You are an IT Administrator, and you are concerned about protecting corporate assets and devices meeting standards for security and compliance. What
... [Show More] options are available to get a device under the control of Azure AD?
-Registering the device to Azure AD.
-Joining a device.
Which of the following is the Kubernetes agent that processes the orchestration requests from the cluster master, and schedules running the requested containers?
Kubelet
You have a MySQL database on a Linux instance. The MySQL database is in development and being worked on by your developers. Only the developers should have access to this database while it is in the development stage. Which of the following actions will ensure that only the developers can access the database?
Setting the NSG rules that only allow traffic from the developers
If we want to have an image of the operating system (OS) and all disks attached, which of the following would be the preferred image?
Vm image (specialized)
You have four different storage accounts. If you want to limit access to a team of people within the organization to just one storage service on one storage account, with the least amount of work, which of the following would be used to accomplish this goal?
SAS service
Which series would we choose if we had a virtual machine used for Artificial Intelligence (AI)?
H-series
You are configuring networking for the Azure Kubernetes service. Which of the following maps incoming direct traffic to the pods?
NodePort
We are trying to apply a tag to a resource group and need the appropriate permissions using the philosophy of least privileges. Which answer below would be the most appropriate?
You are assigned the Contributor role in RBAC.
We have reached the CPU quota in the West US 2 region. What two options do we have to move forward when creating this virtual machine?
-Request a quota increase.
-Delete other running VMs.
What types of files are Azure Resource Manager (ARM) templates?
JSON
Which of the following allows a user to access both cloud and on-premises applications through an external URL or an internal application portal securely after a single sign-on to Azure AD?
Active Directory's Application Proxy
What PowerShell command prompts the user for either a password or a username and password?
Get-Credential
Which of the users below can perform domain management tasks in Azure Active Directory (AAD)?
A user account with global administrator permissions
We are adding tags to our resources to provide a taxonomy to our environments and create a better organization. We have about 20 tags for every resource to ensure that we categorize everything correctly. Is there anything that could go wrong when applying all 20 tags to our storage accounts?
Nothing will go wrong because we are allowed up to 50 tags for the storage account.
Can you add an existing VM to an availability set?
No. You can only add a VM to an availability set when creating the VM.
What is the PowerShell command to add the image information to the virtual machine's configuration?
Set-AzureRmVMSourceImage -VM $VirtualMachine -PublisherName "MicrosoftWindowsServer" -Offer "WindowsSErver" -Skus "2012-R2-Datacenter" -Version "latest"
What port number needs to be open so that you can connect an on-premise Windows Machine to Azure for a file share?
445
We have created a virtual machine in Azure, but the verification check fails. We've checked all the configuration settings, and everything seems correct. What are two possible reasons why the verification check might be failing?
-We have exceeded the maximum amount of resources for that subscription.
-We have exceeded the maximum quota for CPU in that region.
You are the new administrator of an organization, and one of the changes that you want to implement is multi-factor authentication (MFA). How would you be able to get a count of how many users have not registered for multi-factor authentication?
User's page, within the MFA settings site.
For Linux, which of the CLI commands will open up port 80?
az vm open-port --port 80 --resource-group myResourceGroup --name myVM
You are developing a storage plan that includes Premium storage. Which storage redundancy type is available to use?
Locally redundant storage
Your company previously did not allow employees to use their own devices to access company resources for security reasons. However, management is now considering allowing employees to use their own devices in conjunction with AD join. What are the potential security benefits that may persuade management to allow employees to use their own devices?
-Organization can restrict access to apps from only the devices that meet the compliance policy.
-Organization can use Windows Hello support for convenient access to work resources.
Which account will be able to reset the password regardless of whether the Azure Active Directory password reset enabled option is selected?
Azure Administrator
Your current virtual machine which is currently running has a size of standard DS2_V2, this plan does not allow more than two NICs and you need to add a third NIC. What are the steps you would take to add the additional NIC (assuming the NIC already exists)?
1) Shut down the machine.
2) Increase the plan size to DS3_v2.
3) Go into the networking blade of the VM.
4) Click Attach Network Interface.
5) Select the existing NIC and then click okay.
6) Start the machine.
You want Azure Active Directory's Application Proxy feature at the lowest price possible. You also want to to make sure you have the enterprise-level SLA of 99.9 percent uptime. Which of the following would be the best option?
Azure Active Directory - Premium P1
Which of the following settings are not not swapped when you swap an an app? Select three.
-Always on.
-Custom domain names.
-Publishing endpoints.
Which of the following items can be associated with a Network Security Group (NSG)?
-NIC.
-Subnets.
-Security rule.
