101-120

Question 1

QUESTION 101

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

An Azure administrator plans to run a PowerShell script that creates Azure resources. You need to recommend which computer configuration to use to run the script.

Solution: Run the script from a computer that runs macOS and has PowerShell Core 6.0 installed. Does this meet the goal?

1. Yes
2. No

Answer 1

Correct Answer: A

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Explanation:

A PowerShell script is a file that contains PowerShell cmdlets and code. A PowerShell script needs to be run in PowerShell.

In this question, the computer has PowerShell Core 6.0 installed. Therefore, this solution does meet the goal.

Note: To create Azure resources using PowerShell, you would need to import the Azure PowerShell module which includes the PowerShell cmdlets required to create the resources.

References:

https://docs.microsoft.com/en-us/powershell/scripting/components/ise/how-to-write-and-run-scripts-in-the- windows-powershell-ise?view=powershell-6

Question 2

QUESTION 102

HOTSPOT

You need to view a list of planned maintenance events that can affect the availability of an Azure subscription.

Which blade should you use from the Azure portal? To answer, select the appropriate blade in the answer area.

Hot Area:

Answer 2

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Explanation:

On the Help and Support blade, there is a Service Health option. If you click Service Health, a new blade opens. The Service Health blade contains the Planned Maintenance link which opens a blade where you can view a list of planned maintenance events that can affect the availability of an Azure subscription.

Question 3

QUESTION 103

DRAG DROP

Match the Azure service to the correct definition.

Instructions: To answer, drag the appropriate Azure service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all.

NOTE: Each correct match is worth one point.

Select and Place:

Answer 3

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Explanation:

Box 1: Azure DevOps.

Azure DevOps is Microsoft’s primary software development and deployment platform.

DevOps influences the application lifecycle throughout its plan, develop, deliver and operate phases.

Box 2: Azure Advisor.

Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources.

Box 3: Azure Cognitive Services.

Azure Cognitive Services are APIs, SDKs, and services available to help developers build intelligent applications without having direct AI or data science skills or knowledge. Azure Cognitive Services enable developers to easily add cognitive features into their applications. The goal of Azure Cognitive Services is to help developers create applications that can see, hear, speak, understand, and even begin to reason. The catalog of services within Azure Cognitive Services can be categorized into five main pillars - Vision, Speech, Language, Web Search, and Decision.

Box 4. Azure Application Insights.

Azure Application Insights detects and diagnoses anomalies in web apps.

Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.

References:

https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview

https://azure.microsoft.com/en-gb/overview/what-is-devops/

https://docs.microsoft.com/en-us/azure/advisor/advisor-overview

https://docs.microsoft.com/en-us/azure/cognitive-services/welcome

Question 4

QUESTION 104

DRAG DROP

Match the Azure service to the correct description.

Instructions: To answer, drag the appropriate Azure service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all.

NOTE: Each correct match is worth one point.

Select and Place:

Answer 4

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Explanation:

Box 1: Azure SQL Database

SQL Server is a relational database service. Azure SQL Database is a managed SQL Server Database in Azure. The SQL Server is managed by Microsoft; you just have access to the database.

Box 2: Azure SQL Synapse Analytics

Azure SQL Synapse Analytics (previously called Data Warehouse) is a cloud-based Platform-as-a-Service (PaaS) offering from Microsoft. It is a large-scale, distributed, MPP (massively parallel processing) relational database technology in the same class of competitors as Amazon Redshift or Snowflake. Azure SQL Synapse Analytics is an important component of the Modern Data Warehouse multi-platform architecture. Because Azure SQL Synapse Analytics is an MPP system with a shared-nothing architecture across distributions, it is meant for large-scale analytical workloads which can take advantage of parallelism.

Box 3: Azure Data Lake Analytics

You can process big data jobs in seconds with Azure Data Lake Analytics. You can process petabytes of data for diverse workload categories such as querying, ETL, analytics, machine learning, machine translation, image processing and sentiment analysis by leveraging existing libraries written in .NET languages, R or Python.

Box 4: Azure HDInsight.

Apache Hadoop was the original open-source framework for distributed processing and analysis of big data sets on clusters. The Hadoop ecosystem includes related software and utilities, including Apache Hive, Apache HBase, Spark, Kafka, and many others.

