No

How well did you know this?

Not at all

Perfectly

HOTSPOT - You are developing a back-end Azure App Service that scales based on the number of messages contained in a Service Bus queue. A rule already exists to scale up the App Service when the average queue length of unprocessed and valid queue messages is greater than 1000. You need to add a new rule that will continuously scale down the App Service as long as the scale up condition is not met. How should you configure the Scale rule? To answer, select the appropriate options in the answer area.

Service Bus queue Message count Average

You have an on-premises network that contains a Hyper-V host named Host1. Host1 runs Windows Server 2016 and hosts 10 virtual machines that run Windows Server 2016. You plan to replicate the virtual machines to Azure by using Azure Site Recovery. You create a Recovery Services vault named ASR1 and a Hyper-V site named Site1. You need to add Host1 to ASR1. What should you do? A. ✑ Download the installation file for the Azure Site Recovery Provider. ✑ Download the storage account key. ✑ Install the Azure Site Recovery Provider on each virtual machine and register the virtual machines. B. ✑ Download the installation file for the Azure Site Recovery Provider. ✑ Download the vault registration key. ✑ Install the Azure Site Recovery Provider on Host1 and register the server. C. ✑ Download the installation file for the Azure Site Recovery Provider. ✑ Download the storage account key. ✑ Install the Azure Site Recovery Provider on Host1 and register the server. D. ✑ Download the installation file for the Azure Site Recovery Provider. ✑ Download the vault registration key. ✑ Install the Azure Site Recovery Provider on each virtual machine and register the virtual machines.

B. ✑ Download the installation file for the Azure Site Recovery Provider. ✑ Download the vault registration key. ✑ Install the Azure Site Recovery Provider on Host1 and register the server.

You plan to migrate an on-premises Hyper-V environment to Azure by using Azure Site Recovery. The Hyper-V environment is managed by using Microsoft System Center Virtual Machine Manager (VMM). Which virtual machine can be migrated by using Azure Site Recovery? A. FS1 B. CA1 C. DC1 D. SQL1

D. SQL1

Your planning to create a Virtual network that has a scale set that contains six virtual machine VMs.A monitoring solution on a different network will need access to the VMs inside the scale set. You need to define public access to the VMS Solution : Use Remote Desktop protocol (RDP) to connect to the VM in the scale set Does the solution meet the goal? A. Yes B. No

A. Yes

You have an Azure Subscription that contains the virtual Networks shown in following table VNET1 -> 10.1.0.0/16 --> west US --> 100 VNET2 --> 172.16.0.0 /16 --> East US --> 400 You need to recommend a connectivity solution that will enable the virtual machines on VNET1 and VNET2 to communicate through the MS backbone infrastructure. A. Azure express route B.Peering C. site-to-site VPN D.point to point VPN

B.Peering

You create an Azure virtual machine named VM1 in a resource group named RG1, You discover that VM1 performs slower than expected. You need to capture a network trace on VM1 What should you do? A. From diagnostic setting for VM1, configure the performance counters to include network counters B. From the VM1 blade, configure connection troubleshoot. C. From VM1 blade, install performance diagnostics and run advanced performance analysis.

C. From VM1 blade, install performance diagnostics and run advanced performance analysis.

You have an Azure subscription named Subscription1 that contains two Azure networks named VNet1 and VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1. On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1. You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2. You need to ensure that you can connect Client1 to VNet2. What should you do? A. Select Allow gateway transit on VNet1. B. Download and re-install the VPN client configuration package on Client1. C. Enable BGP on VPNGW1. D. Select Allow gateway transit on VNet2.

B. Download and re-install the VPN client configuration package on Client1.

You have an Azure subscription that contains the resources group shows in the following table RG1 East US RG2 West US storage 1 --> RG1 --> west US -->blob storage storage 2 storage --> RG2 --> west US --> storage general purpose V1 Storage 3-->RG1 --> East US --> storage general purpose V2 you create a recovery services vault name vault one in RG1 in the West US location You need to identify which is storage account can be used to archive the diagnostic logs of Walt one which storage account should you identify? A storage 1 only B storage 2 only C the storage 3 only D storage 1 or storage 2 only E storage 1 and storage 3 only

D storage 1 or storage 2 only | E storage 1 and storage 3 only

You have an Azure subs You plan to deploy two Azure web Apps that have the requirements shown in the following table App1 Accessible by using a URL of https //app1 contoso.com Scalable to two instances during busy periods Support two deployment slot App 2 Accessible by using a URL of https //app2 contoso.com Scalable to 15 instances during busy periods Support three deployment slots Which App service you choose : The solution must minimize costs. App 1 --- S1 standard App2 ---P1v2 premium v2

App 1 --- S1 standard | App2 ---P1v2 premium v2

On the ARM template " Microsoft, Support/* You assign the role to a user named User1 Which action can User1 perform? A delete virtual machines B Create resource groups C. Create virtual machines D , Create Support requests " Microsoft, Support/*operation will allow the user to create support tickets.

