Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

az305 > az305 > Flashcards

az305 Flashcards

1
Q

Whis of the following would you use to restrict access to KeyVault?

Access policies for KeyVault

An Azure Policy

RBAC

Azure Ad Multi Factor Auth

A

Access policies for KeyVault

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Requirement: All data in the storage account is encrypted at rest

Azure Storage Encryption

Azure Disk Encryption

Always Encyrpted

Transparent Data Encrption

A

Azure Storage Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

To the manager of the developers, send a monthly email message that lists the access permissions to Application1.

If the manager does not verify an access permission, automatically revoke that permission.

Minimize development effort

A. In Azure Active Directory (Azure AD), create an access review of Application1.

B. Create an Azure Automation runbook that runs the Get-AzRoleAssignment cmdlet.

C. In Azure Active Directory (Azure AD) Privileged Identity Management, create a custom role assignment for the Application1 resources.

D. Create an Azure Automation runbook that runs the Get-AzureADUserAppRoleAssignment cmdlet.

A

A. In Azure Active Directory (Azure AD), create an access review of Application1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Some users work remotely and do NOT have VPN access to the on-premises network.You need to provide the remote users with single sign-on (SSO) access to WebApp1. Select 2

A. Azure AD Application Proxy

B. Azure AD Privileged Identity Management (PIM)

C. Conditional Access policies

D. Azure Arc

E. Azure AD enterprise applications

F. Azure Application Gateway

A

A,E

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

✑ The evaluation must be repeated automatically every three months.

✑ Every member must be able to report whether they need to be in Group1.

✑ Users who report that they do not need to be in Group1 must be removed from Group1 automatically.

✑ Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.What should you include in the recommendation?

A. Implement Azure AD Identity Protection.

B. Change the Membership type of Group1 to Dynamic User.

C. Create an access review.

D. Implement Azure AD Privileged Identity Management (PIM).

A

C. Create an access review.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You need to recommend a design for the planned Databrick deployment. The solution must meet the following requirements:

✑ Ensure that the data engineers can only access folders to which they have permissions.

✑ Minimize development effort.

✑ Minimize costs.

Databticks SKU: Premium or Standard
Cluster Config:
Credential Passthrough
Managed Identities
MLFlow
Secret Scope

A

Premium, Credential Passthrough

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You need to analyze the network traffic to identify whether packets are being allowed or denied to the virtual machines.Solution: Use Azure Traffic Analytics in Azure Network Watcher to analyze the network traffic.

Does this meet the goal?

A

Instead use Azure Network Watcher IP Flow Verify, which allows you to detect traffic filtering issues at a VM level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Users can connect to app without being prompted for auth:
Azure AD App registration
Azure AD Managed identity
Azure Ad App Proxy

User can only access apps from company owned computers:
A conditional access policy
Azure AD administrative unit
Azure Application Gateway
Azure blueprionts
Azure Policy

A

Azure AD App registration

A conditional access policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You need to use Azure Monitor to design an alerting strategy for security-related events.
Which Azure Monitor Logs tables should you query?
Select for win and linux

Azure Activity
Azure Diagnostics
Event
syslog

A

Win: Event, Linux: Syslog

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

To which three scopes can you assign Azure Policy definitions?

A. Azure Active Directory (Azure AD) administrative units
B. Azure Active Directory (Azure AD) tenants
C. subscriptions
D. compute resources
E. resource groups
F. management groups

A

C,E,F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Your on-premises network contains a server named Server1 that runs an ASP.NET application named App1.
You have a hybrid deployment of Azure Active Directory (Azure AD).
You need to recommend a solution to ensure that users sign in by using their Azure AD account and Azure Multi-Factor Authentication (MFA) when they connect to App1 from the internet.
Which three features should you recommend be deployed and configured in sequence?

A public load balancer
A managed identity
an internal azure load balancer
conditional access policy
azure app service plan
Azure AD apllication proxy
Azure Ad application Enterprise

A
  1. Application Proxy
  2. Enterprise Application
  3. Conditional Access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Your on-premises network contains a server named Server1 that runs an ASP.NET application named App1.
You have a hybrid deployment of Azure Active Directory (Azure AD).
You need to recommend a solution to ensure that users sign in by using their Azure AD account and Azure Multi-Factor Authentication (MFA) when they connect to App1 from the internet.
Which three features should you recommend be deployed and configured in sequence?

A public load balancer
A managed identity
an internal azure load balancer
conditional access policy
azure app service plan
Azure AD apllication proxy
Azure Ad application Enterprise

A
  1. Application Proxy
  2. Enterprise Application
  3. Conditional Access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager (ARM) resource deployments in your Azure subscription.
What should you include in the recommendation?

A. Azure Activity Log
B. Azure Advisor
C. Azure Analysis Services
D. Azure Monitor action groups

A

A. Azure Activity Log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Your company, named Contoso, Ltd., implements several Azure logic apps that have HTTP triggers. The logic apps provide access to an on-premises web service.
Contoso establishes a partnership with another company named Fabrikam, Inc.
Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users.
Developers at Fabrikam plan to use a subset of the logic apps to build applications that will integrate with the on-premises web service of Contoso.
You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements:
✑ Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso.
✑ The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.
✑ The solution must NOT require changes to the logic apps.
✑ The solution must NOT use Azure AD guest accounts.
What should you include in the solution?

A. Azure Front Door
B. Azure AD Application Proxy
C. Azure AD business-to-business (B2B)
D. Azure API Management

A

Many APIs support OAuth 2.0 to secure the API and ensure that only valid users have access, and they can only access resources to which they’re entitled. To use Azure API Management’s interactive developer console with such APIs, the service allows you to configure your service instance to work with your OAuth 2.0 enabled API.

Incorrect:
Azure AD business-to-business (B2B) uses guest accounts.
Azure AD Application Proxy is for on-premises scenarios.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You have an Azure subscription that contains 300 virtual machines that run Windows Server 2019.
You need to centrally monitor all warning events in the System logs of the virtual machines.

Resources to create:
Event hub
Log Analytics
search engine
storage acount

Conf on Vms:
Create event subs
Conf CD
Install Azure monitor agent
Modify membership of the Event Log Reader Group

A

Resources to create: Log Analytics
Conf on Vms: Install Azure monitor agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Security:
Get alerts about changes in administrator assignements
Development:
enable KeyVault access
Quality:
Require temporary admin roles

Azure AD Privilied Identity Management
Azure Managed Identity
Azure AD connect
Azure AD Identity Protection

A

Security: PIM
Development: MI
Quality: PIM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

East / Sub1,Sub2 / tenant1
west / Sub3,Sub4 / tenant2

of Management Group = ? 1,2,3,4
# of Blueprint Definitons = ? 1,2,3,4
# of Blueprint Assignments = ? 1,2,3,4

A

of Management Group = 2
# of Blueprint Definitons = 2
# of Blueprint Assignments = 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

✑ For new resources, assign tags and values that match the tags and values of the resource group to which the resources are deployed.
✑ For existing resources, identify whether the tags and values match the tags and values of the resource group that contains the resources.
✑ For any non-compliant resources, trigger auto-generated remediation tasks to create missing tags and values.
The solution must use the principle of least privilege.
What should you include in the design?

Azure Policy Effect to use:
Append
EnforceOPAConstraint
EnforceRegoPolicy
Modify

RBAC for remedition tasks:
Managed Identity with Contributer
Managed Identity with User Access Admin
Service Principal with Contributer
Service Principal with User Access Admin

A

Azure Policy Effect to use:
Modify

RBAC for remedition tasks:
Managed Identity with Contributer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

To DB1, you add a diagnostic setting named Settings1. Settings1 archive SQLInsights to storage1 and sends SQLInsights to Workspace1(Azure Log analytics Workspace).

