Azure Administrator Exam AZ-104 Guide
Uploaded by
josia mashiloaneAzure Administrator Exam AZ-104 Guide
Uploaded by
josia mashiloaneMicrosoft.AZ-104.vDec-2023.by.Jack.
206q
Number: AZ-104
Passing Score: 800
Time Limit: 120
File Version: 21.0
Exam Code: AZ-104
Exam Name: Microsoft Azure Administrator
IT Certification Exams - Questions & Answers | Vdumps.com
Case Study 01 - Litware Company
Overview
Litware, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Litware are hosted on-premises.
Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named Litware.onmicrosoft.com. The tenant uses the P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named Litware.com. All domain controllers are configured as DNS servers and host the Litware.com DNS zone.
Litware has finance, human resources, sales, research, and information technology departments.
Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department.
New users are added frequently.
Litware.com contains a user named User1.
All the offices connect by using private links.
Litware has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.
Litware uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.
The Azure subscription contains the resources in the following table.
The network security team implements several network security groups (NSGs).
Planned Changes
Litware plans to implement the following changes:
• Deploy Azure ExpressRoute to the Montreal office.
• Migrate the virtual machines hosted on Server1 and Server2 to Azure.
• Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
• Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2.
Technical requirements
Litware must meet the following technical requirements:
• Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instance*.
• Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
• Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
• Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
• Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.Litware.com.
• Connect the New Your office to VNet1 over the Internet by using an encrypted connection.
• Create a workflow to send an email message when the settings of VM4 are modified.
• Create a custom Azure role named Role1 that is based on the Reader role.
• Minimize costs whenever possible.
QUESTION 1
HOTSPOT
You need to implement Role1.
Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell
Get-AzRoleDefinition -Name "Reader" | ConvertTo-Json
https://docs.microsoft.com/en-us/powershell/module/az.resources/get-azroledefinition?view=azps-5.9.0
https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/converttojson?view=powershell-7.1
https://docs.microsoft.com/en-us/powershell/module/azuread/getazureaddirectoryrole?view=azureadps-2.0
QUESTION 2
HOTSPOT
You need to meet the connection requirements for the New York office.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Box 1: Create a virtual network gateway and a local network gateway.
Azure VPN gateway. The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN appliance. For more information, see Connect an on-premises network to a
Microsoft Azure virtual network. The VPN gateway includes the following elements:
Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing traffic from the on-premises network to the VNet.
Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to the on-premises network is routed through this gateway.
Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-premises VPN appliance to encrypt traffic.
Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements, described in the Recommendations section below.
Box 2: Configure a site-to-site VPN connection
On premises create a site-to-site connection for the virtual network gateway and the local network gateway.
Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Incorrect Answers:
Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner.
This connection is private. Traffic does not go over the internet.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybridnetworking/ vpn
QUESTION 3
IT Certification Exams - Questions & Answers | Vdumps.com
You discover that VM3 does NOT meet the technical requirements.
You need to verify whether the issue relates to the NSGs.
What should you use?
A. Diagram in VNet1
B. the security recommendations in Azure Advisor
C. Diagnostic settings in Azure Monitor
D. Diagnose and solve problems in Traffic Manager Profiles
E. IP flow verify in Azure Network Watcher
Correct Answer: E
Section:
Explanation:
Scenario: Litware must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the
name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-
premises environment.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
QUESTION 4
You need to meet the technical requirement for VM4.
What should you create and configure?
A. an Azure Notification Hub
B. an Azure Event Hub
C. an Azure Logic App
D. an Azure services Bus
Correct Answer: B
Section:
Explanation:
Scenario: Create a workflow to send an email message when the settings of VM4 are modified.
You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources. These resources can publish those events to an Azure event grid. In turn, the event grid pushes those
events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without
you writing any code.
Reference:
https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-gridlogic-app
QUESTION 5
You need to recommend a solution to automate the configuration for the finance department users.
The solution must meet the technical requirements.
What should you include in the recommended?
A. Azure AP B2C
B. Azure AD Identity Protection
C. an Azure logic app and the Microsoft Identity Management (MIM) client
IT Certification Exams - Questions & Answers | Vdumps.com
D. dynamic groups and conditional access policies
Correct Answer: D
Section:
Explanation:
Technically, The finance department needs to migrate their users from AD to AAD using AADC based on the finance OU, and need to enforce MFA use. This is conditional access policy. Employees also often get promotions
and/or join other departments and when that occurs, the user's OU attribute will change when the admin puts the user in a new OU, and the dynamic group conditional access exception (OU= [Department Name Value]) will
move the user to the appropriate dynamic group on next AADC delta sync.
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamicmembership
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
QUESTION 6
HOTSPOT
You need to the appropriate sizes for the Azure virtual for Server2.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Box 1: Create a Recovery Services vault
Create a Recovery Services vault on the Azure Portal.
Box 2: Install the Azure Site Recovery Provider
Azure Site Recovery can be used to manage migration of on-premises machines to Azure.
Scenario: Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Server2 has the Hyper-V host role.
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure
QUESTION 7
HOTSPOT
You implement the planned changes for NSG1 and NSG2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Case Study 02 - Humongous Insurance company
Overview
Existing Environment
Huongous Insurance is an insurance company that has three offices in Miami, Tokoyo, and Bankok.
Each has 5000 users.
Active Directory Environment
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com.
The functional level of the forest is Windows Server 2012.
You recently provisioned an Azure Active Directory (Azure AD) tenant.
Network Infrastructure
Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Each office has several link load balancers that provide access to the servers.
Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.
Licensing Issue
You attempt to assign a license in Azure to several users and receive the following error message:
"Licenses not assigned. License agreement failed for one user."
You verify that the Azure subscription has the available licenses.
Requirements
Planned Changes
Humongous Insurance plans to open a new office in Paris. The Paris office will contain 1,000 users who will be hired during the next 12 months. All the resources used by the Paris office users will be hosted in Azure.
IT Certification Exams - Questions & Answers | Vdumps.com
Planned Azure AD Infrastructure
The on-premises Active Directory domain will be synchronized to Azure AD.
All client computers in the Paris office will be joined to an Azure AD domain.
Planned Azure Networking Infrastructure
You plan to create the following networking resources in a resource group named All_Resources:
Default Azure system routes that will be the only routes used to route traffic
A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2
A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet
A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and Subnet4
You plan to enable peering between Paris-VNet and AllOffices-VNet. You will enable the Use remote gateways setting for the Paris-VNet peerings.
You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
Planned Azure Computer Infrastructure
Each subnet will contain several virtual machines that will run either Windows Server 2012 R2, Windows Server 2016, or Red Hat Linux.
Department Requirements
Humongous Insurance identifies the following requirements for the company's departments:
Web administrators will deploy Azure web apps for the marketing department. Each web app will be added to a separate resource group. The initial configuration of the web apps will be identical. The web administrators have permission to
deploy web apps to resource groups.
During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.
Authentication Requirements
Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.
QUESTION 1
You need to define a custom domain name for Azure AD to support the planned infrastructure.
Which domain name should you use?
A. ad.humongousinsurance.com
B. humongousinsurance.onmicrosoft.com
C. humongousinsurance.local
D. humongousinsurance.com
Correct Answer: D
Section:
Explanation:
Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com.
The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who
sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as '[email protected].' instead of 'alice@domain
name.onmicrosoft.com'.
Scenario:
Network Infrastructure: Each office has a local data center that contains all the servers for that office.
Each office has a dedicated connection to the Internet.
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com
Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
QUESTION 2
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
IT Certification Exams - Questions & Answers | Vdumps.com
A. Allow inbound TCP port 8080 to the domain controllers in the Miami office.
B. Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.
C. Join the client computers in the Miami office to Azure AD.
D. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
E. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication.
Correct Answer: B, E
Section:
Explanation:
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory:
https://autologon.microsoftazuread-sso.com
E: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
QUESTION 3
You need to resolve the licensing issue before you attempt to assign the license again.
What should you do?
A. From the Groups blade, invite the user accounts to a new group.
B. From the Profile blade, modify the usage location.
C. From the Directory role blade, modify the directory role.
Correct Answer: B
Section:
Explanation:
Scenario: Licensing Issue
1. You attempt to assign a license in Azure to several users and receive the following error message:
"Licenses not assigned. License agreement failed for one user."
2. You verify that the Azure subscription has the available licenses.
Solution:
License cannot be assigned to a user without a usage location specified.
Some Microsoft services aren't available in all locations because of local laws and regulations. Before you can assign a license to a user, you must specify the Usage location property for the user. You can specify the location
under the User > Profile > Settings section in the Azure portal.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groupsresolve-problems
QUESTION 4
DRAG DROP
You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
IT Certification Exams - Questions & Answers | Vdumps.com
Answer:
Select and Place:
IT Certification Exams - Questions & Answers | Vdumps.com
Correct Answer:
Section:
Explanation:
Scenario:
IT Certification Exams - Questions & Answers | Vdumps.com
1. Web administrators will deploy Azure web apps for the marketing department.
2. Each web app will be added to a separate resource group.
3. The initial configuration of the web apps will be identical.
4. The web administrators have permission to deploy web apps to resource groups.
Steps:
1 --> Create a resource group, and then deploy a web app to the resource group.
2 --> From the Automation script blade of the resource group , click Add to Library.
3 --> From the Templates service, select the template, and then share the template to the web administrators .
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/quickstart-createtemplates-use-the-portal
QUESTION 5
Which blade should you instruct the finance department auditors to use?
A. Partner information
B. Overview
C. Payment methods
D. Invoices
Correct Answer: D
Section:
Explanation:
You can opt in and configure additional recipients to receive your Azure invoice in an email. This feature may not be available for certain subscriptions such as support offers, Enterprise Agreements, or Azure in Open.
Select your subscription from the Subscriptions page. Opt-in for each subscription you own. Click Invoices then Email my invoice.
Click Opt in and accept the terms.
Scenario: During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.
Reference: https://docs.microsoft.com/en-us/azure/billing/billing-download-azure-invoice-dailyusage-date
QUESTION 6
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
IT Certification Exams - Questions & Answers | Vdumps.com
NOTE Each correct selection is worth one point.
A. Azure Active Directory (AD) Identity Protection and an Azure policy
B. a Recovery Services vault and a backup policy
C. an Azure Key Vault and an access policy
D. an Azure Storage account and an access policy
Correct Answer: C
Section:
Explanation:
D: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD
URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com
Incorrect Answers:
A: Seamless SSO needs the user's device to be domain-joined, but doesn't need for the device to be Azure AD Joined.
C: Azure AD connect does not port 8080. It uses port 443.
E: Seamless SSO is not applicable to Active Directory Federation Services (ADFS).
Scenario: Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.
Planned Azure AD Infrastructure include: The on-premises Active Directory domain will be synchronized to Azure AD.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directoryaadconnect-sso-quick-start
QUESTION 7
You need to resolve the Active Directory issue.
What should you do?
A. From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value.
B. Run idfix.exe, and then use the Edit action.
C. From Active Directory Domains and Trusts, modify the list of UPN suffixes.
D. From Azure AD Connect, modify the outbound synchronization rule.
Correct Answer: B
Section:
Explanation:
IdFix is used to perform discovery and remediation of identity objects and their attributes in an onpremises Active Directory environment in preparation for migration to Azure Active Directory. IdFix is intended for the Active
Directory administrators responsible for directory synchronization with Azure
Active Directory.
Scenario: Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.
Reference: https://www.microsoft.com/en-us/download/details.aspx?id=36832
QUESTION 8
Which blade should you instruct the finance department auditors to use?
A. invoices
B. partner information
C. cost analysis
D. External services
IT Certification Exams - Questions & Answers | Vdumps.com
Correct Answer: C
Section:
Explanation:
Cost analysis: Correct Option
In cost analysis blade of Azure, you can see all the detail for custom time span. You can use this to determine expenditure of last few day, weeks, and month. Below options are available in Cost analysis blade for filtering
information by time span: last 7 days, last 30 days, and custom date range. Choosing the first option (last 7 days) auditors can view the costs by time span.
Cost analysis shows data for the current month by default. Use the date selector to switch to common date ranges quickly. Examples include the last seven days, the last month, the current year, or a custom date range. Pay-
as-you-go subscriptions also include date ranges based on your billing period, which isn't bound to the calendar month, like the current billing period or last invoice. Use the <PREVIOUS and NEXT> links at the top of the menu
to jump to the previous or next period, respectively. For example, <PREVIOUS will switch from the Last 7 days to 8-14 days ago or 15-21 days ago.
Invoice: Incorrect Option
Invoices can only be used for past billing periods not for current billing period, i.e. if your requirement is to know the last week's cost then that also not filled by invoices because Azure generates invoice at the end of the month. Even though
Invoices have custom timespan, but when you put in dates for a week, the pane would be empty. Below is from Microsoft document:
IT Certification Exams - Questions & Answers | Vdumps.com
Resource Provider: Incorrect Option
When deploying resources, you frequently need to retrieve information about the resource providers and types. For example, if you want to store keys and secrets, you work with the Microsoft.KeyVault resource provider. This resource provider
offers a resource type called vaults for creating the key vault. This is not useful for reviewing all Azure costs from the past week which is required for audit.
Payment method: Incorrect Option
Payment methods is not useful for reviewing all Azure costs from the past week which is required for audit.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/quick-acm-cost-analysis
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/download-azure-invoicedaily-usage-date
QUESTION 9
HOTSPOT
You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Statement 1: Yes
All client computers in the Paris office will be joined to an Azure AD domain.
A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2.
Microsoft Windows Server Active Directory domains, can resolve DNS names between virtual networks. Automatic registration of virtual machines from a virtual network that's linked to a private zone with auto-registration
enabled. Forward DNS resolution is supported across virtual networks that are linked to the private zone.
Statement 2: Yes
A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the
ClientResources-VNet virtual network.
As this is a registration network so this will work.
Statement 3: No
Only VMs in the registration network, here the ClientResources-VNet, will be able to register hostname records. Since Subnet4 not connected to Client Resources Network thus not able to register its hostname with
humongoinsurance.local
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vmsand-role-instances
QUESTION 10
HOTSPOT
You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Once the VNets are peered, all resources on one VNet can communicate with resources on the other peered VNets. You plan to enable peering between Paris-VNet and AllOffices-VNet. Therefore VMs on Subnet1, which is on
Paris-VNet and VMs on Subnet3, which is on AllOffices-VNet will be able to connect to each other.
All Azure resources connected to a VNet have outbound connectivity to the Internet by default.
Therefore VMs on ClientSubnet, which is on ClientResources-VNet will have access to the Internet; and VMs on Subnet3 and Subnet4, which are on AllOffices-VNet will have access to the Internet.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
https://docs.microsoft.com/en-us/azure/networking/networking-overview#internet-connectivity
Exam C
QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure web app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
You discover that App1 stops each day after running continuously for 60 minutes.
You need to ensure that App1 can run continuously for the entire day.
Solution: You change the pricing tier of Plan1 to Basic. Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section:
Explanation:
The Free Tier provides 60 CPU minutes / day. This explains why App1 is stops. The Basic tier has no such cap.
Reference:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
QUESTION 2
HOTSPOT
You create an Azure web app named WebApp1. WebApp1 has the autoscale settings shown in the following exhibit.
IT Certification Exams - Questions & Answers | Vdumps.com
The scale out and scale in rules are configured to have a duration of 10 minutes and a cool down time of five minutes.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Box 1: one instance
Refer to scaling condition provided in the question, August 8, 2018 is outside the schedule of the scale condition 1, and Default instance count is 1.
Box 2: two instances
The default instance count is important because autoscale scales your service to that count when metrics are not available. Therefore, select a default instance count that's safe for your workloads.
The Default instance count of scale condition 1 is 4, and the Scale in rule decreases the count with 1.
So initial instance count before scale in condition met = 4
CPU utilization was at 15% for 60 mins so after first 10 mins ( The scale out and scale in rules are configured to have a duration of 10 minutes )instance count reduces by 1 hence after first 10 mins instance count is 4-1=3
Now cool down period is 5 mins , after first 15 mins instance count is 3 .
After next 15 mins , instance count will be 3-1=2.
After next 15 mins , instance count will be =2 because minimum instance count must be 2 , it can't get reduced beyond 2.
So after 60 mins instance count will be at 2.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices
QUESTION 3
You have 100 Azure subscriptions. All the subscriptions are associated to the same Azure Active
Directory (Azure AD) tenant named contoso.com.
You are a global administrator.
IT Certification Exams - Questions & Answers | Vdumps.com
You plan to create a report that lists all the resources across all the subscriptions.
You need to ensure that you can view all the resources in all the subscriptions.
What should you do?
A. From the Azure portal, modify the profile settings of your account.
B. From Windows PowerShell, run the Add-AzureADAdministrativeUnitMember cmdlet.
C. From Windows PowerShell, run the New-AzureADUserAppRoleAssignment cmdlet.
D. From the Azure portal, modify the properties of the Azure AD tenant.
Correct Answer: C
Section:
Explanation:
The New-AzureADUserAppRoleAssignment cmdlet assigns a user to an application role in Azure
Active Directory (AD). Use it for the application report.
Reference: https://docs.microsoft.com/en-us/powershell/module/azuread/newazureaduserapproleassignment?view=azureadps-2.0
QUESTION 4
You have a Microsoft SQL Server Always On availability group on Azure virtual machines. You need to configure an Azure internal load balancer as a listener for the availability group. What should you do?
A. Enable Floating IP.
B. Set Session persistence to Client IP and protocol.
C. Set Session persistence to Client IP.
D. Create an HTTP health probe on port 1433.
Correct Answer: A
Section:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windowsportal-sql-alwayson-int-listener
QUESTION 5
DRAG DROP
You have an Azure subscription that contains the following resources:
• a virtual network named VNet1
• a replication policy named ReplPolicy1
• a Recovery Services vault named Vault1
• an Azure Storage account named Storage1
You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows Server 2019.
You need to migrate VM1 to VNet1 by using Azure Site Recovery.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
IT Certification Exams - Questions & Answers | Vdumps.com
Correct Answer:
Section:
Explanation:
Step 1: Deploy an EC2 virtual machine as a configuration server
Prepare source include:
Use an EC2 instance that's running Windows Server 2012 R2 to create a configuration server and register it with your recovery vault.
Configure the proxy on the EC2 instance VM you're using as the configuration server so that it can access the service URLs.
IT Certification Exams - Questions & Answers | Vdumps.com
Step 2: Install Azure Site Recovery Unified Setup.
Download Microsoft Azure Site Recovery Unified Setup. You can download it to your local machine and then copy it to the VM you're using as the configuration server.
Step 3: Enable replication for VM1.
Enable replication for each VM that you want to migrate. When replication is enabled, Site Recovery automatically installs the Mobility service.
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-aws-azure
QUESTION 6
You deploy an Azure Application Gateway.
You need to ensure that all the traffic requesting https://adatum.com/internal resources is directed to an internal server pool and all the traffic requesting https://adatum.com/external resources is directed to an external server pool.
What should you configure on the Application Gateway?