" Microsoft, Support/*operation will allow the user to create support tickets. D. Create Support requests

The company plans to use third-party application software to perform complex data analysis processes The software will use up to 500 identical virtual machines based on an Azure marketplace VM image you need to design the infrastructure for the third party application server the solution must meet the following requirements the number of VMS that is running at any given point in time must change when the user workload changes when a new version of the application is available in Azure marketplace it must be deployed without causing application downtime use VM scale sets minimize the need for ongoing maintenance which two technology should you recommend each answer present part of the solution A single storage account B auto-scale C single placement group D managed disk

B auto-scale | D managed disk

Storage 1 ->premium -> LRS Storage2 -> standard -> GRS Storage3-> blobstorage -> LRS A Storage1 can host Azure file shares (yes,No) B there are six copies of the data in storage 2 (Yes/No) C Storage3 can be converted to GRS account(Yes/No) Azure files support two storage tiers: Standard /Premium. Standard files shares in GPV1 GPV2 Premium file shares in File storage accounts you cant create Azure files from blob storage or premium gpv1/2 storage account. Notes: Standard azure files = Standard general-purpose accounts Premium Azure file share = FileStorage storage accounts only Blob storage standard can be used both LRS and GRS

A. No B. Yes C. Yes

ARM template Template 1 A Windows server 2012 R2 Datacenter will be deployed to the Azure virtual machine Yes/No B A custom image of windows Server will be deployed Yes/No C During the deployment of template 1 ,an administrator will be prompted to select a version of windows Server Yes /No

A Yes B No C No

You have an Azure subscription that contains storage account Contoso storage one general-purpose V1 Contoso storage #2 general purpose V1 Contoso storage #3 general purpose V2 Contoso storage #4 general purpose V2 Contoso storage #5 blob storage All the storage accounts contain blog only you need to implement several lifecycle management rules for all his storage accounts what should you do first A. An upgrade Contoso storage one and Contoso storage too two general-purpose V2 accounts B Move five terabyte of blob data from Contoso storage 3 to Contoso storage 4 C move 5 terabytes of blob storage data from Contoso in storage one to Contoso storage 2 exams D Recreate Contoso storage 5 as GP V2 account