Azure HDInsight is a fully managed, full-spectrum, open-source analytics service in the cloud for enterprises. The Apache Hadoop cluster type in Azure HDInsight allows you to use HDFS, YARN resource management, and a simple MapReduce programming model to process and analyze batch data in parallel.

Reference:

https://azure.microsoft.com/en-us/services/sql-database/

https://docs.microsoft.com/en-us/azure/sql-data-warehouse/sql-data-warehouse-overview-what-is

https://docs.microsoft.com/bs-latn-ba/azure/hdinsight/hadoop/apache-hadoop-introduction

https://www.blue-granite.com/blog/is-azure-sql-data-warehouse-a-good-fit-updated

https://azure.microsoft.com/en-gb/services/data-lake-analytics/

Question 5

QUESTION 105

HOTSPOT

You need to identify which blades in the Azure portal must be used to perform the following tasks:

View security recommendations. Monitor the health of Azure services.

Browse available virtual machine images.

Which blade should you identify for each task? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Answer 5

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Explanation:

Box 1:

Azure Monitor is used to monitor the health of Azure services.

Azure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.

Box 2:

You can browse available virtual machine images in the Azure Marketplace.

Azure Marketplace provides access and information on solutions and services available from Microsoft and their partners. Customers can discover, try, or buy cloud software solutions built on or for Azure. The catalog of 8,000+ listings provides Azure building blocks, such as Virtual Machines (VMs), APIs, Azure apps, Solution Templates and managed applications, SaaS apps, containers, and consulting services.

Box 3.

Azure Advisor displays security recommendations.

Azure Advisor provides you with a consistent, consolidated view of recommendations for all your Azure

resources. It integrates with Azure Security Center to bring you security recommendations. You can get security recommendations from the Security tab on the Advisor dashboard.

Security Center helps you prevent, detect, and respond to threats with increased visibility into and control over the security of your Azure resources. It periodically analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations. The recommendations guide you through the process of configuring the controls you need.

References:

https://docs.microsoft.com/en-us/azure/azure-monitor/overview

https://docs.microsoft.com/en-us/azure/marketplace/marketplace-faq-publisher-guide

https://docs.microsoft.com/en-us/azure/advisor/advisor-security-recommendations

Question 6

QUESTION 106

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure environment. You need to create a new Azure virtual machine from a tablet that runs the Android operating system.

Solution: You use Bash in Azure Cloud Shell. Does this meet the goal?

1. Yes
2. No

Answer 6

Correct Answer: A

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Explanation:

With Azure Cloud Shell, you can create virtual machines using Bash or PowerShell.

Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

Reference:

https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart

https://docs.microsoft.com/en-us/azure/cloud-shell/overview

Question 7

QUESTION 107

You have an on-premises application that sends email notifications automatically based on a rule. You plan to migrate the application to Azure.

You need to recommend a serverless computing solution for the application. What should you include in the recommendation?

1. a web app
2. a server image in Azure Marketplace
3. a logic app
4. an API app

Answer 7

Correct Answer: C

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Explanation:

Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions for app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) communication, whether in the cloud, on premises, or both.

For example, here are just a few workloads you can automate with logic apps:

Process and route orders across on-premises systems and cloud services.

Send email notifications with Office 365 when events happen in various systems, apps, and services. Move uploaded files from an SFTP or FTP server to Azure Storage.

Monitor tweets for a specific subject, analyze the sentiment, and create alerts or tasks for items that need review.

References:

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-overview

Question 8

QUESTION 108

You plan to deploy a website to Azure. The website will be accessed by users worldwide and will host large video files.

You need to recommend which Azure feature must be used to provide the best video playback experience. What should you recommend?

1. an application gateway
2. an Azure ExpressRoute circuit
3. a content delivery network (CDN)
4. an Azure Traffic Manager profile

Answer 8

Correct Answer: C

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Explanation:

The question states that users are located worldwide and will be downloading large video files. The video playback experience would be improved if they can download the video from servers in the same region as the users. We can achieve this by using a content deliver network.

A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users. CDNs store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency.

Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world. Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network optimizations using CDN POPs. For example, route optimization to bypass Border Gateway Protocol (BGP).

The benefits of using Azure CDN to deliver web site assets include:

Better performance and improved user experience for end users, especially when using applications in which multiple round-trips are required to load content.

