Udemy Tests Flashcards
Your company has an Azure Storage account named TutorialsDojo1.
You have to copy your files hosted on your on-premises network to TutorialsDojo1 using AzCopy.
What Azure Storage services will you be able to copy your data into?
Blob? File? Table? Queue?
Blob and FIle
AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.
Your company has an Azure AD tenant named tutorialsdojo.onmicrosoft.com and a public DNS zone for tutorialsdojo.com.
You added the custom domain name tutorialsdojo.com to Azure AD. You need to verify that Azure can verify the domain name.
What DNS record type should you use?
SRV? NSEC? NSEC3? MX?
MX
You can verify your custom domain name by using TXT or MX record types.
Hence, the correct answer is: MX.
You need to perform the following actions in a Windows virtual machine:
- Create a document on drive C.
- Create a document on drive D.
- Create a new folder on the desktop.
- Create a local user account.
You plan to redeploy the virtual machine.
Which of the changes will be lost after you redeploy the virtual machine to a new Azure node?
The document on drive D.
Most VMs contain a temporary disk. On Azure Linux VMs, the temporary disk is typically /dev/sdb and on Windows VMs the temporary disk is D: by default.
Your company has an Azure subscription named TDSubcription1. It contains the following resources: Name, Region, Resource Group, Type TDVNET1, SEAsia, TD1, vnet TDVNET2, SEAsia, TD2, vnet TDVNET3, East Asia, TD3, vnet TDNSG1, East Asia, TD4, nsg
Which subnet/s can you associate TDNSG1 with?
TDVnet3
You can only associate a network security group to a subnet or network interface within the same region as the network security group.
Your company has a virtual network named TDVnet1 and a policy-based virtual network gateway named TD1 in your Azure subscription.
You have users that need to access TDVnet1 from a remote location.
Which two actions should you do so your users can establish a point-to-site connection to TDVnet1?
Delete TD1
Deploy a route-based VPN gateway
Point-to-Site (P2S) VPN connection allows you to create a secure connection to your virtual network from an individual client computer.
When you configure a point-to-site VPN connection, you must use a route-based VPN type for your gateway. Policy-based VPN type for point-to-site VPN connection is not supported by Azure.
If you create a policy-based VPN type as your gateway, you need to delete it and deploy a route-based VPN gateway instead.
You have the following storage accounts in your Azure subscription.
mystorage1,general-purpose-v1,file
mystorage2,BlobStorage,blob
mystorage3,general-storage-v2,file/table
mystorage4,general-storage-v2,queue
There is a requirement to export the data from your subscription using the Azure Import/Export service.
Which account can be used to export the data?
mystorage2
Azure Import/Export jobs can be import or export jobs. An import job allows you to import data into Azure Blobs or Azure files whereas the export job allows data to be exported from Azure Blobs
You need to use an existing Azure Resource Manager (ARM) template to provision ten Azure virtual machines.
You should retrieve the password using the ARM template. The password must not be stored in plain text.
Which of the following options can help you accomplish this?
- Create a key vault and configure an access policy
- Configure label protection
- Create a storage account and configure data protection
- Configure Azure AD Password Protection
Create a key vault and configure an access policy.
In this scenario, you can use the ARM template to retrieve the password in Azure Key Vault. Instead of putting a secure value (like a password) directly in your template or parameter file, you can retrieve the value from an Azure Key Vault during deployment. You retrieve the value by referencing the key vault and secret in your parameter file. The value is never exposed because you only reference its key vault ID.
Your company has 12 peered virtual networks in your Azure subscription.
You plan to deploy a network security group for each virtual network.
There is a compliance requirement that port 80 should be automatically blocked between virtual networks whenever a new network security group is created.
Solution: You create a security rule that denies incoming port 80 traffic.
Does the solution meet the goal?
No.
It is stated in the scenario that blocking port 80 should be done automatically whenever a new network security group is created. By creating a rule manually, it becomes quite cumbersome to configure as you need to create a security rule for every network security group you create. It’s best practice to always automate your security processes to avoid administrative overhead. You should use a custom policy definition in order to automate the requirement.
You are planning to host several web applications in Azure App Service with the following runtime stack.
App1 - ASP.NET V4.8 App2 - Node 12 LTS App3 - PHP 7.4 App4 - Python 3.8 App5 - Ruby 2.5
How many App Service plan should you create at the minimum to properly deploy all applications?
Zero, One, Two, Five
Two.
Only need to create one App Service plan for each runtime stack (i.e. Windows and Linux) not one per application. Some runtime stacks will only work on Windows such as ASP.NET while Ruby will only work with Linux.
You created a new Azure web app with an F1 App Service plan.
You want to add a staging slot for your application but the option seems unavailable in the Azure Portal.