A. An upgrade Contoso storage one and Contoso storage too two general-purpose V2 accounts

``` RG1 --> East Us RG2 --> West US RG1 VMs VM1 -west VM2 -West VM3 - West VM4 - West RG2 VM5 East VM6 East VM7 west 2 Vm8 West 2 ``` All Vms uses premium disks and Internet accessible VM1/2 in the AVSET1 VM3/4 are also in same Availability zone AVset2 VM5/6 are in diff Availability zones A VM1 is eligible for an SLA of 99.9 5(Yes /No) B VM3 is eligible for an SLA of 99.99 (Yes/No) C VM5 is eligible for an SLA of 99.99 (Yes/No) VMs in the same AV sets 99.95 SLA VMs in two different zones in same region will 99.99 SLA

A yes B No C Yes

A VM1 runs windows 2016 install a line to business aplication on VM1 you need to install custom image on VM1 which action you perform Run the sysprep.exe on VM1 Install Network load balancer on VM1 From Azure CLI deallocate VM1 and mark VM1 as generalized Frome Azure CLI apply for a custom script extension Create a virtual machine scale set.

Run the sysprep.exe on VM1 From Azure CLI deallocate VM1 and mark VM1 as generalized Create a virtual machine scale set.

You have an Azure Active Directory tenant named contoso.com a user named admin1 attempts to create an access preview from the Azure Active Directory admin center and discovered that the access reviews settings are unavailable admin1 discovered that all the other identity governance settings are available Admin1 is assigned the user administrator compliance administrator and security administrator roles you need to ensure that admin1 can create access reviews in contoso.com solution :You consent to Azure AD privileged identity management(PIM) does this meet the goal A yes B no

A yes | PIM conduct access reviews to ensure users still need roles

You have an Azure Active Directory tenant named contoso.com a user named admin1 attempts to create an access preview from the Azure Active Directory admin center and discovered that the access reviews settings are unavailable admin1 discovered that all the other identity governance settings are available Admin1 is assigned the user administrator compliance administrator and security administrator roles You assign Global administrator role to Admin1 A yes B no

B no

You have an Azure Active Directory tenant named contoso.com a user named admin1 attempts to create an access preview from the Azure Active Directory admin center and discovered that the access reviews settings are unavailable admin1 discovered that all the other identity governance settings are available Admin1 is assigned the user administrator compliance administrator and security administrator roles Solution: You purchase an Azure Directory premium P2 Licence for contoso.com A yes B no

B no

You have a resource group name RG one that contains the following A virtual network that contains 2 subnets name subnet1 and subnet2 An Azure storage account named Contoso 1 And Azure firewall diploid to subnet 2 you need to ensure that Contoso one is accessible from subnet one over the Azure backbone network what should you do? A deploying Azure firewall to subnet one B remove the Azure firewall C implements a virtual network service endpoint D create a stored access policy for Contoso one Virtual network services endpoint extend your virtual network private address space and the identity of your VNet to the Azure services over a direct connection. Endpoint allows you to secure your critical Azure service resources to only your virtual network. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network

C implements a virtual network service endpoint

The company has Azure subscription that contains an Azure Active Directory tenant name contoso.com end administrator named admin one attempts to enable enterprise estate roaming to all the users in the manager's group Edmond one reports that the option for enterprise is stated roaming are unavailable from Azure Active Directory you verify that admin one is a sign The global administrator role you need to ensure that admin one can enable enterprise estate roaming answer A Enforce Azure multi-factor authentication for admin one B Purchase an Azure Active Directory Premium P1 license for each user in managers group C Assign Azure Active Directory privilege identity management role to admin one D purchase and Azure rights management lessons for each user in the Managers group

B Purchase an Azure Active Directory Premium P1 license for each user in managers group

You plan to deploy n Azure VM named VM1 by using the Azure resource manager template Type: Microsoft compute/Virtual Machine Microsoft Network/public IP address Microsoft Network/virtual networks Microsoft Network/Network interfaces Microsoft Network/Virtual networks/subnets Type: Microsoft network/network Interfaces Microsoft Network/public IP address Microsoft Network/virtual networks Microsoft Network/Network interfaces Microsoft Network/Virtual networks/subnets

Answer: Microsoft Network/Network interfaces Microsoft Network/virtual networks

You plan to create the VM with Virtual machine Size = Standard_ds2 Os disk type premium SSd The performance of the operating system disk : is guaranteed to remain the same OS disk type :Premium SSD VM1 use the ----disk for data protection Secure Enclaves VM size= Standard DC2: DC family VM are new family of VMs to protect the confidentiality and your data

Is guaranteed to remain the same OS disk type: Premium SSD Secure Enclaves

A company runs multiple Windows virtual machines (VM) in Azure. The IT operations department wants to apply the same policies as they have for on-prem VMs to the VMs running in Azure, Including domain admin permission and schema extensions. You need to recommend a solution for the hybrid scenario that minimizes the amount of maintenance required. Domain : Join the VMs to the existing on-prem domain Join the VMs to a new domain controller VM in Azure Join the VMs to Azure AD domain services (AD DS) Connectivity Setup VPN connectivity Setup HTTPS connectivity Setup Relay services

Join the VMs to a new domain controller VM in Azure | Setup VPN connectivity

Insurance company test case : Error:" Licences not assigned Licence agreement failed for one user" Your are Evaluating the connectivity between the VMs after the planned implementation of the Azure networking infrastructure * The virtual machines on subnet1 will be able to connect to the VMS on subnet3 (Yes/NO) The VMs on client subnet will be able to connect to the internet (Yes/No) The VMs on Subnet3 and subnet4 will be able to connect to the internet (Yes/No) Q2, You need to prepare the environment to ensure that the web admin can deploy the web apps as quickly as possible From the automation, account service add an account account From the automation script blade of the resource, group click add to library From the templates, service select the template and then share the template to the web administrators Q3 You need to resolve the license issue C - From the profile blade modify the usage location Q4 You need to define a custom domain name for Azure AD to support the planned infrastructure,which domain name should you use? C Humongouinsurance.com

YES YES YES ----- From the automation, account service add an account account From the automation script blade of the resource group click add to library From the templates, service select the template and then share the template to the web administrators --- C - From the profile blade modify the usage location ----- C Humongouinsurance.com

Testlet 3 Contoso ltd is consulting company with offices in Montreal and Newyork,seatle Q1 You need to meet the connection requirements for the new york office From Azure portal Create a virtual network gateway and a local network gateway In the Network Office Configure the site to site VPN connection

From Azure portal Create a virtual network gateway and a local network gateway In the Network Office Configure the site to site VPN connection

Adatum Corporation is a financial company that has two main offices in Newyork and Los Angeles Q1 What should you create to configure AG2? Multi-site Listeners

Multi-site Listeners

You have an on-premises network that includes a Microsoft SQL Server instance named SQL1. You create an Azure Logic App named App1. You need to ensure that App1 can query a database on SQL1. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. From an on-prem computer , install an on-prem data gateway From the Azure portal Create an on-prem data gateway From the logic App designer in the Azure portal , add a connection

From an on-prem computer, install an on-prem data gateway From the Azure portal Create an on-prem data gateway From the logic App designer in the Azure portal, add a connection

You are designing a solution to secure a company's Azure resources. The environment hosts 10 teams. Each team manages a project and has a project manager, a virtual machine (VM) operator, developers, and contractors. Project managers must be able to manage everything except access and authentication for users. VM operators must be able to manage VMs, but not the virtual network or storage account to which they are connected. Developers and contractors must be able to manage storage accounts. You need to recommend roles for each member. What should you recommend? To answer, drag the appropriate roles to the correct employee types. Each role may be used once, more than once, or not at all. Project manager = Contributor VM operator = Virtual machine contributor Developers= Storage Account Contributor Contractors= Storage Account Contributor

Project manager = Contributor VM operator = Virtual machine contributor Developers= Storage Account Contributor Contractors= Storage Account Contributor

You have an Azure subscription that contains an Azure Service Bus named Bus1. Your company plans to deploy two Azure web apps named App1 and App2. The web app will create messages that have the following requirements: ✑ Each message created by App1 must be consumed by only a single consumer. ✑ Each message created by App2 will consumed by multiple consumers. Which resource should you create for each web app? To answer, drag the appropriate resources to the correct web apps. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. ``` App1 = A service Bus queue App2 = A service Bus topic ```

