Compute

Question 1

You have an Azure subscription that contains 10 virtual machines on a virtual network.
You need to create a graph visualization to display the traffic flow between the virtual machines.
What should you do from Azure Monitor?

A. From Activity log, use quick insights.
B. From Metrics, create a chart.
C. From Logs, create a new query.
D. From Workbooks, create a workbook.

Answer 1

Explanation:
Navigate to Azure Monitor and select Logs to begin querying the data
Reference:
https://azure.microsoft.com/en-us/blog/analysis-of-network-connection-data-with-azure-monitor-for-virtual-machines/

Question 2

You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
✑ Replicates synchronously
✑ Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Box 1. Replication : GRS / LRS/ RA - GRS / ZRS
Box 2. Account Type : Blob / V1 / V2

Answer 2

Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails
GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2)
ZRS only support GPv2.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs

Question 3

You plan to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template.
You need to complete the template.
What should you include in the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer 3

Within your template, the dependsOn element enables you to define one resource as a dependent on one or more resources. Its value can be a comma- separated list of resource names.
Box 1: ‘Microsoft.Network/networkInterfaces’
This resource is a virtual machine. It depends on two other resources:
Microsoft.Storage/storageAccounts
Microsoft.Network/networkInterfaces
Box 2: ‘Microsoft.Network/virtualNetworks/’
The dependsOn element enables you to define one resource as a dependent on one or more resources. The resource depends on two other resources:
Microsoft.Network/publicIPAddresses
Microsoft.Network/virtualNetworks

Question 4

You have an Azure subscription that contains 100 virtual machines.
You have a set of Pester tests in PowerShell that validate the virtual machine environment.
You need to run the tests whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs.
Which three resources should you use to implement the tests? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Azure Automation runbook
B. an alert rule
C. an Azure Monitor query
D. a virtual machine that has network access to the 100 virtual machines
E. an alert action group

Answer 4

ABE
Explanation:
AE: You can call Azure Automation runbooks by using action groups or by using classic alerts to automate tasks based on alerts.
B: Alerts are one of the key features of Azure Monitor. They allow us to alert on actions within an Azure subscription
Reference:
https://docs.microsoft.com/en-us/azure/automation/automation-create-alert-triggered-runbook https://techsnips.io/snips/how-to-create-and-test-azure-monitor-alerts/?page=13

Question 5

What is an update domain in VMSS?

Answer 5

An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time.
As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these update domains. This approach ensures that at least one instance of your application always remains running as the Azure platform undergoes periodic maintenance.

Question 6

What is a fault domain in VMSS?

Answer 6

Fault domains define the group of virtual machines that share a common power source and network switch. Each and every fault domain contains some racks and each rack contains virtual machine. Each of these Fault domain shares a power supply and a network switch.

Question 7

What is an Availability set?

Answer 7

Availability Sets ensure that the Azure virtual machines are deployed across multiple isolated hardware nodes in a cluster.
By deploying your vms across multiple hardware nodes Azure ensures that if hardware or software failure happens within Azure, only a sub-set of your virtual machines are impacted and your overall solution is safe and in working condition.
Availability set provides redundancy for your virtual machines.
Availability set spreads your virtual machines across multiple fault domains and update domains.
If you want to leverage Microsoft’s 99.95% SLA from Microsoft you must place your VMs inside availability set except your VMs are having premium storage.
Following are the 3 main scenarios which can cause your vms in Azure to be impacted or make them in a faulted state.
Unplanned Hardware Maintainance Events - When Azure platform predicts that the hardware or any platform components associated to a physical machine is about to fail.
An unexpected downtime – rarely occurs
Planned Maintenance events – periodic updates made by Microsoft.
After both planned and unplanned updates your virtual machines and your operating system will be rebooted.
Each virtual machine in the Availability Set is assigned an Update domain and Fault domain by the Azure platform.

Question 8

You have an Azure subscription that contains an Azure Log Analytics workspace.
You have a resource group that contains 100 virtual machines. The virtual machines run Linux.
You need to collect events from the virtual machines to the Log Analytics workspace.
Which type of data source should you configure in the workspace?

Answer 8

Syslog

Question 9

You have an Azure subscription.
You have 100 Azure virtual machines.
You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.
Which blade should you use?

Answer 9

Answer : D

Explanation:
Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard.

Question 10

You have an Azure App Service app.
You need to implement tracing for the app. The tracing information must include the following:
✑ Usage trends
✑ AJAX call responses
✑ Page load speed by browser
✑ Server and browser exceptions
What should you do?
A. Configure IIS logging in Azure Log Analytics.
B. Configure a connection monitor in Azure Network Watcher.
C. Configure custom logs in Azure Log Analytics.
D. Enable the Azure Application Insights site extension.

Answer 10

Answer : D

Explanation:
For web pages, Application Insights JavaScript SDK automatically collects AJAX calls as dependencies.
Note: Some of the things you can track or collect are:
What are the most popular webpages in your application, at what time of day and where is that traffic coming from?
Dependency rates or response times and failure rates to find out if thereג€™s an external service thatג€™s causing performance issues on your app, maybe a user is using a portal to get through to your application and there are response time issues going through there for instance.
Exceptions for both server and browser information, as well as page views and load performance from the end usersג€™ side.