You configure a VNet-to-VNet connection between two VNets hosted in Azure across two regions. Both VNets contain virtual machines (VMs) used for a business-critical application. How can you verify that the VNet peering has been successfully established?
Check the status of VNet peering.
You are the Azure Administrator for a company, and you notice performance problems when your cloud resources are accessing your company's internal DNS servers. Those internal servers only service your cloud resources. What is a recommended option to improve performance?
Move on-premises DNS into the Azure Cloud.
From the Portal, how can we configure billing alerts to let us and our team know when our subscription has accumulated a bill of more than $1,000?
Go to Subscriptions -> Select the subscription, click on Budget under cost management -> click on the Add once you click the next button, you will see the set alerts section.
What tools are available for virtual machine pricing in Azure?
-Pricing calculator.
-Total cost of ownership (TCO) calculator.
When troubleshooting common Azure deployment errors with the Azure Resource Manager, what error code indicates our account or service principal doesn't have sufficient access to complete the deployment?
AuthorizationFailed
An IT Team member has applied tags to a resource group, but the tags did not successfully apply to the resources within. Why did this happen?
Tags applied at the resource group level do not apply to the resources within that group.
You have a MySQL database that you want to keep secure and prevent access to the public internet. Which of these options would you use?
-NSG.
-Service Endpoint.
-Private IP address.
We would like to identify which servers are not in use so we can decommission them and save the cost of keeping them running. Which tool easily helps you identify all VMs that are not in use?
Advisor recommendations -> Configure -> Rules
Where do you go within the Azure Portal to find information about who has logged into the Portal in the last 24 hours?
Activity Log
Within Azure Active Directory, you want to ensure that you can write passwords back to your on-premise Active Directory. Which feature will give this option?
Password writeback
You are backing up your App Service. Which of the following is included in the backup?
-App configuration.
-Azure database for MySQL.
Which of the following built-in roles has the required Microsoft Authorization permissions that will allow a user account to create a cloud endpoint?
-User access administrator.
-Owner.
Which of the following is not a recommended protocol to access Azure File Sync from your Windows Server?
http
One of your teammates on the IT team is trying to change the size of a VM but can't seem to do so. They are able to set off the job, but it fails immediately. What is one possible reason why they can't perform this action?
the resource is locked
You have an existing virtual machine that is currently running, and you need to add an existing custom data disk. What are the steps you would take?
Select the VM you are trying to attach the existing disk -> Click Attach existing to attach the available disk to the VM -> From the existing disk pane, select your disk, and then click OK.
We've created a Linux VM in Azure using the Portal. We initially set the public SSH key, but we generated a new key from our workstation and therefore cannot access the VM. What is the easiest and quickest way to gain access to this Linux VM?
Use the troubleshooting tool to reset the SSH key for the VM
Which of the following are file formats not recommended for compression?
JPG & MP3
What is the limit on the total number of VNet service endpoints in a virtual network?
No limit
You want to utilize Azure Identity Protection, which one of the editions below supports this feature?
Premium P2
The shared access signature (SAS) URI consists of which of the following?
-SAS token.
-Storage Resource.
We have been hired by the Contoso Company to help save them as much money as possible in Azure. They would like us to build 15 virtual machines that will serve various purposes for the business, including terminal services, web servers, and domain controllers. Which of the following cost allocation models will we choose if we know that these servers will be in use for at least a year?
Reserved instances
Which of the following is not true about container groups?
is scheduled on a multiple host machines
Which of the following is supported in Azure Backup reports?
-Reports for Azure SQL.
-Azure Backup Server.
The Contoso Company would like policies implemented to enforce a standard for how their infrastructure is built. Which of the following RBAC roles will they need to have to view these policies?
Security Reader
What method does Microsoft Azure App Service use to obtain credentials for users attempting to access an app?
Redirection to a provider endpoint
You decide to move all your services to Azure Kubernetes service. Which of the following components will contribute to your monthly Azure charge?
Node VMs
Your client has an existing dynamic web application in the US region. However, they have clients in Asia that are reporting slow performance for the web application. Which of the following would be the best and recommended course of action to improve performance for the clients in Asia?
Traffic manager
You are having problems with the installation of Azure File Sync on your server. What action could you take to get more details on possible issues?
Run the command: StorageSyncAgent.msi /l*v AFSInstaller.log
You configured a routing table which should be forcing all outgoing traffic from one virtual machine to go through a firewall appliance. However, the traffic is not going through the firewall appliance. Which one of the following would be an effective diagnostic tool?
Network Watcher
In the Azure portal, how would you navigate to see the backup items?
Recovery Services Vaults -> Vault Name -> Backup Items (in the Protected Items section).