T/F

You can add new dignostic setting that archives SqlInsights logs to storage2
You can add new dignostic setting that sends SqlInsights logs to Workspace2
You can add new dignostic setting that sends SqlInsights logs to EventHub1

A

T,T,T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You plan to deploy an Azure SQL database that will store Personally Identifiable Information (PII).
You need to ensure that only privileged users can view the PII.
What should you include in the solution?
A. dynamic data masking
B. role-based access control (RBAC)
C. Data Discovery & Classification
D. Transparent Data Encryption (TDE)

A

A. dynamic data masking
Dynamic data masking limits sensitive data exposure by masking it to non-privileged users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Store data for multiple users
Ecrypt each users data by using a separate key
Encrypt all the data in the storage account by using customer-managed keys

A. files in a premium file share storage account
B. blobs in a general purpose v2 storage account
C. blobs in an Azure Data Lake Storage Gen2 account
D. files in a general purpose v2 storage account

A

B. blobs in a general purpose v2 storage account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

You have an Azure App Service web app that uses a system-assigned managed identity.
You need to recommend a solution to store the settings of the web app as secrets in an Azure key vault. The solution must meet the following requirements:
✑ Minimize changes to the app code.
✑ Use the principle of least privilege.

KeyVault Integration method: ?
KeyVault permission for the managed identity: ?

A

KeyVault Integration method: Application settings
KeyVault permission for the managed identity: Secrets: Get

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

You need to recommend a solution to meet the following requirements for the virtual machines that will run App1:
✑ Ensure that the virtual machines can authenticate to Azure Active Directory (Azure AD) to gain access to an Azure key vault, Azure Logic Apps instances, and an Azure SQL database.
✑ Avoid assigning new roles and permissions for Azure services
✑ Avoid storing secrets and certificates on the virtual machines.
✑ Minimize administrative effort for managing identities.

Which type of identity should you include in the recommendation?

A. a system-assigned managed identity
B. a service principal that is configured to use a certificate
C. a service principal that is configured to use a client secret
D. a user-assigned managed identity

A

D. a user-assigned managed identity

User assigned MI can be shared with more than one Azure resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Azure cosmos DB hosts a container that stores continuously updated operational data.
You are designing a solution that will use AS1 to analyze the operational data daily.
You need to recommend a solution to analyze the data without affecting the performance of the operational data store.
What should you include in the recommendation?

A. Azure Cosmos DB change feed
B. Azure Data Factory with Azure Cosmos DB and Azure Synapse Analytics connectors
C. Azure Synapse Link for Azure Cosmos DB
D. Azure Synapse Analytics with PolyBase data loading

A

C. Azure Synapse Link for Azure Cosmos DB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The maximum amount of time that the SQL Insights data can be stored in Azure Log Analytics is

30
90
730
indefinite

A

730

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

OpenID Connect and OAuth - Choose OpenID Connect and OAuth 2.0 if the application you’re connecting to supports it.

SAML - Choose SAML whenever possible for existing applications that do not use OpenID Connect or OAuth.

Password-based - Choose password-based when the application has an HTML sign-in page. Password-based SSO is also known as password vaulting. Password-based SSO enables you to manage user access and passwords to web applications that don’t support identity federation. It’s also useful where several users need to share a single account, such as to your organization’s social media app accounts. Password-based SSO supports applications that require multiple sign-in fields for applications that require more than just username and password fields to sign in.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The application manages its own credential store.
Users must enter a username and password to access the application. The application does NOT support identity providers.
You plan to upgrade the application to use single sign-on (SSO) authentication by using an Azure Active Directory (Azure AD) application registration.
Which SSO method should you use?

A. header-based
B. SAML
C. password-based
D. OpenID Connect

A

C. password-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Connect vms from the internet.
✑ Incoming connections to the virtual machines must be authenticated by using Azure Multi-Factor Authentication (MFA) before network connectivity is allowed.
✑ Incoming connections must use TLS and connect to TCP port 443.
✑ The solution must support RDP and SSH.

Access the vms on Vnet, use:
-Azure Bastion
-JIT VM access
-Azure Web App firewall(WAF) in Azure Front door

Enforce MFA, use:
-Azure Identoty Governance access package
-Conditional Access policy that has the Cloud apps assignment set to Azure Windows VM Sign-in
-Conditional Access policy that has the Cloud apps assignment set to Microsoft Azure Management

A

Access the vms on Vnet, use:
-Azure Bastion (uses port 443)

Enforce MFA, use:
-Conditional Access policy that has the Cloud apps assignment set to Azure Windows VM Sign-in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

All Azure resources must be easily identifiable based on the following operational information: environment, owner, department and cost center.
You need to ensure that you can use the operational information when you generate reports for the Azure resources.

A. an Azure data catalog that uses the Azure REST API as a data source
B. an Azure management group that uses parent groups to create a hierarchy
C. an Azure policy that enforces tagging rules
D. Azure Active Directory (Azure AD) administrative units

A

C. an Azure policy that enforces tagging rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

There are 2 companies that use Azure AD. Company A wants to give Contributer access to 10 Company B employees .

Employees should use their own credentials

A. In the Azure AD tenant of Contoso. create cloud-only user accounts for the Fabrikam developers.
B. Configure a forest trust between the on-premises Active Directory forests of Contoso and Fabrikam.
C. Configure an organization relationship between the Microsoft 365 tenants of Fabrikam and Contoso.
D. In the Azure AD tenant of Contoso, create guest accounts for the Fabnkam developers.

A

D. In the Azure AD tenant of Contoso, create guest accounts for the Fabnkam developers.

B is incorrect because forest is used for internal security not for external access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Sub1 contains an Azure App Service web app named App1. App1 uses Azure AD for single-tenant user authentication. Users from contoso.com can authenticate to App1.
You need to recommend a solution to enable users in the fabrikam.com tenant to authenticate to App1.

A. Configure the Azure AD provisioning service.
B. Enable Azure AD pass-through authentication and update the sign-in endpoint.
C. Use Azure AD entitlement management to govern external users.
D. Configure Azure AD join.

A

C is correct
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users

IF App1 is multi-tenant application, A might be correct since you can provision users from other tenant to App1 and configure App1 to SSO with other tenants.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Grants permissions to allow web apps to access the web APIs:
- Azure AD
- Azure API Management
- The web APIs

Configures a JSON Web Token(JWT) validation policy:
- Azure AD
- Azure API Management
- The web APIs

A

1: Azure AD
2: Azure API Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2014 instances. The instances host databases that have the following characteristics:
✑ Stored procedures are implemented by using CLR.
✑ The largest database is currently 3 TB. None of the databases will ever exceed 4 TB.
You plan to move all the data from SQL Server to Azure.
You need to recommend a service to host the databases. The solution must meet the following requirements:
✑ Whenever possible, minimize management overhead for the migrated databases.
✑ Ensure that users can authenticate by using Azure Active Directory (Azure AD) credentials.
✑ Minimize the number of database changes required to facilitate the migration.

A. Azure SQL Database elastic pools
B. Azure SQL Managed Instance
C. Azure SQL Database single databases
D. SQL Server 2016 on Azure virtual machines

A

B. Azure SQL Managed Instance

Azure SQL Database (single or elastic) does not support CLR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

You have an Azure subscription that contains an Azure Blob Storage account named store1.
You have an on-premises file server named Server1 that runs Windows Server 2016. Server1 stores 500 GB of company files.
You need to store a copy of the company files from Server1 in store1.
Which two possible Azure services achieve this goal?