Large scaling to better handle instantaneous high loads, such as the start of a product launch event. Distribution of user requests and serving of content directly from edge servers so that less traffic is sent to the origin server.

References:

https://docs.microsoft.com/en-us/azure/cdn/cdn-overview

Question 9

QUESTION 109

Your company plans to deploy several million sensors that will upload data to Azure.

You need to identify which Azure resources must be created to support the planned solution. Which two Azure resources should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

1. Azure Data Lake
2. Azure Queue storage
3. Azure File Storage
4. Azure IoT Hub
5. Azure Notification Hubs

Answer 9

Correct Answer: AD

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Explanation:

IoT Hub (Internet of things Hub) provides data from millions of sensors.

IoT Hub is a managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud-hosted solution backend. You can connect virtually any device to IoT Hub.

There are two storage services IoT Hub can route messages to – Azure Blob Storage and Azure Data Lake Storage Gen2 (ADLS Gen2) accounts. Azure Data Lake Storage accounts are hierarchical namespace- enabled storage accounts built on top of blob storage. Both of these use blobs for their storage.

References:

https://docs.microsoft.com/en-us/azure/iot-hub/about-iot-hub

https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-messages-d2c

Question 10

QUESTION 110

You have an Azure web app.

You need to manage the settings of the web app from an iPhone.

What are two Azure management tools that you can use? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

1. Azure CLI
2. the Azure portal
3. Azure Cloud Shell
4. Windows PowerShell
5. Azure Storage Explorer

Answer 10

Correct Answer: BC

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Explanation:

The Azure portal is the web-based portal for managing Azure. Being web-based, you can use the Azure portal on an iPhone.

Azure Cloud Shell is a web-based command line for managing Azure. You access the Azure Cloud Shell from the Azure portal. Being web-based, you can use the Azure Cloud Shell on an iPhone.

Incorrect Answers:

A: Azure CLI can be installed on MacOS but it cannot be installed on an iPhone.

D: Windows PowerShell can be installed on MacOS but it cannot be installed on an iPhone.

E: Azure Storage Explorer is not used to manage Azure web apps.

References:

http://www.deployazure.com/management/managing-azure-from-ipad/

Question 11

QUESTION 111

Your company plans to deploy an Artificial Intelligence (AI) solution in Azure.

What should the company use to build, test, and deploy predictive analytics solutions?

1. Azure Logic Apps
2. Azure Machine Learning Designer
3. Azure Batch
4. Azure Cosmos DB

Answer 11

Correct Answer: B

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Explanation:

Azure Machine Learning designer lets you visually connect datasets and modules on an interactive canvas to create machine learning models.

Reference:

https://docs.microsoft.com/en-us/azure/machine-learning/concept-designer

Question 12

QUESTION 112

HOTSPOT

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

Answer 12

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Explanation:

Box 1: No

Azure Advisor does not generate a list of virtual machines that ARE protected by Azure Backup. Azure Advisor does however, generate a list of virtual that ARE NOT protected by Azure Backup. You can view a list of virtual machines that are protected by Azure Backup by viewing the Protected Items in the Azure Recovery Services Vault.

Box 2: No

If you implement the security recommendations, you company’s score will increase, not decrease.

Box 3: No

There is no requirement to implement the security recommendations provided by Azure Advisor. The recommendations are just that, ‘recommendations’. They are not ‘requirements’.

References:

https://azure.microsoft.com/en-gb/blog/advisor-backup-recommendations/

https://docs.microsoft.com/en-us/azure/advisor/advisor-overview

https://microsoft.github.io/AzureTipsAndTricks/blog/tip173.html

Question 13

QUESTION 113

What can you use to automatically send an alert if an administrator stops an Azure virtual machine?

1. Azure Advisor
2. Azure Service Health
3. Azure Monitor
4. Azure Network Watcher

Answer 13

Correct Answer: C

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/insights/vminsights-alerts

Question 14

QUESTION 114

DRAG DROP

Match the Azure services to the correct descriptions.

Instructions: To answer, drag the appropriate Azure service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all.

NOTE: Each correct match is worth one point

Select and Place:

Answer 14

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Reference:

https://azure.microsoft.com/en-gb/services/synapse-analytics/

https://docs.microsoft.com/en-us/azure/machine-learning/overview-what-is-azure-ml

https://docs.microsoft.com/en-us/azure/iot-hub/about-iot-hub

https://docs.microsoft.com/en-us/azure/azure-functions/functions-overview

Question 15

QUESTION 115

You have an Azure environment.