What must be done first to satisfy the above requirement?
Scale up the App Service plan.
Add a new deployment slot
Scale-out the App Service plan
Configure a custom domain
Scale up the App Service plan.
upgrade your App Service plan to a Standard or Premium tier. After you successfully upgraded your plan, you can now add a slot in the deployment slots.
You are managing 50 virtual machines.
You need to identify idle and underutilized resources to reduce the overall costs of your account. The service tier of your development virtual machines must also be changed to a less expensive offering.
What Azure service should you use?
Azure Advisor
Azure Event Hubs
Azure Monitor
Azure Compliance Manager
Azure Advisor.
Azure Cost Management works with Azure Advisor to provide cost optimization recommendations. The list of recommendations identifies usage inefficiencies or shows purchase recommendations that can help you save costs.
You plan to host a web application in three Azure virtual machines.
You need to make sure that there are at least two virtual machines running if an Azure data center becomes inaccessible.
What should you do?
Deploy all the virtual machines in a single Availability Zone
Deploy one virtual machine in each Availability Zone
Deploy all the virtual machines in a single Availability Set
Deploy one virtual machine in each Availability slot
Deploy one virtual machine in each Availability Zone.
Based on the given requirements, you can protect your web application from data center outages if you will deploy the three virtual machines in a separate Availability Zone. The physical separation of Availability Zones within a region protects applications and data from datacenter failures.
Your company has an Azure subscription that has the following resources deployed:
TDBackup1, Recovery Services Vault, SEAsia
TDAccount2, Storage Account, SEAsia
TDAnalytics1, Log Analytics Workspace, East Asia
TDAlanytics2, Log Analytics Workspace, SEAsia
TDAnalytics3, Log Analytics Workspace, Australia Central
There is a requirement that requires you to configure Azure Backup reports using TDBackup1 to determine which backup items consume the most storage.
Which Log Analytics workspace can you use to store the backup reporting data?
TDAnalytics1
TDAnalytics2
TDAnalytics3
TDAnalytics1, TDAnalytics2 and TDAnalytics3
TDAnalytics1, TDAnalytics2 and TDAnalytics3
When you create a Log Analytics workspace, it does not matter if the vault is located in a different region or subscription.
You have deployed two Azure virtual machines to host a web application.
You plan to set up an Availability Set for your application.
You need to make sure that the application is available during planned maintenance.
Which of the following options will allow you to accomplish this?
Assign one update domain in the Availability Set
Assign two update domains in the Availability Set
Assign one fault domain in the Availability Set
Assign two fault domains in the Availability Set
Assign two update domains in the Availability Set.
To ensure that the application is available during planned maintenance, you must assign two update domains in the Availability Set. An update domain will make sure that the VMs in the Availability Set are not updated at the same time.
You are managing an Azure subscription that contains a resource group named TD-RG1 which has a virtual machine named TD-VM1.
TD-VM1 has services that will deploy new resources on TD-RG1.
You need to make sure that the services running on TD-VM1 should be able to manage the resources in TD-RG1 using its identity.
Which of the following actions should you do first?
Configure the access control of TD-VM1
Configure the access control of TD-RG1
Configure the security settings of TD-RG1
Configure the managed identity of TD-VM1
Configure the managed identity of TD-VM1.
some Azure services allow you to enable a managed identity directly on a service instance. When you enable a system-assigned managed identity, an identity is created in Azure AD that is tied to the lifecycle of that service instance
Your company has a virtual network that contains a MySQL database hosted on a virtual machine.
You created a web app named tutorialsdojo-webapp using the Azure App service.
You need to make sure that tutorialsdojo-webapp can fetch the data from the MySQL database.
What should you implement?
Create and internal load balancer
Enable VNet Integration and connect the web app to the virtual network
Peer the virtual network to another virtual network
Create an Azure Application Gateway
Enable VNet Integration and connect the web app to the virtual network.
With Azure Virtual Network (VNets), you can place many of your Azure resources in a non-internet-routable network. The VNet Integration feature enables your apps to access resources in or through a VNet.
You have a server in your on-premises datacenter that contains a DNS server named TD1 with a primary DNS zone for the tutorialsdojo.com domain.
You have an Azure subscription named TD-Subscription1.
You plan to migrate the tutorialsdojo.com zone to an Azure DNS zone in TD-Subscription1. You must ensure that you minimize administrative effort.
Which tool should you use?
Azure PowerShell
Azure CLI
Azure Portal
Azure CloudShell
Azure CLI
Azure DNS supports importing and exporting zone files by using the Azure command-line interface (CLI). Zone file import is NOT supported via Azure PowerShell, Azure Cloud Shell, and Azure portal.
Your company has an Azure AD tenant named TD-Azure-AD that contains 3 User Administrators and 2 Global Administrators.