A. an Azure Logic Apps integration account
B. an Azure Import/Export job
C. Azure Data Factory
D. an Azure Analysis services On-premises data gateway
E. an Azure Batch account

A

B. an Azure Import/Export job
C. Azure Data Factory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Multiple Applications should read one transaction info

A. one Azure Data Factory pipeline
B. multiple storage account queues
C. one Azure Service Bus queue
D. one Azure Service Bus topic

A

D. one Azure Service Bus topic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

✑ Maximize data throughput.
✑ Prevent the modification of data for one year.
✑ Minimize latency for read and write operations.

Storage account type:
BlobStorage
BlockBlobStorage
FileStorage
StorageV2 with Premium perf
StorageV2 with Standard perf

Storage service:
Blob
File
Table

A

BlockBlobStorage: provide a very low latency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

S1: StorageV2 - Standard
S2: StorageV2 - Premium
S3: BlobStorage - Standard
S4: FileStorage - Premium

App1: Use Lifecycle management
Apps: Store app data in Azure File share

App1:
S1,S2
S1,S3
S1,S2,S3
S1,S2,S3,S4

App2:
S4
S1,S4
S1,S2,S4
S1,S2,S3,S4

A

App1: Storage1 and storage3 only
App2: Storage1 and storage4 only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

The application will host video files that range from 50 MB to 12 GB. The application will use certificate-based authentication and will be available to users on the internet.
- The solution must provide the fastest read performance and must minimize storage costs.

A. Azure Files
B. Azure Data Lake Storage Gen2
C. Azure Blob Storage
D. Azure SQL Database

A

C. Azure Blob Storage

Stores large amounts of unstructured data, such as text or binary data, that can be accessed from anywhere in the world

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

You need to recommend a database platform to host the databases. The solution must meet the following requirements:
✑ The solution must meet a Service Level Agreement (SLA) of 99.99% uptime.
✑ The compute resources allocated to the databases must scale dynamically.
✑ The solution must have reserved capacity.
Compute charges must be minimized.

A. an elastic pool that contains 20 Azure SQL databases
B. 20 databases on a Microsoft SQL server that runs on an Azure virtual machine in an availability set
C. 20 databases on a Microsoft SQL server that runs on an Azure virtual machine
D. 20 instances of Azure SQL Database serverless

A

A is correct. Elastic pool is needed for SLA 99,95 % and auto scale.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

You need to design the database architecture to meet the following requirements:
✑ Support scaling up and down.
✑ Support geo-redundant backups.
✑ Support a database of up to 75 TB.
✑ Be optimized for online transaction processing (OLTP).

A

Azure SQL Database
HyperScale (up to 100TB)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

You are planning an Azure IoT Hub solution that will include 50,000 IoT devices.
Each device will stream data, including temperature, device ID, and time data. Approximately 50,000 records will be written every second. The data will be visualized in near real time.Which two services can you recommend?

A. Azure Table Storage
B. Azure Event Grid
C. Azure Cosmos DB SQL API
D. Azure Time Series Insights

A

C. Azure Cosmos DB SQL API
D. Azure Time Series Insights

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

✑ Support SQL commands.
✑ Support multi-master writes.
✑ Guarantee low latency read operations.

A. Azure Cosmos DB SQL API
B. Azure SQL Database that uses active geo-replication
C. Azure SQL Database Hyperscale
D. Azure Database for PostgreSQL

A

A. Azure Cosmos DB SQL API

Only Cosmos DB supports multi-master writes:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

How to migrate data, you can sleect options more than 1?

Microsoft SQL Server 2012 -> An Azure SQL DB
A table in Microsoft Sql Server 2014 -> Cosmos account that use SQL API

AzCopy
azure Cosmos Db data migration tool
Data Management Gateway
Data Migration Assistant

A

1: Data Migration Assistant
2: Azure Cosmos DB data migration tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

You store web access logs data in Azure Blob Storage.
You plan to generate monthly reports from the access logs.
You need to recommend an automated process to upload the data to Azure SQL Database every month.

A. Microsoft SQL Server Migration Assistant (SSMA)
B. Data Migration Assistant (DMA)
C. AzCopy
D. Azure Data Factory

A

D. Azure Data Factory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Your on-premises network contains a file server named Server1. Server1 stores 5 ׀¢׀’ of company files that are accessed rarely.
You plan to copy the files to Azure Storage.
You need to implement a storage solution for the files that meets the following requirements:
✑ The files must be available within 24 hours of being requested.
✑ Storage costs must be minimized.
Which two possible storage solutions achieve this goal?

A. Create an Azure Blob Storage account that is configured for the Cool default access tier. Create a blob container, copy the files to the blob container, and set each file to the Archive access tier.
B. Create a general-purpose v1 storage account. Create a blob container and copy the files to the blob container.
C. Create a general-purpose v2 storage account that is configured for the Cool default access tier. Create a file share in the storage account and copy the files to the file share.
D. Create a general-purpose v2 storage account that is configured for the Hot default access tier. Create a blob container, copy the files to the blob container, and set each file to the Archive access tier.
E. Create a general-purpose v1 storage account. Create a fie share in the storage account and copy the files to the file share.

A

A, D

Archive tier rehydration time is a claimed 15 hours. This meets their needs at the lowest cost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

You have an app named App1 that uses two on-premises Microsoft SQL Server databases named DB1 and DB2.
You plan to migrate DB1 and DB2 to Azure
You need to recommend an Azure solution to host DB1 and DB2. The solution must meet the following requirements:
✑ Support server-side transactions across DB1 and DB2.
✑ Minimize administrative effort to update the solution.

A. two Azure SQL databases in an elastic pool
B. two databases on the same Azure SQL managed instance
C. two databases on the same SQL Server instance on an Azure virtual machine
D. two Azure SQL databases on different Azure SQL Database servers

A

B. two databases on the same Azure SQL managed instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

✑ Failover between replicas of the database must occur without any data loss.
✑ The database must remain available in the event of a zone outage.
✑ Costs must be minimized.

A. Azure SQL Database Hyperscale
B. Azure SQL Database Premium
C. Azure SQL Database Basic
D. Azure SQL Managed Instance General Purpose

A

B. Azure SQL Database Premium

Not A: Hyperscale is more expensive than Premium.
Not C: Need Premium for Availability Zones.
Not D: Zone redundant configuration that is free on Azure SQL Premium is not available on Azure SQL Managed Instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

You need to recommend a storage solution that meets the following requirements:
✑ All the data written to storage must be retained for five years.
✑ Once the data is written, the data can only be read. Modifications and deletion must be prevented.
✑ After five years, the data can be deleted, but never modified.
✑ Data access charges must be minimized.

Storage Account Type: Archive, Cool, Hot
Prevent Modif and Deletion by:
Container Access Level,
Container Access Policy,
Storage Account Access Lock

A

Hot
Container Access Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

The solution will ingest high volumes of data in the JSON format by using Azure Event Hubs. As the data arrives, Event Hubs will write the data to storage. The solution must meet the following requirements:
✑ Organize data in directories by date and time.
✑ Allow stored data to be queried directly, transformed into summarized tables, and then stored in a data warehouse.
✑ Ensure that the data warehouse can store 50 TB of relational data and support between 200 and 300 concurrent read operations.
Which service should you recommend for each type of data store?

