104 recetas cocina oriental

Your company has serval departments. Each department has a number of virtual machines (VMs). The company has an Azure subscription that contains a resource group named RG1. All VMs are located in RG1. You want to associate each VM with its respective department. What should you do?. Create Azure Management Groups for each department. Create a resource group for each department. Assign tags to the virtual machines. Modify the settings of the virtual machines.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises Active Directory domain. You have a server named DirSync1 that is configured as a DirSync server. You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately. Solution: You use Active Directory Sites and Services to force replication of the Global Catalog on a domain controller. Does the solution meet the goal?. Yes. No.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises Active Directory domain. You have a server named DirSync1 that is configured as a DirSync server. You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately. Solution: You restart the NetLogon service on a domain controller. Does the solution meet the goal?. Yes. No.

Your company has a Microsoft Azure subscription. The company has datacenters in Los Angeles and New York. You are configuring the two datacenters as geo-clustered sites for site resiliency. You need to recommend an Azure storage redundancy option. You have the following data storage requirements: -Data must be stored on multiple nodes. -Data must be stored on nodes in separate geographic locations. -Data can be read from the secondary location as well as from the primary location. Which of the following Azure stored redundancy options should you recommend?. Geo-redundant storage. Read-only geo-redundant storage. Zone-redundant storage. Locally redundant storage.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share. A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account. You want to review the ARM template that was used by Jon Ross. Solution: You access the Virtual Machine blade. Does the solution meet the goal?. Yes. No.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share. A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account. You want to review the ARM template that was used by Jon Ross. Solution: You access the Resource Group blade. Does the solution meet the goal?. Yes. No.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share. A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account. You want to review the ARM template that was used by Jon Ross. Solution: You access the Container blade. Does the solution meet the goal?. Yes. No.

Your company has three virtual machines (VMs) that are included in an availability set. You try to resize one of the VMs, which returns an allocation failure message. It is imperative that the VM is resized. Which of the following actions should you take?. You should only stop one of the VMs. You should stop two of the VMs. You should stop all three VMs. You should remove the necessary VM from the availability set.

You have an Azure virtual machine (VM) that has a single data disk. You have been tasked with attaching this data disk to another Azure VM. You need to make sure that your strategy allows for the virtual machines to be offline for the least amount of time possible. Which of the following is the action you should take FIRST?. Stop the VM that includes the data disk. Stop the VM that the data disk must be attached to. Detach the data disk. Delete the VM that includes the data disk.

Your company has an Azure subscription. You need to deploy a number of Azure virtual machines (VMs) using Azure Resource Manager (ARM) templates. You have been informed that the VMs will be included in a single availability set. You are required to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintenance. Which of the following is the value that you should configure for the platformFaultDomainCount property?. 10. 30. Min Value. Max Value.

Your company has an Azure subscription. You need to deploy a number of Azure virtual machines (VMs) using Azure Resource Manager (ARM) templates. You have been informed that the VMs will be included in a single availability set. You are required to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintenance. Which of the following is the value that you should configure for the platformUpdateDomainCount property?. 10. 20. 30. 40.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations. Solution: You access the multi-factor authentication page to alter the user settings. Does the solution meet the goal?. Yes. No.

DRAG DROP You have downloaded an Azure Resource Manager (ARM) template to deploy numerous virtual machines (VMs). The ARM template is based on a current VM, but must be adapted to reference an administrative password. You need to make sure that the password cannot be stored in plain text. You are preparing to create the necessary components to achieve your goal. Which of the following should you create to achieve your goal? Answer by dragging the correct option from the list to the answer area. Select and Place. An Azure Key Vault. An Azure Storage account. Azure Active Directory (AD) Identity Protection. An access policy. An Azure policy. A backup policy.

Your company has an Azure Active Directory (Azure AD) tenant that is configured for hybrid coexistence with the on-premises Active Directory domain. The on-premise virtual environment consists of virtual machines (VMs) running on Windows Server 2012 R2 HyperV host servers. You have created some PowerShell scripts to automate the configuration of newly created VMs. You plan to create several new VMs. You need a solution that ensures the scripts are run on the new VMs. Which of the following is the best solution?. Configure a SetupComplete.cmd batch file in the %windir%\setup\scripts directory. Configure a Group Policy Object (GPO) to run the scripts as logon scripts. Configure a Group Policy Object (GPO) to run the scripts as startup scripts. Place the scripts in a new virtual hard disk (VHD).

Your company has an Azure Active Directory (Azure AD) tenant that is configured for hybrid coexistence with the on-premises Active Directory domain. You plan to deploy several new virtual machines (VMs) in Azure. The VMs will have the same operating system and custom software requirements. You configure a reference VM in the on-premise virtual environment. You then generalize the VM to create an image. You need to upload the image to Azure to ensure that it is available for selection when you create the new Azure VMs. Which PowerShell cmdlets should you use?. Add-AzVM. Add-AzVhd. Add-AzImage. Add-AzImageDataDisk.

Your company has an Azure subscription that includes a number of Azure virtual machines (VMs), which are all part of the same virtual network. Your company also has an on-premises Hyper-V server that hosts a VM, named VM1, which must be replicated to Azure. Which of the following objects that must be created to achieve this goal? Answer by dragging the correct option from the list to the answer area. Select and Place: Hyper-V site. Storage account. Azure Recovery Services Vault. Azure Traffic Manager instance. Replication policy. Endpoint.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company's Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB. VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to-site VPN connection exists between your company's on- premises network and VirtualNetworkA. You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering between VirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company's on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation. You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation. Solution: You choose the Allow gateway transit setting on VirtualNetworkA. Does the solution meet the goal?. Yes. No.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company's Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB. VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to-site VPN connection exists between your company's on- premises network and VirtualNetworkA. You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering between VirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company's on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation. You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation. Solution: You choose the Allow gateway transit setting on VirtualNetworkB. Does the solution meet the goal?. Yes. No.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company's Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB. VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to-site VPN connection exists between your company's on- premises network and VirtualNetworkA. You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering between VirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company's on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation. You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation. Solution: You download and re-install the VPN client configuration package on the Windows 10 workstation. Does the solution meet the goal?. Yes. No.

Your company has virtual machines (VMs) hosted in Microsoft Azure. The VMs are located in a single Azure virtual network named VNet1. The company has users that work remotely. The remote workers require access to the VMs on VNet1. You need to provide access for the remote workers. What should you do?. Configure a Site-to-Site (S2S) VPN. Configure a VNet-toVNet VPN. Configure a Point-to-Site (P2S) VPN. Configure DirectAccess on a Windows Server 2012 server VM. Configure a Multi-Site VPN.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has a Microsoft SQL Server Always On availability group configured on their Azure virtual machines (VMs). You need to configure an Azure internal load balancer as a listener for the availability group. Solution: You create an HTTP health probe on port 1433. Does the solution meet the goal?. Yes. No.

Note: The question is included in a number of questions that depicts the identical set-up. However, every questionhas a distinctive result. Establish if the solution satisfies the requirements. Your company has a Microsoft SQL Server Always On availability group configured on their Azure virtual machines (VMs). You need to configure an Azure internal load balancer as a listener for the availability group. Solution: You set Session persistence to Client IP. Does the solution meet the goal?. Yes. No.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations. Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy. Does the solution meet the goal?. Yes. No.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has a Microsoft SQL Server Always On availability group configured on their Azure virtual machines (VMs). You need to configure an Azure internal load balancer as a listener for the availability group. Solution: You enable Floating IP. Does the solution meet the goal?. Yes. No.

Your company has two on-premises servers named SRV01 and SRV02. Developers have created an application that runs on SRV01. The application calls a service on SRV02 by IP address. You plan to migrate the application on Azure virtual machines (VMs). You have configured two VMs on a single subnet in an Azure virtual network. You need to configure the two VMs with static internal IP addresses. What should you do?. Run the New-AzureRMVMConfig PowerShell cmdlet. Run the Set-AzureSubnet PowerShell cmdlet. Modify the VM properties in the Azure Management Portal. Modify the IP properties in Windows Network and Sharing Center. Run the Set-AzureStaticVNetIP PowerShell cmdlet.

Your company has two on-premises servers named SRV01 and SRV02. Developers have created an application that runs on SRV01. The application calls a service on SRV02 by IP address. You plan to migrate the application on Azure virtual machines (VMs). You have configured two VMs on a single subnet in an Azure virtual network. You need to configure the two VMs with static internal IP addresses. What should you do?. Run the New-AzureRMVMConfig PowerShell cmdlet. Run the Set-AzureSubnet PowerShell cmdlet. Modify the VM properties in the Azure Management Portal. Modify the IP properties in Windows Network and Sharing Center.

Your company has an Azure Active Directory (Azure AD) subscription. You need to deploy five virtual machines (VMs) to your company's virtual network subnet. The VMs will each have both a public and private IP address. Inbound and outbound security rules for all of these virtual machines must be identical. Which of the following is the least amount of network interfaces needed for this configuration?. 5. 10. 20. 40.

Your company has an Azure Active Directory (Azure AD) subscription. You need to deploy five virtual machines (VMs) to your company's virtual network subnet. The VMs will each have both a public and private IP address. Inbound and outbound security rules for all of these virtual machines must be identical. Which of the following is the least amount of security groups needed for this configuration?. 4. 3. 2. 1.

Your company's Azure subscription includes Azure virtual machines (VMs) that run Windows Server 2016. One of the VMs is backed up every day using Azure Backup Instant Restore. When the VM becomes infected with data encrypting ransomware, you decide to recover the VM's files. Which of the following is TRUE in this scenario?. You can only recover the files to the infected VM. You can recover the files to any VM within the company's subscription. You can only recover the files to a new VM. You will not be able to recover the files.

Your company's Azure subscription includes Azure virtual machines (VMs) that run Windows Server 2016. One of the VMs is backed up every day using Azure Backup Instant Restore. When the VM becomes infected with data encrypting ransomware, you are required to restore the VM. Which of the following actions should you take?. You should restore the VM after deleting the infected VM. You should restore the VM to any VM within the company's subscription. You should restore the VM to a new Azure VM. You should restore the VM to an on-premise Windows device.

You administer a solution in Azure that is currently having performance issues. You need to find the cause of the performance issues pertaining to metrics on the Azure infrastructure. Which of the following is the tool you should use?. Azure Traffic Analytics. Azure Monitor. Azure Activity Log. Azure Advisor.

Your company has an Azure subscription that includes a Recovery Services vault. You want to use Azure Backup to schedule a backup of your company's virtual machines (VMs) to the Recovery Services vault. Which of the following VMs can you back up? Choose all that apply. VMs that run Windows 10. VMs that run Windows Server 2012 or higher. VMs that have NOT been shut down. VMs that run Debian 8.2+. VMs that have been shut down.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution: You create a PowerShell script that runs the New-AzureADUser cmdlet for each user. Does this meet the goal?. Yes. No.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution: From Azure AD in the Azure portal, you use the Bulk create user operation. Does this meet the goal?. Yes. No.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations. Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy. Does the solution meet the goal?. Yes. No.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution: You create a PowerShell script that runs the New-AzureADMSInvitation cmdlet for each external user. Does this meet the goal?. Yes. No.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model. After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication. To achieve this, the Per Enabled User setting must be set for the usage model. Solution: You reconfigure the existing usage model via the Azure portal. Does the solution meet the goal?. Yes. No.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company's Azure solution makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model. After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication. To achieve this, the Per Enabled User setting must be set for the usage model. Solution: You reconfigure the existing usage model via the Azure CLI. Does the solution meet the goal?. Yes. No.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company's Azure solution makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model. After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication. To achieve this, the Per Enabled User setting must be set for the usage model. Solution: You create a new Multi-Factor Authentication provider with a backup from the existing Multi-Factor Authentication provider data. Does the solution meet the goal?. Yes. No.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises Active Directory domain. You have a server named DirSync1 that is configured as a DirSync server. You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately. Solution: You run the Start-ADSyncSyncCycle -PolicyType Initial PowerShell cmdlet. Does the solution meet the goal?. Yes. No.

You need to implement a backup solution for App1 after the application is moved. What should you create first?. a recovery plan. an Azure Backup Server. a backup policy. a Recovery Services vault.

You need to move the blueprint files to Azure. What should you do?. Generate an access key. Map a drive, and then copy the files by using File Explorer. Use Azure Storage Explorer to copy the files. Use the Azure Import/Export service. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

You need to identify the storage requirements for Contoso. For each of the following statements, select Yes if the statement is true. Otherwise, select No. Contoso requires a storage account that supports Blob storage. Contoso requires a storage account that supports Azure Table storage. Contoso requires a storage account that supports Azure File Storage.

You need to create container1 and share1. Which storage accounts should you use for each resource? To answer, select the appropriate options in the answer area. container1. share1.

You need to create storage5. The solution must support the planned changes. Which type of storage account should you use, and which account should you configure as the destination storage account? To answer, select the appropriate options in the answer area. Account kind. Destination.

You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements. Which storage account should you identify?. storage1. storage2. storage3. storage4.

You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use?. Diagram in VNet1. Diagnostic settings in Azure Monitor. Diagnose and solve problems in Traffic Manager profiles. The security recommendations in Azure Advisor. IP flow verify in Azure Network Watcher.

You need to ensure that VM1 can communicate with VM4. The solution must minimize the administrative effort. What should you do?. Create an NSG and associate the NSG to VM1 and VM4. Establish peering between VNET1 and VNET3. Assign VM4 an IP address of 10.0.1.5/24. Create a user-defined route from VNET1 to VNET3.

You need to meet the connection requirements for the New York office. What should you do? To answer, select the appropriate options in the answer area. From the Azure portal. In the New York office.

You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. Number of virtual networks. Number of subnets per virtual network.

You are planning the move of App1 to Azure. You create a network security group (NSG). You need to recommend a solution to provide users with access to App1. What should you recommend?. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

You implement the planned changes for NSG1 and NSG2. For each of the following statements, select Yes if the statement is true. Otherwise, select No. From VM1, you can establish a Remote Desktop session to VMM2. From VM2, you can ping VM3. From VM2, you can establish a Remote Desktop session to VM3.

You need to add VM1 and VM2 to the backend pool of LB1. What should you do first?. Connect VM2 to VNET1/Subnet1. Redeploy VM1 and VM2 to the same availability zone. Redeploy VM1 and VM2 to the same availability set. Create a new NSG and associate the NSG to VNET1/Subnet1.

You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort. What should you do?. Create a user-defined route from VNET1 to VNET3. Create an NSG and associate the NSG to VM1 and VM4. Assign VM4 an IP address of 10.0.1.5/24. Establish peering between VNET1 and VNET3.

You need to implement Role1. Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. "X" -Name "Reader" | "Y". Find-RoleCapability. Get-AzureADDirectoryRole. Get-AzRoleDefinition. Get-AzResourceProvider.

You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements. What should you include in the recommendation?. Azure AD B2C. dynamic groups and conditional access policies. Azure AD Identity Protection. an Azure logic app and the Microsoft Identity Management (MIM) client.

You have an Azure subscription named Subscription1 that contains a resource group named RG1. In RG1, you create an internal load balancer named LB1 and a public load balancer named LB2. You need to ensure that an administrator named Admin1 can manage LB1 and LB2. The solution must follow the principle of least privilege. Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area. To add a backend pool to LB1. To add a health probe to LB2.

You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts. You create a new user account named AdminUser1. You need to assign the User administrator administrative role to AdminUser1. What should you do from the user account properties?. From the Licenses blade, assign a new license. From the Directory role blade, modify the directory role. From the Groups blade, invite the user account to a new group.

Users:. Groups:.

You have an Azure subscription that contains the resources shown in the following table. You need to ensure that data transfers between storage1 and VM1 do NOT traverse the internet. data protection. a private endpoint. Public network access in the Firewalls and virtual networks settings. a shared access signature (SAS).

User1 can resize VM1. User2 can create a new storage account in RG1. User3 can assign User1 the Owner role for RG3.

Your on-premises network contains a VPN gateway. You have an Azure subscription that contains the resources shown in the following table. You need to ensure that all the traffic from VM1 to storage1 travels across the Microsoft backbone network. What should you configure?. a network security group (NSG). private endpoints. Microsoft Entra Application Proxy. Azure Virtual WAN.

You have a Microsoft Entra tenant. You plan to perform a bulk import of users. You need to ensure that imported user objects are added automatically as the members of a specific group based on each user's department. The solution must minimize administrative effort. Which two actions should you perform? Each correct answer presents part of the solution. Create groups that use the Assigned membership type. Create an Azure Resource Manager (ARM) template. Create groups that use the Dynamic User membership type. Write a PowerShell script that parses an import file. Create an XML file that contains user information and the appropriate attributes. Create a CSV file that contains user information and the appropriate attributes.

You have an Azure subscription that contains a storage account named storage1. You need to ensure that the access keys for storage1 rotate automatically. What should you configure?. a backup vault. redundancy for storage1. lifecycle management for storage1. an Azure key vault. a Recovery Services vault.

You have an Azure subscription that contains the Microsoft Entra identities shown in the following table. You need to enable self-service password reset (SSPR). For which identities can you enable SSPR in the Azure portal?. User1 only. Group1 only. User1 and Group1 only. Group1 and Group2 only. User1, Group1, and Group2.

You have a Microsoft Entra tenant. You need to ensure that when a new Microsoft 365 group is created, the group name is automatically formatted as follows: <Department><Group name> Which three actions should you perform in sequence in the Microsoft Entra admin center? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Set ADD suffix to Attribute. Create a group naming policy. Set Add prefix to Attribute. Set Add suffix to String. Set ADD prefix to String. Set Select type to Department. Customize the company branding.

You have a Microsoft Entra tenant that contains the users shown in the following table. Users. Groups.

You have an Azure subscription that contains the resources shown in the following table. You plan to use an Azure key vault to provide a secret to app1. What should you create for app1 to access the key vault, and from which key vault can the secret be used? To answer, select the appropriate options in the answer area. Create a. Use the secret from.

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts. You purchase 10 Azure AD Premium P2 licenses for the tenant. You need to ensure that 10 users can use all the Azure AD Premium features. What should you do?. From the Licenses blade of Azure AD, assign a license. From the Groups blade of each user, invite the users to a group. From the Azure AD domain, add an enterprise application. From the Directory role blade of each user, modify the directory role.

You have a Microsoft Entra tenant named contoso.com. You collaborate with an external partner named fabrikam.com. You plan to invite users in fabrikam.com to the contoso.com tenant. You need to ensure that invitations can be sent only to fabrikam.com users. What should you do in the Microsoft Entra admin center?. From Cross-tenant access settings, configure the Tenant restrictions settings. From Cross-tenant access settings, configure the Microsoft cloud settings. From External collaboration settings, configure the Guest user access restrictions settings. From External collaboration settings, configure the Collaboration restrictions settings.

You have an Azure subscription that contains a storage account named storage1. The storage1 account contains blob data. You need to assign a role to a user named User1 to ensure that the user can access the blob data in storage1. The role assignment must support conditions. Which two roles can you assign to User1? Each correct answer presents a complete solution. Owner. Storage Account Contributor. Storage Account Backup Contributor. Storage Blob Data Contributor. Storage Blob Data Owner. Storage Blob Delegator.

You have a Microsoft Entra tenant configured as shown in the following exhibit. User1. User1 and Group1 only. User1 and Group2 only. User1, Group1, and Group2.

You have an Azure subscription that contains a storage account named storage. The storage account contains a blob that stores images. Client access to storage1 is granted by using a shared access signature (SAS). You need to ensure that users receive a warning message when they generate a SAS that exceeds a seven-day time period. What should you do for storage?. Enable a read-only lock. Configure an alert rule. Add a lifecycle management rule. Set Allow recommended upper limit for shared access signature (SAS) expiry interval to Enabled.

You have an Azure subscription named Subscription1 and an on-premises deployment of Microsoft System Center Service Manager. Subscription1 contains a virtual machine named VM1. You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent. What should you do first?. Create an automation runbook. Deploy a function app. Deploy the IT Service Management Connector (ITSM). Create a notification.

You sign up for Azure Active Directory (Azure AD) Premium P2. You need to add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain. What should you configure in Azure AD?. Device settings from the Devices blade. Providers from the MFA Server blade. User settings from the Users blade. General settings from the Groups blade.

User1 can add Device2 to Group1. User2 can add Device1 to Group1. User2 can add Device2 to Group2.

You have an Azure subscription that contains a resource group named RG26. RG26 is set to the West Europe location and is used to create temporary resources for a project. RG26 contains the resources shown in the following table. SQLDB01 is backed up to RGV1. When the project is complete, you attempt to delete RG26 from the Azure portal. The deletion fails. You need to delete RG26. What should you do first?. Delete VM1. Stop VM1. Stop the backup of SQLDB01. Delete sa001.

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1. Subscription1 has a user named User1. User1 has the following roles: -Reader -Security Admin -Security Reader You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the User Access Administrator role for VNet1. Assign User1 the Network Contributor role for VNet1. Assign User1 the Network Contributor role for RG1.

You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com. Your company has a public DNS zone for contoso.com. You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name. Which type of DNS record should you create?. MX. NSEC. PTR. RRSIG.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group. Does this meet the goal?. Yes. No.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Subscription1, you assign the Logic App Operator role to the Developers group. Does this meet the goal?. Yes. No.

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1. An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com. You need to ensure that access to AKS1 can be granted to the contoso.com users. What should you do first?. From contoso.com, modify the Organization relationships settings. From contoso.com, create an OAuth 2.0 authorization endpoint. Recreate AKS1. From AKS1, create a namespace.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?. Yes. No.

You have an Azure subscription that is used by four departments in your company. The subscription contains 10 resource groups. Each department uses resources in several resource groups. You need to send a report to the finance department. The report must detail the costs for each department. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Assign a tag to each resource group. Assign a tag to each resource. Download the usage report. From the Cost analysis blade, filter the view by tag. Open the Resource costs blade of each resource group.

You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1. You need to view the error events from a table named Event. Which query should you run in Workspace1?. Get-Event Event | where {$_.EventType == "error"}. search in (Event) "error". select * from Event where EventType == "error". search in (Event) * | where EventType -eq "error".

You have an Azure subscription that contains a virtual network named VNET1 in the East US 2 region. A network interface named VM1-NI is connected to VNET1. You successfully deploy the following Azure Resource Manager template. VM1 and VM2 can connect to VNET1. If an Azure datacenter becomes unavailable, VM1 or VM2 will be available. If the East US 2 region becomes unavailable, VM1 or VM2 will be available.

You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table. RG1 has a web app named WebApp1. WebApp1 is located in West Europe. You move WebApp1 to RG2. What is the effect of the move?. The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1. The App Service plan for WebApp1 moves to North Europe. Policy2 applies to WebApp1. The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1. The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1.

You have an Azure subscription. Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs. You have a line-of-business-app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016. You need to ensure that the connections to App1 are spread across all the virtual machines. What are two possible Azure services that you can use? Each correct answer presents a complete solution. an internal load balancer. a public load balancer. an Azure Content Delivery Network (CDN). Traffic Manager. an Azure Application Gateway.

You have an Azure subscription. You have 100 Azure virtual machines. You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering. Which blade should you use?. Monitor. Advisor. Metrics. Customer insights.

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The User administrator role is assigned to a user named Admin1. An external partner has a Microsoft account that uses the user1@outlook.com sign in. Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: `Unable to invite user user1@outlook.com `" Generic authorization exception.` You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant. What should you do?. From the Users settings blade, modify the External collaboration settings. From the Custom domain names blade, add a custom domain. From the Organizational relationships blade, add an identity provider. From the Roles and administrators blade, assign the Security administrator role to Admin1.

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1. You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days. Which two groups should you create? Each correct answer presents a complete solution. a Microsoft 365 group that uses the Assigned membership type. a Security group that uses the Assigned membership type. a Microsoft 365 group that uses the Dynamic User membership type. a Security group that uses the Dynamic User membership type. a Security group that uses the Dynamic Device membership type.

You have an Azure subscription linked to an Azure Active Directory tenant. The tenant includes a user account named User1. You need to ensure that User1 can assign a policy to the tenant root management group. What should you do?. Assign the Owner role for the Azure Subscription to User1, and then modify the default conditional access policies. Assign the Owner role for the Azure subscription to User1, and then instruct User1 to configure access management for Azure resources. Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources. Create a new management group and delegate User1 as the owner of the new management group.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription. Solution: You assign the Network Contributor role at the subscription level to Admin1. Does this meet the goal?. Yes. No.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription. Solution: You assign the Owner role at the subscription level to Admin1. Does this meet the goal?. Yes. No.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription. Solution: You assign the Reader role at the subscription level to Admin1. Does this meet the goal?. Yes. No.

You have an Azure subscription that contains a user named User1. You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege. Which role-based access control (RBAC) role should you assign to User1?. Owner. Virtual Machine Contributor. Contributor. Virtual Machine Administrator Login.

You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1. VM1 runs services that will be used to deploy resources to RG1. You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1. What should you do first?. From the Azure portal, modify the Managed Identity settings of VM1. From the Azure portal, modify the Access control (IAM) settings of RG1. From the Azure portal, modify the Access control (IAM) settings of VM1. From the Azure portal, modify the Policies settings of RG1.

You have an Azure subscription that contains a resource group named TestRG. You use TestRG to validate an Azure deployment. TestRG contains the following resources: You need to delete TestRG. What should you do first?. Modify the backup configurations of VM1 and modify the resource lock type of VNET1. Remove the resource lock from VNET1 and delete all data in Vault1. Turn off VM1 and remove the resource lock from VNET1. Turn off VM1 and delete all data in Vault1.

You have an Azure DNS zone named adatum.com. You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure. What should you do?. Create an NS record named research in the adatum.com zone. Create a PTR record named research in the adatum.com zone. Modify the SOA record of adatum.com. Create an A record named *.research in the adatum.com zone.

You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1. You need to view the error events from a table named Event. Which query should you run in Workspace1?. Get-Event Event | where {$_.EventType == "error"}. Event | search "error". select * from Event where EventType == "error". search in (Event) * | where EventType ג€"eq ג€errorג€.

You have a registered DNS domain named contoso.com. You create a public Azure DNS zone named contoso.com. You need to ensure that records created in the contoso.com zone are resolvable from the internet. What should you do?. Create NS records in contoso.com. Modify the SOA record in the DNS domain registrar. Create the SOA record in contoso.com. Modify the NS records in the DNS domain registrar.

You have an Azure Active Directory (Azure AD) tenant. You plan to delete multiple users by using Bulk delete in the Azure Active Directory admin center. You need to create and upload a file for the bulk delete. Which user attributes should you include in the file?. The user principal name and usage location of each user only. The user principal name of each user only. The display name of each user only. The display name and usage location of each user only. The display name and user principal name of each user only.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription. Solution: You assign the Traffic Manager Contributor role at the subscription level to Admin1. Does this meet the goal?. Yes. No.

You have three offices and an Azure subscription that contains an Azure Active Directory (Azure AD) tenant. You need to grant user management permissions to a local administrator in each office. What should you use?. Azure AD roles. administrative units. access packages in Azure AD entitlement management. Azure roles.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Logic App Contributor role to the Developers group. Does this meet the goal?. Yes. No.

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1. Subscription1 has a user named User1. User1 has the following roles: -Reader -Security Admin -Security Reader You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?. Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Assign User1 the Owner role for VNet1. Assign User1 the Contributor role for VNet1. Assign User1 the Network Contributor role for VNet1.

You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a file share named share1. The subscription is linked to a hybrid Azure Active Directory (Azure AD) tenant that contains a security group named Group1. You need to grant Group1 the Storage File Data SMB Share Elevated Contributor role for share1. What should you do first?. Enable Active Directory Domain Service (AD DS) authentication for storage1. Grant share-level permissions by using File Explorer. Mount share1 by using File Explorer. Create a private endpoint.

You have 15 Azure subscriptions. You have an Azure Active Directory (Azure AD) tenant that contains a security group named Group1. You plan to purchase additional Azure subscription. You need to ensure that Group1 can manage role assignments for the existing subscriptions and the planned subscriptions. The solution must meet the following requirements: -Use the principle of least privilege. -Minimize administrative effort. What should you do?. Assign Group1 the Owner role for the root management group. Assign Group1 the User Access Administrator role for the root management group. Create a new management group and assign Group1 the User Access Administrator role for the group. Create a new management group and assign Group1 the Owner role for the group.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com: User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in external.contoso.onmicrosoft.com. Solution: You instruct User2 to create the user accounts. Does that meet the goal?. Yes. No.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com: User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in external.contoso.onmicrosoft.com. Solution: You instruct User4 to create the user accounts. Does that meet the goal?. Yes. No.

You have an Azure policy as shown in the following exhibit: What is the effect of the policy?. You are prevented from creating Azure SQL servers anywhere in Subscription 1. You can create Azure SQL servers in ContosoRG1 only. You are prevented from creating Azure SQL Servers in ContosoRG1 only. You can create Azure SQL servers in any resource group within Subscription 1.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com: User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in external.contoso.onmicrosoft.com. Solution: You instruct User3 to create the user accounts. Does that meet the goal?. Yes. No.

You have two Azure subscriptions named Sub1 and Sub2. An administrator creates a custom role that has an assignable scope to a resource group named RG1 in Sub1. You need to ensure that you can apply the custom role to any resource group in Sub1 and Sub2. The solution must minimize administrative effort. What should you do?. Select the custom role and add Sub1 and Sub2 to the assignable scopes. Remove RG1 from the assignable scopes. Create a new custom role for Sub1. Create a new custom role for Sub2. Remove the role from RG1. Create a new custom role for Sub1 and add Sub2 to the assignable scopes. Remove the role from RG1. Select the custom role and add Sub1 to the assignable scopes. Remove RG1 from the assignable scopes. Create a new custom role for Sub2.

You have an Azure Subscription that contains a storage account named storageacct1234 and two users named User1 and User2. You assign User1 the roles shown in the following exhibit. Which two actions can User1 perform? Each correct answer presents a complete solution. Assign roles to User2 for storageacct1234. Upload blob data to storageacct1234. Modify the firewall of storageacct1234. View blob data in storageacct1234. View file shares in storageacct1234.

You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1. You need to view the error events from a table named Event. Which query should you run in Workspace1?. select * from Event where EventType == "error". Event | search "error". Event | where EventType is "error". Get-Event Event | where {$_.EventType == "error"}.

You have an Azure App Services web app named App1. You plan to deploy App1 by using Web Deploy. You need to ensure that the developers of App1 can use their Azure AD credentials to deploy content to App1. The solution must use the principle of least privilege. What should you do?. Assign the Owner role to the developers. Configure app-level credentials for FTPS. Assign the Website Contributor role to the developers. Configure user-level credentials for FTPS.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution: From Azure AD in the Azure portal, you use the Bulk invite users operation. Does this meet the goal?. Yes. No.

You have an Azure subscription that contains 10 virtual machines, a key vault named Vault1, and a network security group (NSG) named NSG1. All the resources are deployed to the East US Azure region. The virtual machines are protected by using NSG1. NSG1 is configured to block all outbound traffic to the internet. You need to ensure that the virtual machines can access Vault1. The solution must use the principle of least privilege and minimize administrative effort What should you configure as the destination of the outbound security rule for NSG1?. an application security group. a service tag. an IP address range.

Which users are assigned the Azure Active Directory Premium Plan 2 license?. User4 only. User1 and User4 only. User1, User2, and User4 only. User1, User2, User3, and User4.

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1. Subscription1 has a user named User1. User1 has the following roles: • Reader • Security Admin • Security Reader You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?. Assign User1 the Network Contributor role for VNet1. Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Assign User1 the Owner role for VNet1. Assign User1 the Network Contributor role for RG1.

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1. Subscription1 has a user named User1. User1 has the following roles: • Reader • Security Admin • Security Reader You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?. Remove User1 from the Security Reader role for Subscript on 1. Assign User1 the Contributor role for RG1. Assign User1 the Owner role for VNet1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription 1. Assign User1 the Contributor role for VNet1.

Your on-premises network contains a VPN gateway. You have an Azure subscription that contains the resources shown in the following table. You need to ensure that all the traffic from VM1 to storage1 travels across the Microsoft backbone network. What should you configure?. Azure Application Gateway. private endpoints. a network security group (NSG). Azure Virtual WAN.

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1. Subscription1 has a user named User1. User1 has the following roles: • Reader • Security Admin • Security Reader You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?. Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Assign User1 the Access Administrator role for VNet1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1. Assign User1 the Network Contributor role for RG1.

You have an Azure subscription that contains the resources shown in the following table. You need to assign User1 the Storage File Data SMB Share Contributor role for share1. What should you do first?. Enable identity-based data access for the file shares in storage1. Modify the security profile for the file shares in storage1. Select Default to Azure Active Directory authorization in the Azure portal for storage1. Configure Access control (IAM) for share1.

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1. Subscription1 has a user named User1. User1 has the following roles: • Reader • Security Admin • Security Reader You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?. Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Assign User1 the User Access Administrator role for VNet1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for VNet1.

You have an Azure subscription named AZPT1 that contains the resources shown in the following table: You create a new Azure subscription named AZPT2. You need to identify which resources can be moved to AZPT2. Which resources should you identify?. VM1, storage1, VNET1, and VM1Managed only. VM1 and VM1Managed only. VM1, storage1, VNET1, VM1Managed, and RVAULT1. RVAULT1 only.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution: You create a PowerShell script that runs the New-MgUser cmdlet for each external user. Does this meet the goal?. Yes. No.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution: You create a PowerShell script that runs the New-MgInvitation cmdlet for each external user. Does this meet the goal?. Yes. No.

You have an Azure subscription named Subscription1 that contains virtual network named VNet1. VNet1 is in a resource group named RG1. A user named User1 has the following roles for Subscription1: • Reader • Security Admin • Security Reader You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?. Assign User1 the Contributor role for VNet1. Assign User1 the Network Contributor role for VNet1. Assign User1 the User Access Administrator role for VNet1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1.

You have an Azure subscription named Subscription1 that contains virtual network named VNet1. VNet1 is in a resource group named RG1. User named User1 has the following roles for Subscription1: • Reader • Security Admin • Security Reader You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1. Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Assign User1 the Network Contributor role for VNet1. Assign User1 the User Access Administrator role for VNet1.