az-104 dumps topic 3, 1-? Flashcards

1
Q

You have an Azure subscription named Subscription1 that contains the storage accounts shown in the following table:

Name Account kind Azure service that contains data
storage1 Storage File
storage2 Storage V2 (general purpose v2) File, Table
storage3 Storage V2 (general purpose v2) Queue
storage4 BlobStorage Blob

You plan to use the Azure Import/Export service to export data from Subscription1.
You need to identify which storage account can be used to export the data.
What should you identify?
A. storage1
B. storage2
C. storage3
D. storage4

A

D. storage4

Azure Import/Export service supports the following of storage accounts:
✑ Standard General Purpose v2 storage accounts (recommended for most scenarios)
✑ Blob Storage accounts
✑ General Purpose v1 storage accounts (both Classic or Azure Resource Manager deployments),
Azure Import/Export service supports the following storage types:
✑ Import supports Azure Blob storage and Azure File storage
✑ Export supports Azure Blob storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You have Azure Storage accounts as shown in the following exhibit.

Name Type Kind Resourse group Location Subs Access tier Replication
storageaccount1 Stor. ac. Storage ContosoRG1 East US Subscription1 - Read-access ge…
storageaccount2 Stor. ac. StorageV2 ContosoRG1 Central US Subscription1 Hot Geo-redundant…
storageaccount3 Stor. ac. BlobStorage ContosoRG1 East US Subscription1 Hot Locally-redundant…

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

You can use [answer choice] for Azure Table Storage.
storageaccount1 only
storageaccount2 only
storageaccount3 only
storageaccount1 and storageaccount2 only
storageaccount2 and storageaccount3 only
You can use [answer choice] for Azure Blob storage.
storageaccount3 only
storageaccount2 and storageaccount3 only
storageaccount1 and storageaccount3 only
all the storage accounts

A

You can use [storageaccount1 and storageaccount2 only] for Azure Table Storage.

You can use [all the storage accounts] for Azure Blob storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You have Azure subscription that includes data in following locations:
Name Туре
container1 Blob container
share1 Azure files share
DB1 SQL database
Table1 Azure Table

You plan to export data by using Azure import/export job named Export1.
You need to identify the data that can be exported by using Export1.
Which data should you identify?
A. DB1
B. container1
C. share1
D. Table1

A

B. container1

Blobs are only type of storage which can be exported.
1. Import and export support for blob storage.
2. Only import support for File storage but export not support. check the table of Supported storage types
https://learn.microsoft.com/en-us/azure/import-export/storage-import-export-requirements#supported-storage-types

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have an Azure Storage account named storage1.
You have an Azure App Service app named App1 and an app named App2 that runs in an Azure container instance. Each app uses a managed identity.
You need to ensure that App1 and App2 can read blobs from storage1. The solution must meet the following requirements:
✑ Minimize the number of secrets used.
✑ Ensure that App2 can only read from storage1 for the next 30 days.
What should you configure in storage1 for each app?

App1:
App2:
Access keys
Advanced security
Access control (IAM)
Shared access signatures (SAS)

A

App1:
Access Control (IAM)
App2:
Shared access signatures (SAS)

  1. Since the App1 uses Managed Identity, App1 can access the Storage Account via IAM. As per requirement, we need to minimize the number of secrets used, so Access keys is not ideal. https://learn.microsoft.com/en-us/azure/app-service/scenario-secure-app-access-storage?tabs=azure-portal#grant-access-to-the-storage-account
  2. We need temp access for App2, so we need to use SAS.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You need to create an Azure Storage account that meets the following requirements:
✑ Minimizes costs
✑ Supports hot, cool, and archive blob tiers
✑ Provides fault tolerance if a disaster affects the Azure region where the account resides
How should you complete the command?

az storage account create -g RG1 -n storageaccount1
–kind [ … ]
File Storage
Storage
StorageV2
–sku [ … ]
Standard_GRS
Standard_LRS
Standard_RAGRS
Premium_LRS

A

–kind [ … ]
StorageV2
–sku [ … ]
Standard_GRS

“Note: General-purpose v1 accounts don’t have access to Hot, Cool, or Archive tiered storage. For access to tiered storage, upgrade to a general-purpose v2 account.”
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-grs

https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You have an Azure subscription that contains the resources in the following table.
Name Type
RG1 Resource group
store1 Azure Storage account
Sync1 Azure File Sync

Store1 contains a file share named data. Data contains 5,000 files.
You need to synchronize the files in the file share named data to an on-premises server named Server1.
Which three actions should you perform?

A. Create a container instance
B. Register Server1
C. Install the Azure File Sync agent on Server1
D. Download an automation script
E. Create a sync group

A

B. Register Server1
C. Install the Azure File Sync agent on Server1
E. Create a sync group

Step 1 (C): Install the Azure File Sync agent on Server1
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share
Step 2 (B): Register Server1.
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3 (E): Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have an Azure subscription that contains the resources shown in the following table.
Name Type Resource group
VNET1 Virtual network RG1
VNET2 Virtual network RG2
VM1 Virtual machine RG2

The status of VM1 is Running.
You assign an Azure policy as shown in the exhibit. (Click the Exhibit tab.)

Home > Policy - Assignments > Assign Policy
Assign Policy
Scope
Scope : Azure Pass/RG2
Exclusions : -
Basics
Policy definition : Not allowed resource types
Assignment name : Not allowed resource types
Description : -
Assigned by : First User
PARAMETERS
*Not allowed resource types✪
3 selected

You assign the policy by using the following parameters:
Microsoft.ClassicNetwork/virtualNetworks
Microsoft.Network/virtualNetworks
Microsoft.Compute/virtualMachines

Yes/No:
An administrator can move VNET1 to RG2
The state of VM1 changed to deallocated
An administrator can modify the address space of VNET2

A

An administrator can move VNET1 to RG2 - No
The state of VM1 changed to deallocated - No
An administrator can modify the address space of VNET2 - No

Policy will identify the VM as not compliant but will not put VM in deallocate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You have an Azure subscription that contains a storage account.
You have an on-premises server named Server1 that runs Windows Server 2016. Server1 has 2 TB of data.
You need to transfer the data to the storage account by using the Azure Import/Export service.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

From the Azure portal, update the import job
From the Azure portal, create an import job
Attach an external disk to Server1 and then run waimportexport.exe
Detach the external disks from Server1 and ship the disks to an Azure data center

A

Step 1: Prepare the drives (Attach an external disk to Server1 and then run waimportexport.exe)
Step 2: Create an import job (From the Azure portal, create an import job)
Step 3: Ship the drives to the Azure datacenter (Detach the external disks from Server1 and ship the disks to an Azure data center)
Step 4: Update the job with tracking information (From the Azure portal, update the import job)

Reference:
https://learn.microsoft.com/en-us/azure/import-export/storage-import-export-service#inside-an-import-job

https://learn.microsoft.com/en-us/azure/import-export/storage-import-export-data-to-files?tabs=azure-portal-preview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You have Azure subscription that includes following Azure file shares:
Name In storage account Location
share1 storage1 West US
share2 storage1 West US

You have the following on-premises servers:
Name Folders
Server1 D:\Folder1, E:\Folder2
Server2 D:\Data

You create a Storage Sync Service named Sync1 and an Azure File Sync group named Group1. Group1 uses share1 as a cloud endpoint.
You register Server1 and Server2 in Sync1. You add D:\Folder1 on Server1 as a server endpoint of Group1.

Yes/No:
share2 can be added as a cloud endpoint for Group1
E:\Folder2 on Server1 can be added as a server endpoint for Group1
D:\Data on Server2 can be added as a server endpoint for Group1

A

share2 can be added as a cloud endpoint for Group1 - No
A sync group contains one cloud endpoint, or Azure file share, and at least one server endpoint.

E:\Folder2 on Server1 can be added as a server endpoint for Group1 - No
Azure File Sync does not support more than one server endpoint from the same server in the same Sync Group.

D:\Data on Server2 can be added as a server endpoint for Group1 - Yes
Multiple server endpoints can exist on the same volume if their namespaces are not overlapping (for example, F:\sync1 and F:\sync2) and each endpoint is syncing to a unique sync group.

Reference:

https://docs.microsoft.com/en-us/answers/questions/110822/azure-file-sync-multiple-sync-directories-for-same.html
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have an Azure subscription named Subscription1.
You create an Azure Storage account named contosostorage, and then you create a file share named data.
Which UNC path should you include in a script that references files from the data file share? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once or not at all.

Values
- blob
- blob.core.windows.net
- contosostorage
- data
- file
- file.core.windows.net
- portal.azure.com
- subscription1

Answer Area
\ [ … ] . [ … ] \ [ … ]

A

[storageaccountname].file.core.windows.net/[FileShareName]

contosostorage.file.core.windows.net\data

Reference:

https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have an Azure subscription that contains an Azure Storage account.
You plan to copy an on-premises virtual machine image to a container named vmimages.
You need to create the container for the planned image.
Which command should you run?

azcopy
- make
- sync
- copy
‘https://mystorageaccount.[ … ].core.windows.net/vmimages’
- blob
- dfs
- queue
- table
- images
- file

A

azcopy make
‘https://mystorageaccount.[blob].core.windows.net/vmimages’

Similar to OS Images, a VM Image is a collection of metadata and pointers to a set of VHDs (one VHD per disk) stored as page blobs in Azure Storage.

Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-ref-azcopy-make

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You have an Azure File sync group that has the endpoints shown in the following table.

Name Туре
Endpoint1 Cloud endpoint
Endpoint2 Server endpoint
Endpoint3 Server endpoint

Cloud tiering is enabled for Endpoint3.
You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.
On which endpoints will File1 and File2 be available within 24 hours of adding the files?

File 1:
Endpoint1 only
Endpoint3 only
Endpoint2 and Endpoint3 only
Endpoint1, Endpoint2, and Endpoint3
File2:
Endpoint2 only
Endpoint3 only
Endpoint2 and Endpoint3 only
Endpoint1, Endpoint2, and Endpoint3

A

File1: Endpoint1 only
It is a cloud endpoint, and it is scanned by the detection job every 24 hours.

File2: Endpoint1, Endpoint2 and Endpoint3
With the on-premises servers the file is scanned and synced automatically after it’s being added.

Note: They changed the question in Exam from “within 24 hours” to “after 24 hours”.
So, the answer is:
File1: Endpoint1, Endpoint2 and Endpoint3
File2: Endpoint1, Endpoint2 and Endpoint3

Reference:

https://docs.microsoft.com/en-us/learn/modules/extend-share-capacity-with-azure-file-sync/2-what-azure-file-sync

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You have several Azure virtual machines on a virtual network named VNet1.
You configure an Azure Storage account as shown in the following exhibit.

Allow access from
[ ] All networks [X] Selected networks
Configure network security for your storage accounts.
Virtual networks
Secure your storage account with virtual networks.
VIRTUAL NET… SUBNET ADDRESS RA… ENDPOINT ST… RESOURCE G… SUBSCRIPTION
VNet1 1 10.2.0.0/16 - DemoRG Production subscrip…
Prod 10.2.0.0/24 Enabled DemoRG Production subscrip…
Firewall
Add IP ranges to allow access from the Internet or your on- premises networks.
ADDRESS RANGE : IP address or CIDR …
Exceptions
[ ] Allow trusted Microsoft services to access this storage account
[ ] Allow read access to storage logging from any network
[ ] Allow read access to storage metrics from any network

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

The virtual machines on the 10.2.9.0/24 subnet will have network connectivity to the file shares in the storage account [answer choice].
Azure Backup will be able to back up the unmanaged hard disks of the virtual machines in the storage account [answer choice].
- always
- during a backup
- never

A
  • never

VNet1’s address space is 10.2.0.0/16.
The VNet1 has only 1 Subnet associated: 10.2.0.0/24. The address space of a VNet is irrelevant if there isn’t a corresponding Subnet from, which VMs can be assigned IP addresses.

Box1: Never
VMs from 10.2.9.0/24 (10.2.9.0 - 10.2.9.255) are out of Subnet.
Subnet IP range 10.2.0.0 - 10.2.0. 255.

Box2: Never
Since the checkbox to allow trusted Microsoft services is not checked. After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network restricted storage account.

VMs from the 10.2.9.0/24 should NEVER access the storage!!!!!
Since wich the selection of the network is segmented by subnets, and not by virtual networks. The virtual machine attached to the following virtual network 10.2.9.0/24 will never have access to the storage account, because of the firewall rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You have a sync group named Sync1 that has a cloud endpoint. The cloud endpoint includes a file named File1.txt.
Your on-premises network contains servers that run Windows Server 2016. The servers are configured as shown in the following table.

Name Share Share contents
Server1 Share1 File1.txt, File2.txt
Server2 Share2 File2.txt, File3.txt

You add Share1 as an endpoint for Sync1. One hour later, you add Share2 as an endpoint for Sync1.
Yes/No

  • On the cloud endpoint, File1.txt is overwritten by File1.txt from Share1.
  • On Server1, File1.txt is overwritten by File1.txt from the cloud endpoint.
  • File1.txt from Share1 replicates to Share2.
A

Discussion says NO - On the cloud endpoint, File1.txt is overwritten by File1.txt from Share1. (yes)
Files are never overwritten. If the file exists, it will get a new name on the endpoint (file1(1).txt)
No - On Server1, File1.txt is overwritten by File1.txt from the cloud endpoint.
Yes - File1.txt from Share1 replicates to Share2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You have an Azure subscription that contains the storage accounts shown in the following table.

Name, Kind, Performance, Replication, Access tier
- storage1, Storage (general purpose v1), Premium, Geo-redundant storage (GRS), None
- storage2, StorageV2 (general purpose v2), Standard, Locally-redundant storage (LRS), Cool
- storage3, StorageV2 (general purpose v2), Premium, Read-access geo-redundant storage (RA-GRS), Hot
- storage4, BlobStorage, Standard, Locally-redundant storage (LRS), Hot

You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting a live migration from Azure support.
What should you identify?
A. storage1
B. storage2
C. storage3
D. storage4

A

B. storage2

Answer is correct. It is storage2.
The key to the answer in this question is “Live migration”
- You can do Live migration to ZRS from LRS or GRS only.
- Also this only applies on General Purpose v2 storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of
131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
✑ Ensure that you can upload the disk files to account1.
✑ Ensure that you can attach the disks to VM1.
✑ Prevent all other access to account1.
Which two actions should you perform? Each correct answer presents part of the solution.

A. From the Networking blade of account1, select Selected networks.
B. From the Networking blade of account1, select Allow trusted Microsoft services to access this storage account.
C. From the Networking blade of account1, add the 131.107.1.0/24 IP address range.
D. From the Networking blade of account1, add VNet1.
E. From the Service endpoints blade of VNet1, add a service endpoint.

A

A, C are the only possible combination to answer this question.

For other options:
- B, theres no need to involve Microsoft trusted services here.
- D, that only works if there is a site-to-site VPN, and that is NOT stated in the problem.
- E, theres nothing to do with the problem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You have an on-premises file server named Server1 that runs Windows Server 2016.
You have an Azure subscription that contains an Azure file share.
You deploy an Azure File Sync Storage Sync Service, and you create a sync group.
You need to synchronize files from Server1 to Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

  • Install the Azure File Sync agent on Server1
  • Create an Azure on-premises data gateway
  • Create a Recovery Services vault
  • Register Server1
  • Add a server endpoint
  • Install the DFS Replication server role
    on Server1
A

Install the Azure File Sync agent on Server1
Register Server1
Add a server endpoint

Step 1: Install the Azure File Sync agent on Server1
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share

Step 2: Register Server1
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.

Step 3: Add a server endpoint
Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.

Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

18
Q

You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
✑ Replicates synchronously.
✑ Remains available if a single data center in the region fails.
How should you configure the storage account?

Replication:
Geo-redundant storage (GRS)
Locally-redundant storage (LRS)
Read-access geo-redundant storage (RA GRS)
Zone-redundant storage (ZRS)
Account type:
Blob storage
Storage (general purpose v1)
StorageV2 (general purpose v2)

A

Replication:
Geo-redundant storage (GRS)
Account type:
StorageV2 (general purpose v2)

Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single Region.
GRS protects against Zone failure, while ZRS protects against data center failure.
LRS would not remain available if a data center in the region fails.
GRS and RA GRS use asynchronous replication.

Box 2: StorageV2 (general purpose V2)
ZRS only support GPv2.

Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs

19
Q

You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution.

A. an XML manifest file
B. a dataset CSV file
C. a JSON configuration file
D. a PowerShell PS1 file
E. a driveset CSV file

A

B. a dataset CSV file
E. a driveset CSV file

Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file.
Modify the driveset.csv file in the root folder where the tool is.

Reference:
https://docs.microsoft.com/en-us/azure/import-export/storage-import-export-service
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files

20
Q

You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.
You need to delete the Recovery Services vault.
What should you do first?

A. From the Recovery Service vault, delete the backup data.
B. Modify the disaster recovery properties of each virtual machine.
C. Modify the locks of each virtual machine.
D. From the Recovery Service vault, stop the backup of each backup item.

A

D. From the Recovery Service vault, stop the backup of each backup item.
You can’t delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can’t, the vault is still configured to receive backup data.
Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. In this menu, you can stop and delete Azure File Servers, SQL
Servers in Azure VM, and Azure virtual machines.

Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault#delete-protected-items-in-the-cloud

21
Q

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

Name Туре Location Resource group
RG1, Resource group, West US, Not applicable
RG2, Resource group, West US, Not applicable
Vault1, Recovery Services vault, Central US, RG1
Vault2, Recovery Services vault, West US, RG2
VM1, Virtual machine, Central US, RG2
storage1, Storage account, West US, RG1
SQL1, Azure SQL database, East US, RG2

In storage1, you create a blob container named blob1 and a file share named share1.
Which resources can be backed up to Vault1 and Vault2?

Can use Vault1 for backups:
- VM1 only
- VM1 and share1 only
- VM1 and SQL1 only
- VM1, storage1, and SQL1 only
- VM1, blob1, share1, and SQL1
Can use Vault2 for backups:
- storage1 only
- share1 only
- VM1 and share1 only
- blob1 and share1 only
- storage1 and SQL1 only

A

Box 1: VM1 only
VM1 is in the same region as Vault1. File1 is not in the same region as Vautl1. SQL is not in the same region as Vault1. Blobs cannot be backup up to service vaults.
Note: To create a Vault to protect VMs, the Vault must be in the same Region as the VMs.