Datastore for the ingested data:
Azure Blob Storage
Azure Datalake Storage Gen2
Azure Files
Azure Netapp files

Datastore for the warehouse:
CosmosDb Cassandra API
CosmosDb SQL API
SQL Database Hyperscale
Synapse Analytics dedicated SQL pools

A

Azure Datalake Storage Gen2

SQL Database Hyperscale

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

You need to recommend a disaster recovery solution for the data. The solution must meet the following requirements:
✑ Provide the ability to recover in the event of a regional outage.
✑ Support a recovery time objective (RTO) of 15 minutes.
✑ Support a recovery point objective (RPO) of 24 hours.
✑ Support automated recovery.
✑ Minimize costs.

A. Azure virtual machine availability sets
B. Azure Disk Backup
C. an Always On availability group
D. Azure Site Recovery

A

D. Azure Site Recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
✑ Provide access to the full .NET framework.
Provide redundancy if an Azure region fails.

✑ Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy two Azure virtual machines to two Azure regions, and you create an Azure Traffic Manager profile.
Does this meet the goal?

A

Yes

Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
✑ Provide access to the full .NET framework.
✑ Provide redundancy if an Azure region fails.
✑ Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy two Azure virtual machines to two Azure regions, and you deploy an Azure Application Gateway.
Does this meet the goal?

A

No
App Gateway will balance the traffic between VMs deployed in the same region. Create an Azure Traffic Manager profile instead

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

You plan to create an Azure Storage account that will host file shares.
The shares will be accessed from on-premises applications that are transaction intensive.
You need to recommend a solution to minimize latency when accessing the file shares.
The solution must provide the highest-level of resiliency for the selected storage tier.
What should you include in the recommendation?

Storage Tier: Hot, Premium, Transaction optimized
Redundancy: Geo-Redundant, Zone-Redundant, Locally-Redundant

A

Storage: Premium

Hot is offered for general urpose file sharing
Transaction Optimed: Does not support low latency

Redundancy: ZRS

Premium file share only supports LRS and ZRS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
✑ Provide access to the full .NET framework.
✑ Provide redundancy if an Azure region fails.
✑ Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy an Azure virtual machine scale set that uses autoscaling.
Does this meet the goal?

A

No

Instead, you should deploy two Azure virtual machines to two Azure regions, and you create a Traffic Manager profile.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

The application deployment must meet the following requirements:
✑ Ensure that the applications remain available if a single AKS cluster fails.
✑ Ensure that the connection traffic over the internet is encrypted by using SSL without having to configure SSL on each container.

A. Azure Front Door
B. Azure Traffic Manager
C. AKS ingress controller
D. Azure Load Balancer

A

A. Azure Front Door

55
Q

✑ Prevent new data from being modified for one year.
✑ Maximize data resiliency.
✑ Minimize read latency.

Storage Account Type:
Premium block blob
Standard v1
Standard v2

Redundancy:
ZRS
LRS

A

Premium

ZRS

56
Q

You plan to deploy 10 applications to Azure. The applications will be deployed to two Azure Kubernetes Service (AKS) clusters. Each cluster will be deployed to a separate Azure region.
The application deployment must meet the following requirements:
✑ Ensure that the applications remain available if a single AKS cluster fails.
✑ Ensure that the connection traffic over the internet is encrypted by using SSL without having to configure SSL on each container.

A. Azure Front Door
B. Azure Traffic Manager
C. AKS ingress controller
D. Azure Load Balancer

A

A. Azure Front Door

Traffic Manager does not provide SSL Offloading.
And the other options are not global options (multi-region)

57
Q

✑ Be available if a single Azure datacenter fails.
✑ Support storage tiers.
✑ Minimize cost.

Storage Account Type:
Premium
Standard v1
Standard v2

Redundancy:
GRS
ZRS
LRS
RA-GRS

A

v2, ZRS

58
Q

App1 stores database connection strings in KV1.
App1 performs the following types of requests to KV1:
✑ Get
✑ List
✑ Wrap
✑ Delete

Unwrap -

✑ Backup
✑ Decrypt
✑ Encrypt
You are evaluating the continuity of service for App1.
You need to identify the following if the Azure region that hosts KV1 becomes unavailable:
✑ To where will KV1 fail over?
✑ During the failover, which request type will be unavailable?

To where will KV1 failover?
A server in the same availability set
A server in the same fault domain
a server in the paired region
a virtual machine in a scale set

During failover which requests are unavailable?
Get
List
Wrap
Delete
Unwrap
Backup
Decrypt
Encrypt

A

A server in the paired region

Delete
During failover, your key vault is in read-only mode.

59
Q

Failover between replicas of the database must occur without any data loss.
✑ The database must remain available in the event of a zone outage.
✑ Costs must be minimized.
Which deployment option should you use?

A. Azure SQL Managed Instance Business Critical
B. Azure SQL Database Premium
C. Azure SQL Database Basic
D. Azure SQL Managed Instance General Purpose

A

B. Azure SQL Database Premium

A: Azure SQL Managed Instance Business Critical is more expensive.
C: Azure SQL Database Basic, and General purpose provide only locally redundant availability.

60
Q

You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
✑ Provide access to the full .NET framework.
✑ Provide redundancy if an Azure region fails.
✑ Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy a web app in an Isolated App Service plan.
Does this meet the goal?

A

No

61
Q

✑ Failover between replicas of the database must occur without any data loss.
✑ The database must remain available in the event of a zone outage.
✑ Costs must be minimized.
Which deployment option should you use?
A. Azure SQL Database Serverless
B. Azure SQL Database Business Critical
C. Azure SQL Database Basic
D. Azure SQL Database Standard

A

A. Azure SQL Database Serverless

62
Q

You have an ExpressRoute circuit in the US East Azure region.
You need to create an ExpressRoute association to VirtualWAN1.
What should you do first?
A. Upgrade VirtualWAN1 to Standard.
B. Create a gateway on Hub1.
C. Enable the ExpressRoute premium add-on.
D. Create a hub virtual network in US East.

A

A. Upgrade VirtualWAN1 to Standard.

A basic Azure virtual WAN does not support express route. You have to upgrade to standard.

63
Q

You have a PowerShell script that identifies and deletes duplicate files in the storage account. Currently, the script is run manually after approval from the operations manager.
You need to recommend a serverless solution that performs the following actions:
✑ Runs the script once an hour to identify whether duplicate files exist
✑ Sends an email notification to the operations manager requesting approval to delete the duplicate files
✑ Processes an email response from the operations manager specifying whether the deletion was approved
✑ Runs the script if the deletion was approved
What should you include in the recommendation?
A. Azure Logic Apps and Azure Event Grid
B. Azure Logic Apps and Azure Functions
C. Azure Pipelines and Azure Service Fabric
D. Azure Functions and Azure Batch

A

B. Azure Logic Apps and Azure Functions

64
Q

The on-premises Active Directory domain syncs with Azure Active Directory (Azure AD).
Server1 runs an application named App1 that uses LDAP queries to verify user identities in the on-premises Active Directory domain.
You plan to migrate Server1 to a virtual machine in Subscription1.
A company security policy states that the virtual machines and services deployed to Subscription1 must be prevented from accessing the on-premises network.
You need to recommend a solution to ensure that App1 continues to function after the migration. The solution must meet the security policy.
What should you include in the recommendation?
A. Azure AD Application Proxy
B. the Active Directory Domain Services role on a virtual machine
C. an Azure VPN gateway
D. Azure AD Domain Services (Azure AD DS)

A

D. Azure AD Domain Services (Azure AD DS)

An Azure AD DS managed domain lets you run legacy applications in the cloud that can’t use modern authentication methods, or where you don’t want directory lookups to always go back to an on-premises AD DS environment.