You need to create a new Azure virtual machine from a tablet that runs the Android operating system. What are three possible solutions? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

1. Use Bash in Azure Cloud Shell.
2. Use PowerShell in Azure Cloud Shell.
3. Use the PowerApps portal.
4. Use the Security & Compliance admin center.
5. Use the Azure portal.

Answer 15

Correct Answer: ABE

Section: Describe core solutions and management tools on Azure Explanation

Explanation/Reference:

Explanation:

The Android tablet device will have a web browser (Chrome). That’s enough to connect to the Azure portal. The Azure portal offers three ways to create a VM:

Using the graphical portal.

Using the Azure Cloud Shell using Bash.

Using the Azure Cloud Shell using PowerShell.

Question 16

QUESTION 116

You have an Azure environment that contains 10 virtual networks and 100 virtual machines. You need to limit the amount of inbound traffic to all the Azure virtual networks.

What should you create?

1. one application security group (ASG)
2. 10 virtual network gateways
3. 10 Azure ExpressRoute circuits
4. one Azure firewall

Answer 16

Correct Answer: D

Section: Describe general security and network security features Explanation

Explanation/Reference:

Explanation:

You can restrict traffic to multiple virtual networks with a single Azure firewall.

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network.

References:

https://docs.microsoft.com/en-us/azure/firewall/overview

Question 17

QUESTION 117

This question requires that you evaluate the underlined text to determine if it is correct.

Azure Key Vault is used to store secrets for Azure Active Directory (Azure AD) user accounts.

Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

1. No change is needed
2. Azure Active Directory (Azure AD) administrative accounts
3. Personally Identifiable Information (PII)
4. server applications

Answer 17

Correct Answer: D

Section: Describe general security and network security features Explanation

Explanation/Reference:

Explanation:

Centralizing storage of application secrets in Azure Key Vault allows you to control their distribution. Key Vault greatly reduces the chances that secrets may be accidentally leaked. When using Key Vault, application developers no longer need to store security information in their application. Not having to store security information in applications eliminates the need to make this information part of the code. For example, an application may need to connect to a database. Instead of storing the connection string in the app’s code, you can store it securely in Key Vault.

References:

https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview

https://docs.microsoft.com/en-us/learn/modules/manage-secrets-with-azure-key-vault/

Question 18

QUESTION 118

Your company plans to automate the deployment of servers to Azure.

Your manager is concerned that you may expose administrative credentials during the deployment.

You need to recommend an Azure solution that encrypts the administrative credentials during the deployment. What should you include in the recommendation?

1. Azure Key Vault
2. Azure Information Protection
3. Azure Security Center
4. Azure Multi-Factor Authentication (MFA)

Answer 18

Correct Answer: A

Section: Describe general security and network security features Explanation

Explanation/Reference:

Explanation:

Azure Key Vault is a secure store for storage various types of sensitive information. In this question, we would store the administrative credentials in the Key Vault. With this solution, there is no need to store the administrative credentials as plain text in the deployment scripts.

All information stored in the Key Vault is encrypted.

Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.

Secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and hardware security modules (HSMs). The HSMs used are Federal Information Processing Standards (FIPS) 140-2 Level 2 validated.

Access to a key vault requires proper authentication and authorization before a caller (user or application) can get access. Authentication establishes the identity of the caller, while authorization determines the operations that they are allowed to perform.

References:

https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview

Question 19

QUESTION 119

You plan to deploy several Azure virtual machines.

You need to control the ports that devices on the Internet can use to access the virtual machines. What should you use?

1. a network security group (NSG)
2. an Azure Active Directory (Azure AD) role
3. an Azure Active Directory group
4. an Azure key vault

Answer 19

Correct Answer: A

Section: Describe general security and network security features Explanation

Explanation/Reference:

Explanation:

A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.

You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Question 20

QUESTION 120

HOTSPOT

To complete the sentence, select the appropriate option in the answer area.

Hot Area:

Answer 20

Explanation:

When you create a virtual machine, the default setting is to create a Network Security Group attached to the network interface assigned to a virtual machine.

A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.

You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 8080.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview