You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.
You purchase 10 Azure AD Premium P2 licenses for the tenant.
You need to ensure that 10 users can use all the Azure AD Premium features.
What should you do? From the Licenses blade of Azure AD, assign a licence From the Groups blade of each user, invite the users to a group From the Azure AD domain, add an enterprise application From the Directory role blade of each user, modify the directory role.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User4 to create the user accounts.
Does that meet the goal?
Yes No.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User3 to create the user accounts.
Does that meet the goal?
Yes No.
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.
You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?
From contoso.com, modify the Organization relationships settings. From contoso.com, create an OAuth 2.0 authorization endpoint. Recreate AKS1. From AKS1, create a namespace.
You have an on-premises server that contains a folder named D:\Folder1.
You need to copy the contents of D:\Folder1 to the public container in an Azure Storage account named contosodata.
Wich command should you run?
https://contosodata.blob.core.windows.net/public azcopy sync D:\folder1 https://contosodata.blob.core.windows.net/public --snapshot azcopy copy D:\folder1 https://contosodata.blob.core.windows.net/public --recursive az storage blob copy start-batch D:\Folder1 https://contosodata.blob.core.windows.net/public .
You have an Azure subscription named Subscription1 that contains the storage accounts shown in the table below.
You plan to use the Azure Import/Export service to export data from Subscription1.
You need to identify which storage account can be used to export the data.
What should you identify?
storage1 storage2 storage3 storage4.
You have Azure subscription that includes data shown in the table below.
You plan to export data by using Azure import/export job named Export1.
You need to identify the data that can be exported by using Export1.
Which data should you identify?
DB1 container1 share1 Table1.
Scenario:
There are three application tiers, each with five virtual machines.
Move all the virtual machines for App1 to Azure.
Ensure that all the virtual machines for App1 are protected by backups.
You need to implement a backup solution for App1 after the application is moved.
What should you create first?
a recovery plan an Azure Backup Server a backup policy a Recovery Services vault .
Scenario:
Planned Changes include: move the existing product blueprint files to Azure Blob storage.
Technical Requirements include:
Copy the blueprint files to Azure over the Internet.
You need to move the blueprint files to Azure.
What should you do?
Use Azure Storage Explorer to copy the files. Generate an access key. Map a drive, and then copy the files by using File Explorer. Use the Azure Import/Export service. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
You have an Azure subscription named Subscription1 that is used by several departments at your company.
Subscription1 contains the resources shown in the table below.
Another administrator deploys a virtual machine named VM1 and an Azure Storage account named storage2 by using a single Azure Resource Manager template.
You need to view the template used for the deployment.
From which blade can you view the template that was used for the deployment?
VM1 RG1 storage2 container1.
You have an Azure web app named App1. App1 has the deployment slots shown in the table below.
In webapp1-test, you test several changes to App1. You back up App1.
You swap webapp1-test for webapp1-prod and discover that App1 is experiencing performance issues.
You need to revert to the previous version of App1 as quickly as possible.
What should you do?
Redeploy App1 Swap the slots Clone App1 Restore the backup of App1 .
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.
Solution:
1. You create an Azure Log Analytics workspace and configure the data settings.
2. You add the Microsoft Monitoring Agent VM extension to VM1.
3. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
Does this meet the goal?
Yes No.
Scenario:
Contoso must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
You discover that VM3 does NOT meet the technical requirements.
You need to verify whether the issue relates to the NSGs.
What should you use?
IP flow verify in Azure Network Watcher The security recommendations in Azure Advisor Diagnose and solve problems in Traffic Manager profiles Diagnostic settings in Azure Monitor Diagram in VNet1.
You have an Azure subscription that contains 10 virtual networks.
The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution:
You configure a custom policy definition, and then you assign the policy to the subscription.
Does this meet the goal?
Yes No.
You have two Azure virtual networks named VNet1 and VNet2.
VNet1 contains an Azure virtual machine named VM1.
VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.
Which Azure Network Watcher feature should you use?
Connection monitor NSG flow logs Connection troubleshoot IP flow verify .
Scenario:
You have a public-facing application named App1.
App1 is comprised of the following three tiers:
· A SQL database
· A web front end
· A processing middle tier
Each tier is comprised of five virtual machines.
Users access the web front end by using HTTPS only.
You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you recommend? Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to
the subnet that contains the web servers. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets. .
You have an existing Azure subscription that contains 10 virtual machines.
You need to monitor the latency between your on-premises network and the virtual machines.
What should you use?
Network Performance Monitor Service Map Connection troubleshoot Effective routes.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User1 to create the user accounts.
Does that meet the goal?
Yes No.
You have an Azure virtual machine named VM1.
Azure collects events from VM1.
You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the System event log of VM1.
Which target resource should you monitor in the alert rule?
Azure Log Analytics workspace virtual machine extension virtual machine metric alert.
Scenario:
Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
You need to recommend a solution to automate the configuration for the finance department users.
The solution must meet the technical requirements.
What should you include in the recommendation?
dynamic groups and conditional access policies Azure AD B2C Azure AD Identity Protection an Azure logic app and the Microsoft Identity Management (MIM) client .
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution:
You instruct User2 to create the user accounts.
Does that meet the goal?
Yes No.
You have an Azure subscription named AZPT1 that contains the resources shown in the table below.
You create a new Azure subscription named AZPT2.
You need to identify which resources can be moved to AZPT2.
Which resources should you identify?
VM1, storage1, VNET1, and VM1Managed only VM1 and VM1Managed only VM1, storage1, VNET1, VM1Managed, and RVAULT1 RVAULT1 only.
You recently created a new Azure subscription that contains a user named Admin1.
Admin1 attempts to deploy an Azure Marketplace resource by using an Azure Resource Manager template.
Admin1 deploys the template by using Azure PowerShell and receives the following error message:
“User failed validation to purchase resources. Error message: “Legal terms have not been accepted for this item on this subscription. To accept legal terms, please go to the Azure portal (http://go.microsoft.com/fwlink/? LinkId=534873) and configure programmatic deployment for the Marketplace item or create it there for the first time.”
You need to ensure that Admin1 can deploy the Marketplace resource successfully.
What should you do?
From Azure PowerShell, run the Set-AzApiManagementSubscription cmdlet From the Azure portal, register the Microsoft.Marketplace resource provider From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet From the Azure portal, assign the Billing administrator role to Admin1.
You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.
You create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?
From the Directory role blade, modify the directory role From the Licenses blade, assign a new license From the Groups blade, invite the user account to a new group.
You have an Azure subscription named Subscription1 and an on-premises deployment of Microsoft System
Center Service Manager.
Subscription1 contains a virtual machine named VM1.
You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent.
What should you do first?
Deploy the IT Service Management Connector (ITSM) Create a notification Deploy a function app Create an automation runbook.
You sign up for Azure Active Directory (Azure AD) Premium.
You need to add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain.
What should you configure in Azure AD?
Device settings from the Devices blade Providers from the MFA Server blade User settings from the Users blade General settings from the Groups blade.
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1.
VNet1 is in a resource group named RG1.
Subscription1 has a user named User1.
User1 has the following roles:
· Reader
· Security Admin
· Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Assign User1 the Owner role for VNet1. Remove User1 from the Security Reader role for Subscription1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Network Contributor role for RG1. Assign User1 the Contributor role for RG1.
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.
Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD.
You need to ensure that Azure can verify the domain name.
Which type of DNS record should you create?
MX NSEC PTR RRSIG.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1.
Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution:
On Subscription1, you assign the DevTest Labs User role to the Developers group.
Does this meet the goal?
Yes No.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1.
Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution:
On Subscription1, you assign the Logic App Operator role to the Developers group.
Does this meet the goal?
Yes No.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1.
Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution:
On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal?
Yes No.
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error from a table named Event.
Which query should you run in Workspace1?
Event | search "error" Get-Event Event | where {$_. EventType == "error"} search in (Event)* | where EventType –eq "error" Get-Event Event | where {$_.EventTye –eq "error"}.
You have an Azure subscription named Subscription1.
Subscription1 contains the resource groups shown in the table.
RG1 has a web app named WebApp1.
WebApp1 is located in West Europe.
You move WebApp1 to RG2.
What is the effect of the move?
The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1 The App Service plan for WebApp1 moves to North Europe. Policy2 applies to WebApp1. The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1. The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1.
You have an Azure subscription.
You have 100 Azure virtual machines.
You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.
Which blade should you use?
Monitor Advisor Metrics Customer insights.
You have an Azure subscription.
Users access the resources in the subscription from either home or from customer sites.
From home, users must establish a point-to-site VPN to access the Azure resources.
The users on the customer sites access the Azure resources by using site-to-site VPNs.
You have a line-of-business-app named App1 that runs on several Azure virtual machine.
The virtual machines run Windows Server 2016.
You need to ensure that the connections to App1 are spread across all the virtual machines.
What are two possible Azure services that you can use? (choose 2) an internal load balancer a public load balancer an Azure Content Delivery Network (CDN) Traffic Manager an Azure Application Gateway .