You recently purchased 5 Premium P1 licenses.
You need to make sure that the users in your tenant have access to all the Premium P1 features.
What should you do to satisfy the above requirement?
Select the user in your tenant and assign a new role in the Directory role blade of each user.
Select the user in your tenant and assign it to an administrative unit.
Select the user in your tenant and add the user to an Active Directory Group.
In the Licenses blade of AuzreAD, select the user in your tenant and assign the license.
In the Licenses blade of Azure AD, select the user in your tenant and assign the license.
To ensure that the users in your tenant have access to Premium P1 license features, you must manually add the license to each user or add the license to a group. Remember that only the users with active licenses can access and use the licensed Azure AD services. Also, licenses are applied per tenant, and you can’t transfer them to other tenants.
You have the following resources deployed in Azure:
In Tenant1 under subscription TD1: VNet named TDVnet1 with address range 10.1.0.0/16 containing a virtual machine named VM1
In Tenant2 under subscription TD2: VNet named TDVnet2 with address range 10.10.0.0/18 containing a virtual machine named VM2
There is a requirement to connect TDVnet1 and TDVnet2.
What should you do first?
Create two virtual network gateways
Change the address space of TDVnet2
Transfer TDVnet1 to TD2
Transfer VM1 to VM2
Create two virtual network gateways
You can use a VPN gateway to send traffic between VNets. Each VNet can have only one VPN gateway.
You plan to provision ten virtual machines using the Azure VM scale sets.
The virtual machines must be optimized for large-scale stateless workloads.
Which of the following options allows you to deploy VMs as quickly as possible?
Create 10 VMs in the Azure Portal
Create a VM scale set and set the orchestration mode to flexible
Create 10 VMs in Azure CLI
Create a VM scale set and set the orchestration mode to uniform
Create a VM scale set and set the orchestration mode to Uniform.
Azure Virtual Machine Scale Sets provide a logical grouping of platform-managed virtual machines. While in Uniform orchestration mode, you just need to define a VM model and Azure will automatically create identical instances based on that model.
Your company has an Azure subscription that contains:
A recovery services vault named TDBackup1 in Southeast Asia.
Two resource groups TDGroup1 in Australia Central, TDGroup2 in Southeast Asia
VM: named TD1 in RG TDGroup1 @ Southeast Asia
VM: named TD2 in RG TDGroup1 @ East Asia
VM: named TD3 in RG TDGroup2 @ Australia Central
VM: named TD4 in RG TDGroup2 @ Southeast Asia
VM: named TD5 in RG TDGroup1 @ East Asia
VM: named TD6 in RG TDGroup2 @ Australia Central
Which VMs can be backed up to TDBackup1
TD1 and TD4 only.
Take note that you can only backup data sources or virtual machines that are in the same region as the Recovery Services vault. You can backup virtual machines that have different resource groups or operating systems as long as they are in the same region as the vault.
You have a web app named tutorialsdojo-portal that is hosted in Azure App Services. The provisioned deployment slots for tutorialsdojo-portal are shown in the table below:
tutorialsdojo-dev, development
tutorialsdojo-staging,staging
tutorialsdojo,production
You configured several settings in the tutorialsdojo-dev and tutorialsdojo-staging.
You performed a swap operation between the production and staging slots. Upon testing the tutorialsdojo-portal app, it was discovered that the new features are not working properly.
Which of the following helps you revert the tutorialsdojo-portal app to its previous state?
Swap the slops of tutorialsdojo-dev and tutorialsdojo
Swap the slots of tutorialsdojo-staging and tutorialsdojo-dev
Restore the previous version of tutorialsdojo using app backup
Swap the slops of tutorialsdojo-dev and tutorialsdojo
You created a new Azure subscription. The subscription has a resource group named TD-RG. The resources in TD-RG is created using ARM templates.
You need to get the exact date and time when the resources in TD-RG was deployed.
Potential Solutions:
In the resource group settings, select Policies.
In the resource group settings, select Properties.
In the resource group settings, select Deployments.
In the resource group settings, select Deployments
Your company has an existing subscription in Azure.
You provisioned an Azure Storage account named TutorialsDojoAccount and then created a file share named TDShare.
You need to create a script that will allow you to connect to your file share.
What is the UNC path of the file share?
\TutorialsDojoAccount.file.core.windows.net\TDShare
\TutorialsDojoAccount.TDShare\file.core.windows.net
\TDShare.file.core.windows.net\TutorialsDojoAccount
\.file.core.windows.net.TutorialsDojoAccount\TDShare
\TutorialsDojoAccount.file.core.windows.net\TDShare
The Azure File Share UNC path format is:
\{storageAccountName}.file.core.windows.net{fileShareName}
