Which of the following network watcher feature would you use for the following requirement?
Find out if there is outbound connectivity between an Azure
... [Show More] virtual machine and an external host.
Next Hop
(Incorrect)
Traffic Analytics
IP Flow Verify
Connection Monitor
(Correct)
A
In order to use ARM templates in automation, what other file is usually required besides the ARM template JSON file itself?
The parameter JSON file
The parameter XML file
A .SH file to contain the Shell Script in CLI
A .PS1 PowerShell script file
No other files are required. But a parameter JSON file would be used if the template had parameters as inputs.
(Correct)
A
You have defined an autoscale condition with four autoscale rules. The first rule scales out when the CPU utilization reaches 70 percent. The second rule scales back in when the CPU utilization drops below 50 percent. The third rule scales out if memory occupancy exceeds 75 percent. The fourth rule scales back in when memory occupancy falls below 50 percent. When will the system scale out?
When CPU utilization reaches 70 percent, and memory occupancy exceeds 75 percent
When CPU utilization reaches 70 percent, or memory occupancy exceeds 75 percent
(Correct)
You can't do this with a single autoscale condition. An autoscale condition can only contain autoscale rules that use the same metric
A
You have an application in the East US region, running on a virtual network also in the East US region. You need to establish an encrypted, private connection to a data source that exists in Azure's Japan region, and that data source does not have a public endpoint. Attempting to connect with the Japanese data source from East US results in an error. What is the best way to establish a connection between the two regions?
Use Global VNet Peering.
Install a Network Gateway in the Japan region. And have the East US application establish a private point-to-site VPN to Japan.
Install Gateway devices in both the East US and Japan regions, and connect the gateways together.
(Correct)
A
Users are reporting that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com. You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign-on (SSO) to access Azure resources. What should you do first?
From the on-premises network, deploy Active Directory Federation Services in a clustered environment.
From Azure AD, add and verify a custom domain name.
(Correct)
From the on-premises network, request a new certificate that contains the Active Directory domain name.
From the server that runs Azure AD Connect, modify the filtering options.
A
Your company has the following resources created as part of its Azure subscription:
- 100 Azure virtual machines
- 10 Azure SQL databases
- 50 Azure file shares
You need to create a daily backup of all resources by using Azure Backup. What is the minimum number of backup policies you have to create for this requirement?
160
2
(Correct)
3
1
100
A
What benefit does a Content Delivery Network (CDN) provide its users?
Allows you to reduce the traffic coming into a web server for static, unchanging files such as images, videos, and PDFs
(Correct)
For a small fee, Azure will take over management of your virtual machine, perform OS updates and ensure it's running well
Allows you to store data that can be retrieved later in an extremely fast and inexpensive manner
Allows you to keep temporarily session information on the web visitor such as their login ID or their name
...
A company has a requirement to retain any blob data that might accidentally be deleted. The deleted data needs to be retained for 14 days. From which of the following section of the Storage account would you modify to fulfill this requirement?
Lifecycle Management
Advanced security
Soft Delete
(Correct)
Firewall and virtual networks
A
Your company has the following resources deployed to Azure:
You install a DNS service on virtual machine getcloudskillsvm1.
The DNS server settings are then configured for each virtual network, as shown below:
You have to ensure that all virtual machines in your vnet can resolve DNS names by using the DNS service on the virtual machine getcloudskillsvm1. Which of the following would you implement for this requirement?
Add service endpoints for the virtual network getcloudskillsnetwork2 and getcloudskillsnetwork3.
Add a service endpoint for the virtual network getcloudskillsnetwork1.
Configure virtual network peering connections between all virtual networks.
(Correct)
Configure a conditional forwarder for the getcloudskillsvm1 virtual machine.
A
A company has set up a Virtual Machine in Azure. A web server listening on port 80 and a DNS server has been installed on the Virtual machine. A network security group is attached to the network interface for the virtual machine. The rules for the NSG are given below:
Select all server(s) that internet users will connect to on the Virtual machine if RuleB is deleted.
DNS server only
Webserver only
RDP, web, and DNS servers
RDP server only
(Correct)
Both web and DNS servers
A
A company has an application deployed across a set of virtual machines. Users connect to the application either using point-to-site VPN or site-to-site VPN connections. You need to ensure that connections to the application are spread across all of the virtual machines. Which of the following could you set up for this requirement? Choose 2 answers from the options given below.
A Public Load Balancer
An Azure Application Gateway
(Correct)
An Internal Load Balancer
(Correct)
A Traffic Manager Profile
An Azure Content Delivery Network
A
A company has an Azure AD tenant. They have users that are also synced with their on-premise environment. Getcloudskillsusr1 has the Reports Reader role assigned.