``` App1 = A service Bus queue App2 = A service Bus topic ```

You have an Azure subscription that contains the resources shown in the following table. VNET1--> 10.1.1.0/24 Subnet1 --> 10.1.1.0/24 VM1 ---> not applicable Subnet1 is on VNET1. VM1 connects to Subnet1. You plan to create a virtual network gateway on VNET1. You need to prepare the environment for the planned virtual network gateway. What are two ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Modify the address space used by VNET1. B. Modify the address space used by Subnet1. C. Create a subnet named GatewaySubnet on VNET1. D. Create a local network gateway. E. Delete Subnet1.

A. Modify the address space used by VNET1. | E. Delete Subnet1.

A company hosts virtual machines (VMs) in an on-premises datacenter and in Azure. The on-premises and Azure-based VMs communicate using ExpressRoute. The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the Internet and must not require Multiprotocol Label Switching (MPLS) support. You need to recommend a solution that provides continued operations. What should you recommend? A. Set up a second ExpressRoute connection. B. Increase the bandwidth of the existing ExpressRoute connection. C. Increase the bandwidth for the on-premises internet connection. D. Set up a VPN connection.

D. Set up a VPN connection.

You have a web app named WebApp1 that uses an Azure App Service plan named Plan1. Plan1 uses the D1 pricing tier and has an instance count of 1. You need to ensure that all connections to WebApp1 use HTTPS. What should you do first? A. Scale up Plan1. B. Modify the connection strings for WebApp1. C. Scale out Plan1. D. Disable anonymous access to WebApp1.

``` Correct Answer: A The D1 (Shared) pricing tier does not support HTTPS. ```

You have an Azure subscription that contains an Azure Service Fabric cluster and a Service Fabric application named FabricApp. You develop and package a Service Fabric application named AppPackage. AppPackage is saved in a compressed folder named AppPackage.zip. You upload AppPackage.zip to an external store. You need to register AppPackage in the Azure subscription. What should you do first? A. Run the New-ServiceFabricApplication cmdlet. B. Repackage the application in a file named App.sfpkg. C. Create a new Service Fabric cluster. D. Copy AppPackage.zip to a blob storage account.

B. Repackage the application in a file named App.sfpkg.

Your company runs several Windows and Linux virtual machines (VMs). You must design a solution that implements data privacy, compliance, and data sovereignty for all storage uses in Azure. You plan to secure all Azure storage accounts by using Role-Based Access Controls (RBAC) and Azure Active Directory (Azure AD). You need to secure the data used by the VMs. Which solution should you use? Boot and data volume: Azure disk encryption Data written to Azure Storage: Azure Storage Service Encryption Encryption keys and secrets: Azure key vault

Boot and data volume: Azure disk encryption Data are written to Azure Storage: Azure Storage Service Encryption Encryption keys and secrets: Azure key vault

You develop an entertainment application where users can buy and trade virtual real estate. The application must scale to support thousands of users. The current architecture includes five Azure virtual machines (VM) that connect to an Azure SQL Database for account information and Azure Table Storage for backend services. A user interacts with these components in the cloud at any given time. ✑ Routing Service "" Routes a request to the appropriate service and must not persist data across sessions. ✑ Account Service "" Stores and manages all account information and authentication and requires data to persist across sessions ✑ User Service "" Stores and manages all user information and requires data to persist across sessions. ✑ Housing Network Service "" Stores and manages the current real-estate economy and requires data to persist across sessions. ✑ Trade Service "" Stores and manages virtual trade between accounts and requires data to persist across sessions. Due to volatile user traffic, a microservices solution is selected for scale agility. You need to migrate to a distributed microservices solution on Azure Service Fabric. Solution: Create a Service Fabric Cluster with a stateful Reliable Service for each component. Does the solution meet the goal? A. Yes B. No

B. No

You develop an entertainment application where users can buy and trade virtual real estate. The application must scale to support thousands of users. The current architecture includes five Azure virtual machines (VM) that connect to an Azure SQL Database for account information and Azure Table Storage for backend services. A user interacts with these components in the cloud at any given time. ✑ Routing Service "" Routes a request to the appropriate service and must not persist data across sessions. ✑ Account Service "" Stores and manages all account information and authentication and requires data to persist across sessions ✑ User Service "" Stores and manages all user information and requires data to persist across sessions. ✑ Housing Network Service "" Stores and manages the current real-estate economy and requires data to persist across sessions. Trade Service "" Stores and manages virtual trade between accounts and requires data to persist across sessions. Due to volatile user traffic, a microservices solution is selected for scale agility. You need to migrate to a distributed microservices solution on Azure Service Fabric. Solution: Create a Service Fabric Cluster with a stateless Reliable Service for Routing Service. Create stateful Reliable Services for all other components. Does the solution meet the goal? A. Yes B. No

A. Yes

You develop an entertainment application where users can buy and trade virtual real estate. The application must scale to support thousands of users. The current architecture includes five Azure virtual machines (VM) that connect to an Azure SQL Database for account information and Azure Table Storage for backend services. A user interacts with these components in the cloud at any given time. ✑ Routing Service "" Routes a request to the appropriate service and must not persist data across sessions. ✑ Account Service "" Stores and manages all account information and authentication and requires data to persist across sessions ✑ User Service "" Stores and manages all user information and requires data to persist across sessions. ✑ Housing Network Service "" Stores and manages the current real-estate economy and requires data to persist across sessions. ✑ Trade Service "" Stores and manages virtual trade between accounts and requires data to persist across sessions. Due to volatile user traffic, a microservices solution is selected for scale agility. You need to migrate to a distributed microservices solution on Azure Service Fabric. Solution: Create a Service Fabric Cluster with a stateful Reliable Service for Routing Service. Deploy a Guest Executable to Service Fabric for each component. Does the solution meet the goal? A. Yes B. No

B. No

DRAG DROP - You are developing a web app that uses a REST interface to connect to Azure Storage with HTTPS. This app uploads and streams video content that can be accessed from anywhere in the world. You have different storage requirements for each part of the app. A hierarchical namespace must be created. Which storage services should you implement? To answer, select the appropriate services to the correct actions. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. Storage services: Action Azure Blobs Stream video content Azure Table storage Perform random read/write Ops Azure HD insight Access Apps data from anywhere

Stream video streams ---> Azure blobs Perform random read/write operation --> Azure Blobs Access apps data from anywhere --> Azure Blobs