Question 11

You have an Azure subscription that contains the storage accounts shown in the following table.

You enable Storage Advanced Threat Protection (ATP) for all the storage accounts.
You need to identify which storage accounts will generate Storage ATP alerts.
Which two storage accounts should you identify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. storagecontoso1
B. storagecontoso2
C. storagecontoso3
D. storagecontoso4
E. storagecontoso5

Answer 11

A and D

Question 12

You have an Azure virtual machine named VM1 and an Azure Active Directory (Azure AD) tenant named adatum.com.
VM1 has the following settings:
✑ IP address: 10.10.0.10
✑ System-assigned managed identity: On
You need to create a script that will run from within VM1 to retrieve the authentication token of VM1.
Which address should you use in the script?
A. vm1.adatum.com.onmicrosoft.com
B. 169.254.169.254
C. 10.10.0.10
D. vm1.adatum.com

Answer 12

B

Question 13

You are designing an Azure solution.
The solution must meet the following requirements:
✑ Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules.
✑ Provide SSL offloading capabilities.
You need to recommend a solution to distribute network traffic.
Which technology should you recommend?
A. Azure Application Gateway
B. Azure Load Balancer
C. Azure Traffic Manager
D. server-level firewall rules

Answer 13

Answer : A

Explanation:
If you require “SSL offloading”, application layer treatment, or wish to delegate certificate management to Azure, you should use Azure’s layer 7 load balancer
Application Gateway instead of the Load Balanacer.
Incorrect Answers:
D: Because Load Balancer is agnostic to the TCP payload and TLS offload (“SSL”) is not provided.

Question 14

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.
You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Upload a configuration script.
B. Create an Azure policy.
C. Modify the extensionProfile section of the Azure Resource Manager template.
D. Create a new virtual machine scale set in the Azure portal.
E. Create an automation account.

Answer 14

Answer : CD

Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template

Question 15

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.
You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Upload a configuration script.
B. Create an Azure policy.
C. Modify the extensionProfile section of the Azure Resource Manager template.
D. Create a new virtual machine scale set in the Azure portal.
E. Create an automation account.

Answer 15

Answer : CD

Question 16

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using
Azure ExpressRoute.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Create a gateway subnet.
B. Create a VPN gateway that uses the VpnGw1 SKU.
C. Create a connection.
D. Create a local site VPN gateway.
E. Create a VPN gateway that uses the Basic SKU.

Answer 16

Answer : CDE

Question 17

You create an Azure virtual machine named VM1 in a resource group named RG1.
You discover that VM1 performs slower than expected.
You need to capture a network trace on VM1.
What should you do?
A. From the VM1 blade, configure Connection troubleshoot.
B. From Diagnostic settings for VM1, configure the performance counters to include network counters.
C. From the VM1 blade, install performance diagnostics and run advanced performance analysis.
D. From Diagnostic settings for VM1, configure the log level of the diagnostic agent.

Answer 17

Answer : C

Question 18

Your company has an office in Seattle.
You have an Azure subscription that contains a virtual network named VNET1.
You create a site-to-site VPN between the Seattle office and VNET1.
VNET1 contains the subnets shown in the following table.

Subnet1 - 10.1.1.0/24
Gateway Subnet - 10.1.200.0/28
You need to route all Internet-bound traffic from Subnet1 to the Seattle office.
What should you create?
A. a route for Gateway Subnet that uses the virtual network gateway as the next hop
B. a route for Subnet1 that uses the local network gateway as the next hop
C. a route for Subnet1 that uses the virtual network gateway as the next hop
D. a route for Gateway Subnet that uses the local network gateway as the next hop

Answer 18

C

Question 19

You have an Azure subscription that contains 100 virtual machines.
You have a set of PowerShell scripts that validate the virtual machine environment.
You need to run the scripts whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs.
Which three resources should you use to implement the scripts? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. an alert action group
B. an Azure Monitor query
C. an Azure Automation runbook
D. a virtual machine that has network access to the 100 virtual machines
E. an alert rule

Answer 19

Answer : ACE
In your Automation account, select Alerts under Monitoring, and then select New alert rule.
A: Step 2: Configure action groups for your alerts
Once you have your alerts configured, you can set up an action group, which is a group of actions to use across multiple alerts. The actions can include email notifications, runbooks, webhooks, and much more.
C: Use an Azure Automation runbook to run the powershell scripts.
Note: The Azure Automation Process Automation feature supports several types of runbooks, such as the PowerShell runbook, which is a text runbook based on
Windows PowerShell.scripting.

Question 20

You have a resource group named RG1 that contains the following:
✑ A virtual network that contains two subnets named Subnet1 and AzureFirewallSubnet
✑ An Azure Storage account named contososa1
✑ An Azure firewall deployed to AzureFirewallSubnet
You need to ensure that contososa1 is accessible from Subnet1 over the Azure backbone network.
What should you do?
A. Modify the Firewalls and virtual networks settings for contososa1.
B. Create a stored access policy for contososa1.
C. Implement a virtual network service endpoint.
D. Remove the Azure firewall.