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the user1@outlook.com sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: “Unable to invite user user1@outlook.com – Generic authorization exception.”
You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?
From the Custom domain names blade, add a custom domain. From the Users blade, modify the External collaboration settings. From the Organizational relationships blade, add an identity provider. From the Roles and administrators blade, assign the Security administrator role to Admin1.
You have an Azure subscription linked to an Azure Active Directory tenant.
The tenant includes a user account named User1.
You need to ensure that User1 can assign a policy to the tenant root management group.
What should you do?
Assign the Owner role for the Azure Subscription to User1, and then modify the default conditional access policies. Assign the Owner role for the Azure subscription to User1, and then instruct User1 to configure access management for Azure resources. Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources. Create a new management group and delegate User1 as the owner of the new management group.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution:
You assign the Network Contributor role at the subscription level to Admin1.
Does this meet the goal?
Yes No.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution:
You assign the Owner role at the subscription level to Admin1.
Does this meet the goal? Yes No.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution:
You assign the Reader role at the subscription level to Admin1.
Does this meet the goal?
Yes No.
You have an Azure subscription that contains a user named User1.
You need to ensure that User1 can deploy virtual machines and manage virtual networks.
The solution must use the principle of least privilege.
Which role-based access control (RBAC) role should you assign to User1?
Owner Virtual Machine Contributor Contributor Virtual Machine Administrator Login.
You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1.
VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.
What should you do first?
From the Azure portal, modify the Managed Identity settings of VM1 From the Azure portal, modify the Access control (IAM) settings of RG1 From the Azure portal, modify the Access control (IAM) settings of VM1 From the Azure portal, modify the Policies settings of RG1.
You have an Azure subscription that contains a resource group named TestRG.
You use TestRG to validate an Azure deployment.
TestRG contains the following resources (table):
You need to delete TestRG.
What should you do first?
Modify the backup configurations of VM1 and modify the resource lock type of VNET1 Remove the resource lock from VNET1 and delete all data in Vault1 Turn off VM1 and remove the resource lock from VNET1 Turn off VM1 and delete all data in Vault1.
You have an Azure DNS zone named adatum.com.
You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure.
What should you do?
Create an NS record named research in the adatum.com zone. Create an PTR record named research in the adatum.com zone. Modify the SOA record of adatum.com. Create an A record named *.research in the adatum.com zone.
Scenario:
Designate a new user named Admin1 as the service admin for the Azure subscription.
Admin1 must receive email alerts regarding service outages.
You need to meet the user requirement for Admin1.
What should you do?
From the Azure Active Directory blade, modify the Groups From the Azure Active Directory blade, modify the Properties From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings From the Subscriptions blade, select the subscription, and then modify the Properties .
You have an Azure subscription that contains the resources in the table below.
Store1 contains a file share named data. Data contains 5,000 files.
You need to synchronize the files in the file share named data to an on-premises server named Server1.
Which three actions should you perform? (choose 3) Create a container instance Register Server1 Install the Azure File Sync agent on Server1 Download an automation script Create a sync group.
You have an Azure subscription that contains a storage account.
You have an on-premises server named Server1 that runs Windows Server 2016. Server1 has 2 TB of data.
You need to transfer the data to the storage account by using the Azure Import/Export service.
In which order should you perform the actions?
Action 1 Action 2 Action 3 Action 4.
You have an Azure subscription that contains the storage accounts shown in the table below.
You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting a live migration from Azure support.
What should you identify?
storage1 storage2 storage3 storage4.
You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network.
The on- premises network uses a public IP address space of 131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1.
VM1 will be attached to a virtual network named VNet1.
VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
Ensure that you can upload the disk files to account1.
Ensure that you can attach the disks to VM1.
Prevent all other access to account1.
Which two actions should you perform? (choose 2) From the Firewalls and virtual networks blade of account1, select Selected networks. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range. From the Service endpoints blade of VNet1, add a service endpoint.
From the Firewalls and virtual networks blade of account1, add VNet1.
You have an on-premises file server named Server1 that runs Windows Server 2016.
You have an Azure subscription that contains an Azure file share.
You deploy an Azure File Sync Storage Sync Service, and you create a sync group.
You need to synchronize files from Server1 to Azure.
Which three actions should you perform in sequence? Action 1 Action 2 Action 3.
You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? (choose 2)
an XML manifest file a dataset CSV file a JSON configuration file a PowerShell PS1 file a driveset CSV file.
You have a Recovery Service vault that you use to test backups.
The test backups contain two protected virtual machines.
You need to delete the Recovery Services vault.
What should you do first?
From the Recovery Service vault, delete the backup data. From the Recovery Service vault, stop the backup of each backup item. Modify the disaster recovery properties of each virtual machine. Modify the locks of each virtual machine.
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?
a virtual machine an Azure Cosmos DB database Azure File Storage the Azure File Sync Storage Sync Service.
You have an Azure Storage account named storage1.
You plan to use AzCopy to copy data to storage1.
You need to identify the storage services in storage1 to which you can copy the data.
What should you identify?
blob, file, table, and queue blob and file only file and table only file only blob, table, and queue only.
You have an Azure subscription that contains an Azure Storage account.
You plan to create an Azure container instance named container1 that will use a Docker image named Image1.
Image1 contains a Microsoft SQL Server instance that requires persistent storage.
You need to configure a storage service for Container1.
What should you use? Azure Blob storage Azure Table storage Azure Files Azure Queue storage.
You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2.
You plan to implement an Azure Availability Set for App1.
The solution must ensure that App1 is available during planned maintenance of the hardware hosting VM1 and VM2.
What should you include in the Availability Set?
one update domain one fault domain two fault domains two update domains.
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?
a virtual machine an Azure Cosmos DB database Azure Blob Storage the Azure File Sync Storage Sync Service.
You have an Azure subscription that contains an Azure file share.
You have an on-premises server named Server1 that runs Windows Server 2016.
You plan to set up Azure File Sync between Server1 and the Azure file share.
You need to prepare the subscription for the planned Azure File Sync.
Which two actions should you perform in the Azure subscription?
Action 1 Action 2.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.
Solution:
1. You create an Azure Log Analytics workspace and configure the data settings.
2. You install the Microsoft Monitoring Agent on VM1.
3. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
Does this meet the goal?
Yes No.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.
Solution:
1. You create an Azure storage account and configure shared access signatures (SASs).
2. You install the Microsoft Monitoring Agent on VM1.
3. You create an alert in Azure Monitor and specify the storage account as the source.
Does this meet the goal? Yes No.
You download an Azure Resource Manager template based on an existing virtual machine.
The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password.
You must prevent the password from being stored in plain text.
What should you create to store the password? an Azure Key Vault and an access policy an Azure Storage account and an access policy a Recovery Services vault and a backup policy Azure Active Directory (AD) Identity Protection and an Azure policy.
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016
Datacenter image.
You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.
Which two actions should you perform? (choose 2) Create an automation account Create an Azure policy Modify the extensionProfile section of the Azure Resource Manager template Create a new virtual scale set in the Azure portal Upload a configuration script.
You onboard 10 Azure virtual machines to Azure Automation State Configuration.
You need to use Azure Automation State Configuration to manage the ongoing consistency of the virtual machine configurations.
Which three actions should you perform in sequence? Action 1 Action 2 Action 3.
You have an Azure Resource Manager template named Template1 that is used to deploy an Azure virtual machine.
See template:
You need to deploy the virtual machine to the West US location by using Template1.
What should you do? Modify the location in the resource section to "westus" Select West US during the deployment Modify the location in the variables section to "westus".
You create an App Service plan named Plan1 and an Azure web app named webapp1.
You discover that the option to create a staging slot is unavailable.
You need to create a staging slot for Plan1.
What should you do first?
From Plan1, scale up the App Service plan From webapp1, modify the Application settings From webapp1, add a custom domain From Plan1, scale out the App Service plan.
You plan to move a distributed on-premises app named App1 to an Azure subscription.
After the planned move, App1 will be hosted on several Azure virtual machines.
You need to ensure that App1 always runs on at least eight virtual machines during planned Azure maintenance.
What should you create? one Availability Set that has three fault domains and one update domain one virtual machine scale set that has 10 virtual machines instances one Availability Set that has 10 update domains and one fault domain one virtual machine scale set that has 12 virtual machines instances
.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.
Solution:
You create an event subscription on VM1.
You create an alert in Azure Monitor and specify VM1 as the source.
Does this meet the goal?
Yes No.
You have an Azure virtual machine named VM1.
VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution:
From the Overview blade, you move the virtual machine to a different subscription.
Does this meet the goal?
Yes No.
You have an Azure virtual machine named VM1.
VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution:
From the Redeploy blade, you click Redeploy.
Does this meet the goal?
Yes No.
You have an Azure virtual machine named VM1.
VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution:
From the Update management blade, you click Enable.
Does this meet the goal?
Yes No.
You have an Azure subscription that contains a web app named webapp1.
You need to add a custom domain named www.contoso.com to webapp1.