Box 2: Share1 only
Storage1 is in the same region as Vault2. Share1 is in Storage1. Also support by type of backup.
Note: Only VM and Fileshare is allowed to Backup.

Specifically stating BACKUP VAULT supports BLOB, while RECOVERY SERVICES VAULT supports FILE SHARE. Can “configure/create both vaults using BACKUP CENTER”, that is the reason for confusion.

Reference:
https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault
https://docs.microsoft.com/en-us/azure/backup/backup-afs
https://feedback.azure.com/forums/217298-storage/suggestions/37096837-possibility-to-backup-blob-data-in-the-recovery-se

22
Q

You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?

A. a virtual machine
B. an Azure Cosmos DB database
C. Azure File Storage
D. the Azure File Sync Storage Sync Service

A

C. Azure File Storage
(or Azure Blob Storage)
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter. This service can also be used to transfer data from Azure Blob storage to disk drives and ship to your on-premises sites. Data from one or more disk drives can be imported either to Azure Blob storage or Azure Files. The maximum size of an Azure Files Resource of a file share is 5 TB.

Note: There are several versions of this question in the exam. The question has two correct answers:
1. Azure File Storage or
2. Azure Blob Storage

The question can have other incorrect answer options, including the following:
✑ Azure Data Lake Store
✑ Azure SQL Database
✑ Azure Data Factory

Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service

23
Q

You have an Azure subscription.
You create the Azure Storage account shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

The minimum number of copies of the storage account will be: 1 / 2 / 3 / 4

To reduce the cost of infrequently accessed data in the storage account, you must modify the [ … ] setting:
- Access tier (default)
- Performance
- Account kind
- Replication

A
  • 3
    Locally Redundant Storage (LRS) provides highly durable and available storage within a single location (sub region). We maintain an equivalent of 3 copies
    (replicas) of your data within the primary location as described in our SOSP paper; this ensures that we can recover from common failures (disk, node, rack) without impacting your storage account’s availability and durability.
  • Access tier (default)
24
Q

You have an Azure Storage account named storage1.
You plan to use AzCopy to copy data to storage1.
You need to identify the storage services in storage1 to which you can copy the data.
Which storage services should you identify?

A. blob, file, table, and queue
B. blob and file only
C. file and table only
D. file only
E. blob, table, and queue only

A

B. blob and file only

AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.
Incorrect Answers:
A, C, E: AzCopy does not support table and queue storage services.
D: AzCopy supports file storage services, as well as blob storage services.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10

25
Q

You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File storage.
You need to use AzCopy to copy data to the blob storage and file storage in storage1.
Which authentication method should you use for each type of storage?

Blob storage:
File storage:
- Azure Active Directory (Azure AD) only
- Shared access signatures (SAS) only
- Access keys and shared access signatures (SAS) only
- Azure Active Directory (Azure AD) and shared access signatures (SAS) only
- Azure Active Directory (Azure AD), access keys, and shared access signatures (SAS)

A

Blob storage:
- Azure Active Directory (Azure AD) and shared access signatures (SAS) only
File storage:
- Shared access signatures (SAS) only

You can provide authorization credentials by using Azure Active Directory (AD), or by using a Shared Access Signature (SAS) token.

Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10

26
Q

You have an Azure subscription that contains an Azure Storage account.
You plan to create an Azure container instance named container1 that will use a Docker image named Image1. Image1 contains a Microsoft SQL Server instance that requires persistent storage.
You need to configure a storage service for Container1.
What should you use?
A. Azure Files
B. Azure Blob storage
C. Azure Queue storage
D. Azure Table storage

A

A. Azure Files
Azure files are used as persistent disks for docker images. It doesn’t matter the type of the image or its functionality.

27
Q

You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2.
You plan to implement an Azure Availability Set for App1. The solution must ensure that App1 is available during planned maintenance of the hardware hosting
VM1 and VM2.
What should you include in the Availability Set?

A. one update domain
B. two fault domains
C. one fault domain
D. two update domains

A

D. two update domains

An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time.
VMs in the same fault domain share common storage as well as a common power source and network switch.

When you create an Availability Set, the hardware in a location is divided into multiple update domains and fault domains.

During scheduled maintenance, only one update domain is updated at any given time. Update domains aren’t necessarily updated sequentially. So, we need two update domains.

Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets
https://docs.microsoft.com/en-us/azure/virtual-machines/manage-availability
https://docs.microsoft.com/en-us/azure/virtual-machines/maintenance-and-updates

28
Q

You have an Azure subscription that contains an Azure file share.
You have an on-premises server named Server1 that runs Windows Server 2016.
You plan to set up Azure File Sync between Server1 and the Azure file share.
You need to prepare the subscription for the planned Azure File Sync.
Which two actions should you perform in the Azure subscription?

  • Create a Storage Sync Service
  • Install the Azure File Sync agent
  • Create a sync group
  • Run Server Registration
    First action: …
    Second action: …
A

First action: Create Storage Sync Service
Second action: Create a Sync Group

As they are asking for “Which two actions should you perform in the Azure subscription?”. Its actions on the subscription/azure portal and does not ask for actions on the server.

29
Q

You have an Azure subscription that contains the file shares shown in the following table.
Name Location
share1 West US
share2 West US
share3 East US

You have the on-premises file shares shown in the following table.
Name Server Path
data1 Server1 D:\Folder1
data2 Server2 E:\Folder2
data3 Server3 E:\Folder2

You create an Azure file sync group named Sync1 and perform the following actions:
✑ Add share1 as the cloud endpoint for Sync1.
✑ Add data1 as a server endpoint for Sync1.
✑ Register Server1 and Server2 to Sync1.
Yes/No

You can add share3 as an additional cloud endpoint for Sync 1.
You can add data2 as an additional server endpoint for Sync1.
You can add data3 as an additional server endpoint for Sync1.

A

Box 1: No
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.

Box 2: Yes
Data2 is located on Server2 which is registered to Sync1. But data2 is not added to server endpoint, so we can add data2 as additional server endpoint for Sync1.

Box 3: No
Data3 is located on Server3 which is not registered to Sync1. We have to register Server3 first.

Reference:
https://docs.microsoft.com/en-us/azure/storage/file-sync/file-sync-deployment-guide?tabs=azure-portal%2Cproactive-portal#create-a-sync-group-and-a-%20cloud-endpoint

30
Q

You have an Azure subscription named Subscription1 that contains the resources shown in the following table:

Name Туре Location Resource group
RG1, Resource group, East US, Not applicable
RG2, Resource group, West US, Not applicable
Vault1, Recovery Services vault, West Europe, RG1
storage1, Storage account, East US, RG2
storage2, Storage account, West US, RG1
storage3, Storage account, West Europe, RG2
Analytics1, Log Analytics workspace, East US, RG1
Analytics2, Log Analytics workspace, West US, RG2
Analytics3, Log Analytics workspace, West Europe, RG1

You plan to configure Azure Backup reports for Vault1.
You are configuring the Diagnostics settings for the AzureBackupReports log.
Which storage accounts and which Log Analytics workspaces can you use for the Azure Backup reports of Vault1?

Storage accounts:
storage1 only
storage2 only
storage3 only
storage1, storage2, and storage3
Log Analytics workspaces:
Analytics1 only
Analytics2 only
Analytics3 only
Analytics1, Analytics2, and Analytics3

A

Storage accounts: Storage 3 only
Storage Account must be in the same Region as the Recovery Services Vault.

Log Analytics workspaces: Analytics1, Analytics2, and Analytics3
Set up one or more Log Analytics workspaces to store your Backup reporting data. The location and subscription where this Log Analytics workspace can be created is independent of the location and subscription where your Vaults exist.

Reference:
https://docs.microsoft.com/en-us/azure/backup/configure-reports#1-create-a-log-analytics-workspace-or-use-an-existing-one

31
Q

You have an Azure subscription that contains the storage accounts shown in the following exhibit.

Name Type Kind Resource group Location
contoso101, Storage account, Storage V2, RG1, East US
contoso102, Storage account, Storage, RG1, East US
contoso103, Storage account, BlobStorage, RG1, East US
contoso104, Storage account, FileStorage, RG1, East US

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

You can create a premium file share in:
contoso101only contoso104 only
contoso101 or contoso104 only
contoso101, contoso102, or contoso104 only contoso101, contoso102, contoso103, or contoso104
You can use the Archive access tier in:
contoso101only
contoso101 or contoso103 only
contoso101, contoso102, and contoso103 only contoso101, contoso102, and contoso104 only
contoso101, contoso102, contoso103, and contoso104

A

Box 1: contoso104 only
Premium file shares are hosted in a special purpose storage account kind, called a FileStorage account.

Box 2: contoso101 and contos103 only
Object storage data tiering between hot, cool, and archive is supported in Blob Storage and General Purpose v2 (GPv2) accounts. General Purpose v1 (GPv1) accounts don’t support tiering.
The archive tier supports only LRS, GRS, and RA-GRS.

Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-premium-fileshare?tabs=azure-portal
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

32
Q

You have an Azure subscription named Subscription1.
In Subscription1, you create an Azure file share named share1.
You create a shared access signature (SAS) named SAS1 as shown in the following exhibit:

Allowed services
Blob - File + Queue - Table -
Allowed resource types
Service + Container + Object +
Allowed permissions
Read + Write + Delete - List + Add - Create - Update - Process -
Start and expiry date/time
2018-09-01 2:00:00 PM
2018-09-14 2:00:00 PM
Allowed IP addresses
193.77.134.10-193.77.134.50
Allowed protocols
+ HTTPS only - HTTPS and HTTP
Signing key: key1

If on September 2, 2018, you run Microsoft Azure Storage Explorer on a computer that has an IP address of 193.77.134.1, and you use SAS1 to connec to the storage account, you [ … ].
If on September 10, 2018, you run the net use command on a computer that has an IP address of 193.77.134.50, and you use SAS1 as the password to connect to share1, you [ … ].

  • will be prompted for credentials
  • will have no access
  • will have read, write, and list access
  • will have read-only access
A

Box 1: will have no access
The IP 193.77.134.1 does not have access on the SAS, because it is not matching the SAS requirements. IP is out of range.

Box 2: will have no access
The SAS token is not supported in mounting Azure File share currently, it just supports the Azure storage account key.
Since it is using “net use” where it uses SMB, the SMB (Server Message Broker) protocol does not support SAS. it still asks for username/password. Accordingly, it will give error wrong username/pass and will not provide access.

Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1
https://docs.microsoft.com/en-us/azure/vs-azure-tools-storage-manage-with-storage-explorer?tabs=windows
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
https://docs.microsoft.com/en-us/answers/questions/40741/sas-key-for-unc-path.html

33
Q

You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2.
VM2 is backed up to RSV1.
You need to back up VM2 to RSV2.
What should you do first?

A. From the RSV1 blade, click Backup items and stop the VM2 backup
B. From the RSV2 blade, click Backup. From the Backup blade, select the backup for the virtual machine, and then click Backup
C. From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault
D. From the RSV1 blade, click Backup Jobs and export the VM2 job

A

A. From the RSV1 blade, click Backup items and stop the VM2 backup

If you want to change the recovery service vault you need to disassociate the previous RSV and delete the backup data. To delete backup data, you need to stop the backup first.
So:
1. Stop the backup in RSV1 (D)
2. Remove the backup data.
3. Disassociate the VM in RSV1.
4. Associate the VM in RSV2.

34
Q

You have a general-purpose v1 Azure Storage account named storage1 that uses locally-redundant storage (LRS).
You need to ensure that the data in the storage account is protected if a zone fails. The solution must minimize costs and administrative effort.
What should you do first?
A. Create a new storage account.
B. Configure object replication rules.
C. Upgrade the account to general-purpose v2.
D. Modify the Replication setting of storage1.

A

C. Upgrade the account to general-purpose v2.

v1 supports GRS/RA-GRS but question was about least cost. Least cost is ZRS which is only supported for v2 and premium file/block storage.
Source: https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy#supported-storage-account-types

35
Q

You have an Azure subscription that contains the storage accounts shown in the following table.

Name Type Performance
storage1, StorageV2, Standard
storage2, BlobStorage, Standard
storage3, BlockBlobStorage, Premium
storage4, FileStorage, Premium

You plan to manage the data stored in the accounts by using lifecycle management rules.
To which storage accounts can you apply lifecycle management rules?
A. storage1 only
B. storage1 and storage2 only
C. storage3 and storage4 only
D. storage1, storage2, and storage3 only
E. storage1, storage2, storage3, and storage4

A

D. storage1, storage2, and storage3 only

The lifecycle management feature is available in all Azure regions for general purpose v2 (GPv2) accounts, blob storage accounts, premium block blobs storage accounts, and Azure Data Lake Storage Gen2 accounts.

Storage account type and kind are mixed here. Also at this point, this is all legacy. Storage account types offered now without switching to legacy are simply standard (gpv2) and premium. Even in legacy, there isn’t any such storage account type as “filestorage”, so storage4 as listed is not valid, period.

36
Q

You create an Azure Storage account named contosostorage.
You plan to create a file share named data.
Users need to map a drive to the data file share from home computers that run Windows 10.
Which outbound port should you open between the home computers and the data file share?
A. 80
B. 443
C. 445
D. 3389

A

C. 445, as this is port for SMB protocol to share files

Server Message Block (SMB) is used to connect to an Azure file share over the internet. The SMB protocol requires TCP port 445 to be open.
Incorrect Answers:
A: Port 80 is required for HTTP to a web server
B: Port 443 is required for HTTPS to a web server
D: Port 3389443 is required for Remote desktop protocol (RDP) connections
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

37
Q

You have an Azure subscription that contains an Azure Storage account named storageaccount1.
You export storageaccount1 as an Azure Resource Manager template. The template contains the following sections.

{ “type”: “Microsoft.Storage/storageAccount”,
“apiVersion”: “2019-06-01”,
“name”: “storageaccount1”,
“location”: “eastus”,
“sku”: { “name”: “Standard_LRS”, “tier”: “Standard” },
“kind”: “StorageV2”,
“properties”: {
“networkAcls”: {
“bypass”: “AzureServices”,
“virtualNetworkRules”: [],
“ipRules”: [],
“defaultAction”: “Allow”,
},
“supportsHttpsTrafficOnly”: true,
“encryption”: {
“services”: {
“file”: { “keyType”: “Account”, “enabled”: true },
“blob”: { “keyType”: “Account”, “enabled”: true },
},
“keySource”: “Microsoft.Storage”
},
“accessTier”: “Hot” } }

Yes/No
A server that has a public IP address of 131.107.103.10 can access storageaccount1.
Individual blobs in storageaccount1 can be set to use the archive tier.
Global administrations in Azure Active Directory (Azure AD) can access a file share hosted in storageaccount1 by using their Azure AD credentials.

A

Box 1- Yes. VirtualNetworkRules & IpRules are blank, with the default action Allow. Defaultaction is allow. IP is allowed.
Box 2- Yes. Individual blobs can be set to the archive tier. Storagev2 allows tiering.
Bob 3. No. File share access requires SAS. To access blob data in the Azure portal with Azure AD credentials, a user must have the following role assignments:
A data access role, such as Storage Blob Data Contributor; The Azure Resource Manager Reader role.

Ref
https://docs.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview
https://docs.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access?tabs=portal

38
Q

You have an Azure subscription that contains a storage account named storage1.
You have the devices shown in the following table.

Name Platform
Device1 Windows 10
Device2 Linux
Device3 macOS

From which devices can you use AzCopy to copy data to storage1?
A. Device 1 only
B. Device1, Device2 and Device3
C. Device1 and Device2 only
D. Device1 and Device3 only

A

B. Device1, Device2 and Device3

AzCopy is supported in all these three operating systems: https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10#download-azcopy

39
Q

You have an Azure Storage account named storage1 that contains a blob container named container1.
You need to prevent new content added to container1 from being modified for one year.
What should you configure?
A. the access tier
B. an access policy
C. the Access control (IAM) settings
D. the access level

A

B. an access policy

With a time-based retention policy, users can set policies to store data for a specified interval. When a time-based retention policy is set, objects can be created and read, but not modified or deleted. After the retention period has expired, objects can be deleted but not overwritten.

https://docs.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview?tabs=azure-portal
https://docs.microsoft.com/en-us/azure/storage/blobs/immutable-time-based-retention-policy-overview

40
Q

You have an Azure Storage account named storage1 that contains a blob container. The blob container has a default access tier of Hot. Storage1 contains a container named container1.
You create lifecycle management rules in storage1 as shown in the following table.

Name, Rule scope, Blob type, Blob subtype, Rule block, Prefix match
Rule 1, Limit blobs by using filters., Block blobs, Base blobs, If base blobs were not modified for two days, move to archive storage. If base blobs were not modified for nine days, delete the blob., container1/Dep1
Rule2, Apply to all blobs in storage1., Block blobs, Base blobs, If base blobs were not modified for three days, move to cool storage. If base blobs were not modified for nine days, move to archive storage., Not applicable

You perform the actions shown in the following table.

Date Action
October 1, Upload three files named Dep1File1.docx, File2.docx, and File3.docx to container1.
October 2, Edit Dep1File1.docx and File3.docx.
October 5, Edit File2.docx.

Yes/No
On October 10, you can read Dep1File1.docx.
On October 10, you can read File2.docx.
On October 10, you can read File3.docx.

A

The question asks if you can read the files on the 10th, not if they still exist. Files in the archive tier CANNOT be read as documented by Microsoft:
“While a blob is in archive storage, the blob data is offline and can’t be read or modified. To read or download a blob in archive, you must first rehydrate it to an online tier.”
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

Dep1File1.docx was last updated 8 days ago, and would be in archive tier
File2.docx was last updated 5 days ago, and would be in cool tier
File3.docx was last updated 8 days ago and would be in cool tier

Dep1File1 > No cannot be read
File2 > Yes can be read
File3 > Yes can be read