``` You create an Azure Time Series Insights event handler. You need to send data over the network as efficiently as possible and optimize query performance. What should you do? A. Create a query plan B. Send all properties C. Use a Tag ID D. Use reference data ```

D. Use reference data

You are creating an IoT solution using Azure Time Series Insights. You configure the environment to ensure that all data for the current year is available. What should you do? A. Add a disaster recovery (DR) strategy. B. Set a value for the Data retention time setting. C. Change the pricing tier. D. Create a reference data set.

D. Create a reference data set.

DRAG DROP - You have an Azure subscription that contains a storage account. You have an on-premises server named Server1 that runs Windows Server 2016. Server1 has 2 TB of data. You need to transfer the data to the storage account by using the Azure Import/Export service. In which order should you perform the actions? To answer, move all actions form the list of actions to the answer area and arrange them in the correct order. From the Azure portal update the import job From the Azure portal, create am import job Detach the external disks from server1 and ship the disks to an Azure data center Attach an external disk to server1 and then run waimportexport.exe

Attach an external disk to server1 and then run waimportexport.exe From the Azure portal, create am import job Detach the external disks from server1 and ship the disks to an Azure data center From the Azure portal update the import job ------------- At a high level, an import job involves the following steps: Step 1: Attach an external disk to Server1 and then run waimportexport.exe Determine data to be imported, number of drives you need, destination blob location for your data in Azure storage. Use the WAImportExport tool to copy data to disk drives. Encrypt the disk drives with BitLocker. Step 2: From the Azure portal, create an import job. Create an import job in your target storage account in Azure portal. Upload the drive journal files. Step 3: Detach the external disks from Server1 and ship the disks to an Azure data center. Provide the return address and carrier account number for shipping the drives back to you. Ship the disk drives to the shipping address provided during job creation. Step 4: From the Azure portal, update the import job Update the delivery tracking number in the import job details and submit the import job. The drives are received and processed at the Azure data center. The drives are shipped using your carrier account to the return address provided in the import job.

You have an Azure subscription named Subscription1. You have 5 TB of data that you need to transfer to Subscription1. You plan to use an Azure Import/Export job. What can you use as the destination of the imported data? A. an Azure Cosmos DB database B. Azure SQL Database C. Azure File Storage D. Azure Data Lake Store

C. Azure File Storage Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.

You have an Azure subscription that contains the resources in the following table. RG1 --> Resource group Store1 -> Azure storage account Sync1 --> Azure File Sync Store1 contains a file share named Data. Data contains 5,000 files. You need to synchronize the files in Data to an on-premises server named Server1. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Download an automation script B. Create a sync group C. Install the Azure File Sync agent on Server1 D. Create a container instance E. Register Server1

``` Correct Answer: BCE Step 1 (C): Install the Azure File Sync agent on Server1 The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share Step 2 (E): Register Server1. Register Windows Server with Storage Sync Service Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service. Step 3 (B): Create a sync group and a cloud endpoint. A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on a registered server. ```

You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1. You install and configure a web server and a DNS server on VM1. Internet users--> Can connect to only the webserver on VM1 If you delete rule2, internet users --> can connect to the webserver and the DNS server on VM1

Internet users--> Can connect to only the webserver on VM1 If you delete rule2, internet users --> can connect to the webserver and the DNS server on VM1 Box 1: Rule2 blocks ports 50-60, which includes port 53, the DNS port. Internet users can reach to the Web server, since it uses port 80. Box 2: If Rule2 is removed internet users can reach the DNS server as well. Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Processing stops once traffic matches a rule, as a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.

You plan to back up an Azure virtual machine named VM1. You discover that the Backup Pre-Check status displays a status of Warning. What is a possible cause of the Warning status? A. VM1 does not have the latest version of WaAppAgent.exe installed B. A Recovery Services vault is unavailable C. VM1 has an unmanaged disk D. VM1 is stopped

``` Correct Answer: A The Warning state indicates one or more issues in VM's configuration that might lead to backup failures and provides recommended steps to ensure successful backups. Not having the latest VM Agent installed, for example, can cause backups to fail intermittently and falls in this class of issues. ```

You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1. You have a computer Computer1 that runs Windows 10. Computer1 is connected to the Internet. You add a network interface named Interface1 to VM1 as shown in the exhibit. From Computer1, you attempt to connect to VM1 by using Remote Desktop, but the connection fails. You need to establish a Remote Desktop connection to VM1. What should you do first? A. Attach a network interface B. Start VM1 C. Delete the DenyAllOutBound outbound port rule D. Delete the DenyAllInBound inbound port rule

Correct Answer: B Incorrect Answers: A: The network interface has already been added to VM. C: The Outbound rules are fine. D: The inbound rules are fine. Port 3389 is used for Remote Desktop. Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Processing stops once traffic matches a rule. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.

You are designing an Azure solution. The solution must meet the following requirements: Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules Provide SSL offloading capabilities You need to recommend a solution to distribute network traffic. Which technology should you recommend? A. server-level firewall rules B. Azure Application Gateway C. Azure Traffic Manager D. Azure Load Balancer

Correct Answer: B If you require "SSL offloading", application layer treatment, or wish to delegate certificate management to Azure, you should use Azure's layer 7 load balancer Application Gateway instead of the Load Balanacer.

You have an Azure subscription named Subscription1. In Subscription1, you create an alert rule named Alert1. The Alert1 action group is configured as shown in the following exhibit.Alert1 alert criteria is triggered every minute. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Box 1: 60 - One alert per minute will trigger one email per minute. Box 2: 12 - No more than 1 SMS every 5 minutes can be send, which equals 12 per hour. Note: Rate limiting is a suspension of notifications that occurs when too many are sent to a particular phone number, email address or device. Rate limiting ensures that alerts are manageable and actionable. The rate limit thresholds are: ✑ SMS: No more than 1 SMS every 5 minutes. ✑ Voice: No more than 1 Voice call every 5 minutes. ✑ Email: No more than 100 emails in an hour. ✑ Other actions are not rate limited.

Azure subcription named sub1 VM1 VM2 LB1 A webserver runs on VM1 and VM2. When you request a webpage named Page1.htm from the Internet, LB1 balances the web requests to VM1 and VM2., and you receive a response. On LB1, you have a rule named Rule1 as shown in the Rule1 Session persistence is none Protocol selected is HTTP If a user is server Page1,htm from VM1 and then the user refreshes the web browser, page1.htm will be refreshed from VM1 always (Yes/No) If you change the protocol of Rule1 all the web request will fails(Yes/No) If you delete Probe1.htm from VM2, LB1 will route all the web request to VM1 (Yes/No)

Box 1: No - Session Persistence is None. Box 2: Yes - Web requests uses the HTTP protocol, not the TCP protocol. Box 3: No - Note: Azure Load Balancer provides health probes for use with load-balancing rules. Health probe configuration and probe responses determine which backend pool instances will receive new flows. You can use health probes to detect the failure of an application on a backend instance. You can also generate a custom response to a health probe and use the health probe for flow control to manage load or planned downtime. When a health probe fails, Load Balancer stops sending new flows to the respective unhealthy instance.

You develop an entertainment application where users can buy and trade virtual real estate. The application must scale to support thousands of users. The current architecture includes five Azure virtual machines (VM) that connect to an Azure SQL Database for account information and Azure Table Storage for backend services. A user interacts with these components in the cloud at any given time. ✑ Routing Service "" Routes a request to the appropriate service and must not persist data across sessions. ✑ Account Service "" Stores and manages all account information and authentication and requires data to persist across sessions ✑ User Service "" Stores and manages all user information and requires data to persist across sessions. ✑ Housing Network Service "" Stores and manages the current real-estate economy and requires data to persist across sessions. ✑ Trade Service "" Stores and manages virtual trade between accounts and requires data to persist across sessions. Due to volatile user traffic, a microservices solution is selected for scale agility. You need to migrate to a distributed microservices solution on Azure Service Fabric. Solution: Deploy a Windows container to Azure Service Fabric for each component. Does the solution meet the goal? A. Yes B. No

B. No

You have an Azure subscription that contains the storage accounts shown in the following table. Storagecontoso1 --> A blob service and table service Storagecontoso2 --> A blob service and file service Storagecontoso3 --> Queue service Storagecontoso4 --> A blob service and queue service Storagecontoso5-->A table service You enable Azure Advanced Threat Protection (ATP) for all the storage accounts. You need to identify which storage accounts will generate Azure ATP alerts. Which two storage accounts should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. storagecontoso1 B. storagecontoso2 C. storagecontoso3 D. storagecontoso4 E. storagecontoso5

Correct Answer: AE Azure Queue Storage is a service for storing large numbers of messages. You access messages from anywhere in the world via authenticated calls using HTTP or HTTPS. Azure Table storage stores large amounts of structured data. The service is a NoSQL datastore which accepts authenticated calls from inside and outside the Azure cloud. Azure tables are ideal for storing structured, non-relational data. Microsoft Azure File Service is a is a cloud storage service that allows Windows Server administrators to access Server-Message-Block-Protocol (SMB) shares in the Azure cloud by setting up file shares in the Azure management console Blob storage is a feature in Microsoft Azure that lets developers store unstructured data in Microsoft's cloud platform. This data can be accessed from anywhere in the world and can include audio, video and text. Blobs are grouped into "containers" that are tied to user accounts. Blobs can be manipulated with

Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the developer group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Logic App Contributor role to the Developers group. Does this meet the goal? A. Yes B. No

Correct Answer: A The Logic App Contributor role lets you create, read, enable, and disable the logic app.

You have an Azure Service Bus and a queue named Queue1. Message time --> TTL --> 2hrs Lock 5 min enable dead lettering on message expiration enable partitioning If a message is written to queue 1 and is never read , the will be: retained until it is deleted manually If the message is written to queue 1 and then read after one hour , the message will be: deleted immediately

If a message is written to queue 1 and is never read, the will be: retained until it is deleted manually If a message is written to queue 1 and then read after one hour, the message will be: deleted immediately

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the developer group with the ability to create Azure logic apps in the Dev resource group. Solution: On Subscription , you assign the dev-test labs users to the developer group A Yes B No

B No The dev test lab only allow to use it in only Dev test lab account

A company backs up data to on-prem servers at its main facility. The company currently has 30 TB of archived data that infrequently used. The facility has a download speed of 100 MBPS and upload speed of 20 MBPS you need to securely transfer all backups to azure blobs for long term archival. All backup data must be sent within seven days Solution backup data to local disks and use the azure import/export service to send backups to azure Blobs storage Answer A Yes B No

A Yes

A company backs up data to on-prem servers at its main facility. The company currently has 30 TB of archived data that infrequently used. The facility has a download speed of 100 MBPS and upload speed of 20 MBPS you need to securely transfer all backups to azure blobs for long term archival. All backup data must be sent within seven days Solution: Create a file share in Azure Files. Mount the file share to the server and upload the files to the file share . Transfer the files to Azure blob storage/ A Yes B No

B No

A company backs up data to on-prem servers at its main facility. The company currently has 30 TB of archived data that infrequently used. The facility has a download speed of 100 MBPS and upload speed of 20 MBPS you need to securely transfer all backups to azure blobs for long term archival. All backup data must be sent within seven days Solution: Use the set-Azure Storage blob content , Azure power shell command to copy all backups asynchrony to Azure blob storage A Yes B No

B No

You are developing a back end Azure App service that scales based on the number of messages contained in the service bus queue A rule already exists to scale up the azure service when the average queue length of unprocessed and valid queue messages is greater than 1000 You need to add a new rule that will continuously scale down the app service as long as the scale-up condition is not met . How should you configure the scale rule? ``` Scale rule X Metric source: service bus queue ** Resource group Resources queues Criteria metric name: Message count** Time grain stats: Average** Operator: Less then or equal to ** Threshold ``` Action operation: Decrease count by Instance count: 1

``` Metric source: service bus queue ** metric name: Message count** Time grain stats: Average** Operator: Less then or equal to ** Action operation: Decrease count by ```

You have an on-prem network that contains a Hyper-V host named Host1 .Host1 runs Windows Server 2016 and hosts 10 VMs that run Windows 2016. You plan to replicate the VMS to azure by using Azure site recovery.You create a recovery services vault named ASR1 and Hyper-V site named Site1.You need to add Host1 to ASR1 B : Download the installation file for the Azure site recovery provider Download Azure registration key Install the Azure site recovery provider on Host1 and register the server.

B : Download the installation file for the Azure site recovery provider Download Azure registration key Install the Azure site recovery provider on Host1 and register the server.

You plan to migrate an on-prem Hyper-V environment to Azure by using Azure site recovery. The Hyper-V environment is managed by using the MS system center Virtual machine manager (VMM). The Hyper-V environment contains the virtual machines in the table Name OS Storage Bitlocker Generation DC1 --> windows 2016 --500GB No 2 F51 --> Ubunto 200 GB No 2 CA1 --> windows 2012 1 TB yes 1 SQL1 --> windows 2016 200GB No 1 Which VM can be migrated by using Azure site recovery A DC1 B F51 C CA1 D SQL1

D SQL1

You have an on prem network that you plan to connect to Azure by using a site-site VPN,In Azure you have an AZ Virtual network named VNet1 that uses an address space of 10.0.0.0/16 VNET1 contains a subnet named Subnet1 that uses the address space 10.0.0.0/24.you need to create a site to site VPN to azure. ``` Create a gateway subnet Create a custom DNS server Create a local gateway Create a VPN gateway Create a VPN Connection Create an Azure CDN profile ```

Create a gateway subnet Create a VPN gateway Create a local gateway Create a VPN Connection

You have an Azure Subs named Sub1 that contains two Azure Networks named NET1 and NET2.Net1 contains a VPN gateway named VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-prem network and VNet1. On a computer named client1 that runs Windows 10 you configure a point to site VPN connection to VNet1 You configure virtual network peering between VNet1 and Vnet2. You verify that you can connect to Vnet2 from the on-prem network.Client1 is unable to connect to Vnet2 You need to ensure that you can connect Client1 to Vnet2. A Select allow gateway transit on Vnet1 B Download and re-install the client configuration package on client1 C Enable BGP on VPNGW1 D Select Allow gateway transit on Vnet2

B Download and re-install the client configuration package on client1

Your company has offices in NewYork and Los Angeles You have an Azure subscription that contains an Azure virtual network named Vnet1. Each office has a site-to-site VPN connection to Vnet1. Vnet1 -> 192.1.168.0.0./20 New York -> 10.0.0.0/16 Los Angeles -> 10.10.0.0/16 You need to make that all internet bound traffic route from Vnet1 through Newyork office what to do? In Azure RUN : New-Azure RM Local Network Gateway New Azure RM Virtual NetworkGateway Connection Set -Azure RM Virtual Network Gateway Default site On a VPN device in the Newyork office,set the traffic selection to : 0. 0.0.0 10. 0.0.0/16 192. 168.0.0/20

Set -Azure RM Virtual Network Gateway Default site | 192.168.0.0/20

You have a Ms. SQL Server Always On Availability Group on Azure virtual machines. You need to configure an Azure internal load balancer as a listener for the availability group what should we do? A Create an HTTP health probe on port 1433 B Set session persistence to client IP C Set Session persistence to client IP and protocol D Enable floating IP

D Enable floating IP

You set multi-factor authentication status for a user named admin1@ contoso.com to enabled Admin1 access the Azure portal by using a web browser. Which additional security verification can Admin1 use when accessing the azure portal A An app password, text message that contains a verification code, and notification sent from the Microsoft Authentication app B A phone call, a text message that contains verification code, and notification or a verification code sent from the MS Authenticator App

B A phone call, a text message that contains verification code, and notification or a verification code sent from the MS Authenticator App

You have an Azure active directory tenant that contains three global admins Admin1.Admin2,Admin3 Admin1 can add Admin2 as an owner of the subscription YES/NO Admin2 can add Admin1 as an owner of the subscription YES/NO Admin2 can create a resource group in the subcription Yes/NO

Admin1 can add Admin2 as an owner of the subscription YES Admin2 can add Admin1 as an owner of the subscription NO Admin2 can create a resource group in the subscription NO

You have an Azure AD tenant All admin must enter verification code to access the Az portal You need to ensure that the administrators can access the Azure portal only from your on-prem network. A. The multifactor authentication service settings B. An Azure AD identity protection sign-in risk policy

The multifactor authentication service settings

You have an Azure Subs named Sub1 that contains a virtual network named VNet1 , VNet in is RG1, Sub1 has a user named user1 , User1 has the following roles Security admin Security reader You need to ensure that USer1 can assign the reader role for VNet1 to other users A.Assign User1 the owner role for VNet1 B Assign User1 the network Contributor role for VNet1

Assign User1 the owner role for VNet1

Your creating an app that usese the Event Grid to connect with other services. You need to configure the event Grid to ensure security. Webhook event delivery: SAS tokens Key Authentication JWT token Topic publishing: Validation Code handshake Validation URL handshake Management Access Control

Webhook event delivery: SAS tokens Topic publishing: Validation Code handshake

You are building a custom Azure function app to connect to Azure event Grid. You need to ensure that resources are allocated dynamically to the function app. What should you configure when you create the function app? The windows OS and Consumption plan hasting plan The windows OS and the App service plan hosting plan

The windows OS and Consumption plan hasting plan

You have an Azure Service Bus.You need to implement a service Bus queue that guarantees First in and first out (FIFO) delivery of messages? A . enable partitioning B .Enable sessions

B .Enable sessions

You have an Azure sub that contains a policy based Virtual network gateway named GW1 and VNet1 you need to ensure that you can configure a point to site connection from Vnet1 to an on-prem computer. what actions do you perform? Create a route-based virtual network gateway Reset GW1 Delete GW1 Add a connection to GW1

Create a route-based virtual network gateway | Delete GW1

You network contains an AD domain that is synched to Azure AD .A user account configured (Adam Hobb) From the Azure portal an Admin can reset the password for Adam (Yes/No) From AZ portal an admin can modify the job tittle for the user account pf Adam ( Yes/NO) From the Azure portal, an admin can modify the usage location for the user account of Adam ( Yes/NO)

From the Azure portal an Admin can reset the password for Adam (/No) From AZ portal an admin can modify the job tittle for the user account pf Adam ( NO) From the Azure portal, an admin can modify the usage location for the user account of Adam ( Yes)