What should you do first? Create a DNS record Add a connection string Upload a certificate Stop webapp1.
You have an Azure subscription that contains the resources shown in the table below.
VM1 connects to VNET1.
You need to connect VM1 to VNET2.
Solution:
You move VM1 to RG2, and then you add a new network interface to VM1.
Does this meet the goal?
Yes No.
You have an Azure subscription that contains the resources shown in the table below.
VM1 connects to VNET1.
You need to connect VM1 to VNET2.
Solution:
You delete VM1. You recreate VM1, and then you create a new network interface for VM1 and connect it to VNET2.
Does this meet the goal?
Yes No.
You have an Azure subscription that contains the resources shown in the table below.
VM1 connects to VNET1.
You need to connect VM1 to VNET2.
Solution:
You turn off VM1, and then you add a new network interface to VM1.
Does this meet the goal?
Yes No.
You deploy an Azure Kubernetes Service (AKS) cluster named Cluster1 that uses the IP addresses shown in the table below.
You need to provide internet users with access to the applications that run in Cluster1.
Which IP address should you include in the DNS record for Cluster1?
131.107.2.1 10.0.10.11 172.17.7.1 192.168.10.2.
You have a deployment template named Template1 that is used to deploy 10 Azure web apps.
You need to identify what to deploy before you deploy Template1.
The solution must minimize Azure costs.
What should you identify?
five Azure Application Gateways one App Service plan 10 App Service plans one Azure Traffic Manager one Azure Application Gateway.
You have an Azure subscription that contains a virtual machine named VM1.
VM1 hosts a line-of-business application that is available 24 hours a day.
VM1 has one network interface and one managed disk.
VM1 uses the D4s v3 size.
You plan to make the following changes to VM1:
· Change the size to D8s v3.
· Add a 500-GB managed disk.
· Add the Puppet Agent extension.
· Enable Desired State Configuration Management.
Which change will cause downtime for VM1? Enable Desired State Configuration Management Add a 500-GB managed disk Change the size to D8s v3 Add the Puppet Agent extension.
You have an app named App1 that runs on an Azure web app named webapp1.
The developers at your company upload an update of App1 to a Git repository named Git1.
Webapp1 has the deployment slots shown in the table below.
You need to ensure that the App1 update is tested before the update is made available to users.
Which two actions should you perform? (choose 2)
Swap the slots Deploy the App1 update to webapp1-prod, and then test the update Stop webapp1-prod Deploy the App1 update to webapp1-test, and then test the update
.
You have an Azure subscription named Subscription1 that has the following providers registered:
· Authorization
· Automation
· Resources
· Compute
· KeyVault
· Network
· Storage
· Billing
· Web
Subscription1 contains an Azure virtual machine named VM1 that has the following configurations:
· Private IP address: 10.0.0.4 (dynamic)
· Network security group (NSG): NSG1
· Public IP address: None
· Availability set: AVSet
· Subnet: 10.0.0.0/24
· Managed disks: No
· Location: East US
You need to record all the successful and failed connection attempts to VM1.
Which three actions should you perform? In order.
Action 1 Action 2 Action 3.
You need to deploy an Azure virtual machine scale set that contains five instances as quickly as possible.
What should you do?
Deploy five virtual machines. Modify the Availability Zones settings for each virtual machine. Deploy five virtual machines. Modify the Size setting for each virtual machine. Deploy one virtual machine scale set that is set to VM (virtual machines) orchestration mode. Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode.
.
You plan to create the Azure web apps shown in the table below.
What is the minimum number of App Service plans you should create for the web apps?
1 2 3 4.
You have an Azure subscription named Subscription1.
Subscription1 contains a resource group named RG1.
RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution:
From the Subscriptions blade, you select the subscription, and then click Programmatic deployment.
Does this meet the goal?
Yes No.
You have an Azure subscription that contains the resources shown in the table below.
VM1 connects to VNET1.
You need to connect VM1 to VNET2.
Solution:
You create a new network interface, and then you add the network interface to VM1.
Does this meet the goal?
Yes No.
You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains the users shown in the table.
Adatum.com has the following configurations:
· Users may join devices to Azure AD is set to User1.
· Additional local administrators on Azure AD joined devices is set to None.
You deploy Windows 10 to a computer named Computer1.
User1 joins Computer1 to adatum.com.
You need to identify the local Administrator group membership on Computer1.
Which users are members of the local Administrators group?
User1 only User2 only User1 and User2 only User1, User2, and User3 only User1, User2, User3, and User4.
You have an Azure subscription named Subscription1 that contains the resources shown in the table.
You plan to use Vault1 for the backup of as many virtual machines as possible.
Which virtual machines can be backed up to Vault1?
VM1 only VM3 and VMC only VM1, VM2, VM3, VMA, VMB, and VMC VM1 and VM3 only VM1, VM3, VMA, and VMC only.
You have an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to configure cluster autoscaler for AKS1.
Which two tools should you use?
the kubectl command the az aks command the Set-AzVm cmdlet the Azure portal the Set-AzAks cmdlet.
You create the following resources in an Azure subscription:
· An Azure Container Registry instance named Registry1
· An Azure Kubernetes Service (AKS) cluster named Cluster1
You create a container image named App1 on your administrative workstation.
You need to deploy App1 to Cluster1.
What should you do first?
Run the az acr build command. Run the az aks create command. Run the docker push command. Create an App Service plan.
You have an Azure subscription that contains the resources shown in the table below.
You need to configure a proximity placement group for VMSS1.
Which proximity placement groups should you use?
Proximity2 only Proximity1, Proximity2, and Proximity3 Proximity1 only Proximity1 and Proximity3 only.
You have an Azure subscription named Subscription1.
Subscription1 contains a resource group named RG1.
RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution:
From the Subscriptions blade, you select the subscription, and then click Resource providers.
Does this meet the goal?
Yes No.
You have an Azure subscription named Subscription1.
Subscription1 contains a resource group named RG1.
RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution:
From the RG1 blade, you click Automation script
Does this meet the goal?
Yes No.
You have an Azure subscription named Subscription1.
Subscription1 contains a resource group named RG1.
RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution:
From the RG1 blade, you click Deployments.
Does this meet the goal?
Yes No.
You have an Azure subscription named Subscription1.
You deploy a Linux virtual machine named VM1 to Subscription1.
You need to monitor the metrics and the logs of VM1.
What should you use?
the AzurePerformanceDiagnostics extension Azure Analysis Services Azure HDInsight Linux Diagnostic Extension (LAD) 3.0.
You plan to deploy three Azure virtual machines named VM1, VM2, and VM3.
The virtual machines will host a web app named App1.
You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable.
What should you deploy?
each virtual machine in a separate Availability Zone each virtual machine in a separate Availability Set all virtual machines in a single Availability Set all three virtual machines in a single Availability Zone.
You have an Azure virtual machine named VM1 that runs Windows Server 2019.
You save VM1 as a template named Template1 to the Azure Resource Manager library.
You plan to deploy a virtual machine named VM2 from Template1.
What can you configure during the deployment of VM2?
administrator username operating system virtual machine size resource group.
You have an Azure subscription that contains an Azure virtual machine named VM1.
VM1 runs a financial reporting app named App1 that does not support multiple active instances.
At the end of each month, CPU usage for VM1 peaks when App1 runs.
You need to create a scheduled runbook to increase the processor performance of VM1 at the end of each month.
What task should you include in the runbook? Add a Desired State Configuration (DSC) extension to VM1. Increase the vCPU quota for the subscription. Add VM1 to a scale set. Modify the VM size property of VM1. Add the Azure Performance Diagnostics agent to VM1.
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?
A Desired State Configuration (DSC) extension a Microsoft Intune device configuration profile the New-AzConfigurationAssignment cmdlet Deployment Center in Azure App Service.
You have an Azure virtual machine named VM1 that runs Windows Server 2019.
The VM was deployed using default drive settings.
You sign in to VM1 as a user named User1 and perform the following actions:
· Create files on drive C.
· Create files on drive D.
· Modify the screen saver timeout.
· Change the desktop background.
You plan to redeploy VM1.
Which changes will be lost after you redeploy VM1? the modified screen saver timeout the new desktop background the new files on drive D the new files on drive C.
You have an Azure subscription.
You have an on-premises virtual machine named VM1.
The settings for VM1 are shown in the picture:
You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines.
What should you modify on VM1?
the memory the network adapters the hard drive the processor Integration Services.
Scenario:
Contoso must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
You discover that VM3 does NOT meet the technical requirements.
You need to verify whether the issue relates to the NSGs.
What should you use?
Diagram in VNet1 Diagnostic settings in Azure Monitor Diagnose and solve problems in Traffic Manager profiles The security recommendations in Azure Advisor IP flow verify in Azure Network Watcher .
You have an Azure subscription that contains 10 virtual networks.
The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution:
You configure a custom policy definition, and then you assign the policy to the subscription.
Does this meet the goal?
Yes No.
You have two Azure virtual networks named VNet1 and VNet2.
VNet1 contains an Azure virtual machine named VM1.
VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.
Which Azure Network Watcher feature should you use?
Connection monitor NSG flow logs Connection troubleshoot IP flow verify.
You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1.
You need to ensure that you can configure a point-to-site connection from an on-premises computer to VNet1.
Which two actions should you perform? (choose 2) Add a service endpoint to VNet1 Reset GW1 Create a route-based virtual network gateway Add a connection to GW1 Delete GW1 Add a public IP address space to VNet1.
You have five Azure virtual machines that run Windows Server 2016.
The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?
Floating IP (direct server return) to Enabled Floating IP (direct server return) to Disabled a health probe Session persistence to Client IP and Protocol.
Your on-premises network contains an SMB share named Share1.
You have an Azure subscription that contains the following resources:
· A web app named webapp1.
· A virtual network named VNET1.
You need to ensure that webapp1 can connect to Share1.
What should you deploy?
an Azure Application Gateway an Azure Active Directory (Azure AD) Application Proxy an Azure Virtual Network Gateway .
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?
the Publish-AzVMDscConfiguration cmdlet Azure Application Insights Azure Custom Script Extension the New-AzConfigurationAssignement cmdlet.
Your company has three offices.
The offices are located in Miami, Los Angeles, and New York. Each office contains datacenter.
You have an Azure subscription that contains resources in the East US and West US Azure regions.
Each region contains a virtual network. The virtual networks are peered.
You need to connect the datacenters to the subscription.
The solution must minimize network latency between the datacenters.
What should you create? three Azure Application Gateways and one On-premises data gateway three virtual hubs and one virtual WAN three virtual WANs and one virtual hub three On-premises data gateways and one Azure Application Gateway.
You have the Azure virtual networks shown in the table below.
To which virtual networks can you establish a peering connection from VNet1?
VNet2 andVNet3 only VNet3 and VNet4 only VNet2 only VNet2, VNet3, and VNet4.
You have an Azure subscription that contains a virtual network named VNet1.
VNet1 contains four subnets named Gateway, Perimeter, NVA, and Production.
The NVA subnet contains two network virtual appliances (NVAs) that will perform network traffic inspection between the Perimeter subnet and the Production subnet.
You need to implement an Azure load balancer for the NVAs.
The solution must meet the following requirements:
· The NVAs must run in an active-active configuration that uses automatic failover.
· The NVA must load balance traffic to two services on the Production subnet.
The services have different IP addresses.
Which three actions should you perform? Action 1 Action 2 Action 3.
You have an Azure subscription named Subscription1 that contains two Azure virtual networks named VNet1 and VNet2.
VNet1 contains a VPN gateway named VPNGW1 that uses static routing.
There is a site-to-site VPN connection between your on-premises network and VNet1.
On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1.
You configure virtual network peering between VNet1 and VNet2.
You verify that you can connect to VNet2 from the on-premises network.
Client1 is unable to connect to VNet2.
You need to ensure that you can connect Client1 to VNet2.
What should you do?
Download and re-install the VPN client configuration package on Client1. Select Allow gateway transit on VNet1. Select Allow gateway transit on VNet2. Enable BGP on VPNGW1.
You have an Azure subscription that contains the resources in the table below.
To which subnets can you apply NSG1?
the subnets on VNet1 only the subnets on VNet2 and VNet3 only the subnets on VNet2 only the subnets on VNet3 only the subnets on VNet1, VNet2, and VNet3.
You have an Azure subscription that contains two virtual networks named VNet1 and VNet2.
Virtual machines connect to the virtual networks.
The virtual networks have the address spaces and the subnets configured as shown in the table below.
You need to add the address space of 10.33.0.0/16 to VNet1.
The solution must ensure that the hosts on VNet1 and VNet2 can communicate.
Which three actions should you perform in sequence? Action 1 Action 2 Action 3.
You have an Azure web app named webapp1.
You have a virtual network named VNET1 and an Azure virtual machine named VM1 that hosts a MySQL database.
VM1 connects to VNET1.
You need to ensure that webapp1 can access the data hosted on VM1.
What should you do?
Deploy an internal load balancer Peer VNET1 to another virtual network Connect webapp1 to VNET1 Deploy an Azure Application Gateway.
You create an Azure VM named VM1 that runs Windows Server 2019.
VM1 is configured as shown in the image.
You need to enable Desired State Configuration for VM1.
What should you do first?
Connect to VM1. Start VM1. Capture a snapshot of VM1. Configure a DNS name for VM1.
You have five Azure virtual machines that run Windows Server 2016.
The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?
Floating IP (direct server return) to Disabled Idle Time-out (minutes) to 20 Protocol to UDP Session persistence to Client IP.
You have an Azure subscription that contains the following resources:
· A virtual network that has a subnet named Subnet1
· Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
· A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
· Priority: 100
· Source: Any
· Source port range: * Destination: *
· Destination port range: 3389
· Protocol: UDP
· Action: Allow
VM1 has a public IP address and is connected to Subnet1.
NSG-VM1 is associated to the network interface of VM1.
NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution:
You add an inbound security rule to NSG-Subnet1 that allows connections from the Any source to the *destination for port range 3389 and uses the TCP protocol.
You remove NSG-VM1 from the network interface of VM1.
Does this meet the goal? Yes No.
You have an Azure subscription that contains the following resources:
· A virtual network that has a subnet named Subnet1
· Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
· A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
· Priority: 100
· Source: Any
· Source port range: * Destination: *
· Destination port range: 3389
· Protocol: UDP
· Action: Allow
VM1 has a public IP address and is connected to Subnet1.
NSG-VM1 is associated to the network interface of VM1.
NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution:
You add an inbound security rule to NSG-Subnet1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the UDP protocol.
Does this meet the goal? Yes No.
You have an Azure subscription that contains the following resources:
· A virtual network that has a subnet named Subnet1
· Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
· A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
· Priority: 100
· Source: Any
· Source port range: * Destination: *
· Destination port range: 3389
· Protocol: UDP
· Action: Allow
VM1 has a public IP address and is connected to Subnet1.
NSG-VM1 is associated to the network interface of VM1.
NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution:
You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.
Does this meet the goal? Yes No.
You have an Azure subscription that contains a virtual network named VNET1.
VNET1 contains the subnets shown in the table below.
Each virtual machine uses a static IP address.
You need to create network security groups (NSGs) to meet following requirements:
· Allow web requests from the internet to VM3, VM4, VM5, and VM6.
· Allow all connections between VM1 and VM2.
· Allow Remote Desktop connections to VM1.
· Prevent all other network traffic to VNET1.
What is the minimum number of NSGs you should create?
1 3 4 12.
You have an Azure subscription that contains the resources shown in the table below.
The Not allowed resource types Azure policy is assigned to RG1 and uses the following parameters:
· Microsoft.Network/virtualNetworks
· Microsoft.Compute/virtualMachines
In RG1, you need to create a new virtual machine named VM2, and then connect VM2 to VNET1.
What should you do first?
Remove Microsoft.Compute/virtualMachines from the policy. Create an Azure Resource Manager template. Add a subnet to VNET1. Remove Microsoft.Network/virtualNetworks from the policy.
Your company has an Azure subscription named Subscription1.
The company also has two on-premises servers named Server1 and Server2 that run Windows Server 2016.
Server1 is configured as a DNS server that has a primary DNS zone named adatum.com.
Adatum.com contains 1,000 DNS records.
You manage Server1 and Subscription1 from Server2.
Server2 has the following tools installed:
· The DNS Manager console
· Azure PowerShell
· Azure CLI 2.0
You need to move the adatum.com zone to an Azure DNS zone in Subscription1.
The solution must minimize administrative effort.
What should you use? Azure CLI Azure PowerShell the Azure portal the DNS Manager console.
You have a public load balancer that balances ports 80 and 443 across three virtual machines.
You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only.
What should you configure? an inbound NAT rule a new public load balancer for VM3 a frontend IP configuration a load balancing rule.
You have an on-premises network that you plan to connect to Azure by using a site-to-site VPN.
In Azure, you have an Azure virtual network named VNet1 that uses an address space of 10.0.0.0/16
VNet1 contains a subnet named Subnet1 that uses an address space of 10.0.0.0/24.
You need to create a site-to-site VPN to Azure.
Which four actions should you perform in sequence? Action 1 Action 2 Action 3 Action 4.
You have an Azure subscription that contains the resources in the next table:
--NAME-- | --------TYPE-------- | --DETAILS--
Vnet1---- | Virtual Network---- | Not applicable
Subnet1--| Subnet-------------- | Hosted on Vnet1
VM1------ | Virtual Machine---- | On subnet1
VM2------ | Virtual Machine---- | On subnet1
VM1 and VM2 are deployed from the same template and host line-of-business applications.
You configure the network security group (NSG) shown in the image below.
You need to prevent users of VM1 and VM2 from accessing websites on the Internet over TCP port 80.
What should you do?
Disassociate the NSG from a network interface. Change the Port_80 inbound security rule. Associate the NSG to Subnet1. Change the DenyWebSites outbound security rule.
