You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com. Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name.
Which type of DNS record should you create?
- A . PTR
- B . MX
- C . NSEC3
- D . RRSIG
You have several Windows Server and Ubuntu Linux virtual machines (VMs) distributed across the two following virtual networks (VNets):
• prod-vnet-west (West US region)
• prod-vnet-east (East US region)
You need to allow VMs in either VNet to connect and to share resources by using only the Azure backbone network.
Your solution must minimize cost, complexity, and deployment time.
What should you do?
- A . Add a service endpoint to each VNet.
- B . Configure peering between prod-vnet-west and prod-vnet-west.
- C . Create a private zone in Azure DNS.
- D . Deploy a VNet-to-VNet virtual private network (VPN).
our company’s local environment consists of a single Active Directory Domain Services (AD DS) domain.
You plan to offer your users single sign-on (SSO) access to Azure-hosted software-as-a-service (SaaS) applications that use Azure Active Directory (Azure AD) authentication.
The tenant’s current domain name is companycom.onmicrosoft.com.
You need to configure Azure AD to use company.com as the organization’s owned public domain name.
What should you do?
- A . Add company.com as a user principal name (UPN) suffix to the AD DS domain.
- B . Run Azure AD Connect from a domain member server and specify the custom installation option.
- C . Remove the companycom.onmicrosoft.com domain name from the Azure AD tenant.
- D . Add a DNS verification record at the domain registrar.
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
Your company registers a domain name of contoso.com.
You create an Azure DNS Zone named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You modify the name server at the domain registrar.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
Your company registers a domain name of contoso.com.
You create an Azure DNS Zone named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You add an NS record to the contoso.com zone.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
Your company registers a domain name of contoso.com.
You create an Azure DNS Zone named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You modify the SOA record in the contoso.com zone.
Does this meet the goal?
- A . Yes
- B . No
You are an administrator for a company. You create an Azure Storage account named Contoso storage.
You plan to create a file share named data.
Users need to map a drive to the data file share from home computers that run Windows 10.
Which port should be open between the home computers and the data file share?
- A . 80
- B . 443
- C . 445
- D . 3389
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com. Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name.
Which type of DNS record should you create?
- A . RRSIG
- B . PTR
- C . DNSKEY
- D . TXT
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You configure a custom policy definition, and then you assign the policy to the subscription.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription.
Does this meet the goal?
- A . Yes
- B . No
You have an Azure Active Directory (Azure AD) domain that contains 5,000 user accounts.
You create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?
- A . From the Directory role blade, modify the directory role.
- B . From the Groups blade, invite the user account to a new group.
- C . From the Licenses blade, assign a new license.
- D . From the Sign-Ins blade, download a script.
Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com.
Adatum.com contains the user accounts in the following table.
Adatum.onmicrosoft.com contains the user accounts in the following table.
You need to implement Azure AD Connect. The solution must follow the principle of least privilege.
Which user accounts should you use? (To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.
You install and configure a web server and a DNS server on VM1.
VM1 has the effective network security rules shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. (NOTE: Each correct selection is worth one point.)
- A . Internet users can connect to only the DNS server on VM1.
If you delete Rule2, Internet users can connect to only the web server on VM1. - B . Internet users can connect to only the web server on VM1.
If you delete Rule2, Internet users can connect to the web server and the DNS server on VM1. - C . Internet users can connect to only the web server on VM1.
If you delete Rule2, Internet users cannot connect to the web server and the DNS server on VM1. - D . Internet users can connect to only the web server and the DNS server on VM1.
If you delete Rule2, Internet users can connect to only the DNS server on VM1. - E . Internet users cannot connect to the web server and the DNS server on VM1.
If you delete Rule2, Internet users can connect to the web server and the DNS server on VM1. - F . Internet users cannot connect to the web server and the DNS server on VM1.
If you delete Rule2, Internet users can connect to only the DNS server on VM1.
You are an administrator for your company.
You have peering configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. (NOTE: Each correct selection is worth one point.)