Answer 20

C Implement a virtual network service endpoint.
Explanation:
Storage firewall rules apply to the public endpoint of a storage account. You don’t need any firewall access rules to allow traffic for private endpoints of a storage account. The process of approving the creation of a private endpoint grants implicit access to traffic from the subnet that hosts the private endpoint.

Question 21

More on Implement a virtual network service endpoint.

Answer 21

Storage accounts have a public endpoint that is accessible through the internet. ou can also create Private Endpoints for your storage account, which assigns a private IP address from your VNet to the storage account, and secures all traffic between your VNet and the storage account over a private link. The
Azure storage firewall provides access control access for the public endpoint of your storage account. You can also use the firewall to block all access through the public endpoint when using private endpoints. Your storage firewall configuration also enables select trusted Azure platform services to access the storage account securely.

Question 22

A company plans to use third-party application software to perform complex data analysis processes. The software will use up to 500 identical virtual machines
(VMs) based on an Azure Marketplace VM image.
You need to design the infrastructure for the third-party application server. The solution must meet the following requirements:
✑ The number of VMs that are running at any given point in time must change when the user workload changes.
✑ When a new version of the application is available in Azure Marketplace it must be deployed without causing application downtime.
✑ Use VM scale sets.
✑ Minimize the need for ongoing maintenance.
Which two technologies should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. single placement group
B. single storage account
C. managed disks
D. autoscale

Answer 22

Answer: CD

Question 23

You have an Active Directory forest named contoso.com.
You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled.
You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.
You need to ensure that the synchronization completes successfully.
What should you do?
A. Run Azure AD Connect and disable staging mode.
B. From Synchronization Service Manager, run a full import.
C. Run Azure AD Connect and set the SSO method to Pass-through Authentication.
D. From Azure PowerShell, run Start-AdSyncSyncCycle ג€”PolicyType Initial.

Answer 23

Answer : A

Explanation:
In staging mode, the server is active for import and synchronization, but it does not run any exports. A server in staging mode is not running password sync or password writeback, even if you selected these features during installation. When you disable staging mode, the server starts exporting, enables password sync, and enables password writeback.

Question 24

Your on-premises network contains 100 virtual machines that run Windows Server 2019.
You have an Azure subscription that contains an Azure Log Analytics workspace named Workspace1.
You need to collect errors from the Windows event logs on the virtual machines.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Create an Azure Event Grid domain.
B. Deploy the Microsoft Monitoring Agent.
C. Configure Windows Event Forwarding on the virtual machines.
D. Create an Azure Sentinel workspace.
E. Configure the Data Collection settings for Workspace1.

Answer 24

BE

Question 25

You have an Azure subscription named Subscription1.
You deploy a Linux virtual machine named VM1 to Subscription1.
You need to monitor the metrics and the logs of VM1.
What should you use?
A. Azure HDInsight
B. Azure Analysis Services
C. Linux Diagnostic Extension (LAD) 3.0
D. the AzurePerformanceDiagnostics extension

Answer 25

D .
You can use extensions to configure diagnostics on your VMs to collect additional metric data.
The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM.

Question 26

You have an Azure subscription named Subscription1 that includes an Azure File share named share1.
You create several Azure virtual machines in Subscription1. All of the virtual machines belong to the same virtual network.
You have an on-premises Hyper-V server named Server1. Server1 hosts a virtual machine named VM1.
You plan to replicate VM1 to Azure.
You need to create additional objects in Subscription1 to support the planned deployment.
Which three objects should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Hyper-V site
B. Azure Recovery Services Vault
C. storage account
D. replication policy
E. Azure Traffic Manager instance
F. endpoint

Answer 26

ABD
A. Hyper-V site
B. Azure Recovery Services Vault
D. replication policy

Question 27

You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
What should you do?
A. Use the Synchronization Service Manager to modify the Metaverse Designer tab.
B. Use Azure AD Connect to customize the synchronization options.
C. Use the Synchronization Rules Editor to create a synchronization rule.
D. Use Synchronization Service Manager to modify the Active Directory Domain Services (AD DS) Connector.

Answer 27

C. Use the Synchronization Rules Editor to create a synchronization rule.

Question 28

You have an Azure Cosmos DB account named Account1. Account1 includes a database named DB1 that contains a container named Container1. The partition key for Container1 is set to /city.
You plan to change the partition key for Container1.
What should you do first?
A. Delete Container1.
B. Create a new Azure Cosmos DB account.
C. Implement the Azure Cosmos DB .NET SDK.
D. Regenerate the keys for Account1.

Answer 28

Answer : B

Explanation:
The Change Feed Processor and Bulk Executor Library, in Azure Cosmos DB can be leveraged to achieve a live migration of your data from one container to another. This allows you to re-distribute your data to match the desired new partition key scheme, and make the relevant application changes afterwards, thus achieving the effect of ג€updating your partition keyג€.