You have two subscriptions named Subscription1 and Subscription2.
Each subscription is associated to a different Azure AD tenant.
Subscription1 contains a virtual network named VNet1.
VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.
Subscription2 contains a virtual network named VNet2.
VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24.
You need to connect VNet1 to VNet2.
What should you do first?
Move VM1 to Subscription2. Move VNet1 to Subscription2. Modify the IP address space of VNet2. Provision virtual network gateways.
You plan to create an Azure virtual machine named VM1 that will be configured as shown in the left image.
The planned disk configurations for VM1 are shown in the right image.
You need to ensure that VM1 can be created in an Availability Zone.
Which two settings should you modify?
Setting 1 Setting 2.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1.
The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution:
You modify the Azure Active Directory (Azure AD) authentication policies.
Does this meet the goal?
Yes No.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1.
The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution:
You join Computer2 to Azure Active Directory (Azure AD)
Does this meet the goal?
Yes No.
You have an Azure subscription that contains 10 virtual networks.
The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution:
You create a resource lock, and then you assign the lock to the subscription.
Does this meet the goal?
No Yes.
You have an Azure subscription named Subscription1.
Subscription1 contains a virtual machine named VM1.
You have a computer named Computer1 that runs Windows 10.
Computer1 is connected to the Internet.
You add a network interface named vm1173 to VM1 as shown in the image.
From Computer1, you attempt to connect to VM1 by using Remote Desktop, but the connection fails.
You need to establish a Remote Desktop connection to VM1.
What should you do first?
Change the priority of the RDP rule Attach a network interface Delete the DenyAllInBound rule Start VM1.
You have the Azure virtual machines shown in the following table:
--NAME--| ---IP ADDRESS--- | --CONECTED TO--
VM1------| 10.1.0.4-----------| VNet1/Subnet1
VM2------| 10.1.10.4--------- | VNet1/Subnet2
VM3------| 172.16.0.4--------| VNet2/SubnetA
VM4------| 10.2.0.8---------- | VNet3/SubnetB
A DNS service is installed on VM1.
You configure the DNS servers settings for each virtual network as shown in the image below.
You need to ensure that all the virtual machines can resolve DNS names by using the DNS service on VM1.
What should you do? Configure peering between VNET1, VNET2, and VNET3 Add service endpoints on VNET2 and VNET3 Add service endpoints on VNET1 Configure a conditional forwarder on VM1.
You have the Azure virtual network named VNet1 that contains a subnet named Subnet1.
Subnet1 contains three Azure virtual machines.
Each virtual machine has a public IP address.
The virtual machines host several applications that are accessible over port 443 to users on the Internet.
Your on-premises network has a site-to-site VPN connection to VNet1.
You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.
You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network.
The solution must ensure that all the applications can still be accessed by the Internet users.
What should you do?
Create a deny rule in a network security group (NSG) that is linked to Subnet1. Remove the public IP addresses from the virtual machines. Modify the address space of Subnet1. Modify the address space of the local network gateway.
You have an Azure subscription that contains the resources in the following table.
---NAME--- | -------- TYPE --------
ASG1------ | Application Security Group
NSG1------ | Network Security Group
Subnet1--- | Subnet
VNet1------ | Virtual Network
NIC1------- | Network Interface
VM1------- | Virtual Machine
Subnet1 is associated to VNet1.
NIC1 attaches VM1 to Subnet1.
You need to apply ASG1 to VM1.
What should you do?
Associate NIC1 to ASG1 Modify the properties of ASG1 Modify the properties of NSG1.
You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1.
VNet1 connects to your on-premises network by using Azure ExpressRoute.
You plan to prepare the environment for automatic failover in case of ExpressRoute failure.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN.
The solution must minimize cost.
Which three actions should you perform?
Create a connection Create a local site VPN gateway Create a VPN gateway that uses the VpnGw1 SKU Create a gateway subnet Create a VPN gateway that uses the Basic SKU.
You have an Azure subscription that contains the resources shown in the following table.
--NAME-- | ---------TYPE--------- | --LOCATION--
VNET1--- | Virtual Network------ | East US
IP1------- | Public IP Address---- | WestEurope
RT1------ | Route Table----------- | NorthEurope
You need to create a network interface named NIC1.
In which location can you create NIC1?
East US and North Europe only East US only East US, West Europe, and North Europe East US and West Europe only.
You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table:
--- NAME --- | -- VNET NAME -- | -- DNS suffix configured in W. Server--
VM1-------- | VNET1 ---------- | Contoso.com
VM2-------- | VNET2 ---------- | Contoso.com
You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named contoso.com.
For controso.com, you create a virtual network link named link1 as shown in the image below.
You discover that VM1 can resolve names in contoso.com but cannot resolve names in adatum.com.
VM1 can resolve other hosts on the Internet.
You need to ensure that VM1 can resolve host names in adatum.com.
What should you do? Update the DNS suffix on VM1 to be adatum.com. Configure the name servers for adatum.com at the domain registrar. Create an SRV record in the contoso.com zone. Modify the Access control (IAM) settings for link1.
You have an Azure subscription that contains the virtual machines shown in the table below.
You deploy a load balancer that has the following configurations:
· Name: LB1
· Type: Internal
· SKU: Standard
· Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution:
You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1.
Does this meet the goal?
Yes No.
You have an Azure subscription that contains the virtual machines shown in the table below.
You deploy a load balancer that has the following configurations:
· Name: LB1
· Type: Internal
· SKU: Standard
· Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution:
You create a Standard SKU public IP address, associate the address to the network interface of VM1, and then stop VM2.
Does this meet the goal?
Yes No.
You have an Azure subscription that contains the virtual machines shown in the table below.
You deploy a load balancer that has the following configurations:
· Name: LB1
· Type: Internal
· SKU: Standard
· Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution:
You create two Standard public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine.
Does this meet the goal?
Yes No.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1.
The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution:
You export the client certificate from Computer1 and install the certificate on Computer2.
Does this meet the goal?
Yes No.
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the image below.
You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol.
VM1 is used as a web server only.
You need to ensure that users can connect to the website from the Internet.
What should you do?
Modify the protocol of Rule4. For Rule5, change the Action to Allow and change the priority to 401. Delete Rule1. Create a new inbound rule that allows TCP protocol 443 and configure the rule to have a priority of 501.
You have an Azure subscription that contains 10 virtual networks.
The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution:
From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?
Yes No.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2.
Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the image below.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution:
You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a cost of 64999.
Does this meet the goal? Yes No.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2.
Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the image below.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution:
You modify the priority of the Allow_131.107.100.50 inbound security rule.
Does this meet the goal? Yes No.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2.
Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the image below.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution:
You delete the BlockAllOther443 inbound security rule.
Does this meet the goal? Yes No.
You have an Azure subscription that contains 10 virtual networks.
The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You assign a built-in policy definition to the subscription.
Does this meet the goal?
Yes No.
You have an Azure subscription.
You plan to deploy an Azure Kubernetes Service (AKS) cluster to support an app named App1.
On- premises clients connect to App1 by using the IP address of the pod.
For the AKS cluster, you need to choose a network type that will support App1.
What should you choose?
kubernet Azure Container Networking Interface (CNI) Hybrid Connection endpoints Azure Private Link.
You have an Azure subscription that contains the virtual machines shown in the table below.
You deploy a load balancer that has the following configurations:
· Name: LB1
· Type: Internal
· SKU: Standard
· Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution:
You disassociate the public IP address from the network interface of VM2.
Does this meet the goal?
Yes No.
You have an existing Azure subscription that contains 10 virtual machines.
You need to monitor the latency between your on-premises network and the virtual machines.
What should you use?
Service Map Connection troubleshoot Network Performance Monitor Effective routes.
You have an Azure Linux virtual machine that is protected by Azure Backup. One week ago, two files were deleted from the virtual machine.
You need to restore the deleted files to an on-premises Windows Server 2016 computer as quickly as possible.
Which four actions should you perform in sequence? Action 1 Action 2 Action 3 Action4.
You have an Azure virtual machine named VM1.
Azure collects events from VM1.
You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the System event log of VM1.
Which target resource should you monitor in the alert rule?
virtual machine metric alert Azure Log Analytics workspace virtual machine extension.
You have an Azure subscription that contains 100 virtual machines.
You regularly create and delete virtual machines.
You need to identify unattached disks that can be deleted.
What should you do? From Azure Cost Management, view Cost Analysis From Azure Advisor, modify the Advisor configuration From Microsoft Azure Storage Explorer, view the Account Management properties From Azure Cost Management, view Advisor Recommendations.
You have an Azure web app named webapp1.
Users report that they often experience HTTP 500 errors when they connect to webapp1.
You need to provide the developers of webapp1 with real-time access to the connection errors.
The solution must provide all the connection error details.
What should you do first?
From webapp1, enable Web server logging From Azure Monitor, create a workbook From Azure Monitor, create a Service Health alert From webapp1, turn on Application Logging.
You have an Azure subscription that has a Recovery Services vault named Vault1.
The subscription contains the virtual machines shown in the table below.
You plan to schedule backups to occur every night at 23:00.
Which virtual machines can you back up by using Azure Backup?
VM1 and VM3 only VM1, VM2, VM3 and VM4 VM1 and VM2 only VM1 only.
You have the Azure virtual machines shown in the table below.
You have a Recovery Services vault that protects VM1 and VM2.
You need to protect VM3 and VM4 by using Recovery Services.
What should you do first?
Configure the extensions for VM3 and VM4 Create a new backup policy Create a new Recovery Services vault Create a storage account.
You have an Azure subscription that contains the identities shown in the table below.
User1, Principal1, and Group1 are assigned the Monitoring Reader role.
An action group named AG1 has the Email Azure Resource Manager Role notification type and is configured to email the Monitoring Reader role.
You create an alert rule named Alert1 that uses AG1.
You need to identity who will receive an email notification when Alert1 is triggered.
Who should you identify?
User1 and User2 only User1 only User1 and Principal1 only User1, User2, Principal1, and Principal2.
Your company has a main office in London that contains 100 client computers.
Three years ago, you migrated to Azure Active Directory (Azure AD).
The company’s security policy states that all personal devices and corporate-owned devices must be registered or joined to Azure AD.
A remote user named User1 is unable to join a personal device to Azure AD from a home network.
You verify that User1 was able to join devices to Azure AD in the past.
You need to ensure that User1 can join the device to Azure AD.
What should you do? Assign the User administrator role to User1. From the Device settings blade, modify the Maximum number of devices per user setting. Create a point-to-site VPN from the home network of User1 to Azure. From the Device settings blade, modify the Users may join devices to Azure AD setting.
You have an Azure subscription named Subscription1 that contains a resource group named RG1.
In RG1, you create an internal load balancer named LB1 and a public load balancer named LB2.
You need to ensure that an administrator named Admin1 can manage LB1 and LB2.
The solution must follow the principle of least privilege.
Which role should you assign to Admin1 for each task? (choose 1 of each option groups) To add a backend pool to LB1: Contributor on LB1. To add a backend pool to LB1: Network Contributor on LB1. To add a backend pool to LB1: Network Contributor on RG1. To add a backend pool to LB1: Owner on LB1. Do not select - Empty - To add a healt probe to LB2: Contributor on LB2. To add a healt probe to LB2: Network Contributor on LB2. To add a healt probe to LB2: Network Contributor on RG1. To add a healt probe to LB2: Owner on LB2.
You have an Azure subscription that contains a resource group named RG26.
RG26 is set to the West Europe location and is used to create temporary resources for a project.
RG26 contains the resources shown in the table below.
SQLDB01 is backed up to RGV1.
When the project is complete, you attempt to delete RG26 from the Azure portal.
The deletion fails.
You need to delete RG26.
What should you do first?
Delete VM1 Stop VM1 Stop the backup of SQLDB01 Delete sa001.
What type of objects could you create within a storage account that is hosted in Azure resource group? Blob, Table, Queue, FileShare Blob, Queue, Fileshare Table, Queue, FileShare Blob, Table, Queue.
What type of connection should we choose to connect two Vnet that reside in the same azure region, minimizing the administrative workload? ExpressRoute Site-To-Site connection Peering Vnet-To-Vnet Routing and Remote Access (RAS).
What port should we enable to connect to an Azure Virtual Machine using the RDP protocol? 443 3389 80 8080.
What type of storage do you need to create in order to use the azure cloud shell?
Container (Blob) FileShare Table Queue.
You have an Azure policy as shown in the following exhibit:
What is the effect of the policy?
You are prevented from creating Azure SQL servers anywhere in Subscription 1. You can create Azure SQL servers in ContosoRG1 only. You are prevented from creating Azure SQL Servers in ContosoRG1 only. You can create Azure SQL servers in any resource group within Subscription 1.
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1.
You need to create groups for the users.
The solution must ensure that the groups are deleted automatically after 180 days.
Which two groups should you create? an Office 365 group that uses the Assigned membership type a Security group that uses the Assigned membership type an Office 365 group that uses the Dynamic User membership type a Security group that uses the Dynamic User membership type a Security group that uses the Dynamic Device membership type.
You create an Azure Storage account named contosostorage.
You plan to create a file share named data.
Users need to map a drive to the data file share from home computers that run Windows 10.
Which outbound port should you open between the home computers and the data file share? 443 445 80 3389.
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution:
You modify the SOA record in the contoso.com zone.
Does this meet the goal? Yes No.
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution:
You modify the NS record in the contoso.com zone.
Does this meet the goal? Yes No.
You are troubleshooting a performance issue for an Azure Application Gateway.
You need to compare the total requests to the failed requests during the past six hours.
What should you use? NSG flow logs in Azure Network Watcher Metrics in Application Gateway Connection monitor in Azure Network Watcher Diagnostics logs in Application Gateway.
You have two Azure virtual machines named VM1 and VM2.
You have two Recovery Services vaults named RSV1 and RSV2.
VM2 is protected by RSV1.
You need to use RSV2 to protect VM2.
What should you do first? From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault. From the RSV2 blade, click Backup. From the Backup blade, select the backup for the virtual machine, and then click Backup. From the RSV1 blade, click Backup Jobs and export the VM2 job. From the RSV1 blade, click Backup items and stop the VM2 backup.
Read the statement given below and check whether it holds true or not.
"Mathew is able to configure the alerts on the basis of metric alerts that are captured from Azure Metrics to the Activity Log alerts.
These alerts can only be notified with an Azure Automation Runbook but not by email." True False.
Read the statement given below and check whether it holds true or not.
“Some of the commonly used service tags are VirtualNetwork, Internet, AzureCloud, Storage, and SQL.” True False.
Is this statement correct?
“VPN gateways are virtual network gateways which are deployed with gateway type VPN.
VPN gateways are used for terminating site-to-site VPN connections.” The statement is correct The statement is incorrect.
Read the statement given below and check whether it holds true or not.
"There are various management solutions present in Azure Log Analytics to assist the administrators to increase the value out of advanced machine data.
These solutions have pre-built visualizations and queries that help surface insight quickly." True False.
Read the statement given below and check whether it holds true or not.
"In Azure, a resource refers to a single service instance.
There are many services that are represented as resources in Azure.
For instance, a Web App instance and an App Service Plan both act as a resource.
Even a SQL Database instance is a resource." The statement is correct The statement is incorrect.
Let us suppose John has an Azure Active Directory (Azure AD) tenant with name Adatum and an Azure Subscription with name Subscription1.
Given that Adatum consists of a group named Developers and Subscription1 consists of a resource group named Dev.
John has been asked to provide the Developers group with the skills to create Azure logic apps in the Dev resource group.
Solution:
On Dev, John assigns the Logic App Contributor role to the Developers group.
Does the suggested solution meet the goal? Yes No.
State whether the given statement is true or not.
“Azure Load Balancer can only be deployed with a public (Internet) frontend IP address but not private (Intranet).” True False.
State whether the given statement is true or not.
“We cannot use the async blob copy service for copying files between storage accounts or from outside publicly accessible locations directly to our Azure storage account.” The statement is correct The statement is incorrect.
State whether the given statement holds true or not.
“Effective security rules can be reviewed for all network interfaces.” True False.
You have two Azure virtual machines named VM1 and VM2.
VM1 has a single data disk named Disk1.
You need to attach Disk1 to VM2.
The solution must minimize downtime for both virtual machines.
Which four actions should you perform in sequence? Action 1 Action 2 Action 3 Action 4.
You have an Azure subscription that contains 100 virtual machines.
You regularly create and delete virtual machines.
You need to identify unattached disks that can be deleted.
What should you do?
From Azure Cost Management, view Cost Analysis From Azure Advisor, modify the Advisor configuration From Microsoft Azure Storage Explorer, view the Account Management properties From Azure Cost Management, view Advisor Recommendations.
You have an Azure subscription named Subscription1 that has the following providers registered:
· Authorization
· Automation
· Resources
· Compute
· KeyVault
· Network
· Storage
· Billing
· Web
Subscription1 contains an Azure virtual machine named VM1 that has the following configurations:
· Private IP address: 10.0.0.4 (dynamic)
· Network security group (NSG): NSG1
· Public IP address: None
· Availability set: AVSet
· Subnet: 10.0.0.0/24
· Managed disks: No
· Location: East US
You need to record all the successful and failed connection attempts to VM1.
Which three actions should you perform? (choose 3) Add an Azure Network Watcher connection monitor Enable Azure Network Watcher in the East US Azure region Register the Microsoft.Insights resource provider Register the MicrosoftLogAnalytics provider Enable Azure Network Watcher flow logs Create an Azure Storage account.
You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1.
You need to ensure that you can configure a point-to-site connection from an on-premises computer to VNet1.
Which two actions should you perform? Action 1 Action 2.
You have an Active Directory domain named contoso.com that contains the objects shown in the table.
OU1 and OU2 are synced to Azure Active Directory (Azure AD).
You modify the synchronization settings and remove OU1 from synchronization.
You sync Active Directory and Azure AD.
Which objects are in Azure AD?
User4 and Group2 only User2, Group1, User4 and Group2 only User1, User2, Group1, User4 and Group2 only User1, User2, User3, User4, Group1 and Group2.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2.
Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the image below.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution:
You create an inbound security rule that allows any traffic from the AzuteLoadBalancer source and has a cost of 150.
Does this meet the goal? Yes No.
You have an Azure subscription that contains the following resources:
- 100 Azure virtual machines
- 20 Azure SQL databases
- 50 Azure file shares
You need to create a daily backup of all the resources by using Azure Backup.
What is the minimum number of backup policies that you must create? 1 2 3 150 170.
You need to use Azure Automation State Configuration to manage the ongoing consistency of the virtual machine configurations.
Which 5 actions should you perform in sequence? Action 1 Action 2 Action 3 Action 4 Action 5.
You have an Azure subscription named Subscription1 that contains the resources shown in the table.
VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.
You need to create a new Network Interface named NIC2 for VM1.
Solution: You create NIC2 in RG2 and Central US.
Does this meet the goal?
Yes No.
Scenario:
The Azure infrastructure and the on-premises infrastructure must be prepared for the migration of the VMware virtual machines to Azure.
The New York office has a virtual machine named VM1 that has the vSphere console installed.
You need to prepare the New York office infraestructure for the migration of the on-premises virtual machines
to Azure.
Which four actions you perform in sequence? Action1 Action2 Action3 Action4.
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that is configured for hybrid coexistence with the on-premises Active Directory domain.
The tenant contains the users shown in the following table.
Whenever possible, you need to enable Azure Multi-Factor Authentication (MFA) for the users in contoso.com.
Which users should you enable for Azure MFA? User1 only User1, User2, and User3 only User1 and User2 only User1, User2, User3, and User4 User2 only.
AG1 has two backend pools named Pool11 and Pool12.
AG1 must load balance incoming traffic in the following manner:
* http://corporate.adatum.com/video/* will be load balanced across Pool11.
* http://corporate.adatum.com/images/* will be load balanced across Pool12.
What should you create to AG1? multi-site listener URL path-based routing table basic listener a basic routing table.
AG2 has two backend pools named Pool21 and Pool22.
AG2 must load balance incoming traffic in the following manner:
* http://www.adatum.com will be load balanced across Pool21.
* http://www.fabrikam.com will be load balanced across Pool22.
What should you configure to AG2? a multi-site listeners basic listeners URL path-basic routing rules basic routing rules an additional public IP address.
A new web app named App1 that will access third-parties for credit card processing must be deployed.
The cost of App1 and App2 must be minimized.
You need to recommend an environment for the deployment of App1.
What should you recommend? a new App Service plan that uses the P3v2 pricing tier ASE1 and an App Service plan that uses the I1 pricing tier ASE1 and an App Service plan that uses the I3 pricing tier a new App Service plan that uses the S1 pricing tier.
Scenario:
Web administrators will deploy Azure web apps for the marketing department.
Each web app will be added to a separate resource group.
The initial configuration of the web apps will be identical.
The web administrators have permission to deploy web apps to resource groups.
You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible.
Which three actions should you perform in sequence? Action1 Action2 Action3.
Scenario:
Network Infrastructure:
Each office has a local data center that contains all the servers for that office.
Each office has a dedicated connection to the Internet.
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com
Planned Azure AD Infrastructure:
The on-premises Active Directory domain will be synchronized to Azure AD.
You need to define a custom domain name for Azure AD to support the planned infraestructure. ad.humongousinsurance.com humongousinsurance.onmicrosoft.com humongousinsurance.local humongousinsurance.com.
Scenario: Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.
You need to resolve the Active Directory issue. What should you do?
From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value. Run idfix.exe, and then use the Edit action. From Active Directory Domains and Trusts, modify the list of UPN suffixes. From Azure AD Connect, modify the outbound synchronization rule. .
Authentication Requirements:
Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.
You need to prepare the environment to meet the authentication requirements.
Which two (2) actions should you perform? Join the client computers in the Miami office to Azure AD. Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office. Allow inbound TCP port 8080 to the domain controllers in the Miami office. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office. .
Department Requirements:
During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.
Which blade should you instruct the finance department auditors to use? invoice partner information cost analysis external services.
Scenario: Licensing Issue
You attempt to assign a license in Azure to several users and receive the following error message:
"Licenses not assigned. License agreement failed for one user."
You verify that the Azure subscription has the available licenses.
You need to resolve the licensing issue before you attempt to assign the license again.
What should you do?
From the Groups blade, invite the user accounts to a new group. From the Profile blade, modify the usage location. From the Directory role blade, modify the directory role. .
Scenario:
Create a workflow to send an email message when the settings of VM4 are modified.
You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources.
These resources can publish those events to an Azure event grid.
In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints.
As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without you writing any code.
You need to meet the technical requirement for VM4.
What should you create and configure?
an Azure Notification Hub an Azure Event Hub an Azure Logic App an Azure services Bus.
Your company is planning on migrating their on-premise VMWare Virtual Machines to Azure.
For this purpose, they are planning on using the Azure Migrate tool.
You first need to discover which of the on-premise machines need to be assessed for the migration.
Which of the below mentioned steps need to be followed for this requirement?
Choose three (3): Create a collector virtual machine. Download the OVA file for the collector appliance. Create a migration group in the project. Configure the collector and start discovery. Create an assessment in the project. .
Your company is planning on migrating their on-premise VMWare Virtual Machines to Azure.
For this purpose, they are planning on using the Azure Migrate tool.
You first need to discover which of the on-premise machines need to be assessed for the migration.
Which three (3) steps need to be followed for this requirement? Step1 Step2 Step3.
A company is planning on using Azure Site recovery for migrating a set of On-premise servers onto Azure.
As an IT Administrator you are going to setup Azure and the configuration/process servers in your on-premise environment.
Which of the following needs to be configured to ensure that the replication can be carried out?
(Choose two.) Ensure that the machines that need to be replicated can communicate with Azure on port 443. Ensure that the process server can communicate with Azure on port 443. Ensure that the machines that need to be replicated can communicate with the process
server on port 443. Ensure that the process server can communicate with Azure on port 359.
.
A company has just setup an Azure account and subscription.
The Senior management want to keep a control on costs during the initial deployment of resources.
Which of the following can be used to keep a tabs on overall costs incurred for hosting resources in Azure? Use the pricing calculator to calculate the costs beforehand Create a budget and then an action group to notify when thresholds are breached Use the Azure Advisor to notify when costs are being breached Use resource tags for all resources.
Your company wants to deploy a blogging solution on Azure.
Below are the key deployment requirements:
- Ability to connect to Azure BLOB storage as the origin.
- Ensure that users across the world get the same performance when they access the blogging site.
You provide a solution of using the cloud tiering service.
Does this solution meet the requirement? Yes No.
Which of the following tools can be used by the security department to check for any network intrusions?
IP Flow Verify Variable Packet Capture Azure Connection Monitor Application Insights .
You have an Azure App Service plan named AdatumASP1 that hosts several Azure web apps.
You discover that the web apps respond slowly.
You need to provide additional memory and CPU resources to each instance of the web app.
What should you do? Scale out AdatumASP1. Add continuous WebJobs that use the multi-instance scale. Scale up AdatumASP1. Add a virtual machine scale set.
You have a Basic App Service plan named ASP1 that hosts an Azure App Service named App1.
You need to configure a custom domain and enable backups for App1.
What should you do first? Configure a WebJob for App1 Scale up ASP1 Scale out ASP1 Configure the application settings for App1.
You have an Azure Logic App named App1.
App1 provides a response when an HTTP POST request or an HTTP GET request is received.
During peak periods, App1 is expected to receive up to 200,000 requests in a five-minute period.
You need to ensure that App1 can handle the expected load.
What should you configure? Access control (IAM) API connections Workflow settings Access keys.
You have an Azure subscription that contains three virtual networks named VNet1, VNet2 and VNet3.
VNet2 contains a virtual appliance named VM2 that operates as a router.
You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network.
You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3.
You need to provide connectivity between VNet1 and VNet3 through VNet2.
Which two configurations should you perform? On the peering connections, allow forwarded traffic On the peering connections, allow gateway transit Create route tables and assign the table to subnets Create a route filter On the peering connections, use remote gateways.
You have an Azure subscription.
The subscription includes a virtual network named VNet1.
Currently, VNet1 does not contain any subnets.
You plan to create subnets on VNet1 and to use application security groups to restrict the traffic between the subnets.
You need to create the application security groups and to assign them to the subnets.
Which four cmdlets should you run in sequence? Action1 Action2 Action3 Action4.
You have an availability set named AS1 that contains three virtual machines named VM1, VM2, and VM3.
You attempt to reconfigure VM1 to use a larger size.
The operation fails and you receive an allocation failure message.
You need to ensure that the resize operation succeeds.
Which three (3) actions should you perform in sequence? Action1 Action2 Action3.