- A . Hosts on VNet6 can communicate with hosts on VNet6 only
To change the status of the peering connection to VNet1 to Connected, you must first delete peering1 - B . Hosts on VNet6 can communicate with hosts on VNet6 only
To change the status of the peering connection to VNet1 to Connected, you must first modify the address space - C . Hosts on VNet6 can communicate with hosts on VNet6 and VNet1 only
To change the status of the peering connection to VNet1 to Connected, you must first modify the address space - D . Hosts on VNet6 can communicate with hosts on VNet6 and VNet1 only
To change the status of the peering connection to VNet1 to Connected, you must first add a service endpoint - E . Hosts on VNet6 can communicate with hosts on VNet6 and VNet1 and VNet2 only
To change the status of the peering connection to VNet1 to Connected, you must first add a service endpoint - F . Hosts on VNet6 can communicate with hosts on all the virtual networks in the subscription
To change the status of the peering connection to VNet1 to Connected, you must first add a subnet
You are an administrator for a company. You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table.
Subscription1 contains the virtual machines in the following table:
The firewalls on all the virtual machines are configured to allow all ICMP traffic.
You add the peerings in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure subscription named Subscription1. The subscription contains an Azure Active Directory (Azure AD) tenant named Adatum and a resource group named Dev. Adatum contains a group named Developers.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure subscription named Subscription1. The subscription contains an Azure Active Directory (Azure AD) tenant named Adatum and a resource group named Dev. Adatum contains a group named Developers.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Performance Monitor, you create a Data Collector Set (DCS).
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Network Watcher, you create a packet capture.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Monitor, you create a metric on Network In and Network Out.
Does this meet the goal?
- A . Yes
- B . No
You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.
What should you do?
- A . From the Azure portal modify the Access control (IAM) settings of VM1.
- B . From the Azure portal, modify the Policies settings of RG1.
- C . From the Azure portal, modify the value of the Managed Service Identity option for VM1.
- D . From the Azure portal, modify the Access control (IAM) settings of RG1.
You are configuring Azure Active Directory (AD) Privileged Identity Management. You need to provide a user named Admin1 with read access to a resource group named RG1 for only one month. The user role must be assigned immediately.
What should you do?
- A . Assign an active role.
- B . Assign an eligible role.
- C . Assign a permanently active role.
- D . Create a custom role and a conditional access policy.
You are an administrator for a company. You plan to create a new Azure Active Directory (Azure AD) role.
You need to ensure that the new role can view all the resources in the Azure subscription and issue support requests to Microsoft. The solution must use the principle of least privilege.
How should you complete the JSON definition? (To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
You have an Azure Active Directory (Azure AD) tenant named Tenant1 and an Azure subscription named Subscription1. You enable Azure AD Privileged Identity Management.
You need to secure the members of the Lab Creator role. The solution must ensure that the lab creators request access when they create labs.
What should you do first?
- A . From Azure AD Privileged Identity Management, edit the role settings for Lab Creator.
- B . From Subscription1 edit the members of the Lab Creator role.
- C . From Azure AD Identity Protection, creates a user risk policy.
- D . From Azure AD Privileged Identity Management, discover the Azure resources of Conscription.
You create an Azure subscription that is associated to a basic Azure Active Directory (Azure AD) tenant. You need to receive an email notification when any user activates an administrative role.
What should you do?
- A . Purchase Azure AD Premium P2 and configure Azure AD Privileged Identity Management.
- B . Purchase Enterprise Mobility + Security E3 and configure conditional access policies.
- C . Purchase Enterprise Mobility + Security E5 and create a custom alert rule in Azure Security Center.
- D . Purchase Azure AD Premium P1 and enable Azure AD Identity Protection.
You have an Azure Active Directory (Azure AD) tenant that contains three global administrators named Admin1, Admin2, and Admin3.
The tenant is associated to an Azure subscription. Access control for the subscription is configured as shown in the following exhibit.
You sign in to the Azure portal as Admin1 and configure the tenant as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)
You are an administrator for a company. You have an Azure Active Directory (Azure AD) tenant.