A. URL path-based routing
B. multi-site listeners
C. basic routing
D. SSL termination
Correct Answer: A
Section:
Explanation:
URL Path Based Routing allows you to route traffic to back-end server pools based on URL Paths of the request.
In the question there are two different path from where the traffic is getting generated as below
https://adatum.com/internal
https://adatum.com/external
So in this case we can use URL path-based routing feature of Application Gateway.
IT Certification Exams - Questions & Answers | Vdumps.com
Reference:
https://docs.microsoft.com/en-us/azure/application-gateway/url-route-overview
QUESTION 7
You are building a custom Azure function app to connect to Azure Event Grid.
You need to ensure that resources are allocated dynamically to the function app. Billing must be based on the executions of the app.
What should you configure when you create the function app?
A. the Windows operating system and the Consumption plan hosting plan
B. the Windows operating system and the App Service plan hosting plan
C. the Docker container and an App Service plan that uses the Bl1 pricing tier
D. the Docker container and an App Service plan that uses the SI pricing
Correct Answer: A
Section:
Explanation:
Azure Functions runs in two different modes: Consumption plan and Azure App Service plan. the Consumption plan automatically allocates compute power when your code is running. Your app is scaled out when needed to
handle load, and scaled down when code is not running.
IT Certification Exams - Questions & Answers | Vdumps.com
Incorrect Answers:
B: When you run in an App Service plan, you must manage the scaling of your function app.
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-first-azure-function
QUESTION 8
You have an Azure web app named App1 that streams video content to users. App1 is located in the East US Azure region.
Users in North America stream the video content without any interruption.
Users in Asia and Europe report that the video buffer often and do not play back smoothly.
You need to recommend a solution to improve video streaming to the European and Asian users.
What should you recommend?
A. Scale out the App Service plan.
B. Scale up the App Service plan.
C. Configure an Azure Content Delivery Network (CDN) endpoint.
D. Configure Azure File Sync.
Correct Answer: C
Section:
Explanation:
A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users. CDNs' store cached content on edge servers in point-of-presence (POP) locations that are close to end
users, to minimize latency.
Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering highbandwidth content to users by caching their content at strategically placed physical nodes across the world.
Reference:
https://docs.microsoft.com/en-us/azure/cdn/cdn-overview
IT Certification Exams - Questions & Answers | Vdumps.com
QUESTION 9
HOTSPOT
You have an Azure web app named App1 that has two deployment slots named Production and
Staging. Each slot has the unique settings shown in the following table.
You perform a slot swap.
What are the configurations of the Production slot after the swap? To answer, select the appropriate options in the answer area.
NOTE: Each correction is worth one point.
Hot Area:
Answer Area:
Section:
Explanation:
Which settings are swapped?
When you clone configuration from another deployment slot, the cloned configuration is editable.
Some configuration elements follow the content across a swap (not slot specific), whereas other configuration elements stay in the same slot after a swap (slot specific). The following lists show the settings that change when
you swap slots.
Box 1 : On
Settings that are swapped:
General settings, such as framework version, 32/64-bit, web sockets
App settings (can be configured to stick to a slot)
Connection strings (can be configured to stick to a slot)
Handler mappings
Public certificates
WebJobs content
Hybrid connections *
Virtual network integration *
IT Certification Exams - Questions & Answers | Vdumps.com
Service endpoints *
Azure Content Delivery Network *
Features marked with an asterisk (*) are planned to be unswapped.
So web sockets settings will be swapped. So Production will have web sockets settings from "Off" to "On" after the swap slot.
Box 2: App1-prod.contoso.com
Settings that aren't swapped:
Publishing endpoints
Custom domain names
Non-public certificates and TLS/SSL settings
Scale settings
WebJobs schedulers
IP restrictions
Always On
Diagnostic settings
Cross-origin resource sharing (CORS)
So Custom domain names will not be swapped. So Production will have Custom domain names of its own after the swap slot.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots#what-happens-during-aswap
QUESTION 10
You have an Azure subscription that contains a virtual network named VNet1. VNet 1 has two subnets named Subnet1 and Subnet2. VNet1 is in the West Europe Azure region.
The subscription contains the virtual machines in the following table.
You need to deploy an application gateway named AppGW1 to VNet1.
What should you do first?
A. Add a service endpoint.
B. Add a virtual network.
C. Move VM3 to Subnet1.
D. Stop VM1 and VM2.
Correct Answer: D
Section:
Explanation:
If you have an existing virtual network, either select an existing empty subnet or create a new subnet in your existing virtual network solely for use by the application gateway.
Verify that you have a working virtual network with a valid subnet. Make sure that no virtual machines or cloud deployments are using the subnet. The application gateway must be by itself in a virtual network subnet.
Reference:
https://social.msdn.microsoft.com/Forums/azure/en-US/b09367f9-5d01-4cda-9127-b7a506a0a151/cant-create-application-gateway?forum=WAVirtualMachinesVirtualNetwork
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-gateway
QUESTION 11
A web developer creates a web application that you plan to deploy as an Azure web app. Users must enter credentials to access the web application.
You create a new web app named WebApp1 and deploy the web application to WebApp1.
You need to disable anonymous access to WebApp1.
What should you configure?
IT Certification Exams - Questions & Answers | Vdumps.com
A. Access control (IAM)
B. Advanced Tools
C. Deployment credentials
D. Authentication/Authorization
Correct Answer: D
Section:
Explanation:
Anonymous access is an authentication method. It allows users to establish an anonymous connection.
Reference:
https://docs.microsoft.com/en-us/biztalk/core/guidelines-for-resolving-iis-permissions-problems
QUESTION 12
HOTSPOT
You have an Azure subscription named Subscription1 that contains the resources in the following table.
VM1 and VM2 run the websites in the following table.
AppGW1 has the backend pools in the following table.
DNS resolves site1.contoso.com, site2.contoso.com, and site3.contoso.com to the IP address of
AppGW1.
AppGW1 has the listeners in the following table.
AppGW1 has the rules in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Vm1 is in Pool1. Rule2 applies to Pool1, Listener 2, and site2.contoso.com
QUESTION 13
Your company has a main office in Australia and several branch offices in Asia.
The company's data center uses a VMware virtualization infrastructure to host several virtualized servers.
You purchase an Azure subscription and plan to move all virtual machines to Azure to a resource group in the Australia Southeast location.
You need to create an Azure Migrate migration project.
Which geography should you select?
A. Central India
B. Australia Central
C. Australia Southeast
D. United States
Correct Answer: C
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
In Project Details, specify the project name, and geography in which you want to create the project.
Review supported geographies for public and government clouds.
Reference:
https://docs.microsoft.com/en-us/azure/migrate/how-to-add-tool-first-time
QUESTION 14
You are configuring Azure Active Directory (Azure AD) authentication for an Azure Storage account named storage1.
You need to ensure that the members of a group named Group1 can upload files by using the Azure portal. The solution must use the principle of least privilege.
Which two roles should you configure for storage!? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
A. Reader
B. Storage Blob Data Contributor
C. Storage Account Contributor
D. Storage Blob Data Reader
E. Contributor
Correct Answer: A, C
Section:
IT Certification Exams - Questions & Answers | Vdumps.com
QUESTION 15
You have an Azure subscription that contains the resources in the following table.
VM1 and VM2 are deployed from the same template and host line-of-business applications accessed by using Remote Desktop. You configure the network security group (NSG) shown in the exhibit.
(Click the Exhibit button.)
IT Certification Exams - Questions & Answers | Vdumps.com
You need to prevent users of VM1 and VM2 from accessing websites on the Internet.
What should you do?
A. Associate the NSG to Subnet1.
B. Disassociate the NSG from a network interface.
C. Change the DenyWebSites outbound security rule.
IT Certification Exams - Questions & Answers | Vdumps.com
D. Change the Port_80 inbound security rule.
Correct Answer: A
Section:
QUESTION 16
DRAG DROP
You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.
The virtual networks n on-premises server named Server1 the configured as shown in the following table.
You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Step 1: Remove peering between Vnet1 and VNet2.
You can't add address ranges to, or delete address ranges from a virtual network's address space once a virtual network is peered with another virtual network. To add or remove address ranges, delete the peering, add or
remove the address ranges, then re-create the peering.
Step 2: Add the 10.44.0.0/16 address space to VNet1.
Step 3: Recreate peering between VNet1 and VNet2
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering
QUESTION 17
You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table.
You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named contoso.com.
For contoso.com, you create a virtual network link named link1 as shown in the exhibit. (Click the Exhibit tab.)
IT Certification Exams - Questions & Answers | Vdumps.com
You discover that VM1 can resolve names in contoso.com but cannot resolve names in adatum.com.
VM1 can resolve other hosts on the internet.
You need to ensure that VM1 can resolve host names in adatum.com.
What should you do?
A. Update the DNS suffix on VM1 to be adatum.com.
B. Create an SRV record in the contoso.com zone.
C. Configure the name servers for adatum.com at the domain registrar.
D. Modify the Access control (IAM) settings for link1.
Correct Answer: C
Section:
Explanation:
Adatum.com is a public DNS zone. The Internet top level domain DNS servers need to know which DNS servers to direct DNS queries for adatum.com to. You configure this by configuring the name servers for adatum.com at
the domain registrar.
Reference:
https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-portal
QUESTION 18
You have an azure subscription named Subscription that contains the resource groups shown in the following table.
In RG1, you create a virtual machine named VM1 in the East Asia location.
You plan to create a virtual network named VNET1.
You need to create VNET, and then connect VM1 to VNET1.
What are two possible ways to achieve this goal? Each correct answer presents a complete a solution.
NOTE: Each correct selection is worth one point.
IT Certification Exams - Questions & Answers | Vdumps.com
A. Create VNET1 in RG2, and then set East Asia as the location.
B. Create VNET1 in a new resource group in the West US location, and then set West US as the location.
C. Create VNET1 in RG1, and then set East Asia as the location
D. Create VNET1 in RG1, and then set East US as the location.
E. Create VNET1 in RG2, and then set East US as the location.
Correct Answer: A, C
Section:
Explanation:
A network interface can exist in the same, or different resource group, than the virtual machine you attach it to, or the virtual network you connect it to.
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, also referred to as a region.
Note, Resource groups can span multiple Regions, but VNets only can hold resources (VMs, Network Adapters) that exists in the same region.
So in this scenario, you need to create VNET1 in any RG and set location as East Asia.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
QUESTION 19
You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network.
The on-premises network uses a public IP address space of 131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
Ensure that you can upload the disk files to account1.
Ensure that you can attach the disks to VM1.
Prevent all other access to account1.
Which two actions should you perform? Each correct selection presents part of the solution.
NOTE: Each correct selection is worth one point.
A. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
B. From the Firewalls and virtual networks blade of account1, select Selected networks.
C. From the Firewalls and virtual networks blade of acount1, add VNet1.
D. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
E. From the Service endpoints blade of VNet1, add a service endpoint.
Correct Answer: A, B
Section:
Explanation:
By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.
Azure portal
1. Navigate to the storage account you want to secure.
2. Click on the settings menu called Firewalls and virtual networks.
3. To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all networks, choose to allow access from 'All networks'.
4. Click Save to apply your changes.
Grant access from a Virtual Network
Storage accounts can be configured to allow access only from specific Azure Virtual Networks.
By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each
request.
IT Certification Exams - Questions & Answers | Vdumps.com
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
QUESTION 20
HOTSPOT
You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address.
Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network interfaces and network security groups that you require?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
Section:
Explanation:
Box 1: 5
A public and a private IP address can be assigned to a single network interface.
Box 2: 1
You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network
IT Certification Exams - Questions & Answers | Vdumps.com
interfaces as you choose.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interfaceaddresses
QUESTION 21
HOTSPOT
You have an Azure subscription named Subscription1 that contains the resources in the following table.
You install the Web Server server role (IIS) on WM1 and VM2, and then add VM1 and VM2 to LB1.
LB1 is configured as shown in the LB1 exhibit. (Click the Exhibit button.)
Rule1 is configured as shown in the Rule1 exhibit. (Click the Exhibit button.)
IT Certification Exams - Questions & Answers | Vdumps.com
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
To load balance with basic load balancer backend pool virtual machines has to be in a single availability set or virtual machine scale set.
A health probe is used to determine the health status of the instances in the backend pool. During load balancer creation, configure a health probe for the load balancer to use. This health probe will determine if an instance
is healthy and can receive traffic.
A Load Balancer rule is used to define how incoming traffic is distributed to the all the instances within the Backend Pool. So if you delete the rule, load balancing won't happen.
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/skus
QUESTION 22
HOTSPOT
You have peering configured as shown in the following exhibit.
IT Certification Exams - Questions & Answers | Vdumps.com
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Box 1: vNET6 only
Peering status to both VNet1 and Vnet2 are disconnected.
Box 2: delete peering1
Peering to Vnet1 is Enabled but disconnected. We need to update or re-create the remote peering to get it back to Initiated state.
Reference:
https://blog.kloud.com.au/2018/10/19/address-space-maintenance-with-vnet-peering/
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-managepeering#requirements-andconstraints
QUESTION 23
Your company has an Azure subscription named Subscription1.
The company also has two on-premises servers named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a DNS server that has a primary DNS zone named adatum.com.
Adatum.com contains 1,000 DNS records.
You manage Server1 and Subscription1 from Server2. Server2 has the following tools installed:
The DNS Manager console
Azure PowerShell
Azure CLI 2.0
You need to move the adatum.com zone to Subscription1. The solution must minimize administrative effort.
What should you use?
A. Azure PowerShell
B. Azure CLI
C. the Azure portal
D. the DNS Manager console
Correct Answer: B
Section:
Explanation:
Azure DNS supports importing and exporting zone files by using the Azure command-line interface (CLI). Zone file import is not currently supported via Azure PowerShell or the Azure portal.
Reference: https://docs.microsoft.com/en-us/azure/dns/dns-import-export
QUESTION 24
IT Certification Exams - Questions & Answers | Vdumps.com
HOTSPOT
You have an Azure subscription that contains the public load balancers shown in the following table.
You plan to create six virtual machines and to load balancer requests to the virtual machines. Each load balancer will load balance three virtual machines.
You need to create the virtual machines for the planned solution.
How should you create the virtual machines? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Box 1: be created in the same availability set or virtual machine scale set.
The Basic tier is quite restrictive. A load balancer is restricted to a single availability set, virtual machine scale set, or a single machine.
Box 2: be connected to the same virtual network
The Standard tier can span any virtual machine in a single virtual network, including blends of scale sets, availability sets, and machines.
Reference:
https://www.petri.com/comparing-basic-standard-azure-load-balancers
QUESTION 25
HOTSPOT
You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Box 1: An Azure Log Analytics workspace
In the Azure portal you can set up a Log Analytics workspace, which is a unique Log Analytics environment with its own data repository, data sources, and solutions
Box 2: ILB1
Reference:
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-create-workspace
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics
QUESTION 26
HOTSPOT
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
IT Certification Exams - Questions & Answers | Vdumps.com
In storage1, you create a blob container named blob1 and a file share named share1.
Which resources can be backed up to Vault1 and Vault2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Box 1: VM1 only
VM1 is in the same region as Vault1.
File1 is not in the same region as Vautl1.
SQL is not in the same region as Vault1.
Blobs cannot be backup up to service vaults.
Note: To create a vault to protect virtual machines, the vault must be in the same region as the virtual machines.
Box 2: Share1 only.
Storage1 is in the same region (West USA) as Vault2. Share1 is in Storage1.
Note: After you select Backup, the Backup pane opens and prompts you to select a storage account from a list of discovered supported storage accounts. They're either associated with this vault or present in the same region
as the vault, but not yet associated to any Recovery Services vault.
Reference:
https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault
https://docs.microsoft.com/en-us/azure/backup/backup-afs
QUESTION 27
DRAG DROP
You have an Azure Linux virtual machine that is protected by Azure Backup.
One week ago, two files were deleted from the virtual machine.
You need to reses clients connect n on-premises computer as quickly as possible.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
IT Certification Exams - Questions & Answers | Vdumps.com
Correct Answer:
Section:
Explanation:
To restore files or folders from the recovery point, go to the virtual machine and choose the desired recovery point.
Step 0. In the virtual machine's menu, click Backup to open the Backup dashboard.
Step 1. In the Backup dashboard menu, click File Recovery.
Step 2. From the Select recovery point drop-down menu, select the recovery point that holds the files you want. By default, the latest recovery point is already selected.
Step 3: To download the software used to copy files from the recovery point, click Download Executable (for Windows Azure VM) or Download Script (for Linux Azure VM, a python script is generated).
IT Certification Exams - Questions & Answers | Vdumps.com
Step 4: Copy the files by using AzCopy
AzCopy is a command-line utility designed for copying data to/from Microsoft Azure Blob, File, and Table storage, using simple commands designed for optimal performance. You can copy data between a file system and a
storage account, or between storage accounts.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy
QUESTION 28
You have an Azure virtual machine named VM1.
Azure collects events from VM1.
You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the System event log of VM1.
You need to specify which resource type to monitor.
What should you specify?
A. metric alert
B. Azure Log Analytics workspace
C. virtual machine
D. virtual machine extension
Correct Answer: B
Section:
Explanation:
Azure Monitor can collect data directly from your Azure virtual machines into a Log Analytics workspace for analysis of details and correlations. Installing the Log Analytics VM extension for Windows and Linux allows Azure
Monitor to collect data from your Azure VMs.
Azure Log Analytics workspace is also used for on-premises computers monitored by System Center Operations Manager.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm
QUESTION 29
HOTSPOT
You have an Azure subscription that contains an Azure Storage account named storage1 and the users shown in the following table.
You plan to monitor storage1 and to configure email notifications for the signals shown in the following table.
You need to identify the minimum number of alert rules and action groups required for the planned monitoring.
How many alert rules and action groups should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
IT Certification Exams - Questions & Answers | Vdumps.com
Hot Area:
Answer Area:
Section:
Explanation:
Box 1 : 4
As there are 4 distinct set of resource types (Ingress, Egress, Delete storage account, Restore blob ranges), so you need 4 alert rules. In one alert rule you can't specify different type of resources to monitor. So you need 4 alert
rules.
Box 2 : 3
There are 3 distinct set of "Users to notify" as (User 1 and User 3), (User1 only), and (User1, User2, and User3). You can't set the action group based on existing group (Group1 and Group2) as there is no specific group for
User1 only. So you need to create 3 action group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups
QUESTION 30
IT Certification Exams - Questions & Answers | Vdumps.com
You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2.
VM2 is protected by RSV1.
You need to use RSV2 to protect VM2.
What should you do first?
A. From the RSV1 blade, click Backup items and stop the VM2 backup.
B. From the RSV1 blade, click Backup Jobs and export the VM2 backup.
C. From the RSV1 blade, click Backup. From the Backup blade, select the backup for the virtual machine, and then click Backup.
D. From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault.
Correct Answer: D
Section:
Explanation:
The Azure Site Recovery service contributes to your disaster recovery strategy by managing and orchestrating replication, failover, and failback of on-premises machines and Azure virtual machines (VMs).
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-quickstart
https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication
IT Certification Exams - Questions & Answers | Vdumps.com
QUESTION 31
You have an Azure subscription that contains the resources shown in the following table.
All virtual machines run Windows Server 2016.
On VM1, you back up a folder named Folder1 as shown in the following exhibit.
You plan to restore the backup to a different virtual machine.
You need to restore the backup to VM2.
What should you do first?
A. From VM2, install the Microsoft Azure Recovery Services Agent
B. From VM1, install the Windows Server Backup feature
C. From VM2, install the Windows Server Backup feature
D. From VM1, install the Microsoft Azure Recovery Services Agent
Correct Answer: A
Section:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-windows-server
QUESTION 32
HOTSPOT
IT Certification Exams - Questions & Answers | Vdumps.com
You have an Azure subscription that contains an Azure Availability Set named WEBPROD-AS-USE2 as shown in the following exhibit.
You add 14 virtual machines to WEBPROD-AS-USE2.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Box 1: 2
There are 10 update domains. The 14 VMs are shared across the 10 update domains so four update domains will have two VMs and six update domains will have one VM. Only one update domain is rebooted at a time.
Therefore, a maximum of two VMs will be offline.
Box 2: 7
There are 2 fault domains. The 14 VMs are shared across the 2 fault domains, so 7 VMs in each fault domain.
A rack failure will affect one fault domain so 7 VMs will be offline.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
QUESTION 33
HOTSPOT
You deploy an Azure Kubernetes Service (AKS) cluster that has the network profile shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Box 1 : Containers will get the IP address from the virtual network subnet CIDr which is 10.244.0.0/16
Box 2 : Services in the AKS cluster will be assigned an IP address in the service CIDR which is 10.0.0.0/16
Reference:
https://docs.microsoft.com/en-us/azure/aks/configure-azure-cni
QUESTION 34
You plan to create an Azure virtual machine named VM1 that will be configured as shown in the following exhibit.
The planned disk configurations for VM1 are shown in the following exhibit.
IT Certification Exams - Questions & Answers | Vdumps.com
You need to ensure that VM1 can be created in an Availability Zone.
Which two settings should you modify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Use managed disks
B. Availability options
IT Certification Exams - Questions & Answers | Vdumps.com
C. OS disk type
D. Size
E. Image
Correct Answer: A, C
Section:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/move-azure-vms-avset-azone
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-portal-availability-zone
QUESTION 35
You have an Azure subscription that contains a web app named webapp1. You need to add a custom domain named www.contoso.com to webapp1. What should you do first?
A. Upload a certificate.
B. Add a connection string.
C. Stop webapp1.
D. Create a DNS record.
Correct Answer: D
Section:
QUESTION 36
You create an App Service plan named plan1 and an Azure web app named webapp1. You discover that the option to create a staging slot is unavailable. You need to create a staging slot for plan1.
What should you do first?
A. From webapp1, modify the Application settings.
B. From webapp1, add a custom domain.
C. From plan1, scale up the App Service plan.
D. From plan1, scale out the App Service plan.
Correct Answer: C
Section:
Explanation:
Scale up: Get more CPU, memory, disk space, and extra features like dedicated virtual machines (VMs), custom domains and certificates, staging slots, autoscaling, and more.
You scale up by changing the pricing tier of the App Service plan that your app belongs to.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/manage-scale-up
QUESTION 37
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?
A. Azure Active Directory (AD) Identity Protection and an Azure policy
B. a Recovery Services vault and a backup policy
C. an Azure Key Vault and an access policy
IT Certification Exams - Questions & Answers | Vdumps.com
D. an Azure Storage account and an access policy
Correct Answer: D
Section:
Explanation:
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file.
Reference: https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/
QUESTION 38
HOTSPOT
You plan to deploy an Azure container instance by using the following Azure Resource Manager template.
IT Certification Exams - Questions & Answers | Vdumps.com
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the template.
Hot Area:
Answer Area:
Section:
Explanation:
Box 1: can connect to the container from any device
In the policy "osType": "window" refer that it will create a container in a container group that runs
Windows but it won't block access depending on device type.
Box 2: the container will restart automatically
Docker provides restart policies to control whether your containers start automatically when they exit, or when Docker restarts. Restart policies ensure that linked containers are started in the correct order. Docker
recommends that you use restart policies, and avoid using process managers to start containers.
on-failure : Restart the container if it exits due to an error, which manifests as a non-zero exit code.
As the flag is mentioned as "on-failure" in the policy, so it will restart automatically
Reference:
https://docs.microsoft.com/en-us/cli/azure/container?view=azure-cli-latest
https://docs.docker.com/config/containers/start-containers-automatically/
QUESTION 39
You create an Azure subscription named Subscription1 and an associated Azure Active Directory (Azure AD) tenant named Tenant1. Tenant1 contains the users in the following table.
IT Certification Exams - Questions & Answers | Vdumps.com
You need to add an Azure AD Privileged Identity Management application to Tenant1.
Which account can you use?
A. [email protected]
B. [email protected]
C. [email protected]
D. [email protected]
Correct Answer: B
Section:
Explanation:
For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged role administrator or Global administrator role can manage assignments for other administrators. You can grant access to other
administrators to manage Privileged Identity Management. Global
Administrators, Security Administrators, Global readers, and Security Readers can also view assignments to Azure AD roles in Privileged Identity Management.
Only owner can create an subscription and only global administrator can perform Privileged Identity
Management changes. So you can create subscription with external user and then promote him to global administrator to get things done.
As it is mentioned as it is associated with azure tenant so that tenant has an AD domain. So in azure
AD the default domain ends with onmicrosoft.com. So you can't have Hotmail IDs there. Moreover always remember the principle of least privileges, when you can get your job done with Global
Administrator then you should not look for owner for security purpose.
[email protected] : Correct Choice
As Admin1 is Global Administrator and part of default AD domain so Admin1 can add an Azure AD
Privileged Identity Management application to Tenant1
[email protected] : Incorrect Choice
As per the above explanation Admin3 is not Global Administrator, so this option is incorrect.
[email protected] : Incorrect Choice
As per the above explanation Admin2 is not Global Administrator, so this option is incorrect.
[email protected] : Incorrect Choice
Although this user is Global Administrator but referring to the least privileges principal and default domain consideration this option is incorrect.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pimgetting-started
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance
QUESTION 40
HOTSPOT
You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit.
IT Certification Exams - Questions & Answers | Vdumps.com
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
As cooling period and scale in and scale out durations are not displayed in the graphical view, so we need to consider the default values as below for these settings.
Cool down (minutes) : The amount of time to wait before the rule is applied again so that the autoscale actions have time to take effect. Default is 5 minutes.
Duration : The amount of time monitored before the metric and threshold values are compared.
Default is 10 minutes.
Box 1: 4 virtual machines
The Autoscale scale out rule increases the number of VMs by 2 if the CPU threshold is 80% or higher for more than or equals to 10 mins due to default duration for scale in and out is 10 minutes. Since
CPU utilization at 85% only lasts for 6 mins , it does not trigger the rules.
Hence no of virtual machines will be same as the initial value which is 4.
Box 2: 4 virtual machines
The Autoscale scale in rule decreases the number of VMs by 4 if the CPU threshold is 30% or lower for more than or equal to 10 mins. due to default duration for scale in and out is 10 minutes . Since
CPU utilization at 30% only lasts for 6 mins , it does not trigger the rules. Hence after first 6 mins instance count will be same as initial count as 4. After that CPU utilization reached to 50% for 6 mins , which again would not
IT Certification Exams - Questions & Answers | Vdumps.com
trigger the scale in rule. Therefore no of virtual machines will be same as the initial value which is 4.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-overview
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-common-scale-patterns
QUESTION 41
HOTSPOT
You need to create an Azure Storage account that meets the following requirements:
• Minimizes costs
• Supports hot, cool, and archive blob tiers
• Provides fault tolerance if a disaster affects the Azure region where the account resides
How should you complete the command? To answer, select the appropriate options in the answer are
a. NOTE: Each correct selection is worth one point
Hot Area:
Answer Area:
Section:
Explanation:
Box 1: StorageV2
You may only tier your object storage data to hot, cool, or archive in Blob storage and General Purpose v2 (GPv2) accounts. General Purpose v1 (GPv1) accounts do not support tiering.
General-purpose v2 accounts deliver the lowest per-gigabyte capacity prices for Azure Storage, as well as industry-competitive transaction prices.
Box 2: Standard_GRS
Geo-redundant storage (GRS): Cross-regional replication to protect against region-wide unavailability.
Incorrect Answers:
Locally-redundant storage (LRS): A simple, low-cost replication strategy. Data is replicated within a single storage scale unit.
Read-access geo-redundant storage (RA-GRS): Cross-regional replication with read access to the replica. RA-GRS provides read-only access to the data in the secondary location, in addition to georeplication across two
regions, but is more expensive compared to GRS.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-grs
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
QUESTION 42
DRAG DROP
IT Certification Exams - Questions & Answers | Vdumps.com
You have an Azure subscription that contains an Azure file share.
You have an on-premises server named Server1 that runs Windows Server 2016.
You plan to set up Azure File Sync between Server1 and the Azure file share.
You need to prepare the subscription for the planned Azure File Sync.
Which two actions should you perform in the Azure subscription? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar
between panes or scroll to view content.
Select and Place:
Correct Answer:
Section:
Explanation:
As per the official MS doc:
The recommended steps to onboard on Azure File Sync for the first with zero downtime while preserving full file fidelity and access control list (ACL) are as follows:
1. Deploy a Storage Sync Service. --> This needs to be done on Azure .
2. Create a sync group. --> This needs to be done on Azure
3. Install Azure File Sync agent on the server with the full data set. --> This needs to be done on server1.
IT Certification Exams - Questions & Answers | Vdumps.com
4. Register that server and create a server endpoint on the share. --> This needs to be done on server1.
5. Let sync do the full upload to the Azure file share (cloud endpoint).
6. After the initial upload is complete, install Azure File Sync agent on each of the remaining servers.
7. Create new file shares on each of the remaining servers.
8. Create server endpoints on new file shares with cloud tiering policy, if desired. (This step requires additional storage to be available for the initial setup.)
9. Let Azure File Sync agent do a rapid restore of the full namespace without the actual data transfer.
After the full namespace sync, sync engine will fill the local disk space based on the cloud tiering policy for the server endpoint.
10. Ensure sync completes and test your topology as desired.
11. Redirect users and applications to this new share.
12. You can optionally delete any duplicate shares on the servers.
First action: Create a Storage Sync Service
The deployment of Azure File Sync starts with placing a Storage Sync Service resource into a resource group of your selected subscription.
Second action: Create a sync group
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A
server endpoint represents a path on a registered server.
A server can have server endpoints in multiple sync groups. You can create as many sync groups as you need to appropriately describe your desired sync topology.
IT Certification Exams - Questions & Answers | Vdumps.com
Third action: Run Server Registration
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service. A server can only be registered to one
Storage Sync Service and can sync with other servers and Azure file shares associated with the same
Storage Sync Service. )
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deploymentguide? tabs=azure-portal
QUESTION 43
HOTSPOT
You have several Azure virtual machines on a virtual network named VNet1.
You configure an Azure Storage account as shown in the following exhibit.
IT Certification Exams - Questions & Answers | Vdumps.com
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Box 1: never
For Subnet 10.2.9.0/24, endpoint (Refer to first endpoint) is not enabled into the storage account shown in the exhibit. Hence there would not be any connectivity to the file shares in storage account.
To establish this connection you must have to enable the endpoint.
Box 2: never
After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network
restricted storage account. As this required setting is missing , so Azure backup will not be able to take backup of unmanaged disks.
IT Certification Exams - Questions & Answers | Vdumps.com
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints
https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-accounts-secured-with-azurestorage-firewalls-and-virtual-networks/
QUESTION 44
You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. an XML manifest file
B. a driveset CSV file
C. a dataset CSV file
D. a PowerShell PS1 file
IT Certification Exams - Questions & Answers | Vdumps.com
E. a JSON configuration file
Correct Answer: B, C
Section:
Explanation:
B: Modify the driveset.csv file in the root folder where the tool resides.
C: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-datato-files
QUESTION 45
HOTSPOT
You have an Azure subscription that contains an Azure Storage account.
You plan to copy an on-premises virtual machine image to a container named vmimages.
You need to create the container for the planned image.
Which command should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
Section:
IT Certification Exams - Questions & Answers | Vdumps.com
Explanation:
Box 1: make
Here the purpose is to 'create a container". So the correct command would be azcopy make.
Box 2: blob
The requirement is for storing that image, it's not used to build AKS. So blob is correct option.
Reference:
https://adamtheautomator.com/azcopy-copy-files/
QUESTION 46
HOTSPOT
You have a sync group that has the endpoints shown in the following table.
Cloud tiering is enabled for Endpoint3.
You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.
You need to identify on which endpoints File1 and File2 will be available within 24 hours of adding the files.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
File1: Endpoint3 only
Cloud Tiering: A switch to enable or disable cloud tiering. When enabled, cloud tiering will tier files to your Azure file shares. This converts on-premises file shares into a cache, rather than a complete copy of the dataset, to
help you manage space efficiency on your server. With cloud tiering, infrequently used or accessed files can be tiered to Azure Files.
File2: Endpoint1, Endpoint2, and Endpoint3
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-cloud-tiering
QUESTION 47
HOTSPOT
You have an Azure subscription that contains an Azure Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory domain. The domain contains the users shown in the
following table.
You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:
Number of methods required to reset: 2
Methods available to users: Mobile phone, Security questions
Number of questions required to register: 3
Number of questions required to reset: 3
You select the following security questions:
What is your favorite food?
In what city was your first job?
What was the name of your first pet?
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Box 1: No
Administrator accounts are special accounts with elevated permissions. To secure them, the following restrictions apply to changing passwords of administrators:
On-premises enterprise administrators or domain administrators cannot reset their password through Self-service password reset (SSPR). They can only change their password in their onpremises environment. Thus, we
recommend not syncing on-prem AD admin accounts to Azure AD.
An administrator cannot use secret Questions & Answers as a method to reset password.
Box 2: Yes
Self-service password reset (SSPR) is an Azure Active Directory feature that enables employees to reset their passwords without needing to contact IT staff.
Box 3: Yes
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment
QUESTION 48
You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active Directory domain. The tenant contains the users shown in the following table.
The users have the attributes shown in the following table.
IT Certification Exams - Questions & Answers | Vdumps.com
You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four users.
Solution: You add an office phone number for User2.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
User3 requires a user account in Azure AD.
Note: Your Azure AD password is considered an authentication method. It is the one method that cannot be disabled.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authenticationmethods
QUESTION 49
You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active
Directory domain. The tenant contains the users shown in the following table.
The users have the attribute shown in the following table.
You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four users.
Solution: You add a mobile phone number for User2 and User4.
Does this meet the Goal?
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
User3 requires a user account in Azure AD.
Note: Your Azure AD password is considered an authentication method. It is the one method that cannot be disabled.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authenticationmethods
QUESTION 50
IT Certification Exams - Questions & Answers | Vdumps.com
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?
A. Azure Data Lake Store
B. a virtual machine
C. the Azure File Sync Storage Sync Service
D. Azure Blob storage
Correct Answer: D
Section:
Explanation:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
The maximum size of an Azure Files Resource of a file share is 5 TB.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
QUESTION 51
HOTSPOT
You have a pay-as-you-go Azure subscription that contains the virtual machines shown in the following table.
You create the budget shown in the following exhibit.
IT Certification Exams - Questions & Answers | Vdumps.com
The AG1 action group contains a user named [email protected] only.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Box 1: VM1 and VM2 continues to run
When the budget thresholds you've created are exceeded, only notifications are triggered. None of your resources are affected and your consumption isn't stopped. You can use budgets to compare and track spending as you
analyze costs.
Box 2: one email notification will be sent each month
Budget alerts for Resource Group RG1, which include VM1, but not VM2.VM1 consumes 20 Euro/day.
The 50% ,500 Euro limit, will be reached in 25 days, and an email will be sent.
The 70% and 100% alert conditions will not be reached within a month, and they don't trigger email actions anyway.
Reference:
https://docs.microsoft.com/en-gb/azure/cost-management-billing/costs/tutorial-acm-createbudgets
https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/cost-mgt-alerts-monitorusage-spending
QUESTION 52
You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains the users shown in the following table.
IT Certification Exams - Questions & Answers | Vdumps.com
Adatum.com has the following configurations:
Users may join devices to Azure AD is set to User1.
Additional local administrators on Azure AD joined devices is set to None.
You deploy Windows 10 to a computer named Computer. User1 joins Computer1 to adatum.com.
You need to identify which users are added to the local Administrators group on Computer1.
A. User1 only
B. User1, User2, and User3 only
C. User1 and User2 only
D. User1, User2, User3, and User4
E. User2 only
Correct Answer: C
Section:
Explanation:
Users may join devices to Azure AD - This setting enables you to select the users who can register their devices as Azure AD joined devices. The default is All.
Additional local administrators on Azure AD joined devices - You can select the users that are granted local administrator rights on a device. Users added here are added to the Device Administrators role in Azure AD. Global
administrators, here User2, in Azure AD and device owners are granted local administrator rights by default.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal
QUESTION 53
HOTSPOT
You have a sync group named Sync1 that has a cloud endpoint. The cloud endpoint includes a file named File1.txt.
You on-premises network contains servers that run Windows Server 2016. The servers are configured as shown in the following table.
You add Share1 as an endpoint for Sync1. One hour later, you add Share2 as an endpoint for Sync1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Statement 1: Yes
If you add an Azure file share that has an existing set of files as a cloud endpoint to a sync group, the existing files are merged with any other files that are already on other endpoints in the sync group.
Statement 2: No
Files present in any server endpoint will not be overwritten by the files present in cloud endpoint.
Hence this statement is false.
If you add a server location with an existing set of files as a server endpoint to a sync group, those files will be merged with any other files already on other endpoints in the sync group but not vice versa.
Statement 3: Yes
Azure File Sync has a simple architecture : cloud endpoints, which is the Azure File Sync service and server endpoints, which are the registered servers with the service. On top of that, we have Sync Groups, which combine one cloud endpoint
with one or more server endpoints. All members of this group will receive the replicated data where the central location will be the cloud endpoint.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-planning
http://techgenix.com/azure-file-sync-replicating-data/
QUESTION 54
You have an Azure subscription that contains the storage accounts shown in the following table.
IT Certification Exams - Questions & Answers | Vdumps.com
You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting a live migration from Azure support.
What should you identify?
A. Storage1
B. Storage2
C. Storage3
D. Storage4
Correct Answer: B
Section:
Explanation:
ZRS currently supports standard general-purpose v2, FileStorage and BlockBlobStorage storage account types.
Incorrect Answers:
A, not C: Live migration is supported only for storage accounts that use LRS replication. If your account uses GRS or RA-GRS, then you need to first change your account's replication type to LRS before proceeding. This
intermediary step removes the secondary endpoint provided by GRS/RAGRS.
Also, only standard storage account types support live migration. Premium storage accounts must be migrated manually.
D: ZRS currently supports standard general-purpose v2, FileStorage and BlockBlobStorage storage account types.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
QUESTION 55
HOTSPOT
You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1.
You create a backup Policy1 as shown in the exhibit. (Click the Exhibit tab.)
IT Certification Exams - Questions & Answers | Vdumps.com
You configure the backup of VM1 to use Policy1 on Thursday, January 1.
You need to identify the number of available recovery points for VM1.
How many recovery points are available on January 8 and on January 15? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Box 1: 6
4 daily + 1 weekly + monthly
Box 2: 8
4 daily + 2 weekly + monthly + yearly
QUESTION 56
HOTSPOT
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
IT Certification Exams - Questions & Answers | Vdumps.com
You plan to configure Azure Backup reports for Vault1.
You are configuring the Diagnostics settings for the AzureBackupReports log.
Which storage accounts and which Log Analytics workspaces can you use for the Azure Backup reports of Vault1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Box 1: storage3 only
Vault1 and storage3 are both in West Europe.
Box 2: Analytics1, Analytics2, Analytics3
https://docs.microsoft.com/en-us/azure/backup/backup-create-rs-vault
https://docs.microsoft.com/de-de/azure/backup/configure-reports
QUESTION 57
HOTSPOT
You have Azure subscription that includes following Azure file shares:
You have the following on-premises servers:
You create a Storage Sync Service named Sync1 and an Azure File Sync group named Group1. Group1 uses share1 as a cloud endpoint.
You register Server1 and Server2 in Sync1. You add D:\Folder1 on Server1 as a server endpoint of Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Box 1: No
Group1 already has a cloud endpoint named Share1.
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
Box 2: NO
Box 3: Yes
Yes, one or more server endpoints can be added to the sync group.
Reference:
https://docs.microsoft.com/en-us/azure/storage/file-sync/file-sync-server-endpointcreate? tabs=azure-portal
QUESTION 58
You have an Azure subscription that contains the following resources:
100 Azure virtual machines
20 Azure SQL databases
50 Azure file shares
You need to create a daily backup of all the resources by using Azure Backup.
What is the minimum number of backup policies that you must create?
A. 1
B. 2
C. 3
D. 150
IT Certification Exams - Questions & Answers | Vdumps.com
E. 170
Correct Answer: C
Section:
Explanation:
There is a limit of 100 VMs that can be associated to the same backup policy from portal. We recommend that for more than 100 VMs, create multiple backup policies with same schedule or different schedule.
One policy for VMS, one for SQL databases, and one for the file shares.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vm-backup-faq
QUESTION 59
You have an Azure subscription that includes data in following locations:
You plan to export data by using Azure import/export job named Export1.
You need to identify the data that can be exported by using Export1.
Which data should you identify?
A. DB1
B. Table1
C. container1
D. Share1
Correct Answer: D
Section:
Explanation:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage.
Only the Blob service is supported with the Export job feature
IT Certification Exams - Questions & Answers | Vdumps.com
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-requirements
QUESTION 60
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour.
Solution: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log
Analytics workspace as the source.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section:
Explanation:
Alerts in Azure Monitor can identify important information in your Log Analytics repository. They are created by alert rules that automatically run log searches at regular intervals, and if results of the log search match
particular criteria, then an alert record is created and it can be configured to perform an automated response.
The Log Analytics agent collects monitoring data from the guest operating system and workloads of virtual machines in Azure, other cloud providers, and on-premises. It collects data into a Log
Analytics workspace.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-response
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview
QUESTION 61
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
IT Certification Exams - Questions & Answers | Vdumps.com
You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour.
Solution: You create an event subscription on VM1. You create an alert in Azure Monitor and specify VM1 as the source.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
Instead: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the
source.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview
QUESTION 62
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
VM1 connects to a virtual network named VNET2 by using a network interface named NIC1.
You need to create a new network interface named NIC2 for VM1.
Solution: You create NIC2 in RG1 and West US.
Does this meet the goal?
A. Yes
B. NO
Correct Answer: A
Section:
Explanation:
The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a region.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
QUESTION 63
You have an Azure subscription that contains the resources shown in the following table.
IT Certification Exams - Questions & Answers | Vdumps.com
You need to create a network interface named NIC1.
In which location can you create NIC1?
A. East US and North Europe only.
B. East US and West Europe only.
C. East US, West Europe, and North Europe.
D. East US only.
Correct Answer: D
Section:
Explanation:
A virtual network is required when you create a NIC. Select the virtual network for the network interface. You can only assign a network interface to a virtual network that exists in the same subscription and location as the
network interface. Once a network interface is created, you cannot change the virtual network it is assigned to. The virtual machine you add the network interface to must also exist in the same location and subscription as
the network interface.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
QUESTION 64
DRAG DROP
You need to use Azure Automation State Configuration to manage the ongoing consistency of virtual machine configurations.
Which five actions should you perform in sequence? To answer, move the appropriate action from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place:
IT Certification Exams - Questions & Answers | Vdumps.com
Correct Answer:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Step 1: Upload a configuration to Azure Automation State Configuration.
Import the configuration into the Automation account.
Step 2: Compile a configuration into a node configuration.
A DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.
Step 3: Onboard the virtual machines to Azure Automation State Configuration.
Onboard the Azure VM for management with Azure Automation State Configuration
Step 4: Assign the node configuration
Step 5: Check the compliance status of the node
Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that node.
On the blade for an individual report, you can see the following status information for the corresponding consistency check:
The report status ó whether the node is "Compliant", the configuration "Failed", or the node is "Not Compliant"
Reference:
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started
QUESTION 65
You have an Azure virtual machine named VM1.
You use Azure Backup to create a backup of VM1 named Backup1.
After creating Backup1, you perform the following changes to VM1:
Modify the size of VM1.
IT Certification Exams - Questions & Answers | Vdumps.com
Copy a file named Budget.xls to a folder named Data.
Reset the password for the built-in administrator account.
Add a data disk to VM1.
An administrator uses the Replace existing option to restore VM1 from Backup1.
You need to ensure that all the changes to VM1 are restored.
Which change should you perform again?
A. Modify the size of VM1.
B. Add a data disk.
C. Reset the password for the built-in administrator account.
D. Copy Budget.xls to Data.
Correct Answer: D
Section:
Explanation:
The scenario mentioned in the question, we are using the replace option. So in this case we would lose the existing data written to the disk after the backup was taken. The file was copied to the disk after the backup was
taken. Hence, we would need to copy the file once again.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms#replace-existingdisks
QUESTION 66
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
You create virtual machines in Subscription1 as shown in the following table.
You plan to use Vault1 for the backup of as many virtual machines as possible.
Which virtual machines can be backed up to Vault1?
A. VM1, VM3, VMA, and VMC only
B. VM1 and VM3 only
C. VM1, VM2, VM3, VMA, VMB, and VMC
D. VM1 only
E. VM3 and VMC only
Correct Answer: A
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
To create a vault to protect virtual machines, the vault must be in the same region as the virtual machines. If you have virtual machines in several regions, create a Recovery Services vault in each region.
Reference:
https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault
QUESTION 67
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You modify the custom rule for NSG-VM1 to use the internet as a source and TCP as a protocol.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
NSGs deny all inbound traffic except from virtual network or load balancers. For inbound traffic,
Azure processes the rules in a network security group associated to a subnet first, and then the rules in a network security group associated to the network interface.
By default NSG rule to allow traffic through RDP port 3389 is not created automatically during the creation of VM , unless you change the setting during creation. Subnets usually do not have any NSG associated unless you go
out of the way to do so, which this scenario does. when you create that extra NSG, it won't have an RDP rule by default, thus blocking inbound connections.
Request first goes to NSG -subnet1 and as there is no allow rule for RDP so it will block the request by default.Since the Subnet NSG (the one with the default rules) is evaluated first, it blocks the inbound
RDP connection.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdpconnection
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules
QUESTION 68
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
IT Certification Exams - Questions & Answers | Vdumps.com
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote
Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Any source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol. You remove
NSG-VM1 from the network interface of VM1.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdpconnection
QUESTION 69
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote
Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.
IT Certification Exams - Questions & Answers | Vdumps.com
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section:
Explanation:
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdpconnection
QUESTION 70
HOTSPOT
You have an Azure subscription that contains the virtual machines shown in the following table.
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.
NSG2 uses the default and the following custom incoming rule:
Priority: 100
Name: Rule1
Port: 3389
Protocol: TCP
Source: Any
Destination: Any
Action: Allow
NSG1 connects to Subnet1. NSG2 connects to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Box 1: No
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Box 2: Yes
NSG2 will allow this.
Box 3: Yes
NSG2 will allow this.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdpconnection
QUESTION 71
HOTSPOT
You manage two Azure subscriptions named Subscription1 and Subscription2.
Subscription1 has following virtual networks:
The virtual networks contain the following subnets:
Subscription2 contains the following virtual network:
Name: VNETA
Address space: 10.10.128.0/17
Location: Canada Central
VNETA contains the following subnets:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
IT Certification Exams - Questions & Answers | Vdumps.com
Hot Area:
Answer Area:
Section:
Explanation:
Box 1: Yes
With VNet-to-VNet you can connect Virtual Networks in Azure across Different regions.
Box 2: Yes
Azure supports the following types of peering:
Virtual network peering: Connect virtual networks within the same Azure region.
Global virtual network peering: Connecting virtual networks across Azure regions.
Box 3: Yes
Reference:
https://azure.microsoft.com/en-us/blog/vnet-to-vnet-connecting-virtual-networks-in-azure-acrossdifferent-regions/
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-managepeering# requirements-and-constraints
QUESTION 72
You create an Azure VM named VM1 that runs Windows Server 2019.
VM1 is configured as shown in the exhibit. (Click the Exhibit button.)
IT Certification Exams - Questions & Answers | Vdumps.com
You need to enable Desired State Configuration for VM1.
What should you do first?
A. Configure a DNS name for VM1.
B. Start VM1.
C. Connect to VM1.
D. Capture a snapshot of VM1.
Correct Answer: B
Section:
Explanation:
Status is Stopped (Deallocated).
The DSC extension for Windows requires that the target virtual machine is able to communicate with
Azure.
The VM needs to be started.
Reference:
IT Certification Exams - Questions & Answers | Vdumps.com
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-windows
QUESTION 73
You have an Azure subscription that contains the resources shown in the following table.
VM1 and VM2 run a website that is configured as shown in the following table.
LB1 is configured to balance requests to VM1 and VM2.
You configure a health probe as shown in the exhibit. (Click the Exhibit tab.)
IT Certification Exams - Questions & Answers | Vdumps.com
You need to ensure that the health probe functions correctly.
What should you do?
A. On LB1, change the Unhealthy threshold to 65536.
B. On LB1, change the port to 8080.
C. On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\Temp folder.
D. On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\SiteA\Temp folder.
Correct Answer: D
Section:
Explanation:
Load balancing provides a higher level of availability and scale by spreading incoming requests across virtual machines (VMs). You can use the Azure portal to create a Standard load balancer and balance internal traffic among
VMs.
To load balance successfully between VM1 and VM2 you have to place the html file in the path mentioned in the Probe1 configuration.
IT Certification Exams - Questions & Answers | Vdumps.com
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-internalportal
QUESTION 74
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft
SharePoint document library named Library1.
You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.
Which two groups should you create? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. a Security group that uses the Assigned membership type
B. an Office 365 group that uses the Assigned membership type
C. an Office 365 group that uses the Dynamic User membership type
D. a Security group that uses the Dynamic User membership type
E. a Security group that uses the Dynamic Device membership type
Correct Answer: B, C
Section:
Explanation:
You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).
Note: With the increase in usage of Office 365 Groups, administrators and users need a way to clean up unused groups. Expiration policies can help remove inactive groups from the system and make things cleaner.
When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, etc.) are also deleted.
You can set up a rule for dynamic membership on security groups or Office 365 groups.
Incorrect Answers:
A, D, E: You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).
Reference:
https://docs.microsoft.com/en-us/office365/admin/create-groups/office-365-groups-expirationpolicy?view=o365-worldwide
QUESTION 75
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.com.onmicrosoft.com.
Solution: You instruct User1 to create the user accounts.
A. Yes
B. No
Correct Answer: A
Section:
Explanation:
IT Certification Exams - Questions & Answers | Vdumps.com
Only a global administrator can add users to this tenant.
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
QUESTION 76
Your on-premises network contains an Active Directory domain named adatum.com that is synced to Azure Active Directory (Azure AD). Password writeback is disabled.
In adatum.com, you create the users shown in the following table.
Which users must sign in from a computer joined to adatum.com?
A. User2 only
B. User1 and User3 only
C. User1, User2, and User3
D. User2 and User3 only
E. User1 only
Correct Answer: E
Section:
Explanation:
Password writeback is a feature enabled with Azure AD Connect that allows password changes in the cloud to be written back to an existing on-premises directory in real time.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback
QUESTION 77
You have an Azure virtual machine named VM1 that runs Windows Server 2019. You sign in to VM1 as a user named User 1 and perform the following actions:
* Create files on drive C.
* Create files on drive 0.
* Modify the screen saver timeout.
* Change the desktop background.
You plan to redeploy VM1.
Which changes will be lost after you redeploy VM1?
A. the modified screen saver timeout
B. the new desktop background
C. the new files on drive D
D. The new files on drive C
Correct Answer: C
Section:
Explanation:
https://www.cloudelicious.net/azure-vms-and-their-temporary-storage/
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/redeploy-to-new-
nodewindows#:~:text=Redeploy%20Windows%20virtual%20machine%20to%20new%20Azure%20node&text=When%20you%20redeploy%20a%20VM,configuration%20options%20and%20associated%20resources.
IT Certification Exams - Questions & Answers | Vdumps.com
QUESTION 78
You have the Azure virtual machines shown in the following table.
A DNS service is install on VM1.
You configure the DNS server settings for each virtual network as shown in the following exhibit.
You need 10 ensure that all the virtual machines can resolve DNS names by using the DNS service on VM1. What should you do?
A. Add service endpoints on VNET2 and VNET3.
B. Configure peering between VNE11, VNETT2, and VNET3.
C. Configure a conditional forwarder on VM1
D. Add service endpoints on VNET1.
Correct Answer: B
Section:
Explanation:
An Azure AD DS DNS zone should only contain the zone and records for the managed domain itself.
A conditional forwarder is a configuration option in a DNS server that lets you define a DNS domain, such as contoso.com, to forward queries to. Instead of the local DNS server trying to resolve queries for records in that
domain, DNS queries are forwarded to the configured DNS for that domain. This configuration makes sure that the correct DNS records are returned, as you don't create a local a DNS zone with duplicate records in the
managed domain to reflect those resources.
To create a conditional forwarder in your managed domain, complete the following steps:
1. Select your DNS zone, such as aaddscontoso.com.
2. Select Conditional Forwarders, then right-select and choose New Conditional Forwarder...
3. Enter your other DNS Domain, such as contoso.com, then enter the IP addresses of the DNS servers for that namespace, as shown in the following example:
4. Check the box for Store this conditional forwarder in Active Directory, and replicate it as follows, then select the option for All DNS servers in this domain, as shown in the following example:
IT Certification Exams - Questions & Answers | Vdumps.com
5. To create the conditional forwarder, select OK.
Name resolution of the resources in other namespaces from VMs connected to the managed domain should now resolve correctly. Queries for the DNS domain configured in the conditional forwarder are passed to the relevant DNS servers.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-dns
QUESTION 79
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)
IT Certification Exams - Questions & Answers | Vdumps.com
You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol VM1 is used as a web server only.
You need to ensure that users can connect to the website from the Internet.
What should you do?
A. Change the priority of Rule3 to 450.
B. Change the priority of Rule6 to 100
C. DeleteRule1.
D. Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a priority of 501.
E. For Rule5, change the Action to Allow and change the priority to 401
Correct Answer: E
Section:
Explanation:
HTTPS uses port 443.
Rule2, with priority 500, denies HTTPS traffic.
Rule5, with priority changed from 2000 to 401, would allow HTTPS traffic.
Note: Priority is a number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule,
processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
QUESTION 80
HOTSPOT
You have an Azure subscription named Subcription1 that contains a resource group named RG1.
In RG1. you create an internal load balancer named LB1 and a public load balancer named 162.
You need to ensure that an administrator named Admin 1 can manage LB1 and LB2. The solution must follow the principle of least privilege.
Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
IT Certification Exams - Questions & Answers | Vdumps.com
Hot Area:
Answer Area:
Section:
Explanation:
Box 1: Network Contributor on RG1
To add to the backend pool, write permission is required on the Resource Group because it writes deployment information. To add a backend pool, you need network contributor role on the LB and on the VMs that will be
part of the backend pool.
For this reason the network contributor role must be assigned to the RG where the LB and the VM resides. So the correct answer is Network Contributor on RG1 .
Box 2: Network Contributor on RG1
For Health Probe also, without having access to RG1, no health probe can be added. If only Network
Contributor role is assigned to LB then the user would not be able to access the IP addresses of the member pools.
Owner/Contributor can give the user access for everything. So it will not fit into the the principle of least privilege. Hence Owner and contributor role is incorrect choices for the question.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
QUESTION 81
HOTSPOT
You have an Azure virtual machine that runs Windows Server 2019 and has the following configurations:
Name: VM1
Location: West US
Connected to: VNET1
Private IP address: 10.1.0.4
Public IP addresses: 52.186.85.63
DNS suffix in Windows Server: Adatum.com
You create the Azure DNS zones shown in the following table.
IT Certification Exams - Questions & Answers | Vdumps.com
You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register.
Which zones should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
Section:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
QUESTION 82
HOTSPOT
IT Certification Exams - Questions & Answers | Vdumps.com
You have Azure subscriptions named Subscription1 and Subscription2.
Subscription1 has following resource groups:
RG1 includes a web app named App1 in the West Europe location.
Subscription2 contains the following resource groups:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
Section:
Explanation:
App1 present in RG1 and in RG1 there is no lock available. So you can move App1 to other resource groups, RG2, RG3, RG4.
Note:
App Service resources can only be moved from the resource group in which they were originally created. If an App Service resource is no longer in its original resource group, move it back to its original resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/movelimitations/app-service-move-limitations
IT Certification Exams - Questions & Answers | Vdumps.com
QUESTION 83
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote
Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Internet source to the VirtualNetwork destination for port range 3389 and uses the UDP protocol.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
The default port for RDP is TCP port 3389 not UDP.
NSGs deny all inbound traffic except from virtual network or load balancers. For inbound traffic,
Azure processes the rules in a network security group associated to a subnet first, and then the rules in a network security group associated to the network interface.
By default NSG rule to allow traffic through RDP port 3389 is not created automatically during the creation of VM , unless you change the setting during creation.
Here in the solution UDP traffic is allowed at virtual network level which is not tcp/rdp protocol. So this will not work to achieve the goal.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdpconnection
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules
QUESTION 84
You have an Active Directory domain named contoso.com that contains the objects shown in the following table.
The groups have the memberships shown in the following table.
IT Certification Exams - Questions & Answers | Vdumps.com
OU1 and OU2 are synced to Azure Active Directory (Azure AD).
You modify the synchronization settings and remove OU1 from synchronization. You sync Active
Directory and Azure AD.
Which objects are in Azure AD?
A. User4 and Group2 only
B. User2, Group1, User4, and Group2 only
C. User1, User2, Group1, User4, and Group2 only
D. User1, User2, User3, User4, Group1, and Group2
Correct Answer: C
Section:
QUESTION 85
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant contains 500 user accounts.
You deploy Microsoft Office 365. You configure Office 365 to use the user accounts in adatum.com.
You configure 60 users to connect to mailboxes in Microsoft Exchange Online.
You need to ensure that the 60 users use Azure Multi-Factor Authentication (MFA) to connect to the Exchange Online mailboxes. The solution must only affect connections to the Exchange Online mailboxes.
What should you do?
A. From the multi-factor authentication page, configure the Multi-Factor Auth status for each user
B. From Azure Active Directory admin center, create a conditional access policy
C. From the multi-factor authentication page, modify the verification options
D. From the Azure Active Directory admin center, configure an authentication method
Correct Answer: A
Section:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
QUESTION 86
Your network contains an on-premises Active Directory domain named adatum.com. The domain contains an organizational unit (OU) named OU1. OU1 contains the objects shown in the following table.
IT Certification Exams - Questions & Answers | Vdumps.com
You sync OU1 to Azure Active Directory (Azure AD) by using Azure AD Connect.
You need to identify which objects are synced to Azure AD.
Which objects should you identify?
A. User1 and Group1 only
B. User1, Group1, and Group2 only
C. User1, Group1, Group2, and Computer1
D. Computer1 only
Correct Answer: B
Section:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization
QUESTION 87
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User4 to create the user accounts.
Does that meet the goal?
A. yes
B. No
Correct Answer: B
Section:
Explanation:
Only a global administrator can add users to this tenant.
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
IT Certification Exams - Questions & Answers | Vdumps.com
QUESTION 88
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.
You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?
A. From contoso.com, modify the Organization relationships settings.
B. From contoso.com, create an OAuth 2.0 authorization endpoint.
C. Recreate AKS1.
D. From AKS1, create a namespace.
Correct Answer: B
Section:
Explanation:
With Azure AD-integrated AKS clusters, you can grant users or groups access to Kubernetes resources within a namespace or across the cluster. To obtain a kubectl configuration context, a user can run the az aks get-
credentials command. When a user then interacts with the AKS cluster with kubectl, they're prompted to sign in with their Azure AD credentials. This approach provides a single source for user account management and
password credentials. The user can only access the resources as defined by the cluster administrator.
Azure AD authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol. For more information on OpenID Connect, see the Open ID connect
documentation. From inside of the Kubernetes cluster, Webhook Token
Authentication is used to verify authentication tokens. Webhook token authentication is configured and managed as part of the AKS cluster.
Reference:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/
https://docs.microsoft.com/en-us/azure/aks/concepts-identity
Topic 6, Misc. Questions Set B
QUESTION 89
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table:
IT Certification Exams - Questions & Answers | Vdumps.com
User3 is the owner of Group1.
Group2 is a member of Group1.
You configure an access review named Review1 as shown in the following exhibit:
IT Certification Exams - Questions & Answers | Vdumps.com
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
In the Users section, specify the users that the access review applies to. Access reviews can be for the members of a group or for users who were assigned to an application. You can further scope the access review to review
only the guest users who are members (or assigned to the application), rather than reviewing all the users who are members or who have access to the application.
Present Use Case:
Group2 is a member of Group1 and User3 is the owner of Group1 So User3 can review both Group 1 and 2.
But for review the scope says only Guest.
Solution:
User1 is a member not a guest so 1st statement ==> NO
UserA is member not the guest so 2nd statement ==> No
UserB is a guest so 3rd statement ==> Yes
IT Certification Exams - Questions & Answers | Vdumps.com
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
QUESTION 90
HOTSPOT
You have the Azure management groups shown in the following table.
You add Azure subscriptions to the management groups as shown in the following table.
You create the Azure policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Box 1: No
Virtual networks are not allowed at the root and is inherited. Deny overrides allowed.
Box 2: No
Box 3: Yes
Subscriptions can be moved between Management Groups provided the user has the required RBAC permissions.
Reference:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
https://docs.microsoft.com/en-us/azure/governance/management-groups/manage#movingmanagement-groups-and-subscriptions
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
QUESTION 91
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error events from a table named Event.
Which query should you run in Workspace1?
A. Event | where EventType is "error"
B. Event | search "error"
C. select * from Event where EventType == "error"
D. Get-Event Event | where {$_.EventType -eq "error"}
Correct Answer: B
Section:
Explanation:
To search a term in a specific table, add in (table-name) just after the search operator
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-queries
QUESTION 92
You have an Azure virtual machine named VM1 that runs Windows Server 2019.
You save VM1 as a template named Template1 to the Azure Resource Manager library.
You plan to deploy a virtual machine named VM2 from Template1.
What can you configure during the deployment of VM2?
A. virtual machine size
B. operating system
C. administrator username
D. resource group
Correct Answer: C
Section:
Explanation:
When deploying a virtual machine from a template, you must specify: the Resource Group name and location for the VM the administrator username and password an unique DNS name for the public IP
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/ps-template
IT Certification Exams - Questions & Answers | Vdumps.com
QUESTION 93
HOTSPOT
You have an Azure subscription named Subscription1. Subscription1 contains two Azure virtual machines named VM1 and VM2. VM1 and VM2 run Windows Server 2016.
VM1 is backed up daily by Azure Backup without using the Azure Backup agent.
VM1 is affected by ransomware that encrypts data.
You need to restore the latest backup of VM1.
To which location can you restore the backup? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
Section:
Explanation:
Box 1 : VM1 and VM2 only
When recovering files, you can't restore files to a previous or future operating system version.You can restore files from a VM to the same server operating system, or to the compatible client operating system. Therefore -
"VM1 and VM2 only" is the best answer since both run on Windows Server 2016.
"A new Azure virtual machine only" ,this will also work but why to create unnecessary new VM in
IT Certification Exams - Questions & Answers | Vdumps.com
Azure if existing VM will do the task. So this option is incorrect.
Box 2 : VM1 or A new Azure virtual machine only
When restoring a VM, you can't use the replace existing VM option for encrypted VMs. This option is only supported for unencrypted managed disks. And also You can restore files from a VM to the same server operating
system, or to the compatible client operating system only. Hence "VM1 or A new
Azure virtual machine only" is correct answer.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm#systemrequirements
QUESTION 94
You have an Azure subscription that contains an Azure Storage account.
You plan to create an Azure container instance named container1 that will use a Docker image namedImage1. Image1 contains a Microsoft SQL Server instance that requires persistent storage.
You need to configure a storage service for Container1.
What should you use?
A. Azure Files
B. Azure Blob storage
C. Azure Queue storage
D. Azure Table storage
Correct Answer: A
Section:
Explanation:
Microsoft have Docker Volume Plugin for Azure file storage which provides exactly this and it is used for Azure file shares.
Azure File Storage volume plugin is not limited to ease of container migration. It also allows a file share to be shared among multiple containers (even though they are on different hosts) to collaborate on workloads, share
configuration or secrets of an application running on multiple hosts.
Another use case is uploading metrics and diagnostics data such as logs from applications to a file share for further processing.
Reference:
https://azure.microsoft.com/en-gb/blog/persistent-docker-volumes-with-azure-file-storage/
Azure file shares can be used as persistent volumes for stateful containers. Containers deliver "build once, run anywhere" capabilities that enable developers to accelerate innovation. For the containers that access raw data at every start, a
shared file system is required to allow these containers to access the file system no matter which instance they run on.
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction
QUESTION 95
You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2.
You plan to implement an Azure Availability Set for App1. The solution must ensure that App1 is available during planned maintenance of the hardware hosting VM1 and VM2.
What should you include in the Availability Set?
A. one update domain
B. two fault domains
C. one fault domain
D. two update domains
Correct Answer: D
Section:
Explanation:
The hardware in a location is divided in to multiple update domains and fault domains. An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time.
VMs in the same fault domain share common storage as well as a common power source and network switch.
Microsoft updates, which Microsoft refers to as planned maintenance events, sometimes require that VMs be rebooted to complete the update. To reduce the impact on VMs, the Azure fabric is divided into update domains
IT Certification Exams - Questions & Answers | Vdumps.com
to ensure that not all VMs are rebooted at the same time.
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets
QUESTION 96
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
From the RG1 blade, click Deployments. You see a history of deployment for the resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorialcreate-first-template?tabs=azure-powershell
Through activity logs, you can determine:
ß what operations were taken on the resources in your subscription ß who started the operation ß when the operation occurred ß the status of the operation ß the values of other properties that might help you research the operation
On the Azure portal menu, select Monitor, or search for and select Monitor from any page
IT Certification Exams - Questions & Answers | Vdumps.com
2. Select Activity Log.
IT Certification Exams - Questions & Answers | Vdumps.com
3. You see a summary of recent operations. A default set of filters is applied to the operations. Notice the information on the summary includes who started the action and when it happened.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs
QUESTION 97
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the RG1 blade, you click Automation script.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
From the RG1 blade, click Deployments. You see a history of deployment for the resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorialcreate-first-template?tabs=azure-powershell
Through activity logs, you can determine:
ß what operations were taken on the resources in your subscription ß who started the operation ß when the operation occurred ß the status of the operation ß the values of other properties that might help you research the operation
1. On the Azure portal menu, select Monitor, or search for and select Monitor from any page
IT Certification Exams - Questions & Answers | Vdumps.com
2. Select Activity Log.
IT Certification Exams - Questions & Answers | Vdumps.com
3. You see a summary of recent operations. A default set of filters is applied to the operations. Notice the information on the summary includes who started the action and when it happened.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs
QUESTION 98
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the RG1 blade, you click Deployments.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section:
Explanation:
1. Select the resource group (Here RG1) you want to examine.
2. Select the link under Deployments.
IT Certification Exams - Questions & Answers | Vdumps.com
3. Select one of the deployments from the deployment history.
4. You will see a history of deployment for the resource group, including the correlation ID.
IT Certification Exams - Questions & Answers | Vdumps.com
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deploymenthistory?tabs=azure-portal
QUESTION 99
You have an Azure subscription named Subscription1.
You deploy a Linux virtual machine named VM1 to Subscription1.
You need to monitor the metrics and the logs of VM1.
What should you use?
A. Linux Diagnostic Extension (LAD) 3.0
B. Azure Analysis Services
C. the AzurePerformanceDiagnostics extension
D. Azure HDInsight
Correct Answer: A
Section:
Explanation:
You can use extensions to configure diagnostics on your VMs to collect additional metric data.
The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and
diagnostics data to be retrieved from the VM.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-monitor
QUESTION 100
HOTSPOT
You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.
You install and configure a web server and a DNS server on VM1.
IT Certification Exams - Questions & Answers | Vdumps.com
VM1 has the effective network security rules shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Box 1:
Rule2 blocks ports 50-60, which includes port 53, the DNS port. Internet users can reach the Web server, since it uses port 80.
Box 2:
If Rule2 is removed internet users can reach the DNS server as well.
Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist
with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
QUESTION 101
You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The virtual machines will host a web app named App1.
You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable.
What should you deploy?
A. all three virtual machines in a single Availability Zone
B. all virtual machines in a single Availability Set
IT Certification Exams - Questions & Answers | Vdumps.com
C. each virtual machine in a separate Availability Zone
D. each virtual machine in a separate Availability Set
Correct Answer: C
Section:
Explanation:
https://docs.microsoft.com/de-de/azure/virtual-machines/windows/tutorial-availability-sets
Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there are a minimum of three separate zones in all enabled regions.
QUESTION 102
You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs a financial reporting app named App1 that does not support multiple active instances.
At the end of each month, CPU usage for VM1 peaks when App1 runs.
You need to create a scheduled runbook to increase the processor performance of VM1 at the end of each month.
What task should you include in the runbook?
A. Add the Azure Performance Diagnostics agent to VM1.
B. Modify the VM size property of VM1.
C. Add VM1 to a scale set.
D. Increase the vCPU quota for the subscription.
E. Add a Desired State Configuration (DSC) extension to VM1.
Correct Answer: E
Section:
Explanation:
If you have a CPU/performance issue then the solution is to scale up (increase VM size) or to scale out (scale set) given that the App does not support multiple instances then scale up is the obvious choice.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/resize-vm
QUESTION 103
You recently created a new Azure subscription that contains a user named Admin1.
Admin1 attempts to deploy an Azure Marketplace resource by using an Azure Resource Manager template. Admin1 deploys the template by using Azure PowerShell and receives the following error message: "User failed
validation to purchase resources. Error message: "Legal terms have not been accepted for this item on this subscription. To accept legal terms, please go to the Azure portal (http://go.microsoft.com/fwlink/?LinkId=534873)
and configure programmatic deployment for the Marketplace item or create it there for the first time."
You need to ensure that Admin1 can deploy the Marketplace resource successfully.
What should you do?
A. From Azure PowerShell, run the Set-AzApiManagementSubscription cmdlet
B. From the Azure portal, register the Microsoft.Marketplace resource provider
C. From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet
D. From the Azure portal, assign the Billing administrator role to Admin1
Correct Answer: C
Section:
Explanation:
The Set-AzMarketplaceTerms cmdlet saves the terms object for given publisher id(Publisher), offer id(Product) and plan id(Name) tuple.
Reference:
https://docs.microsoft.com/en-us/powershell/module/az.marketplaceordering/setazmarketplaceterms?view=azps-4.5.0
IT Certification Exams - Questions & Answers | Vdumps.com
QUESTION 104
You have an Azure virtual machine named VM1 that runs Windows Server 2019. You sign in to VM1 as a user named User 1 and perform the following actions:
* Create files on drive C.
* Create files on drive D.
* Modify the screen saver timeout.
* Change the desktop background.
You plan to redeploy VM1.
Which changes will be lost after you redeploy VM1?
A. the modified screen saver timeout
B. the new desktop background
C. the new files on drive D
D. The new files on drive C
Correct Answer: C
Section:
Explanation:
As D drive is temporary storage so new files on D drive will be lost. The screensaver, wall paper, new files on C drive are available after Redeploy.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/redeploy-to-new-nodewindows
QUESTION 105
You have an Azure subscription.
You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit.
(Click the Exhibit button.)
IT Certification Exams - Questions & Answers | Vdumps.com
You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines.
What should you modify on VM1?
A. Integration Services
B. the network adapters
C. the memory
D. the hard drive
E. the processor
Correct Answer: D
Section:
Explanation:
From the exhibit we see that the disk is in the VHDX format.
Before you upload a Windows virtual machines (VM) from on-premises to Microsoft Azure, you must prepare the virtual hard disk (VHD or VHDX). Azure supports only generation 1 VMs that are in the VHD file format and
IT Certification Exams - Questions & Answers | Vdumps.com
have a fixed sized disk. The maximum size allowed for the VHD is 1,023 GB. You can convert a generation 1 VM from the VHDX file system to VHD and from a dynamically expanding disk to fixed-sized.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhdimage?toc=%2fazure%2fvirtual-machines%2fwindows%2ftoc.json
QUESTION 106
HOTSPOT
You have an Azure subscription that contains a virtual machine scale set. The scale set contains four instances that have the following configurations:
Operating system: Windows Server 2016
Size: Standard_D1_v2
You run the get-azvmss cmdlet as shown in the following exhibit:
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
he Get-AzVmssVM cmdlet gets the model view and instance view of a Virtual Machine Scale Set (VMSS) virtual machine.
Box 1: 0
The enableAutomaticUpdates parameter is set to false. To update existing VMs, you must do a manual upgrade of each existing VM.
Box 2: 1
Below is clearly mentioned in the official Website "The upgrade orchestrator identifies the batch of VM instances to upgrade, with any one batch having a maximum of 20% of the total instance count, subject to a minimum
batch size of one virtual machine."
So, 20% from 4 ~1
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-setsupgrade-scale-set
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-setsautomatic-upgrade
QUESTION 107
You have an Azure subscription named Subscription1 that is used be several departments at your company. Subscription1 contains the resources in the following table:
Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template.
You need to view the template used for the deployment.
From which blade can you view the template that was used for the deployment?
A. RG1
B. VM1
C. Storage1
D. Container1
Correct Answer: A
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
1. View template from deployment history
Go to the resource group for your new resource group. Notice that the portal shows the result of the last deployment. Select this link.
2. You see a history of deployments for the group. In your case, the portal probably lists only one deployment. Select this deployment.
The portal displays a summary of the deployment. The summary includes the status of the deployment and its operations and the values that you provided for parameters. To see the template that you used for the deployment, select View
template.
IT Certification Exams - Questions & Answers | Vdumps.com
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-managerexport-template
QUESTION 108
You have an Azure web app named App1. App1 has the deployment slots shown in the following table:
In webapp1-test, you test several changes to App1.
You back up App1.
You swap webapp1-test for webapp1-prod and discover that App1 is experiencing performance issues.
You need to revert to the previous version of App1 as quickly as possible.
What should you do?
A. Redeploy App1
B. Swap the slots
C. Clone App1
D. Restore the backup of App1
Correct Answer: B
Section:
Explanation:
When you swap deployment slots, Azure swaps the Virtual IP addresses of the source and destination slots, thereby swapping the URLs of the slots. We can easily revert the deployment by swapping back.
You can validate app changes in a staging deployment slot before swapping it with the production slot. Deploying an app to a slot first and swapping it into production makes sure that all instances of the slot are warmed up
before being swapped into production. This eliminates downtime when you deploy your app. The traffic redirection is seamless, and no requests are dropped because of swap operations. You can automate this entire
workflow by configuring auto swap when pre-swap validation isn't needed.
After a swap, the slot with previously staged app now has the previous production app. If the changes swapped into the production slot aren't as you expect, you can perform the same swap immediately to get your "last
IT Certification Exams - Questions & Answers | Vdumps.com
known good site" back.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots
QUESTION 109
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
You should use a policy definition.
Reference:
https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition
QUESTION 110
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You configure a custom policy definition, and then you assign the policy to the subscription.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
A custom policy definition is a way to define your own rules for using Azure resources. You can use custom policies to enforce compliance, security, cost management, or organization-specific requirements. However, a custom policy definition
alone is not enough to meet the goal of automatically blocking TCP port 8080 between the virtual networks. You also need to create a policy assignment that applies the custom policy definition to the scope of the subscription. A policy
assignment is the link between a policy definition and an Azure resource. Without a policy assignment, the custom policy definition will not take effect. Therefore, the solution does not meet the goal.
Tutorial: Create a custom policy definition
Create and manage policies to enforce compliance
QUESTION 111
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
IT Certification Exams - Questions & Answers | Vdumps.com
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
How can I freeze or lock my production/critical Azure resources from accidental deletion? There is way to do this with both ASM and ARM resources using Azure resource lock.