The administrator has enabled self-service password reset (SSPR) for all users.
- The administrator has enabled the following SSPR settings:
- Number of methods required to reset - 2
- Methods available to users - Mobile phone and Security questions
- Number of questions to register - 3
- Number of questions to reset - 3
The following security questions are chosen:
- In what city was your first job?
- What was the name of the first school you attended?
Would Getcloudskillsusr1 be required to answer the security question "In what city was your first job?" to reset their password?
Yes
(Correct)
No
A
When adding custom domain names, which of the following record needs to be added to your custom domain registrar?
NS record.
PTR record.
TXT record.
(Correct)
A record.
A
Which of the following needs to be implemented on the Azure virtual network to deploy the Azure Bastion Host?
Add a new address space.
Enable DDoS protection for the virtual network.
Add a service endpoint.
Add a new subnet.
(Correct)
A
A company has set up an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be created in their Azure account.
They decide to implement Role-Based Access Control.
Does this fulfill the requirement?
Yes
No
(Correct)
A
You create an App Service plan B1 for your web app. You want Azure to be able to add up to 10 VM instances to run your app automatically during the highest traffic on your site.
What are two configuration options you should implement to achieve your goal in the most cost-effective way?
Scale out based on a schedule
Scale up based on a metric
Scale up the service plan to S1
(Correct)
Scale out the service plan to P1
Scale out the service plan to S1
Scale up the service plan to P1
Scale-out based on a metric
(Correct)
Scale up based on a schedule
A
You need to synchronize the files in the file share with an on-premise server named Getcloudskillsserver. Which of the following would you need to implement to fulfill this requirement? Choose 3 answers from the options given below.
Create a sync group
(Correct)
Register Getcloudskillsserver
(Correct)
Download an automation script
Install the Azure File Sync agent on Getcloudskillsserver
(Correct)
Create a container instance
A
Which of the following can be used to organize resources for cost reporting? Choose the most complete answer.
Resource groups and tags
Tags
Subscriptions, resource groups, and tags
(Correct)
Cost Center, subscriptions, resource groups, and tags
A
True or false: Microsoft ExpressRoute is a virtual networking technology that operates over the public Internet that allows secure, scalable access to Microsoft Azure services while ensuring performance, security, and reliability.
True
False
(Correct)A
A
A company needs to create a storage account that must follow the requirements below:
- Users should be able to add files, such as images and videos.
- Ability to store archive data.
- File shares need to be in place, which can be accessed across several VM's.
- The data needs to be available, even if a region goes down.
- The solution needs to be cost-effective.
What is the type of replication they need to implement for the storage account?
Locally redundant storage (LRS)
Read-access geo-redundant storage (RA-GRS)
Geo-redundant storage (GRS)
(Correct)
Zone-redundant storage (ZRS)
A
What kind of account would you create to allow an external organization easy access?
An external account for each member of the external team.
An administrator account for each member of the external team.
A guest user account for each member of the external team.
(Correct)
A
A file named audio.log has been uploaded to a Storage account container called demo.
You need to allow users to download the object. The access should be granted for a day only. You need to provide a secure way to access the object. Which of the following would you implement for this purpose?
Mark public access on the object.
Provide access Keys.
Mark public access on the container.
Generate a shared access signature.
(Correct)
A
A company has an Azure subscription that contains the following Resource Groups:
The Resource Group Getcloudskills-rg1 contains the following resources:
Would you be able to move the resource Getcloudskillsstor from the Resource Group Getcloudskills-rg1 to Getcloudskills-rg2?
No
Yes
(Correct)
A
A new Network interface named Secondary has been created. The Network interface needs to be added to the Virtual machine. What must be done first in order to ensure that the network interface can be attached to the Virtual Machine?
The primary network interface needs to be removed
The public IP needs to be deallocated from the primary network interface
The machine needs to be stopped first
(Correct)
A
In the context of alerts, you can create an Action Group. Which of the following is not an Action Type that can exist inside an Action Group?
SMS text message
Facebook Messenger message
(Correct)
Logic App
Azure Function
A
You have an Azure subscription named Getcloudskillsstaging. Under the subscription, you create a Resource group named Getcloudskillsrg.
You then create an Azure policy based on the "Not allowed resources types" definition. You define the parameters as Microsoft.Network. virtual networks as the not allowed resource type. You assign this policy to the Tenant Root Group. A Virtual Network does not already exist in this subscription.
Would you be able to create a virtual machine in the Getcloudskillsrg Resource group?