You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations.
You need to ensure that members of the Global Administrators group will also be forced to use multi- factor authentication when authenticating from untrusted locations.
What should you do?
- A . From the multi-factor authentication page, modify the service settings.
- B . From the multi-factor authentication page, modify the user settings.
- C . From the Azure portal, modify grant control of Policy1.
- D . From the Azure portal, modify session control of Policy1.
You have an azure subscription that contains a virtual network named VNet1. VNet1 contains four subnets named Gateway, Perimeter, NVA, and Production.
The NVA subnet contains two network virtual appliances (NVAs) that will perform network traffic inspection between the perimeter subnet and the production subnet.
You need to implement an Azure load balancer for the NVAs.
The solution must meet the following requirements:
• The NVAs must run in an active-active configuration that uses automatic failover.
• The NVA must load balance traffic to two services on the Production subnet. The services have different IP addresses.
Which three actions should you perform? (Each correct answer presents parts of the solution. NOTE: Each correct selection is worth one point.)
- A . Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
- B . Deploy a standard load balancer.
- C . Add a frontend IP configuration, two backend pools, and a health probe.
- D . Add a frontend IP configuration, a backend pool, and a health probe.
- E . Add two load balancing rules that have HA Ports and Floating IP enabled.
- F . Deploy a basic load balancer.
You have five Azure virtual machines that run Windows Server 2016 and you have an Azure load balancer named LB1 that provides load balancing services.
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?
- A . Floating IP (direct server return) to Disable.
- B . Session persistence to Client IP.
- C . A health probe.
- D . Session persistence to None.
You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1.
You need to ensure that you can configure a point-to-site connection from VNet1 to an on-premises computer.
Which two actions should you perform? (Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.)
- A . Reset GW1.
- B . Add a service endpoint to VNet1.
- C . Add a connection to GW1.
- D . Add a public IP address space to VNet1.
- E . Delete GW1.
- F . Create a route-based virtual network gateway.
From the MFA Server blade, you open the Block/unblock users blade as shown in the exhibit.
What caused ChrisGreen to be blocked?
- A . An administrator manually blocked the user.
- B . The user reports a fraud alert when prompted for additional authentication.
- C . The user account password expired.
- D . The user entered an incorrect PIN four times within 10 minutes.
You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com.
From the Azure Active Directory blade, you assign the Conditional Access Administrator role to a user named Admin1.
You need to ensure that Admin1 has just-in-time access as a conditional access administrator.
What should you do next?
- A . Enable Azure AD Multi-Factor Authentication (MFA).
- B . Set Admin1 as Eligible for the Privileged Role Administrator role.
- C . Set Admin1 as Eligible for the Conditional Access Administrator role.
- D . Enable Azure AD Identity Protection.
You are the global administrator for an Azure Active Directory (Azure AD) tenet named adatum.com.
You need to enable two-step verification for Azure users.
What should you do?
- A . Create a sign-in risk policy in Azure AD Identity Protection.
- B . Enable Azure AD Privileged Identity Management.
- C . Create and configure the Identity Hub.
- D . Configure a security policy in Azure Security Center.
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1.
You add the users in the following table.
Which user can perform each configuration? (To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
You are an administrator for a company.
You have an Azure subscription that contains the following resources:
• A virtual network named VNet1.
• A replication policy named ReplPolicy1.
• A Recovery Services vault named Vault1.
• An Azure Storage account named Storage1.
You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows Server.
You need to migrate VM1 to VNet1 by using Azure Site Recovery.
Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
- A . Sequence: 2, 4, 5
- B . Sequence: 4, 3, 5
- C . Sequence: 1, 3, 5
- D . Sequence: 4, 1, 5
You have an Azure subscription named Subscription1. In Subscription1, you create an Azure file share named share1.
You create a shared access signature (SAS) named SAS1 as shown in the following exhibit.
Which statements are true? (To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
You have an on-premises file server named Server1 that runs Windows Server 2016 and you have an Azure subscription that contains an Azure file share.
You deploy an Azure File Sync Storage Sync Service, and you create a sync group.
You need to synchronize files from Server1 to Azure.
Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
- A . Sequence: 5, 4, 6
- B . Sequence: 2, 4, 6
- C . Sequence: 3, 4, 6
- D . Sequence: 3, 1, 2
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the RG1 blade, you click Deployments.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the Subscriptions blade, you select the subscription, and then click "Resource providers".
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the RG1 blade, you click Automation script.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: You use the activity log and filter the events for the resource group RG1.
Does this meet the goal?
- A . Yes
- B . No
You have an Azure subscription that contains two resource groups named RG1 and RG2. RG2 does not contain any resources.
RG1 contains the resources in the following table.
Which resource can you move to RG2?
- A . W10_OsDisk
- B . VNet1
- C . VNet3
- D . W10
You have 100 Azure subscriptions. All the subscriptions are associated to the same Azure Active Directory (Azure AD) tenant named contoso.com.
You are a global administrator.
You plan to create a report that lists all the resources across all the subscriptions. You need to ensure that you can view all the resources in all the subscriptions.
What should you do?
- A . From the Azure portal, modify the profile settings of your account.
- B . From Windows PowerShell, run the Add-AzureADAdministrativeUnitMember cmdlet.
- C . From Windows PowerShell, run the New-AzureADUserAppRoleAssignment cmdlet.
- D . From the Azure portal, modify the properties of the Azure AD tenant.
You are an administrator for your company.
You have an Azure subscription that contains the resources in the following table.
Store1 contains a file share named Data. Data contains 5,000 files.
You need to synchronize the files in Data to an on-premises server named Server1.
Which three actions should you perform? (Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.)
- A . Download an automation script.
- B . Create a container instance.
- C . Create a sync group.
- D . Register Server1.
- E . Install the Azure File Sync agent on Server1.
You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you create the import job? (Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.)
- A . An XML manifest file
- B . A driveset CSV file
- C . A dataset CSV file
- D . A PowerShell PS1 file
- E . A JSON configuration file
You have an Azure web app named WebApp1 that runs in an Azure App Service plan named ASP1. ASP1 is based on the D1 pricing tier.
You need to ensure that WebApp1 can be accessed only from computers on your on-premises network. The solution must minimize costs.
What should you configure? (To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
You are a cloud administrator for a company. You have an Azure web app named WebApp1.
You need to provide developers with a copy of WebApp1 that they can modify without affecting the production WebApp1. When the developers finish testing their changes, you must be able to switch the current online version of WebApp1 to the new version.
Which command should you run prepare the environment? (To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
You have an Azure App Service plan that hosts an Azure App Service named App1. You configure one production slot and four staging slots for App1.
You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot.
What should you add to Appl1?
- A . Slots to the “Testing in production” blade.
- B . A performance test.
- C . A WebJob.
- D . Templates to the Automation script blade.
You are an administrator for a company. You have an Azure Service Bus.
You need to implement a Service Bus queue that guarantees first in first-out (FIFO) delivery of messages.
What should you do?
- A . Set the Lock Duration setting to 10 seconds.
- B . Enable duplicate detection.
- C . Set the Max Size setting of the queue to 5 GB.
- D . Enable partitioning.
- E . Enable sessions.
You have a Microsoft SQL Server Always On availability group on Azure virtual machines.
You need to configure an Azure internal load balancer as a listener for the availability group.
What should you do?
- A . Enable Floating IP.
- B . Set Session persistence to Client IP and protocol.
- C . Set Session persistence to Client IP.
- D . Create an HTTP health probe on port 1433.
You have an Azure subscription that contains a virtual network named VNet1. VNet 1 has two subnets named Subnet1 and Subnet2.
VNet1 is in the West Europe Azure region.
The subscription contains the virtual machines in the following table.
You need to deploy an application gateway named AppGW1 to VNet1.
What should you do first?
- A . Add a service endpoint.
- B . Add a virtual network.
- C . Move VM3 to Subnet1.
- D . Stop VM1 and VM2.
You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.
Subnet1 is associated to a network security group (NSG) named NSG1.
Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? (To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
Note: This is a lab or performance-based testing (PBT) question. To answer, you will perform a set of tasks in a live environment. Some functionality (e.g. copy and paste) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. It doesn’t matter how you accomplish the goal.
You need to create a function app named corp7509086nl that supports sticky sessions. The solution must minimize the Azure-related costs of the App Service plan.
What should you do from the Azure portal? (This question has to be solved in a lab environment. Click on Solution to see a valid example solution. Answer "True" if you can solve the problem, otherwise select "Wrong".)
Solution:
Step 01: Connect to Azure portal. Type https://portal.azure.com in the browser address bar and use the provided credentials for Sign in.
Step 02: On the upper right corner, select Create a resource, the select Compute > Function-App.
Step 03: Enter the name for the app you want to create, and change the hosting plan from "Consumption Plan" to "App Service Plan." The hosting plan controls sticky session support (user is always connected to the same VM when scaling the app horizontally).
Step 04: Create a new App Service plan and choose the cheapest pricing tier available. Then click "Create" to deploy the new Function App.
Reference: Create a function app from the Azure portal
- A . True
- B . False
Note: This is a lab or performance-based testing (PBT) question. To answer, you will perform a set of tasks in a live environment. Some functionality (e.g. copy and paste) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. It doesn’t matter how you accomplish the goal.
You need to create a web app named corp7509086n23 that can be scaled horizontally. The solution must use the lowest possible pricing tier for the App Service plan.
What should you do from the Azure portal? (This question has to be solved in a lab environment. Click on Solution to see a valid example solution. Answer "True" if you can solve the problem, otherwise select "Wrong".)
Solution:
Step 01: Connect to Azure portal. Type https://portal.azure.com in the browser address bar and use the provided credentials for Sign in.
Step 02: On the upper right corner, select Create a resource, the select Web > Web App.
Step 03: Enter the name for the app you want to create, and ensure that the App Service plan uses the Standard S1 pricing tier. S1 is the cheapest pricing tier that allows auto scale. Then click "Create" to deploy the new Web App.
- A . True
- B . False
Note: This is a lab or performance-based testing (PBT) question. To answer, you will perform a set of tasks in a live environment. Some functionality (e.g. copy and paste) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. It doesn’t matter how you accomplish the goal.
Another administrator reports that she is unable to configure a web app named corp7509086n32 to prevent all connections from an IP address of 11.0.0.11.
You need to modify corp7509086n32 to successfully prevent the connections from the IP address. The solution must minimize Azure-related costs.
What should you do from the Azure portal? (This question has to be solved in a lab environment. Click on Solution to see a valid example solution. Answer "True" if you can solve the problem, otherwise select "Wrong".)
Solution:
Step 01: Connect to Azure portal. Type https://portal.azure.com in the browser address bar and use the provided credentials for Sign in.
Step 02: Locate the web app by typing the name of the app in the search bar or by navigating to "App Services". The open the Networking blade of the web app and click on "Configure IP Restrictions".
Step 03: Click on Add rule and add a deny rule to prevent all connections from an IP address of 11.0.0.11/24.
- A . True
- B . False
Note: This is a lab or performance-based testing (PBT) question. To answer, you will perform a set of tasks in a live environment. Some functionality (e.g. copy and paste) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. It doesn’t matter how you accomplish the goal.
You need to add a deployment slot named staging to an Azure web app named corp7509086n32.
The solution must meet the following requirements:
• When new code is deployed to staging, the code must be swapped automatically to the production slot.
• Azure-related costs must be minimized.
What should you do from the Azure portal? (This question has to be solved in a lab environment. Click on Solution to see a valid example solution. Answer "True" if you can solve the problem, otherwise select "Wrong".)
Solution:
Step 01: Connect to Azure portal. Type https://portal.azure.com in the browser address bar and use the provided credentials for Sign in.
Step 02: Locate the web app by typing the name of the app in the search bar or by navigating to "App Services". Then open the "Deployments slots" blade of the web app and click on "Add Slot".
Step 03: Type in the slot name and click on OK.
Step 04: Open the blade for the newly created slot, click on Application settings and enable Auto swap. Don´t forget to save your settings.
Reference: Set up staging environments in Azure App Service
- A . True
- B . False
Note: This is a lab or performance-based testing (PBT) question. To answer, you will perform a set of tasks in a live environment. Some functionality (e.g. copy and paste) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. It doesn’t matter how you accomplish the goal.
You plan to deploy an application getaway named appgw1015 to load balance IP traffic to the Azure virtual machines connected to subnet0.
You need to configure a virtual network named VNET1015 to support the planned application gateway.
What should you do from the Azure portal? (This question has to be solved in a lab environment. Click on Solution to see a valid example solution. Answer "True" if you can solve the problem, otherwise select "Wrong".)
Solution:
Step 01: Connect to Azure portal. Type https://portal.azure.com in the browser address bar and use the provided credentials for Sign in.
Step 02: An application gateway muss be deployed into an empty subnet (not into the gateway subnet). We need to create a new subnet within VNET1015 to support the creation of the application getaway. Type "VNET1015 in the search box to locate and open the VNets blade. Then click on Subnets and choose to add a subnet.
Step 03: Type in a name for the new subnet and click OK.
In the next step we could create the application gateway. Because the question asks only to configure the virtual network to support the app gateway, we are finished here.
Reference: What is Azure Application Gateway?
- A . True
- B . False
Note: This is a lab or performance-based testing (PBT) question. To answer, you will perform a set of tasks in a live environment. Some functionality (e.g. copy and paste) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. It doesn’t matter how you accomplish the goal.
You need to deploy an application gateway named appgwl015 to meet the following requirements:
• Load balance internal IP traffic to the Azure virtual machines connected to subnet0.
• Provide a Service Level Agreement (SLA) of 99.99 percent availability for the Azure virtual machines.
What should you do from the Azure portal? (This question has to be solved in a lab environment. Click on Solution to see a valid example solution. Answer "True" if you can solve the problem, otherwise select "Wrong".)
Solution:
Step 01: Connect to Azure portal. Type https://portal.azure.com in the browser address bar and use the provided credentials for Sign in.
Step 02: Click on Create a resource, choose Networking and click Application Gateway.
Step 03: Type in a name for the new application gateway and click OK.
Note: Microsoft guarantees that each Application Gateway Cloud Service having two or more medium or larger instances will be available at least 99.9% of the time. (Reference: SLA for Application Gateway)
Step 04: Choose the VNet and select an empty subnet (subnet1, created in the previous question). Click on OK.
Step 05: Click on OK to create the new application gateway.
Reference: What is Azure Application Gateway?
- A . True
- B . False
Note: This is a lab or performance-based testing (PBT) question. To answer, you will perform a set of tasks in a live environment. Some functionality (e.g. copy and paste) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. It doesn’t matter how you accomplish the goal.
You need to deploy an Azure load balancer named lb1016 to your Azure subscription.
The solution must meet the following requirements:
• Support the load balancing of IP traffic from the Internet to Azure virtual machines connected to VNET1016subnet0.
• Provide a Service level Agreement (SLA) of 99.99 percent availability for the Azure virtual machines.
• Minimize Azure-related costs.
What should you do from the Azure portal? (This question has to be solved in a lab environment. Click on Solution to see a valid example solution. Answer "True" if you can solve the problem, otherwise select "Wrong".
To complete this task, you do NOT need to wait for the deployment to complete. Once the deployment starts in Azure, you can move to the next task.)
Solution:
Step 01: Connect to Azure portal. Type https://portal.azure.com in the browser address bar and use the provided credentials for Sign in.
Step 02: Click on Create a resource, choose Networking and click Load Balancer.
Step 03: To load balance IP traffic from the Internet, we need to create a public type load balancer.
Note: Microsoft guarantees that a Load Balanced Endpoint using Azure Standard Load Balancer, serving two or more Healthy Virtual Machine Instances, will be available 99.99% of the time. Basic Load Balancer is excluded from this SLA (Reference: SLA for Load Balancer). Therefore we need to choose the Standard SKU.
Configure the following settings and click on Create.
Reference: Quickstart: Create a Standard Load Balancer to load balance VMs using the Azure portal
- A . True
- B . False
Note: This is a lab or performance-based testing (PBT) question. To answer, you will perform a set of tasks in a live environment. Some functionality (e.g. copy and paste) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. It doesn’t matter how you accomplish the goal.
You plan to connect a virtual network named VNET1017 to your on-premises network by using both an Azure ExpressRoute and a site-to-site VPN connection.
You need to prepare the Azure environment for the planned deployment. The solution must maximize the IP address space available to Azure virtual machines.
What should you do from the Azure portal before you create the ExpressRoute are the VPN gateway? (This question has to be solved in a lab environment. Click on Solution to see a valid example solution. Answer "True" if you can solve the problem, otherwise select "Wrong".)
Solution:
Before we add the VPN appliances, we need to add a gateway subnet to VNet1017.
Step 01: Connect to Azure portal. Type https://portal.azure.com in the browser address bar and use the provided credentials for Sign in.
Step 02: In Azure Portal type "VNet1017" in the search box and click on the found virtual network. On the VNet1017 blade click on Subnets, then click on + Gateway subnet.
Step 03: The Name for your subnet is automatically filled in with the value "GatewaySubnet". This value is required in order for Azure to recognize the subnet as the gateway subnet. To maximize the IP address space available to Azure virtual machines, we should minimize the address space for the gateway subnet. Then, click OK to save the values and create the gateway subnet.
Reference: Configure a virtual network gateway for ExpressRoute using the Azure portal
- A . True
- B . False
Note: This is a lab or performance-based testing (PBT) question. To answer, you will perform a set of tasks in a live environment. Some functionality (e.g. copy and paste) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. It doesn’t matter how you accomplish the goal.
You plan to grant the members of a new Azure AD group named corp75099086 the right to delegate administrative access to any resource in the resource group named RG7509086.
You need to create the Azure AD group and then to assign the correct role to the group. The solution must use the principle of least privilege and minimize the number of role assignments.
What should you do from the Azure portal? (This question has to be solved in a lab environment. Click on Solution to see a valid example solution. Answer "True" if you can solve the problem, otherwise select "Wrong".)
Solution:
Step 01: Connect to Azure portal. Type https://portal.azure.com in the browser address bar and use the provided credentials for Sign in.
Step 02: First, we need to create the new Azure AD group named corp75099086. Open the Azure AD blade, click on Groups, then click on +New group.
Step 03: Choose the group type Security, fill in the group name and choose the membership type Assigned. Then click on Create
Step 04: Open the RG7509086 balde, click on Access control (IAM), then click on +Add role assignment.
Step 04: Choose the Owner role and select the group you created before. Then click on Save. The owner role allows to manage everything, including permissions, for the chosen resource.
- A . True
- B . False
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure web app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day.
Solution: You change the pricing tier of Plan1 to Basic.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure web app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day.
Solution: You add a triggered WebJob to App1.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure web app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day.
Solution: You change the pricing tier of Plan1 to Shared.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure subscription named Subscription1. The subscription contains an Azure Active Directory (Azure AD) tenant named Adatum and a resource group named Dev. Adatum contains a group named Developers.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal?
- A . Yes
- B . No
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.
You purchase 10 Azure AD Premium P2 licenses for the tenant.
You need to ensure that 10 users can use all the Azure AD Premium features.
What should you do?
- A . From the Groups blade of each user, invite the users to a group.
- B . From the Licenses blade of Azure AD, assign a license.
- C . From the Directory role blade of each user, modify the directory role.
- D . From the Azure AD domain, add an enterprise application.
You have an Azure Active Directory (Azure AD) tenant that has the initial domain name. You have a domain name of contoso.com registered at a third-party registrar.
You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.
Which three actions should you perform in sequence? (To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.)
- A . Sequence: 5, 6, 3
- B . Sequence: 5, 4, 3
- C . Sequence: 2, 4, 1
- D . Sequence: 4, 6, 3
You have an Azure Active Directory (Azure AD) tenant named adatum.com.
Adatum.com contains the groups in the following table.
You create two user accounts that are configured as shown in the following table.
To which groups do User1 and User2 belong? (To answer. select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
You have an Azure subscription.
You need to implement a custom policy that meet the following requirements:
• Ensures that each new resource group in the subscription has a tag named organization set to a value of Contoso.
• Ensures that resource group can be created from the Azure portal.
• Ensures that compliance reports in the Azure portal are accurate.
How should you complete the policy? (To answer, select the appropriate options in the answers area.)
You have an Azure subscription that contains 100 virtual machines. You regularly create and delete virtual machines.
You need to identify unused disks that can be deleted.
What should you do?
- A . From Microsoft Azure Storage Explorer, view the Account Management properties.
- B . From the Azure portal, configure the Advisor recommendations.
- C . From Cloudyn, open the Optimizer tab and create a report.
- D . From Cloudyn, create a Cost Management report.
Your company has an Azure subscription named Subscription1. The company also has two on- premises servers named Server1 and Server2 that run Windows Server 2016.
Server1 is configured as a DNS server that has a primary DNS zone named adatum.com. Adatum.com contains 1,000 DNS records.
You manage Server1 and Subscription1 from Server2.
Server2 has the following tools installed:
• The DNS Manager console
• Azure PowerShell
• Azure CLI 2.0
You need to move the adatum.com zone to Subscription1. The solution must minimize administrative effort.
What should you use?
- A . Azure PowerShell
- B . Azure CLI
- C . The Azure portal
- D . The DNS Manager console
You are an administrator for your company.
You have an Azure subscription that contains the resources in the following table.
To which subnets can you apply NSG1?
- A . The subnets on VNet2 only
- B . The subnets on VNet1 only
- C . The subnets on VNet2 and VNet3 only
- D . The subnets on VNet1, VNet2, and VNet3
- E . The subnets on VNet3 only
You have an Active Directory forest named contoso.com. You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled.
You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.
You need to ensure that the synchronization completes successfully.
What should you do?
- A . From Synchronization Service Manager, run a full import.
- B . Run Azure AD Connect and set the SSO method to Pass-through Authentication.
- C . From Azure PowerShell, run Start-AdSyncSyncCycle -PolicyType Initial.
- D . Run Azure AD Connect and disable staging mode.
You are a cloud administrator for a company. The development team asks you to provision an Azure storage account for their use.
To remain in compliance with IT security policy, you need to ensure that the new Azure storage account meets the following requirements:
• Data must be encrypted at rest.
• Access keys must facilitate automatic rotation.
• The company must manage the access keys.
What should you do?
- A . Create a service endpoint between the storage account and a virtual network (VNet).
- B . Require secure transfer for the storage account.
- C . Enable Storage Service Encryption (SSE) on the storage account.
- D . Configure the storage account to store its keys in Azure Key Vault.
You have an Azure subscription that contains a storage account and you have an on-premises server named Server1 that runs Window Server 2016. Server1 has 2 TB of data.
You need to transfer the data to the storage account by using the Azure Import/Export service.
In which order should you perform the actions? (To answer, move all actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.)
- A . Sequence: 3, 2, 1, 5, 4
- B . Sequence: 1, 2, 3, 4, 5
- C . Sequence: 3, 1, 2, 4, 5
- D . Sequence: 1, 3, 2, 4, 5
You are an administrator for a company. You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
• Replicates synchronously
• Remains available if a single data center in the region fails.
How should you configure the storage account? (To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
You have an Azure subscription named Subscription1. You create an Azure Storage account named contosostorage, and then you create a file share named data.
Which UNC path should you include in a script that references files from the data file share? (To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.)