If you wanted to gain insight into your on-premises identity infrastructure that is used to access Azure AD applications and also monitors the synchronizations that occur between your on-premises Azure Directory Domain Services (AD DS) and Azure AD, which of the following tools would you use?
Azure AD Connect Health
A team member has created a point to site VPN connection between a computer named "WorkstationA" and an Azure Virtual Network. Another point to site VPN connection needs to be created between the same Azure Virtual Network and a computer named "WorkstationB". The VPN client package was generated and installed on "WorkstationB".
You need to ensure you can create a successful point to site VPN connection. You decide to export and install the client certificate on "WorkstationB"
Would this solution fulfil the requirement?
Yes
You have created a storage account named CertGlobalstore. You have created a file share named demo using the file service. You need to ensure that users can connect to the file share from their home computers. Which of the following port should be open to ensure the connectivity?
445
Would Virtual Machines launched in the "CertGlobal-client" virtual network automatically get registered in the private domain of CertGlobals.local?
Yes
(Role based access policies can be used to restrict access to resources, but they can put any sort of governance on what type of resources to create.)
A company has setup an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be launched in their Azure account. They decide to implement Azure locks.
Does this fulfil the requirement?
No.
(Azure locks are used to prevent users from accidentally deleting or modifying critical resources. They can't be used for the said purpose as stated in the question.)
A company has setup an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be launched in their Azure account. They decide to implement Azure policies.
Does this fulfil the requirement?
Yes, this can be done with Azure policies
A company plans to use Azure Network watcher to perform the following tasks:
"Find out if a network security rule is preventing a network packet from reaching a virtual machine hosted in an Azure virtual network"
"Find out if there is outbound connectivity between an Azure virtual machine and an external host"
Which of the following network watcher feature would you use for the following requirement?
" Find out if a network security rule is preventing a network packet from reaching a virtual machine hosted in an Azure virtual network"
IP Flow Verify
A company plans to use Azure Network watcher to perform the following tasks:
"Find out if a network security rule is preventing a network packet from reaching a virtual machine hosted in an Azure virtual network"
"Find out if there is outbound connectivity between an Azure virtual machine and an external host"
Which of the following network watcher feature would you use for the following requirement?
" Find out if there is outbound connectivity between an Azure virtual machine and an external host"
Connection Monitor
A company is planning on deploying an application to a set of Virtual Machines in an Azure network. The company needs to have an SLA of 99.99% for the application hosted on the Virtual machines.
Which of the following should be implemented to guarantee an SLA of 99.99% on the infrastructure level?
You can achieve 99.99% SLA on the infrastructure level for your virtual machines by deploying them across availability zones
Your company currently has a Site-to-Site connection with an Azure Virtual Private network. The VPN device that is allocated on the on-premise side is going to undergo a change in its public IP address. You have to ensure the Site-to-Site VPN connection continues to work after the change.
Which of the following steps would you need to carry out after the change in the public IP address on the on-premise VPN device ensuring minimum connection downtime?
-Remote the VPN connection.
-Modify the local gateway IP address.
-Recreate the VPN connection.
A company has an application deployed across a set of virtual machines. Users connect to the application either using point-to-site VPN or site-to-site VPN connections. You need to ensure that connections to the application are spread across all of the virtual machines.
Which of the following could you set up for this requirement?
-An internal load balancer.
-An Azure application gateway.
A company has setup an Azure subscription. They have setup a storage account and are currently using the BLOB service. They want to assign permissions to 3 user groups.
GroupA - This group should have the ability to manage the storage account
GroupB - This group should be able to manage containers within a storage account
GroupC - This group should be given full access to Azure Storage blob containers and data, including assigning POSIX access control
You need to assign the relevant Role Based Access Control ensuring the privilege of least access.
Which of the following would you assign to GroupA?
Storage Account Contributor
A company has setup an Azure subscription. They have setup a storage account and are currently using the BLOB service. They want to assign permissions to 3 user groups.
GroupA - This group should have the ability to manage the storage account
GroupB - This group should be able to manage containers within a storage account
GroupC - This group should be given full access to Azure Storage blob containers and data, including assigning POSIX access control
You need to assign the relevant Role Based Access Control ensuring the privilege of least access.
Which of the following would you assign to GroupB?
Storage Blob Data Contributor.
A company has setup an Azure subscription. They have setup a storage account and are currently using the BLOB service. They want to assign permissions to 3 user groups.
GroupA - This group should have the ability to manage the storage account
GroupB - This group should be able to manage containers within a storage account
GroupC - This group should be given full access to Azure Storage blob containers and data, including assigning POSIX access control
You need to assign the relevant Role Based Access Control ensuring the privilege of least access.
Which of the following would you assign to GroupC?
Storage Blob Data Owner [Show Less]