You have an Azure subscription that contains an Azure virtual machine named VM1.
VM1 runs Windows Server 2016 and is part of an availability set.
VM1 has virtual machine-level backup enabled.
VM1 is deleted.
You need to restore VM1 from the backup.
VM1 must be part of the availability set.
Which three actions should you perform in sequence? Action1 Action2 Action3.
You have an Azure subscription that contains an Azure virtual machine named VM1.
VM1 runs Windows Server 2016 and is part of an availability set.
VM1 has virtual machine-level backup enabled.
VM1 is deleted.
You need to restore VM1 from the backup.
VM1 must be part of the availability set.
Which three (3) actions should you perform? From the VM1 blade, edit the disk settings of the OS disk From the Restore configuration blade, set Restore Type to Create Virtual Machine From the VM1 blade, add a disk From the Recovery Services vault, select a restore point for VM1 From the Recovery Services vault, deploy a template From the Restore configuration blade, set Restore Type to Restore disks.
You have an Azure Active Directory (Azure AD) tenant that has the initial domain name.
You have a domain name of contoso.com registered at a third-party registrar.
You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.
Which three actions should you perform in sequence? Action1 Action2 Action3.
You have an Azure Active Directory (Azure AD) tenant that has the initial domain name.
You have a domain name of contoso.com registered at a third-party registrar.
You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.
Which three actions should you perform? Configure company branding Add the custom domain name Add Azure AD tenant Verify the domain Add a record to the public contoso.com DNS zone Create an Azure DNS zone.
Your network contains an on-premises Active Directory forest named contoso.com that contains two domains named contoso.com and east.contoso.com.
The forest contains the users shown in the table below.
You plan to sync east.contoso.com to an Azure Active Directory (Azure AD) tenant by using Azure AD Connect.
You need to select an account for Azure AD Connect to use to connect to the forest.
Which account should you select? User1 User2 User3 User4.
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named adatum.com.
The tenant contains 500 user accounts.
You deploy Microsoft Office 365. You configure Office 365 to use the user accounts in adatum.com.
You configure 60 users to connect to mailboxes in Microsoft Exchange Online.
You need to ensure that the 60 users use Azure Multi-Factor Authentication (MFA) to connect to the Exchange Online mailboxes.
The solution must only affect connections to the Exchange Online mailboxes.
What should you do?
From the multi-factor authentication page, configure the Multi-Factor Auth status for each user From Azure Active Directory admin center, create a conditional access policy From the multi-factor authentication page, modify the verification options From the Azure Active Directory admin center, configure an authentication method .
You have an Azure subscription that contains the resources shown in the table:
---
You plan to restore the backup to a different virtual machine.
You need to restore the backup to VM2.
What should you do first? From VM2, install the Microsoft Azure Recovery Services Agent From VM1, install the Windows Server Backup feature From VM2, install the Windows Server Backup feature From VM1, install the Microsoft Azure Recovery Services Agent.
Your on-premises network contains an Active Directory domain named adatum.com that is synced to Azure Active Directory (AAD).
Password writeback is disabled.
In adatum.com, you create the users shown in the table.
Which users must sign in from a computer joined to adatum.com? User2 only User1 and User3 only User1, User2, and User3 User2 and User3 only User1 only .
You have an Azure subscription that contains the following resources:
LB1 - Load Balancer
VM1 - Virtual Machine
VM2 - Virtual Machine
VM1 and VM2 run a website that is configured:
--- Name ---|--------- Physical path ---------|-- Alias --
Root folder | C:\inetpub \wwwroot\SiteA -| /
Temp ------ | C:\inetpub \wwwroot\Temp -| Temp
LB1 is configured to balance requests to VM1 and VM2.
You configure a health probe as shown in the image.
You need to ensure that the health probe functions correctly.
What should you do? On LB1, change the Unhealthy threshold to 65536. On LB1, change the port to 8080. On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\Temp folder. On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\SiteA\Temp folder. .
You deploy an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to deploy a YAML file to AKS1.
Solution: From Azure Cloud Shell, you run az aks.
Does this meet the goal? Yes No .
You have a hybrid infrastructure that contains an Azure Active Directory (AAD) tenant named contoso.onmicrosoft.com.
The tenant contains the users shown in the following table.
You plan to share a cloud resource to the All Users group.
You need to ensure that User1, User2, User3, and User4 can connect successfully to the cloud resource.
What should you do first? Create a user account of the member type for User4 Create a user account of the member type for User3 Modify the Directory-wide Groups settings Modify the External collaboration settings.
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data? Azure SQL Database Azure File Storage An Azure Cosmos DB database The Azure File Sync Storage Sync Service Azure Data Factory A virtual machine .
You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active Directory domain.
The tenant contains the users shown in the image.
You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four users.
Solution: You add a mobile phone number for User2 and User4.
Does this meet the Goal? No Yes.
You have an Azure subscription that contains the storage account shown in the image.
You need to create a request to Microsoft Support to perform a live migration of storage1 to Zone Redundant Storage (ZRS) replication.
How should you modify storage1 before the Live migration? Set the replication to Locally redundant storage (LRS) Disable Advanced threat protection Remove the lock Set the access tier to Hot Create a new storage account GPv1.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
Multi-factorauthentication (MFA) is enabled for all users.
You need to provide users with the ability to bypass MFA for 10 days on devices to which they have successfully signed in by using MFA.
What should you do? From the multi-factor authentication page, configure the users' settings From Azure AD, create a conditional access policy From the multi-factor authentication page, configure the service settings. From the MFA blade in Azure AD, configure the MFA Server settings. .
Your network contains an on-premises Active Directory domain named adatum.com.
The domain contains an organizational unit (OU) named OU1.
OU1 contains the objects shown in the table.
---
You sync OU1 to Azure Active Directory (Azure AD) by using Azure AD Connect.
You need to identify which objects are synced to Azure AD.
Which objects should you identify? User1 and Group1 only User1, Group1, and Group2 only User1, Group1, Group2, and Computer1 Computer1 only.
You have an Azure subscription named Subscription1 that contains the resources shown in the table.
VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.
You need to create a new Network Interface named NIC2 for VM1.
Solution: You create NIC2 in RG2 and West US.
Does this meet the goal?
Yes No.
You deploy an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to deploy a YAML file to AKS1.
Solution: From the Azure CLI you run the kubectl client.
Does this meet the goal? Yes No .
You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active Directory domain.
The tenant contains the users shown in the image.
You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four users.
Solution: You add an office phone number for User2.
Does this meet the Goal? No Yes.
You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active Directory domain.
The tenant contains the users shown in the image.
You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four users.
Solution: You create an user account for User3 in Azure AD.
Does this meet the Goal? No Yes.
Your company wants to deploy a blogging solution on Azure.
Below are the key deployment requirements:
- Ability to connect to Azure BLOB storage as the origin.
- Ensure that users across the world get the same performance when they access the blogging site.
You provide a solution of using the Content Delivery Service.
Does this solution meet the requirement? Yes No.
You need to configure public IP addressing for four backend virtual machines (VMs) that are identically configured and reside on an Azure virtual network (VNet).
Your solution must meet the following technical and business requeriments:
- Minimize the VM's attack surface
- Minimize administrative/maintenance complexity
- Minimize cost
What shoul you do? Assign a public IP address to a public load balancer and user Network Address Translation (NAT) to reach the VM's. Assign a public IP address to each VM and use netwok security groups (NSGs) to reach the VMs. Assign a public IP address to each VM virtual network interface card (VNIC) and use Just-in-Time (JIT) VM Access to reach the VMs. Assign a public IP address to an Azure Virtual Private Network (VPN) Gateway and use a public load balancer to reach the VMs.
You are planning to leverage Azure File Sync to create a cloud-based file share for all on-premises files hosted on a server running Windows Server 2019.
You need to set up the synchronization.
Which five actions should you perform in sequence? Action1 Action2 Action3 Action4 Action5.
You have two Azure Active Directory (Azure AD) tenants named contoso.com and fabrikam.com.
You have a Microsoft account that you use to sign in to both tenants.
You need to configure the default sign-in tenant for the Azure portal.
What should you do? From Azure Cloud Shell, run Set-AzureRmSubscription. From Azure Cloud Shell, run Set-AzureRmContext. From the Azure portal, configure the portal settings. From the Azure portal, change the directory.
You have an Azure virtual machine named VM1.
You use Azure Backup to create a backup of VM1 named Backup1.
After creating Backup1, you perform the following changes to VM1:
* Modify the size of VM1.
* Copy a file named Budget.xls to a folder named Data.
* Reset the password for the built-in administrator account.
* Add a data disk to VM1.
An administrator uses the Replace existing option to restore VM1 from Backup1.
You need to ensure that all the changes to VM1 are restored.
Which change should you perform again? Copy Budget.xls to Data. Reset the password for the built-in administrator account. Add a data disk. Modify the size of VM1.
You need to identify the appropiate sizes for the Azure virtual machines.
Which five actions should you perform in sequence? Action1 Action2 Action3 Action4 Action5.
|