Reference: https://blogs.msdn.microsoft.com/azureedu/2016/04/27/using-azure-resource-managerpolicy-and-azure-lock-to-control-your-azure-resources/
QUESTION 112
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You assign a built-in policy definition to the subscription.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. However, there are no built-in policy
definitions. Though there are sample policy defintions.
Reference:
https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition
QUESTION 113
You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.
Which Azure Network Watcher feature should you use?
A. NSG flow logs
B. Connection troubleshoot
C. IP flow verify
D. Connection monitor
IT Certification Exams - Questions & Answers | Vdumps.com
Correct Answer: D
Section:
Explanation:
The Connection Monitor feature in Azure Network Watcher is now generally available in all public regions. Connection Monitor provides you RTT values on a per-minute granularity. You can monitor a direct TCP connection
from a virtual machine to a virtual machine, FQDN, URI, or IPv4 address.
Reference:
https://azure.microsoft.com/en-us/updates/general-availability-azure-network-watcher-connectionmonitor-in-all-public-regions/
QUESTION 114
You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1.
You need to ensure that you can configure a point-to-site connection from an on-premises computer to VNet1.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Add a service endpoint to VNet1
B. Reset GW1
C. Create a route-based virtual network gateway
D. Add a connection to GW1
E. Delete GW1
F. Add a public IP address space to VNet1
Correct Answer: C, E
Section:
Explanation:
C: A VPN gateway is used when creating a VPN connection to your on-premises network.
Route-based VPN devices use any-to-any (wildcard) traffic selectors, and let routing/forwarding tables direct traffic to different IPsec tunnels. It is typically built on router platforms where each IPsec tunnel is modeled as a
network interface or VTI (virtual tunnel interface).
E: Policy-based VPN devices use the combinations of prefixes from both networks to define how traffic is encrypted/decrypted through IPsec tunnels. It is typically built on firewall devices that perform packet filtering.
IPsec tunnel encryption and decryption are added to the packet filtering and processing engine.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/create-routebased-vpn-gateway-portal
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybasedrm-ps
QUESTION 115
HOTSPOT
You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.
In Azure, you create a private DNS zone named adatum.com. You set the registration virtual network to VNet2. The adatum.com zone is configured as shown in the following exhibit.
IT Certification Exams - Questions & Answers | Vdumps.com
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Box 1: No
Azure DNS provides automatic registration of virtual machines from a single virtual network that's linked to a private zone as a registration virtual network. VM5 does not belong to the registration virtual network though.
Box 2: No
Forward DNS resolution is supported across virtual networks that are linked to the private zone as resolution virtual networks. VM5 does belong to a resolution virtual network.
Box 3: Yes
VM6 belongs to registration virtual network, and an A (Host) record exists for VM9 in the DNS zone.
By default, registration virtual networks also act as resolution virtual networks, in the sense that DNS resolution against the zone works from any of the virtual machines within the registration virtual network.
Reference: https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
QUESTION 116
HOTSPOT
You have an Azure subscription that contains a virtual network named VNet1. VNet1 uses an IP address space of 10.0.0.0/16 and contains the subnets in the following table.
Subnet1 contains a virtual appliance named VM1 that operates as a router.
You create a routing table named RT1.
You need to route all inbound traffic to VNet1 through VM1.
How should you configure RT1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Box1 : 10.0.0.0/16
Address prefix in networking refer to the destination IP address range. In this scenario, destination is Vnet1 , hence Address prefix will be the address space of Vnet1.
Box 2 : Virtual appliance
Next hop gets the next hop type and IP address of a packet from a specific VM and NIC. Knowing the next hop helps you determine if traffic is being directed to the intended destination, or whether the traffic is being sent
nowhere
Next Hop --> VM1 --> Virtual Appliance (You can specify IP address of VM 1 when configuring next hop as virtual appliance)
Box 3 : GatewaySubnet
In the scenario it is asked for all the inbound traffic to Vnet1. Inbound traffic is flowing through SubnetGW. You need to route all inbound traffic from the VPN gateway to VNet1 through VM1.So its traffic from Gateway subnet
only.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/manage-route-table#create-a-route-table
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-next-hop-overview
QUESTION 117
You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.)
IT Certification Exams - Questions & Answers | Vdumps.com
No devices are connected to VNet1.
You plan to peer VNet1 to another virtual network named VNet2 in the same region. VNet2 has an address space of 10.2.0.0/16.
You need to create the peering.
What should you do first?
A. Configure a service endpoint on VNet2.
B. Modify the address space of VNet1.
C. Add a gateway subnet to VNet1.
D. Create a subnet on VNet1 and VNet2.
Correct Answer: B
Section:
Explanation:
The virtual networks you peer must have non-overlapping IP address spaces. The exhibit indicates that VNet1 has an address space of 10.2.0.0/16, which is the same as VNet2, and thus overlaps. We need to change the
address space for VNet1.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-managepeering# requirements-and-constraints
QUESTION 118
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
IT Certification Exams - Questions & Answers | Vdumps.com
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?
A. Floating IP (direct server return) to Enabled
B. Idle Time-out (minutes) to 20
C. Protocol to UDP
D. Session persistence to Client IP and Protocol
Correct Answer: D
Section:
Explanation:
With Sticky Sessions when a client starts a session on one of your web servers, session stays on that specific server. To configure An Azure Load-Balancer For Sticky Sessions set Session persistence to Client IP or to Client IP
and protocol.
On the following image you can see sticky session configuration:
Note:
ß Client IP and protocol specifies that successive requests from the same client IP address and protocol combination will be handled by the same virtual machine.
ß Client IP specifies that successive requests from the same client IP address will be handled by the same virtual machine.
Reference:
https://cloudopszone.com/configure-azure-load-balancer-for-sticky-sessions/
QUESTION 119
You have the Azure virtual machines shown in the following table.
You have a Recovery Services vault that protects VM1 and VM2.
You need to protect VM3 and VM4 by using Recovery Services.
What should you do first?
A. Configure the extensions for VM3 and VM4.
B. Create a new Recovery Services vault.
C. Create a storage account.
D. Create a new backup policy.
Correct Answer: B
Section:
Explanation:
A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations.
You can use Recovery Services vaults to hold backup data for various Azure services
Reference: https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enablereplication
QUESTION 120
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
IT Certification Exams - Questions & Answers | Vdumps.com
Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
The Logic App Operator role only lets you read, enable and disable logic app. With it you can view the logic app and run history, and enable/disable. Cannot edit or update the definition.
You would need the Logic App Contributor role.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
QUESTION 121
HOTSPOT
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1.
You add the users in the following table.
Which2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
QUESTION 122
You have an Azure subscription that contains a user account named User1.
You need to ensure that User1 can assign a policy to the tenant root management group.
What should you do?
A. Create a new management group and delegate User1 as the owner of the new management group.
B. Assign the Owner role for the Azure subscription to User1, and then instruct User1 to configure access management for Azure resources.
C. Assign the Owner role for the Azure subscription to User1, and then modify the default conditional access policies.
D. Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.
Correct Answer: B
Section:
Explanation:
The following chart shows the list of roles and the supported actions on management groups.
IT Certification Exams - Questions & Answers | Vdumps.com
Note:
Each directory is given a single top-level management group called the "Root" management group.
This root management group is built into the hierarchy to have all management groups and subscriptions fold up to it. This root management group allows for global policies and Azure role assignments to be applied at the directory level. The
Azure AD Global Administrator needs to elevate themselves to the User Access Administrator role of this root group initially. After elevating access, the administrator can assign any Azure role to other directory users or groups to manage the
hierarchy. As administrator, you can assign your own account as owner of the root management group.
Reference:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
QUESTION 123
HOTSPOT
You have an Azure subscription named Subscription1 that contains the following resource group:
Name: RG1
Region: West US
Tag: "tag1": "value1"
You assign an Azure policy named Policy1 to Subscription1 by using the following configurations:
Exclusions: None
Policy definition: Append tag and its default value
Assignment name: Policy1
Parameters:
- Tag name: Tag2
- Tag value: Value2
After Policy1 is assigned, you create a storage account that has the following configurations:
Name: storage1
Location: West US
Resource group: RG1
Tags: "tag3": "value3"
You need to identify which tags are assigned to each resource.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Box 1: "tag1": "value1" only
Box 2: "tag2": "value2" and "tag3": "value3"
Tags applied to the resource group are not inherited by the resources in that resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
QUESTION 124
You have an Azure subscription that contains the resources shown in the following table.
The Not allowed resources types Azure policy is assigned to RG1 and uses the following parameters:
IT Certification Exams - Questions & Answers | Vdumps.com
In RG1, you need to create a new virtual named VM2, and then connected VM2 to VNET1.
What should you do first?
A. Remove Microsoft.Network/virtualNetworks from the policy.
B. Create an Azure Resource Manager template.
C. Remove Microsoft.Compute/virtualMachines from the policy.
D. Add a subnet to VNET1.
Correct Answer: C
Section:
Explanation:
The Not allowed resource types Azure policy prohibits the deployment of specified resource types.
You specify an array of the resource types to block.
Virtual Networks and Virtual Machines are prohibited.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/samples/not-allowed-resource-types
QUESTION 125
You have an Azure web app named webapp1.
You have a virtual network named VNET1 and an Azure virtual machine named VM1 that hosts a MySQL database. VM1 connects to VNET1. You need to ensure that webapp1 can access the data hosted on VM1. What should
you do?
A. Connect webapp1 to VNET1.
B. Peer VNET1 to another virtual network.
C. Deploy an Azure Application Gateway.
D. Deploy an internal load balancer
Correct Answer: C
Section:
QUESTION 126
Your company has three offices. The offices are located in Miami, Los Angeles, and New York. Each office contains a datacenter.
You have an Azure subscription that contains resources in the East US and West US Azure regions.
Each region contains a virtual network. The virtual networks are peered.
You need to connect the datacenters to the subscription. The solution must minimize network latency between the datacenters.
What should you create?
A. three virtual WANs and one virtual hub
B. three virtual hubs and one virtual WAN
C. three On-premises data gateways and one Azure Application Gateway
D. three Azure Application Gateways and one On-premises data gateway
Correct Answer: A
Section:
Explanation:
IT Certification Exams - Questions & Answers | Vdumps.com
Azure Virtual WAN is a networking service that brings many networking, security, and routing functionalities together to provide a single operational interface.
The Virtual WAN architecture is a hub and spoke architecture with scale and performance built in for branches (VPN/SD-WAN devices), users (Azure VPN/OpenVPN/IKEv2 clients), ExpressRoute circuits, and virtual networks.
Azure regions serve as hubs that you can choose to connect to. All hubs are connected in full mesh in a Standard Virtual WAN making it easy for the user to use the Microsoft backbone for any-to-any (any spoke) connectivity.
Virtual WAN offers the following advantages:
Integrated connectivity solutions in hub and spoke: Automate site-to-site configuration and connectivity between on-premises sites and an Azure hub.
Automated spoke setup and configuration: Connect your virtual networks and workloads to the Azure hub seamlessly.
Intuitive troubleshooting: You can see the end-to-end flow within Azure, and then use this information to take required actions.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-about
QUESTION 127
You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.
You need to delete the Recovery Services vault.
What should you do first?
A. From the Recovery Service vault, stop the backup of each backup item.
B. From the Recovery Service vault, delete the backup data.
C. Modify the disaster recovery properties of each virtual machine.
IT Certification Exams - Questions & Answers | Vdumps.com
D. Modify the locks of each virtual machine.
Correct Answer: A
Section:
Explanation:
You can't delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can't, the vault is still configured to receive backup data.
Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.
Reference: https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault
QUESTION 128
HOTSPOT
You have an Azure subscription named Subscroption1.
In Subscription1, you create an alert rule named Alert1.
The Alert1 action group is configured as shown in the following exhibit.
Alert1 alert criteria is triggered every minute.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Box 1: 60
One alert per minute will trigger one email per minute.
Box 2: 12
No more than 1 SMS every 5 minutes can be send, which equals 12 per hour.
Note: Rate limiting is a suspension of notifications that occurs when too many are sent to a particular phone number, email address or device. Rate limiting ensures that alerts are manageable and actionable.
The rate limit thresholds are:
SMS: No more than 1 SMS every 5 minutes.
Voice: No more than 1 Voice call every 5 minutes.
Email: No more than 100 emails in an hour.
Other actions are not rate limited.
Reference:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/monitoring-anddiagnostics/ monitoring-overview-alerts.md
QUESTION 129
You have an app named App1 that runs on an Azure web app named webapp1.
The developers at your company upload an update of App1 to a Git repository named GUI.
Webapp1 has the deployment slots shown in the following table.
You need to ensure that the App1 update is tested before the update is made available to users.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE Each correct selection is worth one point.
A. Stop webapp1 prod.
B. Stop webapp1-test
C. Deploy the App1 update to webapp1-test, and then test the update.
D. Deploy the App1 update to webapp1-prod, and then test the update.
E. Swap the slots.
Correct Answer: C, E
Section:
Explanation:
You can validate web app changes in a staging deployment slot before swapping it with the production slot. Deploying an app to a slot first and swapping it into production makes sure that all instances of the slot are warmed
up before being swapped into production. This eliminates downtime when you deploy your app. The traffic redirection is seamless, and no requests are dropped because of swap operations. You can automate this entire
workflow by configuring auto swap when pre-swap validation isn't needed.
After the swap you can deploy the App1 update to webapp1-test, and then test the update. If the changes swapped into the production slot aren't as per your expectation then you can perform the same swap immediately to
get your "last known good site" back.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots
QUESTION 130
You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.
You have a computer named Computer1 that runs Windows 10. Computer1 is connected to the Internet.
You add a network interface named Interface1 to VM1 as shown in the exhibit (Click the Exhibit button.)
IT Certification Exams - Questions & Answers | Vdumps.com
From Computer1, you attempt to connect to VM1 by using Remote Desktop, but the connection fails.
You need to establish a Remote Desktop connection to VM1.
What should you do first?
A. Start VM1.
B. Attach a network interface.
C. Delete the DenyAllOutBound outbound port rule.
D. Delete the DenyAllInBound inbound port rule.
Correct Answer: A
Section:
Explanation:
IT Certification Exams - Questions & Answers | Vdumps.com
Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist
with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
QUESTION 131
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual
machines after they are deployed. What should you use?
A. a Desired State Configuration (DSC) extension
B. thePublish-AzVMDscConfigurationCmdlet
C. a Microsoft Intune device configuration profile
D. Deployment Center in Azure App Service
Correct Answer: A
Section:
Explanation:
The primary use case for the Azure Desired State Configuration (DSC) extension is to bootstrap a VM to the Azure Automation State Configuration (DSC) service. The service provides benefits that include ongoing management
of the VM configuration and integration with other operational tools, such as
Azure Monitoring. Using the extension to register VM's to the service provides a flexible solution that even works across Azure subscriptions.
You can use the DSC extension independently of the Automation DSC service.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview
QUESTION 132
You have an Azure subscription that contains the resources shown in the following table.
You need to configure a proximity placement group for VMSS1.
Which proximity placement groups should you use?
A. Proximity2 only
B. Proximity 1, Proximity2, and Proximity3
C. Proximity 1 and Proximity3 only
D. Proximity1 only
Correct Answer: D
Section:
Explanation:
Resource Group location of VMSS1 is the RG2 location, which is West US.
Only Proximity2, which also in RG2, is location in West US
Reference:
https://azure.microsoft.com/en-us/blog/introducing-proximity-placement-groups/
IT Certification Exams - Questions & Answers | Vdumps.com
QUESTION 133
You have an Azure subscription named Subscription1 that has the following providers registered:
Authorization
Automation
Resources
Compute
KeyVault
Network
Storage
Billing
Web
Subscription1 contains an Azure virtual machine named VM1 that has the following con figurations:
* Private IP address: 10.0.0.4 (dynamic)
* Network security group (NSG): NSG1
* Public IP address: None
* Availability set: AVSet
* Subnet: 10.0.0.0/24
* Managed disks: No
* Location: East US
You need to record all the successful and failed connection attempts to VM1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Register the Microsoft.Insights resource provider
B. Add an Azure Network Watcher connection monitor
C. Register the Microsoft.LogAnalytics provider
D. Enable Azure Network Watcher in the East US Azure region
E. Create an Azure Storage account
F. Enable Azure Network Watcher flow logs
Correct Answer: C, D, E
Section:
Explanation:
NSG flow log data is written to an Azure Storage account. You need to create an Azure Storage account, With an Azure Storage account NSG flow logs can be enabled.
Enable network watcher in the East US region.
NSG flow logging requires the Microsoft.Insights provider.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal
QUESTION 134
You create the following resources in an subscription:
• An Azure Container Registry instance named Registry1
• An Azure Kubernetes Service (AKS) cluster named Cluster1
You create a container image named App 1 on your administrative workstation.
You need to deploy App1 to cluster 1.
What should you do first?
A. Create a host pool on Cluster1
B. Run the docker push command.
IT Certification Exams - Questions & Answers | Vdumps.com
C. Run the kubect1 apply command.
D. Run the az aks create command.
Correct Answer: B
Section:
Explanation:
An Azure container registry stores and manages private Docker container images, similar to the way Docker Hub stores public Docker images. You can use the Docker command-line interface (Docker CLI) for login, push, pull,
and other operations on your container registry.
After you login to the registry you can run push command to upload the image.
Below is an sample of that command docker push myregistry.azurecr.io/samples/nginx
Reference:
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-docker-cli
QUESTION 135
HOTSPOT
You have an Azure subscription.
You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will be part of the same availability set.
You need to ensure that as many virtual machines as possible are available if the fabric fails or during servicing.
How should you configure the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Box 1 = max value
Box 2 = 20
Use max for platformFaultDomainCount
2 or 3 is max value, depending on which region you are in.
Use 20 for platformUpdateDomainCount
Increasing the update domain (platformUpdateDomainCount) helps with capacity and availability planning when the platform reboots nodes. A higher number for the pool (20 is max) means that fewer of their nodes in any
given availability set would be rebooted at once.
Reference:
https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domainsmanaged-disks
https://github.com/Azure/acs-engine/issues/1030
QUESTION 136
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
VMSS1 is set to VM (virtual machines) orchestration mode.
You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1.
Which resource group and location should you use to deploy VM1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Box 1: RG1, RG2, or RG3
The resource group stores metadata about the resources. When you specify a location for the resource group, you're specifying where that metadata is stored.
Box 2: West US only
Note: Virtual machine scale sets will support 2 distinct orchestration modes:
ScaleSetVM ñ Virtual machine instances added to the scale set are based on the scale set configuration model. The virtual machine instance lifecycle - creation, update, deletion - is managed by the scale set.
VM (virtual machines) ñ Virtual machines created outside of the scale set can be explicitly added to the scaleset.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview
QUESTION 137
You have an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to configure cluster autoscaler for AKS1.
Which two tools should you use? Each correct answer presents a complete solution,
NOTE: Each correct selection is worth one point
A. the set-AzAKs cmdlet
B. the Azure portal
C. The az aks command
D. the kubect1 command
E. the set Azvm cmdlet
IT Certification Exams - Questions & Answers | Vdumps.com
Correct Answer: C, D
Section:
Explanation:
With cluster auto-scaling, the actual load of your worker-nodes will be monitored actively. By adding and removing worker-nodes from the cluster, it ensures that enough resources are available to keep your application
healthy and responsive. In contrast, it removes worker-nodes from the AKS cluster, to optimize resource utilization and be as cost-effective as possible
Reference:
https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler
https://thorsten-hans.com/aks-cluster-auto-scaler-inside-out
QUESTION 138
You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.
The virtual machines host several applications that are accessible over port 443 to user on the Internet.
Your on-premises network has a site-to-site VPN connection to VNet1.
You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.
You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by
the Internet users.
What should you do?
A. Modify the address space of the local network gateway.
B. Remove the public IP addresses from the virtual machines.
C. Modify the address space of Subnet1.
D. Create a deny rule in a network security group (NSG) that is linked to Subnet1.
Correct Answer: D
Section:
Explanation:
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or
outbound network traffic from, several types of Azure resources.
You can use a site-to-site VPN to connect your on-premises network to an Azure virtual network.
Users on your on-premises network connect by using the RDP or SSH protocol over the site-to-site VPN connection. You don't have to allow direct RDP or SSH access over the internet. And this can be achieved by configuring
a deny rule in a network security group (NSG) that is linked to Subnet1 for RDP / SSH protocol coming from internet.
Modify the address space of Subnet1 : Incorrect choice
Modifying the address space of Subnet1 will have no impact on RDP traffic flow to the virtual network.
Modify the address space of the local network gateway : Incorrect choice
Modifying the address space of the local network gateway will have no impact on RDP traffic flow to the virtual network.
Remove the public IP addresses from the virtual machines : Incorrect choice
If you remove the public IP addresses from the virtual machines, none of the applications be accessible publicly by the Internet users.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices
QUESTION 139
You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Create a local site VPN gateway.
B. Create a VPN gateway that uses the VpnGw1 SKU.
IT Certification Exams - Questions & Answers | Vdumps.com
C. Create a VPN gateway that uses the Basic SKU.
D. Create a gateway subnet.
E. Create a connection.
Correct Answer: A, B, E
Section:
Explanation:
Create a Connection: You need to link the ExpressRoute gateway to the ExpressRoute circuit. After this step has been completed, the connection between your on-premises network and Azure through
ExpressRoute will be established. Hence this is correct option.
Create a local site VPN gateway : This will allow you to provide the local gateway settings, for example public IP and the on-premises address space, so that the Azure VPN gateway can connect to it. Hence this is correct
option.
Create a VPN gateway that uses the VpnGw1 SKU : The GatewaySku is only supported for VpnGw1, VpnGw2, VpnGw3, Standard, and HighPerformance VPN gateways. ExpressRoute-VPN
Gateway coexist configurations are not supported on the Basic SKU. The VpnType must be RouteBased. Hence this is correct option.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resourcemanager-portal
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resourcemanager
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-linkvnet-arm
QUESTION 140
You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table.
Each virtual machine uses a static IP address.
You need to create network security groups (NSGs) to meet following requirements:
Allow web requests from the internet to VM3, VM4, VM5, and VM6.
Allow all connections between VM1 and VM2.
Allow Remote Desktop connections to VM1.
Prevent all other network traffic to VNET1.
What is the minimum number of NSGs you should create?
A. 1
B. 3
C. 4
D. 12
Correct Answer: C
Section:
Explanation:
Note: A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated to subnets, individual VMs (classic), or
individual network interfaces (NIC) attached to VMs (Resource Manager).
Each network security group also contains default security rules.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules
QUESTION 141
You have an Azure subscription that contains the following storage account:
IT Certification Exams - Questions & Answers | Vdumps.com
You need 10 create a request to Microsoft Support to perform a live migration of storage1 to Zone
Redundant Storage (ZRS) replication. How should you modify storage1 before the Live migration?
A. Set the replication to Locally-redundant storage (IRS)
B. Disable Advanced threat protection
C. Remove the lock
D. Set the access tier to Hot
Correct Answer: A
Section:
Explanation:
If you want to live migration from RA-GRS to ZRS, at first you have to Switch the storage tier to LRS and then only you can request a live migration.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/redundancymigration?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&tabs=portal
QUESTION 142
You have an Azure Kubernetes cluster in place.
You have to deploy an application using an Azure Container registry image.
IT Certification Exams - Questions & Answers | Vdumps.com
Which of the following command can be used for this requirement?
A. az kubernetes deploy
B. kubectl apply
C. New-AzKubernetes set
D. docker run
Correct Answer: B
Section:
Explanation:
kubectl apply : Correct Choice
The kubectl command can be used to deploy applications to a Kubernetes cluster.
az kubernetes deploy : Incorrect Choice
This command is used to manage Azure Kubernetes Services. This is not used to deploy applications to a Kubernetes cluster.
New-AzKubernetes set : Incorrect Choice
This command is used to create a new managed Kubernetes cluster. This is not used to deploy applications to a Kubernetes cluster.
docker run : Incorrect Choice
This is run command in a new container. This is not used to deploy applications to a Kubernetes cluster.
Reference:
https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply
https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest
https://docs.microsoft.com/en-us/powershell/module/az.aks/New-AzAks?view=azps-3.8.0&viewFallbackFrom=azps-4.3.0
https://docs.docker.com/engine/reference/commandline/run/
QUESTION 143
HOTSPOT
You have an Azure Storage account named storage1.
You have an Azure App Service app named app1 and an app named App2 that runs in an Azure container instance. Each app uses a managed identity.
You need to ensure that App1 and App2 can read blobs from storage1 for the next 30 days.
What should you configure in storage1 for each app?
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
With Shared access signature you can limit the resources for access and at the same time can control the duration of the access.
A shared access signature (SAS) provides secure delegated access to resources in your storage account without compromising the security of your dat a. With a SAS, you have granular control over how a client can access your
data. You can control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
QUESTION 144
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Traffic Manager Contributor role at the subscription level to Admin1.
A. Yes
B. No
Correct Answer: A
Section:
Explanation:
With Traffic Manager Contributor role you can manage Traffic Manager profiles, do traffic analysis but does not let you control who has access to them.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
QUESTION 145
You have a service deployed to a Kubernetes cluster.
Another application needs to access the service via the private IP address of the pod.
Which of the following would you define as the networking type for the cluster to meet this requirement?
A. Kubenet
B. Azure container networking plugin
C. Service Endpoints
D. Network security groups
Correct Answer: B
Section:
IT Certification Exams - Questions & Answers | Vdumps.com
Explanation:
Azure container networking plugin : Correct Choice
With the Azure container networking plugin , every pod gets an IP address allocated.
With Azure CNI, every pod gets an IP address from the subnet and can be accessed directly. These IP addresses must be unique across your network space, and must be planned in advance. Each node has a configuration
parameter for the maximum number of pods that it supports. The equivalent number of IP addresses per node are then reserved up front for that node. This approach requires more planning, as can otherwise lead to IP
address exhaustion or the need to rebuild clusters in a larger subnet as your application demands grow.
Nodes use the Azure Container Networking Interface (CNI) Kubernetes plugin.
Kubenet : Incorrect Choice
The kubenet networking option is the default configuration for AKS cluster creation. With kubenet, nodes get an IP address from the Azure virtual network subnet. Pods receive an IP address from a logically different address
space to the Azure virtual network subnet of the nodes.
Service Endpoints : Incorrect Choice
Capabilities like service endpoints or UDRs are supported with both kubenet and Azure CNI, the support policies for AKS define what changes you can make. For example:
. If you manually create the virtual network resources for an AKS cluster, you're supported when configuring your own UDRs or service endpoints.
. If the Azure platform automatically creates the virtual network resources for your AKS cluster, it isn't supported to manually change those AKS-managed resources to configure your own UDRs or service endpoints.
Network security groups : Incorrect Choice
A network security group filters traffic for VMs, such as the AKS nodes. As you create Services, such as a LoadBalancer, the Azure platform automatically configures any network security group rules that are needed.
Reference:
https://docs.microsoft.com/en-us/azure/aks/concepts-network
QUESTION 146
HOTSPOT
You have an Azure subscription that contains several virtual machines and an Azure Log Analytics workspace named Workspace1. You create a log search query as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
Box 1: 14 days
Two weeks will be covered.
Note: Startofweek returns the start of the week containing the date, shifted by an offset, if provided.
Start of the week is considered to be a Sunday.
Endofweek returns the end of the week containing the date, shifted by an offset, if provided.
Last day of the week is considered to be a Saturday.
Box 2:
The render operator renders results in as graphical output. Timechart is a Line graph, where the first column is x-axis, and should be datetime. Other columns are y-axes. In this case the Y axis has avg(CounterValue) Values.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview
https://docs-analytics-eus.azurewebsites.net/queryLanguage/query_language_renderoperator.html
QUESTION 147
HOTSPOT
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
The status of VM1 is Running.
You assign an Azure policy as shown in the exhibit. (Click the Exhibit tab.)
IT Certification Exams - Questions & Answers | Vdumps.com
You assign the policy by using the following parameters:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
Not allowed resource types (Deny): Prevents a list of resource types from being deployed. This means this policy specifically prevents a list of resource types from being deployed. So that refers that except deployment all the
other operations like start/stop or move etc. are not prevented. But to be noted if the resource already exists, it just marks it as non-compliant.
Replicated this scenario in LAB keeping VM running and below are the outcome :
. VM is not deallocated
. Able to stop and start VM successfully.
. Not able to create new virtual network or VM.
. Not able to modify VM size.
. Not able change the address space of the virtual network.
. Successfully moved virtual network and VM in another resource group.
Statement 1 : Yes
Based on above experiment the policy will mark the VNET1 as non-compliant but it can be moved to RG2 . Hence this statement is true.
Statement 2 : No
Based on above experiment the policy will mark the VM as non-compliant but it will still be running, not deallocated. Hence this statement is False.
Statement 3 : No
Based on above experiment the address space for VNET2 can not be modified. Hence this statement is False.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/assign-policy-portal
QUESTION 148
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You modify the name servers at the domain registrar.
Does this meet the goal?
A. Yes
IT Certification Exams - Questions & Answers | Vdumps.com
B. No
Correct Answer: A
Section:
Explanation:
Modify the Name Server (NS) record.
Reference:
https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns
QUESTION 149
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You modify the SOA record in the contoso.com zone.
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
Modify the NS record, not the SOA record.
Note: The SOA record stores information about the name of the server that supplied the data for the zone; the administrator of the zone; the current version of the data file; the number of seconds a secondary name server
should wait before checking for updates; the number of seconds a secondary name server should wait before retrying a failed zone transfer; the maximum number of seconds that a secondary name server can use data
before it must either be refreshed or expire; and a default number of seconds for the time-to live file on resource records.
Reference:
https://searchnetworking.techtarget.com/definition/start-of-authority-record
QUESTION 150
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You add an NS record to the contoso.com Azure DNS zone.
A. Yes
B. No
Correct Answer: B
Section:
Explanation:
Before you can delegate your DNS zone to Azure DNS, you need to know the name servers for your zone.
The NS record set contains the names of the Azure DNS name servers assigned to the zone.
IT Certification Exams - Questions & Answers | Vdumps.com
Reference:
https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns
QUESTION 151
You are troubleshooting a performance issue for an Azure Application Gateway.
You need to compare the total requests to the failed requests during the past six hours.
What should you use?
A. Metrics in Application Gateway
B. Diagnostics logs in Application Gateway
C. NSG flow logs in Azure Network Watcher
D. Connection monitor in Azure Network Watcher
Correct Answer: A
Section:
Explanation:
Application Gateway currently has seven metrics to view performance counters.
Metrics are a feature for certain Azure resources where you can view performance counters in the portal. for Application Gateway, the following metrics are available:
Total Requests
Failed Requests
Current Connections
Healthy Host Count
Response Status
Throughput
Unhealthy Host count
You can filter on a per backend pool basis to show healthy/unhealthy hosts in a specific backend pool
Reference: https://docs.microsoft.com/en-us/azure/application-gateway/applicationgatewaydiagnostics#
Metrics
QUESTION 152
DRAG DROP
You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs
Windows Server 2016 and is part of an availability set.
VM1 has virtual machine-level backup enabled.
VM1 is deleted.
You need to restore VM1 from the backup. VM1 must be part of the availability set.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
IT Certification Exams - Questions & Answers | Vdumps.com
Correct Answer:
Section:
Explanation:
QUESTION 153
You have an Azure App Service plan named AdatumASP1 that uses the P2v2 pricing tier. AdatumASP1 hosts Ml Azure web app named adatumwebapp1. You need to delegate the management of adatumwebapp1 to a group
named Devs. Devs must be able to perform the following tasks:
• Add deployment slots.
• View the configuration of AdatumASP1.
• Modify the role assignment for adatumwebapp1.
Which role should you assign to the Devs group?
A. Owner
B. Contributor
IT Certification Exams - Questions & Answers | Vdumps.com
C. Web Plan Contributor
D. Website Contributor
Correct Answer: A
Section:
Explanation:
Owner : Correct Choice
The Owner role lets you manage everything, including access to resources.
Contributor : Incorrect Choice
With contributor role you can Add deployment slots and View the configuration of App service plan but you can't Modify the role assignment. For this you need User Access Administrator or Owner role. So this is incorrect.
Web Plan Contributor : Incorrect Choice
The Web Plan Contributor role lets you manage the web plans for websites, but not access to them.
So this option is incorrect.
Website Contributor : Incorrect Choice
The Website Contributor role lets you manage websites (not web plans), but not access to them. So this is incorrect option.
Note:
As per least privilege principle it is not advisable to provide owner role to any group, rather you should create custom RBAC role with custom policy and use that role for this operation. However as this option is not available
here so only option to go with owner role.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
QUESTION 154
HOTSPOT
You have two Azure virtual machines as shown in the following table.
You create the Azure DNS zones shown in the following table.
You perform the following actions:
To fabrikam.com, you add a virtual network link to vnet1 and enable auto registration.
For contoso.com, you assign vm1 and vm2 the Owner role.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worm one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
QUESTION 155
You plan to deploy route-based Site-to-Site VPN connections between several on-premises locations and an Azure virtual network. Which tunneling protocol should you use?
A. L2TP
B. |KEv2
C. PPTP
D. IKEv1
Correct Answer: B
Section:
QUESTION 156
Your on-premises network contains a VPN gateway.
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that all the traffic from VM1 to storage! travels across the Microsoft backbone network.
What should you configure?
A. service endpoints
B. Azure Active Directory (Azure AD) Application Proxy
C. a network security group (NSG)
D. Azure Virtual WAN
Correct Answer: C
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
QUESTION 157
You develop the following Azure Resource Manager (ARM) template to create a resource group and deploy an Azure Storage account to the resource group.
Which cmdtet should you run to deploy the template?
A. New-AzResourceGroupDeployment
B. New-AzDeployment
C. New-AzResource
D. new-AzTenantDeploynent
Correct Answer: A
Section:
Explanation:
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-to-resourcegroup? tabs=azure-cli#create-resource-group
QUESTION 158
HOTSPOT
You have an Azure Storage account named storage1 that stores images.
You need to create a new storage account and replicate the images in storage1 to the new account by using object replication.
IT Certification Exams - Questions & Answers | Vdumps.com
How should you configure the new account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
Section:
Explanation:
QUESTION 159
HOTSPOT
You have an Azure subscription.
You need to deploy a virtual machine by using an Azure Resource Manager (ARM) template.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/resource-dependency#dependson
https://learn.microsoft.com/en-us/javascript/api/@azure/arm-compute/storageprofile?view=azure-node-latest
QUESTION 160
HOTSPOT
You have an Azure App Service plan named ASP1.
IT Certification Exams - Questions & Answers | Vdumps.com
CPU usage for ASP1 is shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
IT Certification Exams - Questions & Answers | Vdumps.com
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
Section:
Explanation:
QUESTION 161
You have an Azure subscription that contains a storage account named storage1.
You plan to use conditions when assigning role-based access control (RABC) roles to storage1
Which storage1 services support conditions when assigning roles?
A. containers only
B. file shares only
C. tables only
D. queues only
E. containers and queues only
F. files shares and tables only
Correct Answer: A
Section:
QUESTION 162
You have an Azure AD tenant named adatum.com that contains the groups shown in the following table.
IT Certification Exams - Questions & Answers | Vdumps.com
Adatum.com contains the users shown in the following table.
You assign the Azure AD Premium P2 license to Group l and User4.
Which users are assigned the Azure AD Premium P2 license?
A. User4 only
B. User1 and User4 only
C. User1. User2. and User4 only
D. User1, User2, User3, and User4
Correct Answer: B
Section:
QUESTION 163
You have an Azure subscription that contains the resources shown in the following table.
You configure Azure Site Recovery to replicate VM1 between the East US and Wt US regions.
You perform a test failove of VM1 and specify VNET2 as the target v>riual network.
When the test version of VM1 is created, to which subnet will the virtual machine be connected?
A. Testsubnet1
B. RecoverySubnetB
C. DemoSubnrt1
D. RecovetySubnelA
Correct Answer: A
Section:
Explanation:
https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-network-mapping
The subnet of the target VM is selected based on the name of the subnet of the source VM.
- If a subnet with the same name as the source VM subnet is available in the target network, that subnet is set for the target VM.
- If a subnet with the same name doesn't exist in the target network, the first subnet in the alphabetical order is set as the target subnet.
IT Certification Exams - Questions & Answers | Vdumps.com
QUESTION 164
You have two Azure subscriptions named Sub1 and Sub2.
Sub1 contains a virtual machine named VM1 and a storage account named storage1.
VM1 is associated to the resources shown in the following table.
You need to move VM1 to Sub2.
Which resources should you move to Sub2?
A. VM1, Disk1. and Netlnt1 only
B. VM1. Disk1. and VNet1 only
C. VM1. Disk1. and storage1 only
D. VM1. Disk1. Netlnt1, and VNet1
Correct Answer: D
Section:
Explanation:
When you move a virtual machine to a different subscription, you need to move all the resources that are associated with the virtual machine, such as the disks, the network interface, and the virtual network. You cannot
move a virtual machine without moving its dependent resources. You also need to ensure that the target subscription supports the same region, resource type, and API version as the source subscription. Then,
Reference: [Move a Windows VM to another Azure subscription or resource group]
QUESTION 165
HOTSPOT
You have an Azure subscription that contains a storage account named storage1.
You need to configure a shared access signature (SAS) to ensure that users can only download blobs securely by name.
Which two settings should you configure? To answer, select the appropriate settings in the answer area.
NOTE: Each correct answer is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
QUESTION 166
You have an Azure subscription that contains a virtual machine named VM1.
You plan to deploy an Azure Monitor alert rule that will trigger an alert when CPU usage on VM1 exceeds 80 percent.
You need to ensure that the alert rule sends an email message to two users named User1 and User2.
What should you create for Azure Monitor?
A. an action group
B. a mail-enabled security group
C. a distribution group
D. a Microsoft 365 group
Correct Answer: A
Section:
IT Certification Exams - Questions & Answers | Vdumps.com
Explanation:
An action group is a collection of notification preferences that can be used by Azure Monitor to send alerts to users or groups when an alert rule is triggered. An action group can include email recipients, SMS recipients, voice
call recipients, webhook URLs, Azure functions, Logic Apps, and more. To send an email message to two users named User1 and User2 when CPU usage on VM1 exceeds 80 percent, you need to create an action group that
contains their email addresses and associate it with the alert rule.
Reference:
Create and manage action groups in the Azure portal
Create, view, and manage Metric alerts using Azure Monitor
QUESTION 167
You have an Azure subscription.
You plan to migrate 50 virtual machines from VMware vSphere to the subscription.
You create a Recovery Services vault.
What should you do next?
A. Configure an extended network.
B. Create a recovery plan.
C. Deploy an Open Virtualization Application (OVA) template to vSphere.
D. Configure a virtual network.
Correct Answer: C
Section:
Explanation:
To migrate virtual machines from VMware vSphere to Azure, you need to use Azure Migrate, which is a service that helps you assess and migrate your on-premises workloads to Azure. Azure Migrate uses an appliance that
you deploy as an Open Virtualization Application (OVA) template to vSphere. The appliance discovers the virtual machines and sends metadata and performance data to Azure Migrate. You can then use Azure Migrate to
assess the readiness, cost, and sizing of the virtual machines for migration. You can also use Azure Migrate to replicate and migrate the virtual machines to Azure.
Reference:
About Azure Migrate
Prepare VMware servers for assessment and migration to Azure with Azure Migrate Server Migration
QUESTION 168
You have an Azure subscription that contains 20 virtual machines, a network security group (NSG) named NSG1, and two virtual networks named VNET1 and VNET2 that are peered.
You plan to deploy an Azure Bastion Basic SKU host named Bastion1 to VNET1.
You need to configure NSG1 to allow inbound access from the internet to Bastion1.
Which port should you configure for the inbound security rule?
A. 22
B. 443
C. 3389
D. 8080
Correct Answer: B
Section:
Explanation:
Azure Bastion is a service that provides secure and seamless RDP/SSH connectivity to virtual machines directly over TLS from the Azure portal or via native client. Azure Bastion uses an HTML5 based web client that is
automatically streamed to your local device. Your RDP/SSH session is over TLS on port 443. This enables the traffic to traverse firewalls more securely. To allow inbound access from the internet to Bastion1, you need to
configure NSG1 to allow port 443 for the inbound security rule.
Reference:
What is Azure Bastion?
About Azure Bastion configuration settings
IT Certification Exams - Questions & Answers | Vdumps.com
QUESTION 169
HOTSPOT
You have two Azure subscriptions named Sub1 and Sub2. Sub1 is in a management group named MG1. Sub2 is in a management group named MG2.
You have the resource groups shown in the following table.
You have the virtual machines shown in the following table.
You assign roles to users as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
QUESTION 170
You have an Azure subscription that contains a storage account. The account stores website data.
You need to ensure that inbound user traffic uses the Microsoft point-of-presence (POP) closest to the user's location.
What should you configure?
A. load balancing
B. private endpoints
C. Azure Firewall rules
D. Routing preference
Correct Answer: D
Section:
Explanation:
Routing preference is a feature that allows you to configure how network traffic is routed to your storage account from clients over the internet. By default, traffic from the internet is routed to the public endpoint of your
storage account over the Microsoft global network, which is optimized for low-latency path selection and high reliability. Both inbound and outbound traffic are routed through the point of presence (POP) that is closest to
the client. This ensures that traffic to and from your storage account traverses over the Microsoft global network for the bulk of its path, maximizing network performance. You can also change the routing preference to use
internet routing, which minimizes the traversal of your traffic over the Microsoft global network, handing it off to the transit ISP at the earliest opportunity. This lowers networking costs, but may compromise network
performance. Therefore, to ensure that inbound user traffic uses the Microsoft POP closest to the user's location, you should configure routing preference to use the Microsoft global network as the default routing option for
your storage account.
Network routing preference for Azure Storage
Configure network routing preference for Azure Storage
QUESTION 171
HOTSPOT
You have an Azure Storage account named storage1 that contains a blob container. The blob container has a default access tier of Hot. Storage1 contains a container named container!
You create lifecycle management rules in storage1 as shown in the following table.
IT Certification Exams - Questions & Answers | Vdumps.com
You perform the actions shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
QUESTION 172
HOTSPOT
You have an Azure subscription that contains the public load balancers shown in the following table.
You plan to create six virtual machines and to load balance requests to the virtual machines. Each load balancer will load balance three virtual machines.
You need to create the virtual machines for the planned solution.
How should you create the virtual machines? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
QUESTION 173
HOTSPOT
You have an Azure subscription that has offices in the East US and West US Azure regions.
You plan to create the storage account shown in the following exhibit.
IT Certification Exams - Questions & Answers | Vdumps.com
IT Certification Exams - Questions & Answers | Vdumps.com
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
Section:
Explanation:
QUESTION 174
You need to create an Azure Storage account named storage1. The solution must meet the following requirements:
* Support Azure Data Lake Storage.
* Minimize costs for infrequently accessed data.
* Automatically replicate data to a secondary Azure region.
Which three options should you configure for storage1? Each correct answer presents part of the solution.
IT Certification Exams - Questions & Answers | Vdumps.com
NOTE: Each correct answer is worth one point.
A. the Cool access tier
B. the Hot access tier
C. hierarchical namespace
D. zone-redundant storage (ZRS)
E. geo-redundant storage (GRS)
Correct Answer: A, C, E
Section:
Explanation:
To create an Azure Storage account that supports Azure Data Lake Storage, you need to enable the hierarchical namespace option. This option allows you to organize and manipulate files and folders efficiently in a data lake. It
also enables compatibility with the Hadoop Distributed File System (HDFS) API, which is widely used for big data analytics. For more information, seeAzure Data Lake Storage Gen2 Introduction.
To minimize costs for infrequently accessed data, you can choose the Cool access tier for your storage account. This tier offers lower storage costs than the Hot access tier, but higher access and transaction costs. The Cool
access tier is suitable for data that is infrequently accessed or modified, such as short-term backup, disaster recovery, or archival data. Data in the Cool access tier should be stored for at least 30 days. For more information,
seeAccess tiers for blob data.
To automatically replicate data to a secondary Azure region, you can choose the geo-redundant storage (GRS) option for your storage account. This option replicates your data synchronously three times within the primary
region, and then asynchronously to the secondary region. GRS provides the highest level of durability and availability for your data, and protects against regional outages or disasters. For more information, seeData
redundancy.
QUESTION 175
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
NSG1 is configured as shown in the following exhibit.
IT Certification Exams - Questions & Answers | Vdumps.com
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
QUESTION 176
HOTSPOT
You have an Azure subscription that contains a virtual machine named VM1.
To VM1, you plan to add a 1-TB data disk that meets the following requirements:
* Provides data resiliency in the event of a datacenter outage.
* Provides the lowest latency and the highest performance.
* Ensures that no data loss occurs if a host fails.
You need to recommend which type of storage and host caching to configure for the new data disk.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
QUESTION 177
You have an Azure subscription that contains multiple virtual machines in the West US Azure region.
You need to use Traffic Analytics in Azure Network Watcher to monitor virtual machine traffic.
Which two resources should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. a Data Collection Rule (OCR) in Azure Monitor
B. a Log Analytics workspace
C. an Azure Monitor workbook
D. a storage account
E. a Microsoft Sentinel workspace
Correct Answer: B, D
Section:
Explanation:
To use Traffic Analytics in Azure Network Watcher, you need to create a Log Analytics workspace and a storage account. A Log Analytics workspace is a cloud-based repository that collects and stores data from various
sources, such as NSG flow logs. A storage account is a container that provides a unique namespace to store and access your data objects in Azure Storage. You need to enable NSG flow logs and configure them to send data to
both the Log Analytics workspace and the storage account. Traffic Analytics analyzes the NSG flow logs and provides insights into traffic flow in your Azure cloud.
Traffic analytics - Azure Network Watcher | Microsoft Learn
Traffic analytics FAQ - Azure Network Watcher | Microsoft Learn
IT Certification Exams - Questions & Answers | Vdumps.com
QUESTION 178
HOTSPOT
You need to generate a shared access signature (SAS). The solution must meet the following requirements:
* Ensure that the SAS can only be used to enumerate and download blobs stored in container1.
* Use the principle of least privilege,
Which three settings should you enable? To answer, select the appropriate settings in the answer are a.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
Section:
Explanation:
IT Certification Exams - Questions & Answers | Vdumps.com
QUESTION 179
HOTSPOT
You have an Azure AD tenant.
You need to create a Microsoft 365 group that contains only members of a marketing department in France.
How should you complete the dynamic membership rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct answer is worth one point.
Hot Area:
Answer Area:
Section:
Explanation:
QUESTION 180
You have an Azure App Service app named App1 that contains two running instances.
You have an autoscale rule configured as shown in the following exhibit.
IT Certification Exams - Questions & Answers | Vdumps.com
For the Instance limits scale condition setting, you set Maximum to 5.
IT Certification Exams - Questions & Answers | Vdumps.com
During a 30-minute period, App1 uses 80 percent of the available memory.
What is the maximum number of instances for App1 during the 30-minute period?
A. 2
B. 3
C. 4
D. 5
Correct Answer: A
Section:
QUESTION 181
You create an Azure VM named VM1 that runs Windows Server 2019.
VM1 is configured as shown in the exhibit (Click the Exhibit tab.)
IT Certification Exams - Questions & Answers | Vdumps.com
You need to enable Desired State Configuration for VM1.
What should you do first?
A. Configure a DNS name for VM1.
B. Start VM1.
C. Capture a snapshot of VM1.
D. Connect to VM1.
IT Certification Exams - Questions & Answers | Vdumps.com
Correct Answer: B
Section:
QUESTION 182
HOTSPOT
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the virtual machines shown in the following table.
Each virtual machine contains only a private IP address.
You create an Azure bastion for VNet1 as shown in the following exhibit.
IT Certification Exams - Questions & Answers | Vdumps.com
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
QUESTION 183
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains four subnets named Gateway, Perimeter. NVA and Production.
The NVA subnet contains two network virtual appliances (NVAs) that will perform network traffic inspection between the Perimeter subnet and the Production subnet.
You need to implement an Azure load balancer for the NVAs. The solution must meet the following requirements:
* The NVAs must run in an active-active configuration that uses automatic failover.
* The toad balancer must load balance traffic to two services on the Production subnet. The services have different IP addresses.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
B. Deploy a basic load balancer.
C. Add a frontend IP configuration, a backend pool, and a health probe.
D. Add two load balancing rules that have HA Ports and Floating IP enabled.
E. Deploy a standard load balancer.
F. Add a frontend IP configuration, two backend pools, and a health probe.
IT Certification Exams - Questions & Answers | Vdumps.com
Correct Answer: D, E, F
Section:
QUESTION 184
HOTSPOT
You manage two Azure subscriptions named Subscription 1 and Subscription2.
Subscription! has following virtual networks:
The virtual networks contain the following subnets:
Subscnption2 contains the following virtual network:
- Name: VNETA
* Address space: 10.10.128.0/17
* Region: Canada Central
VNETA contains the following subnets:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Section:
Explanation:
QUESTION 185
HOTSPOT
You have an Azure subscription that contains the vaults shown in the following table.
You create a storage account that contains the resources shown in the following table.
To which vault can you back up cont1 and share1? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
QUESTION 186
HOTSPOT
You have an Azure subscription that contains two storage accounts named contoso101 and contoso102.
The subscription contains the virtual machines shown in the following table.
VNet1 has service endpoints configured as shown in the Service endpoints exhibit. (Click the Service endpoints tab.)
IT Certification Exams - Questions & Answers | Vdumps.com
The Microsoft. Storage service endpoint has the service endpoint policy shown in the Microsoft. Storage exhibit. (Click the Microsoft. Storage tab.)
IT Certification Exams - Questions & Answers | Vdumps.com
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
IT Certification Exams - Questions & Answers | Vdumps.com
Answer Area:
Section:
Explanation:
QUESTION 187
You have an Azure subscription that contains the resources shown in the following table.
You need to perform the tasks shown in the following table.
Which tasks can you perform by using Azure Storage Explorer?
A. Task1 and Task3 only
IT Certification Exams - Questions & Answers | Vdumps.com
B. Task1, Task2, and Task3 only
C. Task1, Task3, and Task4 only
D. Task2, Task3, and Task4 only
E. Task1, Task2, Task3, and Task4
Correct Answer: D
Section:
QUESTION 188
You have an Azure subscription that contains a resource group named RG1.
You plan to create a storage account named storage1.
You have a Bicep file named File1.
You need to modify File1 so that it can be used to automate the deployment of storage1 to RG1.
Which property should you modify?
A. scope
B. kind
C. sku
D. location
Correct Answer: A
Section:
QUESTION 189
You have an Azure App Service app named App1 that contains two running instances.
You have an auto scale rule configured as shown in the following exhibit
IT Certification Exams - Questions & Answers | Vdumps.com
For the instance limits stale condition setting, you set Maximum to 5.
During a 30-minute period. Appl uses 60 percent of the available memory.
What is the maximum number of instances tor Appl during the 30-minute period:
A. 2
B. 3
C. 4
D. 5
Correct Answer: C
Section:
Explanation:
The exhibit shows that you have an auto scale rule configured for your App Service app named App1. The rule is based on the memory percentage metric, which measures the average amount of memory used by all the
instances of your app. The rule has the following settings:
Scale out action: Add 1 instance when the memory percentage is greater than or equal to 80% for a duration of 10 minutes.
Scale in action: Remove 1 instance when the memory percentage is less than or equal to 60% for a duration of 10 minutes.
Instance limits: The minimum number of instances is 2, and the maximum number of instances is 5.
According to the question, during a 30-minute period, App1 uses 60% of the available memory. This means that the scale in action is triggered, but not the scale out action. Therefore, one instance is removed from App1
every 10 minutes, until the minimum number of instances is reached.
Since App1 initially has two running instances, after the first 10 minutes, one instance is removed and App1 has one instance left. However, since the minimum number of instances is set to 2, another instance is added back
to App1 to meet the minimum requirement. Therefore, after the first 10 minutes, App1 still has two instances.
After the second 10 minutes, the same process repeats. One instance is removed due to the scale in action, and another instance is added back due to the minimum requirement. Therefore, after the second 10 minutes, App1
IT Certification Exams - Questions & Answers | Vdumps.com
still has two instances.
After the third 10 minutes, there is no change in the number of instances, because App1 already has the minimum number of instances. Therefore, after the third 10 minutes, App1 still has two instances.
Therefore, during the 30-minute period, App1 never has more than two instances running at any given time. However, since one instance is removed and added back every 10 minutes, there are four different instances that
are used by App1 during the period. Hence, the maximum number of instances for App1 during the period is four.
IT Certification Exams - Questions & Answers | Vdumps.com
You might also like
- Microsoft - Az 104.VDec 2023.by .Jack .206q100% (1)Microsoft - Az 104.VDec 2023.by .Jack .206q212 pages
- Microsoft Azure Administrator: Microsoft AZ-104 Dumps Available Here atNo ratings yetMicrosoft Azure Administrator: Microsoft AZ-104 Dumps Available Here at30 pages
- Microsoft Azure Administrator: Microsoft AZ-104 Dumps Available Here atNo ratings yetMicrosoft Azure Administrator: Microsoft AZ-104 Dumps Available Here at14 pages
- Microsoft - Az 305.VOct 2023.by .Uriankisikioty89qNo ratings yetMicrosoft - Az 305.VOct 2023.by .Uriankisikioty89q82 pages
- Microsoft - Vdumps.az 104.VJun 2024.by .Athoney.223qNo ratings yetMicrosoft - Vdumps.az 104.VJun 2024.by .Athoney.223q216 pages
- Exam AZ-104: Microsoft Azure Administrator ExamNo ratings yetExam AZ-104: Microsoft Azure Administrator Exam282 pages
- Microsoft Azure Administrator AZ-104 Exam Guide100% (6)Microsoft Azure Administrator AZ-104 Exam Guide10 pages
- Microsoft Actualtests 70-533 v2015-03-09 by PatNo ratings yetMicrosoft Actualtests 70-533 v2015-03-09 by Pat152 pages
- AZ-305 Exam: Azure Infrastructure SolutionsNo ratings yetAZ-305 Exam: Azure Infrastructure Solutions89 pages
- AZ-104 Microsoft Azure Exam Sample QuestionsNo ratings yetAZ-104 Microsoft Azure Exam Sample Questions7 pages
- User1 Only. User1, User2, and User3 Only. User1 and User2 Only. User1, User2, User3, and User4. User2 OnlyNo ratings yetUser1 Only. User1, User2, and User3 Only. User1 and User2 Only. User1, User2, User3, and User4. User2 Only119 pages
- Website: Vce To PDF Converter: Facebook: Twitter:: Az-300.Vceplus - Premium.Exam.62QNo ratings yetWebsite: Vce To PDF Converter: Facebook: Twitter:: Az-300.Vceplus - Premium.Exam.62Q56 pages
- AZ-700 Exam Study Guide: Azure NetworkingNo ratings yetAZ-700 Exam Study Guide: Azure Networking7 pages
- Aindump2go Az-104 Study Guide 2023-May-12 by Avery 180q VceNo ratings yetAindump2go Az-104 Study Guide 2023-May-12 by Avery 180q Vce47 pages
- Cadworx & Analysis Solutions: IntergraphNo ratings yetCadworx & Analysis Solutions: Intergraph8 pages
- Vsphere Vcenter Server 80u2a Release NotesNo ratings yetVsphere Vcenter Server 80u2a Release Notes26 pages
- BITS PILANI Operation Management SyllabusNo ratings yetBITS PILANI Operation Management Syllabus12 pages
- Mini Monitor Module Installation Guide: TroubleshootingNo ratings yetMini Monitor Module Installation Guide: Troubleshooting2 pages
- Strategi Peningkatan Layanan Putat GedeNo ratings yetStrategi Peningkatan Layanan Putat Gede14 pages
- Bio-Eagle: Biometrics Time Attendance & Access ControlNo ratings yetBio-Eagle: Biometrics Time Attendance & Access Control42 pages
- Configuring The Web Service Client in The SAP NetWeaver AdministratorNo ratings yetConfiguring The Web Service Client in The SAP NetWeaver Administrator7 pages
- Mobile Computing Fundamentals ExplainedNo ratings yetMobile Computing Fundamentals Explained17 pages
- Tronsmart T6 Plus Upgraded Edition ManualNo ratings yetTronsmart T6 Plus Upgraded Edition Manual38 pages
- Microsoft Data Warehouse Design ConsiderationsNo ratings yetMicrosoft Data Warehouse Design Considerations36 pages
- AJP Project Report-Password Generating SystemNo ratings yetAJP Project Report-Password Generating System8 pages