65
Q

You need to design a solution that will execute custom C# code in response to an event routed to Azure Event Grid. The solution must meet the following requirements:
✑ The executed code must be able to access the private IP address of a Microsoft SQL Server instance that runs on an Azure virtual machine.
✑ Costs must be minimized.
What should you include in the solution?
A. Azure Logic Apps in the Consumption plan
B. Azure Functions in the Premium plan
C. Azure Functions in the Consumption plan
D. Azure Logic Apps in the integrated service environment

A

Correct answer - B
Consumption plan cannot access Virtual Network Integration features.

Virtual network integration allows your function app to access resources inside a virtual network.

66
Q

You have an on-premises network and an Azure subscription. The on-premises network has several branch offices.
A branch office in Toronto contains a virtual machine named VM1 that is configured as a file server. Users access the shared files on VM1 from all the offices.
You need to recommend a solution to ensure that the users can access the shared files as quickly as possible if the Toronto branch office is inaccessible.
What should you include in the recommendation?
A. a Recovery Services vault and Windows Server Backup
B. Azure blob containers and Azure File Sync
C. a Recovery Services vault and Azure Backup
D. an Azure file share and Azure File Sync

A

Use Azure File Sync to centralize your organization’s file shares in Azure Files

67
Q

You have an Azure subscription named Subscription1 that is linked to a hybrid Azure Active Directory (Azure AD) tenant.
You have an on-premises datacenter that does NOT have a VPN connection to Subscription1. The datacenter contains a computer named Server1 that has
Microsoft SQL Server 2016 installed. Server is prevented from accessing the internet.
An Azure logic app resource named LogicApp1 requires write access to a database on Server1.
You need to recommend a solution to provide LogicApp1 with the ability to access Server1.

On-Premises:
A web app Proxy for Win Server
an Azure AD app Proxy connector
Az on-premises data gateway

Azure:
A connection gateway resource
az azure app gateway
az azure event grid domain

A

On-Premises:
Az on-premises data gateway

Azure:
A connection gateway resource

68
Q
  • Store JSON
  • Low latency
  • Use SQL like queries

A- Azure Blob
B- Azure CosmosDB
C- Azure HDInsight
D- Azure Redis

A

B- Azure CosmosDB

69
Q

Your org has 2 CosmosDBs. Which APIs (2) do you suggest to host a JSON file?

A- SQL
B- Table
C- Gremlin
D- Cassandra
E- MongoDB

A

D- Cassandra
E- MongoDB

Table is for key/value pairs
Gremlin is for graph queries and stores data as edges and vertices

70
Q

VM1 - EUS
VM2 - EUS
VM3 - WUS
VM4 - WUS

VM1 and VM2 are protected by a recovery service vault.
How to protect the rest?

A- a new recovery services policy
B- a new backup policy
C- a new subscription
D- a new recovery services vault

A

D- a new recovery services vault

Vaults are location specific

71
Q

St1 premium LRS
St2 standard GRS
St3 standard LRS

Can you convert St3 to GRS?

A

YES

72
Q

you enable Azure Disk Encryption -VolumeType All
Then add disks to the VM. Do they get encrpyted?

A

YES,

73
Q

‘Notify an admin when a VM setting is changed’

What to do in Logic App in order?

1- A condition control
2- an action
3- A variable
4- an azure event grid trigger
5- az azure service bus trigger

A

4 - 1 - 2

74
Q

What two parameters to set up to ensure that the instance will scale to meet to the workload demands?

A- max of cpu cores
B- Max of allocaterd storage
C- Max resources per DB
D- Max resource limit per p of DB

A

A- max of cpu cores
B- Max of allocaterd storage

75
Q

which tool would you use to monitor Azure AD FS servers?

  • Azure Security Server
  • Azure AD Connect Health
  • Active directory Health Check solution in Azure Log analytics
  • Active Directory Federation Services Health Check solution in Azure Log A.
A
  • Azure AD Connect Health
76
Q

HyperV.cluster1 - 3 nodes - 10vm
HyperV.cluster2 - 5 nodes - 20vm
HyperV.cluster3 - 10 nodes - 30vm

how many azure site recovery agents are recommended?

how many azure migrate appliances are recommended?

  • 1
  • 3
  • 18
  • 60
A

azure site recovery agents: 3

1 per cluster

azure migrate appliances: 1

One appliance supports up to 5000 Hyper-V VMs

77
Q

Only select workstation with static Public IP addresses should be allowed to connect SQL server and perform administration on the database.

  • azure Network Watcher
  • server level Ip Firewall rules
  • Network Security rules
  • Application security groups
A
  • server level Ip Firewall rules
78
Q

Req:

they are using App Insights
they intend to use continius export
App insights data needs to be stored for 4 years

A- Azure Storage
B- Azure Backup
C- Azure SQL DB
D- Azure Storage Service Encryption (SSE)

A

A- Azure Storage

79
Q
  • They want to migrate 8 on-premises SQL server to Azure
  • Solution must be able to host SSIS packages
  • Solutions needs to ensure that packages can target SQL DB instances as destinactions

A- Azure Migration Assistant
B- Azure Backup
C- Azure Data Factory
D- Azure Data Catalog

A

C- Azure Data Factory

80
Q

Generate montly record on all the recent ARM resource deployments in a subs. Select 2

A- Azure Advisor
B- Azure Activity Log
C- Application Insights
D- Azure Log analytics
E- Azure Mopnitor Action Groups

A

B- Azure Activity Log
D- Azure Log analytics

81
Q

o Collect log and diagnostic data from all subscriptions and third-party providers into a
central repository.
o Also, services that analyze log data, detect threats, and provide automatic responses to
known events.

  • Azure Activity Log
  • Application Insights
  • Azure Sentinel
  • Azure Log Analytics
  • Azure Monitor
A
  • Azure Sentinel

If the case is more about security like this one answer is Sentinel otherwise Azure monitor is possible too

82
Q

The developers want to be notified if
thresholds of the transaction response times are not met.
What should you recommend for the solution?

  • Azure Network Watcher
  • Azure Sentinel
  • Azure Log Analytics
  • Application Insights
A

Application Insights

83
Q

visualize relationships between application components

  • Azure application Insights
  • Azure Service Map
  • Azure Monitor Logs
  • Azure Activity Log
A
  • Azure Service Map
84
Q

The Hyper-V cluster contains 30 virtual machines that run Windows Server 2012 R2. Each virtual machine runs a different workload. The workloads have predictable consumption patterns.
You plan to replace the virtual machines with Azure virtual machines that run Windows Server 2016. The virtual machines will be sized according to the consumption pattern of each workload.
You need to recommend a solution to minimize the compute costs of the Azure virtual machines. (Select 2)

A. Configure a spending limit in the Azure account center.
B. Create a virtual machine scale set that uses autoscaling.
C. Activate Azure Hybrid Benefit for the Azure virtual machines.
D. Purchase Azure Reserved Virtual Machine Instances for the Azure virtual machines.
E. Create a lab in Azure DevTest Labs and place the Azure virtual machines in the lab.

A

C. Activate Azure Hybrid Benefit for the Azure virtual machines.
D. Purchase Azure Reserved Virtual Machine Instances for the Azure virtual machines.

85
Q

Audit log destination region can be in another region other than db and the server

T/F

A

False

86
Q

The subscription contains 10 resource groups, one for each department at your company.
Each department has a specific spending limit for its Azure resources.
You need to ensure that when a department reaches its spending limit, the compute resources of the department shut down automatically.

Select 2

A. Azure Logic Apps
B. Azure Monitor alerts
C. the spending limit of an Azure account
D. Cost Management budgets
E. Azure Log Analytics alerts

A

A,D

87
Q

Your company uses Microsoft System Center Service Manager on its on-premises network.
You plan to deploy several services to Azure.
You need to recommend a solution to push Azure service health alerts to Service Manager.
What should you include in the recommendation?
A. IT Service Management Connector (ITSM)
B. Azure Event Hubs
C. Azure Notification Hubs
D. Application Insights Connector

A

ITSMC supports connections with the following ITSM tools:
ServiceNow
System Center Service Manager
Provance
Cherwell
With ITSMC, you can:

88
Q

You have an Azure SQL database named DB1 that contains multiple tables.
You need to improve the performance of DB1. The solution must minimize administrative effort.
What should you use?
A. automatic tuning
B. Azure Advisor
C. Azure Monitor
D. Query Performance Insight

A

A. automatic tuning

89
Q

You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployments in your subscription.
What should you include in the recommendation?
A. Azure Advisor
B. Azure Analysis Services
C. Azure Monitor action groups
D. Azure Log Analytics

A

D. Azure Log Analytics

90
Q

You need to recommend a solution to meet the following requirements:
✑ Prevent the IT staff that will perform the deployment from retrieving the secrets directly from Key Vault.
✑ Use the principle of least privilege.
Which two actions should you recommend? Each correct answer presents part of the solution.

A. Create a Key Vault access policy that allows all get key permissions, get secret permissions, and get certificate permissions.
B. From Access policies in Key Vault, enable access to the Azure Resource Manager for template deployment.
C. Create a Key Vault access policy that allows all list key permissions, list secret permissions, and list certificate permissions.
D. Assign the IT staff a custom role that includes the Microsoft.KeyVault/Vaults/Deploy/Action permission.
E. Assign the Key Vault Contributor role to the IT staff.

A

B,D

91
Q

You have an Azure subscription that contains web apps in three Azure regions.
You need to implement Azure Key Vault to meet the following requirements:
✑ In the event of a regional outage, all keys must be readable.
✑ All the web apps in the subscription must be able to access Key Vault.
✑ The number of Key Vault resources to be deployed and managed must be minimized.
How many instances of Key Vault should you implement?
A. 1
B. 2
C. 3
D. 6

A

1

The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away but within the same geography

92
Q

You have an Azure Active Directory (Azure AD) tenant.
You plan to provide users with access to shared files by using Azure Storage. The users will be provided with different levels of access to various Azure file shares based on their user account or their group membership.
You need to recommend which additional Azure services must be used to support the planned deployment.
What should you include in the recommendation?

A. an Azure AD enterprise application
B. Azure Information Protection
C. an Azure AD Domain Services (Azure AD DS) instance
D. an Azure Front Door instance

A

C. an Azure AD Domain Services (Azure AD DS) instance

93
Q

what is the correct way of using Authorization and Authentication for CosmosDb?

Hash based message authentication code (HMAC)
(RBAC)
Azure Managed Identity
Https Encryption

A

Authorization: HMAC
Authentication: AMI

94
Q

Customer App: Users must authenticate by using their personal Microsoft accounts and MFA
Reporting App: Users must authenticate by their company credentials or personal Microsoft accounts. You must be able to mamnage accounts from Azure AD

Azure AD B2C tenant
Azure AD v1.0 endpoint
Azure AD v2.0 endpoint

A

Reporting: “Must be able to manage account from Azure AD” thus V2 is correct
Customer: B2C supports MFA from personal account

V1 is not recommended

95
Q

How should you describe each identity provider? Sync and fedaration

  • User management occurs on on-premises. Azure Ad authenticates employees by using on-premises passwords.
  • User management occurs on on-premises. the on-premises domain controller authenticates employees credentials
  • Both user management and authentication occurs on Azure AD
A

synch: User management occurs on on-premises. Azure Ad authenticates employees by using on-premises passwords.

federation: User management occurs on on-premises. the on-premises domain controller authenticates employees credentials

96
Q

Diagnostic settings for an SQL database

How to perform Realtime PowerBI reporting
- clear send log to analytics
- clear SQLInsights
- Select archive to srtorage account
- select stream to event hub
Diagnostic data can be reviewed in —?
- Azure analysis Service
- Azure App Insights
- Azure SQL analytics
- Microsoft SQL server analysis services
- SQL Health Check

A

-select stream to event hub

  • Data streamed to a Log Analytics workspace can be consumed by SQL Analytics
97
Q

You plan to use Azure Policy as part of a governance solution.
To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution.

A. management groups
B. subscriptions
C. Azure Active Directory (Azure AD) tenants
D. resource groups
E. Azure Active Directory (Azure AD) administrative units
F. compute resources

A

A. management groups
B. subscriptions
D. resource groups

98
Q

You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements:
✑ Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.
✑ The number of incoming microservice calls must be rate-limited.
✑ Costs must be minimized.
What should you include in the solution?
A. Azure App Gateway with Azure Web Application Firewall (WAF)
B. Azure API Management Premium tier with virtual network connection
C. Azure API Management Standard tier with a service endpoint
D. Azure Front Door with Azure Web Application Firewall (WAF)

A

B. Azure API Management Premium tier with virtual network connection

Vnet support is only on Premium version.

99
Q

A company plans to implement an HTTP-based API to support a web app. The web app allows customers to check the status of their orders.
The API must meet the following requirements:
✑ Implement Azure Functions.
✑ Provide public read-only operations.
✑ Do not allow write operations.

HTTP MEthods: API Methods, Get, Get & Post

Authorization Level: Admin, Function,anonymous

A

HTTP MEthods: Get,

Authorization Level: anonymous

anonymous: No API key is required.
function: A function-specific API key is required. This is the default value if none is provided.
admin: The master key is required.

100
Q

A company named Contoso Ltd., has a single-domain Active Directory forest named contoso.com.
Contoso is preparing to migrate all workloads to Azure. Contoso wants users to use single sign-on (SSO) when they access cloud-based services that integrate with Azure Active Directory (Azure AD).
You need to identify any objects in Active Directory that will fail to synchronize to Azure AD due to formatting issues. The solution must minimize costs.
What should you include in the solution?
A. Azure AD Connect Health
B. Microsoft Office 365 IdFix
C. Azure Advisor
D. Password Export Server version 3.1 (PES v3.1) in Active Directory Migration Tool (ADMT)

A

B. Microsoft Office 365 IdFix

101
Q

Check for min numbers

Level at where to create blueprint def:
root M
child M
subs

Level at where to create blueprint assignments:
root M
child M
subs

A

root M

subs

102
Q

The network contains an Active Directory domain named contoso.com that is synced to Azure Active Directory (Azure AD).
All users connect to an Exchange Online.
You need to recommend a solution to ensure that all the users use Azure Multi-Factor Authentication (MFA) to connect to Exchange Online from one of the offices.
What should you include in the recommendation?
A. a virtual network and two Microsoft Cloud App Security policies
B. a named location and two Microsoft Cloud App Security policies
C. a conditional access policy and two virtual networks
D. a conditional access policy and two named locations

A

D. a conditional access policy and two named locations

Named locations
Locations are named in the Azure portal under Azure Active Directory > Security > Conditional Access > Named locations. These named network locations may include locations like an organization’s headquarters network ranges, VPN network ranges, or ranges that you wish to block. Named locations can be defined by IPv4/IPv6 address ranges or by countries.
To define a named location by IPv4/IPv6 address ranges, you’ll need to provide:

103
Q

You need to recommend a solution to ensure that the applications can authenticate by using the same Azure Active Directory (Azure AD) identity. The solution must meet the following requirements:
✑ Ensure that the applications can authenticate only when running on the 10 virtual machines.
✑ Minimize administrative effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.

To provision the Azure AD identity:
system assigned managed identity
user-assiugned managed identity
register each app in Azure AD

To authenticate, request a token by using
Azure AD v1 endpoint
Azure AD v2 endpoint
Azure instance metadata service identity Oauth2 endpoint

A

User assigned managed identity = 5 apps on 10 VMs.
Endpoint v2 = only one that remains supported and provide authentication. V1 depreciated. IMDS provided info about vm for all processes inside vm, anonymously.

104
Q

2 tenants, 2 sub for each

how many?

management group: 1,2,3,4?
bluprint def:: 1,2,3,4?
blueprint assignments:: 1,2,3,4?

A

2,2,4

105
Q

Your company wants to use an Azure Active Directory (Azure AD) hybrid identity solution.
You need to ensure that users can authenticate if the internet connection to the on-premises Active Directory is unavailable. The solution must minimize authentication prompts for the users.
What should you include in the solution?
A. password hash synchronization and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)
B. pass-through authentication and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)
C. an Active Directory Federation Services (AD FS) server

A

A. password hash synchronization and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)

106
Q

Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.
Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.
You need to enable single sign-on (SSO) for company users.
Solution: Install and configure an Azure AD Connect server to use password hash synchronization and select the Enable single sign-on option.
Does the solution meet the goal?

A

YES

107
Q

You need to create an Azure Storage account that uses a custom encryption key.
What do you need to implement the encryption?
A. a certificate issued by an integrated certification authority (CA) and stored in Azure Key Vault
B. a managed identity that is configured to access the storage account
C. an Azure Active Directory Premium subscription
D. an Azure key vault in the same Azure region as the storage account

A

B. a managed identity that is configured to access the storage account

108
Q

Your company purchases an app named App1.
You need to recommend a solution to ensure that App1 can read and modify access reviews.
What should you recommend?
A. From API Management services, publish the API of App1, and then delegate permissions to the Microsoft Graph API.
B. From the Azure Active Directory admin center, register App1. From the Access control (IAM) blade, delegate permissions.
C. From the Azure Active Directory admin center, register App1, and then delegate permissions to the Microsoft Graph API.
D. From API Management services, publish the API of App1. From the Access control (IAM) blade, delegate permissions.

A

C. From the Azure Active Directory admin center, register App1, and then delegate permissions to the Microsoft Graph API.

109
Q

You plan to use Azure Monitor to monitor user sign-ins and generate alerts based on specific user sign-in events.
You need to recommend a solution to trigger the alerts based on the events.
What should you include in the recommendation?

Send Azure AD logs to:
Event Hub
Log Analytics ws
Storage Account

Signal Type:
Activity Log
Log
Metric

A

Send Azure AD logs to:
Log Analytics ws

Signal Type:
Log

110
Q

Match API Management grant types:
1- Authorization code
2- Implicit
3- Resource Owner Password
4- Client Credentials

a- Server-side apps such as web apps
b- Machine-to-machine, backend services
c- Highly trusted apps
d- Not secure apps such as mobile or single page apps

A

1-a
2-d
3-c
4-b

111
Q

You have 500 Azure web apps in the same Azure region. The apps use a premium Azure key vault for authentication.
A developer reports that some authentication requests are being throttled.
You need to recommend a solution to increase the available throughput of the key vault. The solution must minimize costs.
What should you recommend?
A. Change the pricing tier.
B. Configure geo-replication.
C. Configure load balancing for the apps.
D. Increase the number of key vaults in the subscription.

A

D. Increase the number of key vaults in the subscription.

112
Q

Occasionally, the developers at the company must stop, start, and restart Azure virtual machines. The development team changes often.
You need to recommend a solution to provide the developers with the required access to the virtual machines. The solution must meet the following requirements:
✑ Provide permissions only when needed.
✑ Use the principle of least privilege.
✑ Minimize costs.
What should you include in the recommendation?

Active Directory licence:
Free
Premium P1
Premium P2

Security Feature:
JIT
Condiitonal access policy
PIM

A

P2, PIM

JIT is for RDP and SSH access not resource control

113
Q

You have the Free edition of a hybrid Azure Active Directory (Azure AD) tenant. The tenant uses password hash synchronization.
You need to recommend a solution to meet the following requirements:
✑ Prevent Active Directory domain user accounts from being locked out as the result of brute force attacks targeting Azure AD user accounts.
✑ Block legacy authentication attempts to Azure AD integrated apps.
✑ Minimize costs.
What should you recommend for each requirement?

Prevent brut force attacks:
Azure AD Pass Protection
conditional access
Pass-through authentication
Smart lockout

Block legacy authentication:
Azure AD App Proxy
Azure AD Pass Protection
Conditional Access Policy
enable Security defauts

A

Smart lockout (is enabled for every customers but needs P1 for customization)

Security Defaults

114
Q

You need to recommend a solution to identify which administrative user accounts have NOT signed in during the previous 30 days.
Which service should you include in the recommendation?
A. Azure AD Privileged Identity Management (PIM)
B. Azure AD Identity Protection
C. Azure Advisor
D. Azure Activity Log

A

PIM

115
Q

A company deploys Azure Active Directory (Azure AD) Connect to synchronize identity information from their on-premises Active Directory Domain Services (AD
DS) directory to their Azure AD tenant. The identity information that is synchronized includes user accounts, credential hashes for authentication (password sync), and group memberships. The company plans to deploy several Windows and Linux virtual machines (VMs) to support their applications.
The VMs have the following requirements:
✑ Support domain join, LDAP read, LDAP bind, NTLM and Kerberos authentication, and Group Policy.
✑ Allow users to sign in to the domain using their corporate credentials and connect remotely to the VM by using Remote Desktop.
You need to support the VM deployment.
Which service should you use?
A. Active Directory Federation Services (AD FS)
B. Azure AD Privileged Identity Management
C. Azure Managed Identity
D. Azure AD Domain Services

A

D. Azure AD Domain Services

116
Q

You are designing a software as a service (SaaS) application that will enable Azure Active Directory (Azure AD) users to create and publish online surveys. The
SaaS application will have a front-end web app and a back-end web API. The web app will rely on the web API to handle updates to customer surveys.
You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:
✑ To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens.
✑ The web app must authenticate by using the identities of individual users.

Access token generated by:
Azure AD
A web App
A web API

Authorization decisions will be performed by:
Azure AD
A web app
A web API

A

Azure AD

A web API: Since the web app authenticates by using the identities of individual users, API has the knowledge of the user so it can make authorization decisions

117
Q

You manage an Azure environment for a company. The environment has over 25,000 licensed users and 100 mission-critical applications.
You need to recommend a solution that provides advanced user threat detection and remediation strategies.
What should you recommend?
A. Azure Active Directory (Azure AD) authentication
B. Microsoft Identity Manager
C. Azure Active Directory (Azure AD) Identity Protection
D. Azure Active Directory Federation Services (AD FS)
E. Azure Active Directory (Azure AD) Connect

A

C. Azure Active Directory (Azure AD) Identity Protection

118
Q

You need to deploy 50 databases. The solution must meet the following requirements:
✑ Support automatic scaling.
✑ Minimize Microsoft SQL Server licensing costs.