No
(Correct)
Yes
A
If no rules other than the default NSG rules are in place, are VM's on SubnetA and SubnetB be able to connect to the Internet?
Yes
(Correct)
No
A
You have set up a computer named getcloudskillsclient1 that has a point-to-site VPN connection to an Azure virtual network named getcloudskillsnetwork. The point-to-site connection makes use of a self-signed certificate. You now have to establish a point-to-site VPN connection to the same virtual network from another computer named getcloudskillsclient2. The VPN client configuration package is downloaded and installed on the getcloudskillsclient2 computer.
You decide to join the getcloudskillsclient2 computer to Azure AD.
Would this fulfill the requirement?
No
(Correct)
Yes
A
A company has an Azure subscription and an Azure tenant named getcloudskills.onmicrosoft.com. Getcloudskillsusr1 has Global Administrator permissions in Azure Active Directory.
The user getcloudskillsusr1 creates a new directory named staging.getcloudskills.onmicrosoft.com. New users need to be added to the new tenant. The company asks getcloudskillsusr1 to create user accounts.
Would this fulfill the requirement?
Yes
(Correct)
No
A
Imagine your company has the following storage accounts in place as part of its Azure subscription:
- General Purpose V1
- General Purpose V2
- Blob Storage
Which of the following storage account/accounts could be used to store objects as part of the Archive tier?
General Purpose V2 only
Blob Storage only
General Purpose V1 only
General Purpose V1 and Blob Storage only
General Purpose V2 and Blob Storage only
(Correct)
All Storage accounts
General Purpose V1 and General Purpose V2 only
A
Your company needs to deploy an application to a set of three virtual machines. You have to ensure that two virtual machines are always available in the event of a data center failure at any point in time.
You decide to deploy the virtual machines as part of an Availability Set.
Would this fulfill the requirement?
No
(Correct)
Yes
A
A company has started using Azure and set up a subscription. They want to see the costs being incurred for each type of resource. Which of the following can help you get these details?
Go to your Subscription and go to Cost Analysis.
(Correct)
Go to your Azure AD directory and go to Licences.
Go to your Azure AD directory and go to Cost Analysis.
Go to your Subscription and go to Resource Groups.
A
Your company has an Azure subscription. In the subscription, you create an Azure file share named share1. You also create a shared access signature (SAS) named SASdemo as shown in the following exhibit:
If you run Microsoft Azure Storage Explorer on a computer that has an IP address of 193.77.134.1, and you use SASdemo to connect to the storage account, then you...
will have read-only access.
will be prompted for the credentials.
will have no access.
(Correct)
will have read, write and list access.
A
A company has the following App Service Plans defined as part of their Azure subscription:
- Plan1 runs Linux in East US.
- Plan2 runs Windows in East US.
- Plan 3 runs Windows in UK South.
The company is planning on deploying the following Azure Web App Instances:
- App1 runs on runtime stack .Net Core 3.1 in East us.
- App2 runs on runtime stack ASP.NET v4.7 in East us.
Which of the following App service plans can you use for App1?
Plan1 and Plan2 only
(Correct)
Plan2 only
Plan1 only
Plan1, Plan2 and Plan 3
Plan2 and Plan 3 only
A
Select all true statements that apply to the use of Azure Disk Encryption (ADE) for Azure VM disk protection.
ADE encrypts all data at rest and in transit.
ADE supports the encryption of Basic tier VM's.
ADE uses DM-Crypt for Linux-based VMs.
(Correct)
ADE encrypted VM can be backed up to the Recovery Service Vault.
(Correct)
ADE can use Azure Key Vault and Azure Recovery Service Vault from different Azure regions.
ADE uses BitLocker for Windows VM-controlled disks.
(Correct)
ADE is integrated with Azure Key Vault.
(Correct)
ADE uses DM-Crypt for Windows VM-controlled disks.
A
Which of the following would you implement for the below requirement?
All web servers need to be protected from SQL injection attacks.
An application gateway with a WAF
(Correct)
An application gateway that uses the Standard tier
A Public Load Balancer
An Internal Load Balancer
A network security group
A
You need to allow traffic onto certain FQDN's via the Azure Firewall. Which of the following rules would you create for this requirement?
Network collection rules
NAT collections rules
Application collection rules
(Correct)
FQDN collection rules
A
Which of the following Network watcher feature would you use for the following requirement?
Find out if a network security rule is preventing a network packet from reaching a virtual machine hosted in an Azure virtual network.
Traffic Analysis
Packet Capture
Next Hop
IP Flow Verify
(Correct)
A
Which of the following needs to be set up in Azure for the Site-to-Site VPN connection?
A gateway Virtual Machine
An additional address space for the Virtual Network
A service endpoint
A gateway subnet
(Correct)
A
You create Azure AD administrative units for the subsidiaries of your organization. Each of the subsidiaries includes several hundred employees. You need to add these employees as administrative unit members. Select the tool you can use to achieve your goal.
Microsoft Office Admin center
Azure CLI
Microsoft Graph
PowerShell
Azure AD Portal
(Correct)
A
You need to connect Azure resources like Azure virtual machines across geographical regions. Which Azure networking option should you use?
Virtual network peering
(Correct)
Azure ExpressRoute
VPN Gateway
A
You deploy your application to the AKS Azsjdcube cluster in the Akskube Resource Group. The cluster contains 3 pods: one pod runs the client front-app, and two pods run the backend-app service. You need to increase the number of pods manually to 8: add three pods for the client and the rest for the server.
kubectl scale --replicas=4 deployment/front-app
(Correct)
az aks scale --name Kubecluster --pod-count 4 -g akskube --image deployment/front-app
kubectl scale --replicas=8 deployment/front-app deployment/backend-app
kubectl scale --replicas=4 deployment/backend-app
(Correct)
az aks scale --name Kubecluster --pod-count 4 -g akskube --image deployment/backend-app
kubectl scale --replicas=4 deployment/front-app deployment/backend-app
(Correct)
A
Your company goes ahead and registers a domain name of demodomain.com. You then go ahead and create an Azure DNS zone named demodomain.com. You then add an A record to the zone for a host named www that has an IP address of 123.10.9.143. But the users complain that they cannot resolve the URL www.demodomain.com to 123.10.9.143. This issue needs to be resolved.
You propose a solution to modify the name server at the domain registrar.
Would this solution resolve the issue?
No
Yes
(Correct)
A
In your company, all virtual networks are hosting virtual machines with varying workloads. A virtual machine named getcloudskillsvm is hosted in Vnet getcloudskills-vnet1. This virtual machine will have intrusion detection software installed on it. All traffic on all other virtual networks must be routed via this virtual machine.
You need to complete the required steps for implementing this requirement.
Which of the following would you need to create additional to ensure that traffic is sent via the virtual machine hosting the intrusion software?
Add a service endpoint
Add DNS servers
A new route table
(Correct)
Add an address space
A
A company has an Azure subscription. They want to transfer around 6 TB of data to the subscription. They plan to use the Azure Import/Export service. Which of the following can they use as the destination for the imported data?
Azure Data Lake Storage
Azure SQL Database
Azure Blob storage
(Correct)
Azure File Sync Storage
A
You need to deploy two Azure virtual machines named VM1 and VM2 based on the Windows server 2016 image. The deployment must meet the following requirements:
- Provide a Service Level Agreement (SLA) of 99.95 percent availability.
- Use managed disks.
You propose a solution to create a scale set for the requirement. Would the solution meet the goal?
Yes
No
(Correct)
A
Which Azure Service is the centralized spot for all Activity Logs, Metrics, Alerts, and Diagnostics for all resources across your subscription?
Azure Monitor
(Correct)
Azure Log Analytics
Event Hub
Azure Stream Analytics
A
A company is planning to deploy a set of virtual machines across different system tiers.
The following requirements need to be met:
- Incoming requests to the Business Logic tier (50 VMs that are not accessible from the internet) from the web servers (5 VMs that are accessible from the internet) need to be spread equally across the virtual machines.
- All web servers need to be protected from SQL injection attacks.
Which of the following would you implement for the below requirement?
Incoming requests to the Business Logic tier from the web servers need to be spread equally across the virtual machines.
An application gateway that uses the Standard tier
An Internal Load Balancer
(Correct)
A network security group
A Public Load Balancer
An application gateway that uses the WAF tier
A
A company has the following resource groups defined as part of its Azure subscription:
The following virtual machines are then created in the subscription:
The Recovery Services vault is located in West Europe in the rg-gsc-01 Resouce Group.
The company wants to ensure that as many virtual machines as possible are backed up using the Recovery Services Vault.
Which of the following virtual machines can be backed up using the Recovery Services vault?
All of them
VMGCS1 only
VMGCS1, VMGCS3 VMGCS4 and VMGCS6 only
(Correct)
VMGCS1 and VMGCS3 only
VMGCS3 and VMGCS6 only
A
In order to get diagnostics from an Azure virtual machine you own, what is the first step to doing that?
A diagnostics agent needs to be installed on the VM
You need to create a storage account to store it
(Correct)
You need to grant RBAC permissions to the user requesting diagnostics
A
You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address.
Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network interfaces that you require?
10
15
20
5
(Correct)
A [Show Less]