Purchase Model:
DTU
CPU
reserved

Deployment Option:
MAnaged Instance
Elastic Pool
SQL Server Always On Availablilty Group

A

Reserved

Elastic Pool: ✑ Elastic pool is a collection of single databases with a shared set of resources, such as CPU or memory. Single databases can be moved into and out of an elastic pool.

119
Q

You have an Azure virtual machine named VM1 that runs Windows Server 2019 and contains 500 GB of data files.
You are designing a solution that will use Azure Data Factory to transform the data files, and then load the files to Azure Data Lake Storage.
What should you deploy on VM1 to support the design?
A. the Azure Pipelines agent
B. the Azure File Sync agent
C. the On-premises data gateway
D. the self-hosted integration runtime

A

D. the self-hosted integration runtime

If your data store is located inside an on-premises network, an Azure virtual network, or Amazon Virtual Private Cloud, you need to configure a self-hosted integration runtime to connect to it.

120
Q

You plan to create an Azure Cosmos DB account that uses the SQL API. The account will contain data added by a web application. The web application will send data daily.
You need to recommend a notification solution that meets the following requirements:
✑ Sends email notifications when data is received from the web application
✑ Minimizes compute cost
What should you include in the recommendation?
A. Deploy an Azure logic app that has a SendGrid connector configured to use an Azure Cosmos DB action.
B. Deploy a function app that is configured to use the Consumption plan and an Azure Event Hubs binding.
C. Deploy a function app that is configured to use the Consumption plan and a SendGrid binding.
D. Deploy an Azure logic app that has a webhook configured to use a SendGrid action.

A

C. Deploy a function app that is configured to use the Consumption plan and a SendGrid binding.

Function apps support triggers for CosmosDB, logic apps do not.

121
Q

You need to use Azure Data Factory to copy the data from Server1 to Azure Storage.
You add a new data factory.
What should you do next?

Server:
-Install Azure File sync Agent
-Install a self hosted integration run time
-Install the File Server Resource Manage role Service

Data Factory:
- Create a pipeline
- Create an import/ export job
- Provision an Azure SQL Server Integration Services

A

Server:
Install a self hosted integration run time

Data Factory:
- Create a pipeline

122
Q

✑ Be available if a single Azure datacenter fails.
✑ Support storage tiers.
✑ Minimize cost

Account Type:
Blob
General V1
General V2

Replication Solution:
GRS
ZRS
LRS
RA-GRS

A

Account Type: StorageV2
Replication solution: Zone-redundant storage (ZRS)

The blobstorage and StorageV1 doesn’t support ZRS replication.

123
Q

You have 100 devices that write performance data to Azure Blob storage.
You plan to store and analyze the performance data in an Azure SQL database.
You need to recommend a solution to move the performance data to the SQL database.
What should you include in the recommendation?
A. Azure Database Migration Service
B. Azure Data Factory
C. Azure Data Box
D. Data Migration Assistant

A

B. Azure Data Factory

124
Q

✑ The largest database is currently 3 TB. None of the databases will ever exceed 4 TB.
✑ Stored procedures are implemented by using CLR.
You plan to move all the data from SQL Server to Azure.
You need to recommend an Azure service to host the databases. The solution must meet the following requirements:
✑ Whenever possible, minimize management overhead for the migrated databases.
✑ Minimize the number of database changes required to facilitate the migration.
✑ Ensure that users can authenticate by using their Active Directory credentials.

A. Azure SQL Database elastic pools
B. Azure SQL Database Managed Instance
C. Azure SQL Database single databases
D. SQL Server 2016 on Azure virtual machines

A

B. Azure SQL Database Managed Instance

125
Q

The order processing system will have the following transaction flow:
✑ A customer will place an order by using App1.
✑ When the order is received, App1 will generate a message to check for product availability at vendor 1 and vendor 2.
✑ An integration component will process the message, and then trigger either Function1 or Function2 depending on the type of order.
✑ Once a vendor confirms the product availability, a status message for App1 will be generated by Function1 or Function2.
✑ All the steps of the transaction will be logged to storage1.
Which type of resource should you recommend for the integration component?
A. an Azure Data Factory pipeline
B. an Azure Service Bus queue
C. an Azure Event Grid domain
D. an Azure Event Hubs capture

A

A. an Azure Data Factory pipeline

126
Q

You have 70 TB of files on your on-premises file server.
You need to recommend solution for importing data to Azure. The solution must minimize cost.
What Azure service should you recommend?
A. Azure StorSimple
B. Azure Batch
C. Azure Data Box
D. Azure Stack Hub

A

C. Azure Data Box

127
Q

You plan to design a data protection strategy to encrypt the virtual disks.
You need to recommend a solution to encrypt the disks by using Azure Disk Encryption. The solution must provide the ability to encrypt operating system disks and data disks.
What should you include in the recommendation?
A. a certificate
B. a key
C. a passphrase
D. a secret

A

B. a key

128
Q

You have an application named App1. App1 generates log files that must be archived for five years. The log files must be readable by App1 but must not be modified.
Which storage solution should you recommend for archiving?
A. Ingest the log files into an Azure Log Analytics workspace
B. Use an Azure Blob storage account and a time-based retention policy
C. Use an Azure Blob storage account configured to use the Archive access tier
D. Use an Azure file share that has access control enabled

A

Time-based retention policy support: Users can set policies to store data for a specified interval. When a time-based retention policy is set, blobs can be created and read, but not modified or deleted. After the retention period has expired, blobs can be deleted but not overwritten.

129
Q

Automated backup v2 of a SQL Server

  • Be able to meet a recovery point objective of 15 min
  • Retain backups for 30 days
  • Encrpyt the backups at rest

A- Elastic DB kobs
B- Azure Keyvault
C- Azure Storage account
D- Revovery Service Vault

A

C- Azure Storage account

For Automated backup v2 storage accoutn is used

130
Q

Automated backup v2 of a SQL Server

  • Be able to meet a recovery point objective of 15 min
  • Retain backups for 30 days
  • Encrpyt the backups at rest

A- Elastic DB kobs
B- Azure Keyvault
C- Azure Storage account
D- Revovery Service Vault

A

C- Azure Storage account

For Automated backup v2 storage accoutn is used

131
Q

186.16.0.0/16is the on-premise network. You need design a virtual network that will use site-to-site VPN connection.
there will be 20 VMs.

Whic address space is ok for gateway subnet?

A- 186.16.0.0/16
B- 186.16.255.0/27
C- 192.168.0.0/24
D- 192.168.0.0/28

A

D- 192.168.0.0/28

/27 or /28 is the advised subnet space for gateway

132
Q

There is an archived file on Azure Storage(Auth type: Access Key). To access the file what should be done first?

A- Generate snapshot
B- Modify access tier
C- Generate a sas token
D- Modify the type of blob

A

B- Modify access tier

To access archived files, one should be rehydrated(hot or cool) first

133
Q

A- Express Route
B- VNet Peering
C- Vpn Gateway

1- Private bridge between Azure VNetworks
2- Private bridge between Azure Vnetwork and on-premise networks
3- Bridge to the Azure VNetwork on public internet

A

A- 2
B- 1
C- 3

134
Q

Centralized key management and stores the database secrets in an isolated and secure component that enables you ti safeguard crytographic keys for your cloud applications, using FIPS 140-2 level 3.

Which solution is enough?

A- Premium Key Vault
B- Standard Keyvault
C- Key Vault Managed HSM

A

C- Key Vault Managed HSM

az305 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions