first 50 Flashcards

1
Q

You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table:

VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and VNet2. An administrator named Admin1 creates an Azure virtual machine VM1 in
RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
You need to move the custom application to VNet2. The solution must minimize administrative effort.
Which two actions should you perform? To answer, select the appropriate options in the answer area.

A

First action
Delete VM1
Second action
Create a new virtual machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You have an Azure subscription named Subscription 1 that is used by several departments at your company. Subscription1 contains the resources in the following table.
Storage1
RG1 Container1
Share1
Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template.
You need to view the template used for the deployment.
From which blade can you view the template that was used for the deployment?

A. Container1
B. VM1
C. Storage2
D. RG1

A

D. RG1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.
Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.
Subscription2 contains a virtual network named VNet2. Vnet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24.
You need to connect VNet1 to VNet2.
What should you do first?
A. Modify the IP address space of VNet2.
B. Move VM1 to Subscription2.
C. Provision virtual network gateways.
D. Move VNet1 to Subscription2.

A

C. Provision virtual network gateways.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have an Azure Active Directory (Azure AD) tenant.
You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global
Administrators group authenticate to Azure AD from untrusted locations.
You need to ensure that members of the Global Administrators group will also be forced to use multi-factor authentication when authenticating from untrusted locations.
What should you do?
A. From the Azure portal, modify session control of Policy1.
B. From multi-factor authentication page, modify the user settings.
C. From multi-factor authentication page, modify the service settings.
D. From the Azure portal, modify grant control of Policy1.

A

D. From the Azure portal, modify grant control of Policy1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address.
Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network interfaces and network security groups that you require? To answer, select the appropriate options in the answer area.
Network interfaces:
5
10
15
20
Network Security Group
1
2
5
10

A

5

1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.
What should you do first?
A. From the Azure portal, modify the Access control (IAM) settings of RG1.
B. From the Azure portal, modify the Policies settings of RG1.
C. From the Azure portal, modify the Access control (IAM) settings of VM1.
D. From the Azure portal, modify the value of the Managed Service Identity option for VM1.

A

D. From the Azure portal, modify the value of the Managed Service Identity option for VM1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table:
Vnet 1 10.1.0.0/16 subnet1 10.1.1.0/24
Vnet2 10.10.0.0/16 subnet2 10.10.1.0/24
Vnet3 172.16.0.0/16 Subnet3 172.16.1.0/24
Subscription1 contains the virtual machines in the following table:
VM1 Vnet3
Vnet2 Vnet3
Vnet3 Vnet1
The firewalls on all the virtual machines are configured to allow all ICMP traffic.
You add the peerings in the following table:
Vnet1 ->Vnet3
Vnet2->Vnet3
Vnet3->Vnet1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
VM1 can ping VM3
VM2 can ping VM3
VM2 can ping VM1

A

VM1 can ping VM3 yes
VM2 can ping VM3 yes
VM2 can ping VM1 no

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You have an Azure Active Directory (Azure AD) tenant.
You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal.
Which three settings should you configure? To answer, select the appropriate settings to the answer area.
NOTE: Each correct selection is worth one point.

Name ->Policy1
users and groups 
cloud apps 
conditions
Grant
Session
enable policy
A

Name ->Policy1
users and groups
cloud apps
Grant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network.
Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.
You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory.
You need to ensure that the users can use single-sign on (SSO) to access Azure resources.
What should you do first?
A. From on-premises network, deploy Active Directory Federation Services (AD FS).
B. From Azure AD, add and verify a custom domain name.
C. From on-premises network, request a new certificate that contains the Active Directory domain name.
D. From the server that runs Azure AD Connect, modify the filtering options.

A

B. From Azure AD, add and verify a custom domain name.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have an Active Directory forest named contoso.com.
You install and configure AD Connect to use password hash synchronization as the single sign-on(SSO) method. Staging mode is enabled.
You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.
You need to ensure that the synchronization completes successfully.
What should you do?
A. From Azure PowerShell, run Start-AdSyncSycnCycle ““PolicyType Initial.
B. Run Azure AD Connect and set the SSO method to Pass-through Authentication.
C. From Synchronization Service Manager, run a full import.
D. Run Azure AD Connect and disable staging mode.

A

D. Run Azure AD Connect and disable staging mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have an Azure Active Directory (Azure AD) tenant that has the initial domain name.
You have a domain name of contoso.com registered at a third-party registrar.
You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Add an Azure AD server
Create an Azure DNS zone
Verify the Domain
Configure company branding
Add a record to the Public Contoso, com DNS zone
Add a custom domain name

A

Add a custom domain name
Add a record to the Public Contoso, com DNS zone
Verify the Domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You have an Azure subscription that contains 100 virtual machines.
You regularly create and delete virtual machines.
You need to identify unattached disks that can be deleted.
What should you do?
A. From Microsoft Azure Storage Explorer, view the Account Management properties.
B. From Azure Cost Management, create a Cost Management report.
C. From the Azure portal, configure the Advisor recommendations.
D. From Azure Cost Management, open the Optimizer tab and create a report.

A

D. From Azure Cost Management, open the Optimizer tab and create a report.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You have an Azure subscription that contains 10 virtual machines.
You need to ensure that you receive an email message when any virtual machines are powered off, restarted, or deallocated.
What is the minimum number of rules and action groups that you require?
A. three rules and three action groups
B. one rule and one action group
C. three rules and one action group
D. one rule and three action groups

A

C. three rules and one action group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.
You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Upload a configuration script.
B. Create an automation account.
C. Create a new virtual machine scale set in the Azure portal.
D. Create an Azure policy.
E. Modify the extension profile section of the Azure Resource Manager template.

A

C. Create a new virtual machine scale set in the Azure portal.
E. Modify the extension profile section of the Azure Resource Manager template.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
You have an Azure subscription.
You have 100 Azure virtual machines.
You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.
Which blade should you use?
A. Customer insights
B. Monitor
C. Advisor
D. Metrics
A

C. Advisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An app uses a virtual network with two subnets. One subnet is used for the application server. The other subnet is used for a database server. A network virtual appliance (NVA) is used as a firewall.
Traffic destined for one specific address prefix is routed to the NVA and then to an on-premises database server that stores sensitive data. A Border Gateway
Protocol (BGP) route is used for the traffic to the on-premises database server.
You need to recommend a method for creating the user-defined route.
Which two options should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. For the virtual network configuration, use a VPN.
B. For the next hop type, use virtual network peering.
C. For the virtual network configuration, use Azure ExpressRoute.
D. For the next hop type, use a virtual network gateway.

A

A. For the virtual network configuration, use a VPN.

D. For the next hop type, use a virtual network gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You manage a solution in Azure that consists of a single application that runs on a virtual machine (VM). Traffic to the application has increased dramatically.
The application must not experience any downtime and scaling must be dynamically defined.
You need to define an auto-scale strategy to ensure that the VM can handle the workload.
Which three options should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Deploy application automatic vertical scaling.
B. Create a VM availability set.
C. Create a VM scale set.
D. Deploy application automatic horizontal scaling.
E. Deploy a custom auto-scale implementation.

A

C. Create a VM scale set.
D. Deploy application automatic horizontal scaling.
E. Deploy a custom auto-scale implementation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You develop a web app that uses the tier D1 app service plan by using the Web Apps feature of Microsoft Azure App Service.
Spikes in traffic have caused increases in page load times.
You need to ensure that the web app automatically scales when CPU load is about 85 percent and minimize costs.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Configure the web App to the premium App Service tier
Configure a scale condition
Configure the web app to the standard App service tier
Enable autoscaling on the web app
Add a Scale rule
Switch to an Azure App Services consumption plan

A

Configure the web app to the standard App service tier
Enable autoscaling on the web app
Add a Scale rule
Configure a scale condition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You have Azure subscription that contains a virtual network named VNet1. VNet1 uses an IP address space of 10.0.0.0/16 and contains the subnets in the following table.
Subnet0 ->10.0.0.0/24
Subnet1 ->10.0.1.0/24
Subnet2 ->10.0.2.0/24
Gateway Subnet-> 10.0.254.0/24
Subnet1 contains a virtual appliance named VM1 that operates as a router.
You create a routing table named RT1.
You need to route all inbound traffic to VNet1 through VM1.
How should you configure RT1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Address prefix ->10.0.0.0/16
Next hop type ->Virtual Appliance
Assigned to -> Gateway subnet

A

Address prefix ->10.0.0.0/16
Next hop type ->Virtual Appliance
Assigned to -> Gateway subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication
(MFA) in Azure Active Directory (Azure AD).
You need to select authentication mechanisms that can be used for both MFA and SSPR.
Which two authentication methods should you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Short Message Service (SMS) messages
B. Azure AD passwords/Authentication App
C. Email addresses
D. Security questions
E. App passwords

A

A. Short Message Service (SMS) messages

B. Azure AD passwords/Authentication App

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription.
Does this meet the goal?
A. Yes
B. No

A

B no

22
Q

Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the RG1 blade, you click the Automation script.
Does this meet the goal?
A. Yes
B. No

A

B. No

RG1 blade click Deployments

23
Q

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the Subscription blade, you select the subscription, and then click Resource providers.
Does this meet the goal?
A. Yes
B. No

A

B. No

24
Q

Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the RG1 blade, you click Deployments.
Does this meet the goal?
A. Yes
B. No

A

A. Yes

25
Q

You have several Azure virtual machines on a virtual network named VNet1.
You configure an Azure Storage account as shown in the following exhibit.
* Allow trusted Microsoft services to access this storage account not selected.
The VM on the 10.2.9.0/24 subnet will have network connectivity to the file shares in the storage account
Always /during a backup/never
The azure backup will be able to back up the unmanaged hard disk of the VM in the storage account
Always /during a backup/never

A

Always (endpoint is enabled)

Never

26
Q

You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
- Replicates synchronously
- Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area.
ZRS
LRS
GRS
RA GRS
========
Blob storage
Storage v1
Storage v2

A

Zone-redundant storage (ZRS)
StorageV2 (general purpose V2)
==============================

Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails
GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2)
ZRS only support GPv2

27
Q

You have an on-premises file server named Server1 that runs Windows Server 2016.
You have an Azure subscription that contains an Azure file share.
You deploy an Azure File Sync Storage Sync Service, and you create a sync group.
You need to synchronize files from Server1 to Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

 Install the Azure File Sync agent on Server1
Register Server1.
Add a server endpoint 
Create a repository service
Create an Azure gateway on-prem
Install the DFS replication server
A

Install the Azure File Sync agent on Server1
Register Server1.
Add a server endpoint
Step 1: Install the Azure File Sync agent on Server1
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share
Step 2: Register Server1.
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.

Step 3: Add a server endpoint -
Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.
References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

28
Q

You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. a dataset CSV file
B. an XML manifest file
C. a driveset CSV file
D. a PowerShell PS1 file
E. a JSON configuration file

A

Correct Answer: AC
A: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file
C: Modify the driveset.csv file in the root folder where the tool resides.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files

29
Q

You create an Azure Storage account named contosostorage.
You plan to create a file share named data.
Users need to map a drive to the data file share from home computers that run Windows 10.
Which outbound port should you open between the home computers and the data file share?
A. 80
B. 443
C. 445
D. 3389

A

Correct Answer: C
Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked.
References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

30
Q

You have an Azure subscription named Subscription1.
Subscription1 contains the virtual machines in the following table:
VM1->10.0.1.4
VM2->10.0.2.4
VM3->10.0.3.4
Subscription1 contains a virtual network named VNet1 that has the subnets in the following table.
subnet 1->10.0.1.0/24 ->vm1
subnet 2->10.0.2.0/24 ->vm2
subnet 3->10.0.3.0/24 ->vm3

VM3 has multiple network adapters, including a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.
You create a route table named RT1 that contains the routers in the following table
10.0.1.0/24 -> virtual Appliance 10.0.3.4
10.0.2.0/24 -> virtual Appliance 10.0.3.4

You apply RT1 to Subnet1 and Subnet2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

A

Box 1: Yes -
The routing table allows connections from VM3 to VM1 and VM2. And as IP forwarding is enabled on VM3, VM3 can connect to VM1.

Box 2: No -
VM3, which has IP forwarding, must be turned on, in order for VM2 to connect to VM1.

Box 3: Yes -
The routing table allows connections from VM1 and VM2 to VM3. IP forwarding on VM3 allows VM1 to connect to VM2 via VM3.

31
Q
You have a virtual network named VNet1 that has the configuration shown in the following exhibit.
10.2.0.0/16 Address space vnet1
Vm on vent1 accept ,192.168.1.0/24 --->select 
add an address space -
add a subnet
delete a subnet
add network interface
delete an address space
Vm on vent1 accept ,10.2.1.0/24 --->select 
add an address space -
add a subnet
delete a subnet
add network interface
delete an address space
A

Box 1: add an address space -
Your IaaS virtual machines (VMs) and PaaS role instances in a virtual network automatically receive a private IP address from a range that you specify, based on the address space of the subnet they are connected to. We need to add the 192.168.1.0/24 address space.

Box 2: add a network interface -
The 10.2.1.0/24 network exists. We need to add a network interface.

32
Q

You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table
VMRG
Vnet1
Vnet2
VM5–>vnet1
VM6 –> vnet2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

The A record for vm5 will be registered in adatum.com
VM5 can resolve vm9,adatum,com
VM6 can resolve VM9 adatum.com

A

Box 1: No -
Azure DNS provides automatic registration of virtual machines from a single virtual network that’s linked to a private zone as a registration virtual network. VM5 does not belong to the registration virtual network though.

Box 2: No -
Forward DNS resolution is supported across virtual networks that are linked to the private zone as resolution virtual networks. VM5 does belong to a resolution virtual network.

Box 3: Yes -
VM6 belongs to the registration virtual network, and an A (Host) record exists for VM9 in the DNS zone.
By default, registration virtual networks also act as resolution virtual networks, in the sense that DNS resolution against the zone works from any of the virtual machines within the registration virtual network.

33
Q

You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.)

No devices are connected to VNet1.
You plan to peer VNet1 to another virtual network named VNet2 in the same region. VNet2 has an address space of 10.2.0.0/16.
You need to create the peering.
What should you do first?
A. Add a gateway subnet to VNet1.
B. Create a subnet on VNet1 and VNet2
C. Modify the address space of VNet1
D. Configure a service endpoint on VNet2
A

Correct Answer: C
The virtual networks you peer must have non-overlapping IP address spaces. The exhibit indicates that VNet1 has an address space of 10.2.0.0/16, which is the same as VNet2, and thus overlaps. We need to change the address space for VNet1.

34
Q

Lab:
To start the lab -
You may start the lab by clicking the Next button.
Your company plans to store several documents on a public website.
You need to create a container named bios that will host the documents in the storagelod8322489 storage account. The solution must ensure anonymous access and must ensure that users can browse folders in the container.
What should you do from the Azure portal?

A

Azure portal create public container
To create a container in the Azure portal, follow these steps:
Step 1: Navigate to your new storage account in the Azure portal.
Step 2: In the left menu for the storage account, scroll to the lob service section, then select Blobs.
Select the + Container button.
Type a name for your new container: bios
Set the level of public access to the container: Select anonymous access.

35
Q

Overview -
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment.

To start the lab -
You may start the lab by clicking the Next button.
Your company plans to host in Azure the source files of several line-of-business applications.
You need to create an Azure file share named corpsoftware in the storagelod8322489 storage account. The solution must ensure that corpsoftware can store only up to 250 GB of data.
What should you do from the Azure portal?

A

Step 1: Go to the Storage Account blade on the Azure portal:
Step 2: Click on add File Share button:
Step 3: Provide Name (storagelod8322489) and Quota (250 GB).
Name : myfirstazurefileshare
quota: 5120

36
Q

To start the lab -
You may start the lab by clicking the Next button.
You plan to back up all the Azure virtual machines in your Azure subscription at 02:00 Coordinated Universal Time (UTC) daily.
You need to prepare the Azure environment to ensure that any new virtual machines can be configured quickly for backup. The solution must ensure that all the daily backups performed at 02:00 UTC are stored for only 90 days.
What should you do from your Recovery Services vault on the Azure portal?

A

Task A: Create a Recovery Services vault (if a vault already exists skip this task, go to Task B below)
A1. From Azure Portal, On the Hub menu, click All services and in the list of resources, type Recovery Services and click Recovery Services vaults.
If there are recovery services vaults in the subscription, the vaults are listed.
A2. On the Recovery Services vaults menu, click Add.
A3. The Recovery Services vault blade opens, prompting you to provide a Name, Subscription, Resource group, and Location
Task B.
B1. On the Recovery Services vault blade (for the vault you just created), in the Getting Started section, click Backup, then on the Getting Started with Backup blade, select Backup goal.
The Backup Goal blade opens. If the Recovery Services vault has been previously configured, then the Backup Goal blades opens when you click Backup on the
Recovery Services vault blade.
B2. From the Where is your workload running? drop-down menu, select Azure.
B3. From the What do you want to backup? menu, select Virtual Machine, and click OK.

37
Q

To start the lab -
You may start the lab by clicking the Next button.
You plan to connect several virtual machines to the VNET01-USEA2 virtual network.
In the Web-RGlod8322489 resource group, you need to create a virtual machine that uses the Standard_B2ms size named Web01 that runs Windows Server
2016. Web01 must be added to an availability set.
What should you do from the Azure portal?

A

Step 1: Choose Create a resource in the upper left-hand corner of the Azure portal.
Step 2: In the Basics tab, under Project details, make sure the correct subscription is selected and then choose Web-RGlod8322489 resource group
Step 3: Under Instance details type/select:

Virtual machine name: Web01 -
Image: Windows Server 2016
Size: Standard_B2ms size
Leave the other defaults.
Step 4: Finish the Wizard
38
Q

To start the lab -
You may start the lab by clicking the Next button.
You recently created a virtual machine named Web01.
You need to attach a new 80-GB standard data disk named Web01-Disk1 to Web01.
What should you do from the Azure portal?

A

Add a data disk -
Step 1: In the Azure portal, from the menu on the left, select Virtual machines.
Step 2: Select the Web01 virtual machine from the list.
Step 3: On the Virtual machine page, , in Essentials, select Disks.
Step 4: On the Disks page, select the Web01-Disk1 from the list of existing disks.
Step 5: In the Disks pane, click + Add data disk.
Step 6: Click the drop-down menu for Name to view a list of existing managed disks accessible to your Azure subscription. Select the managed disk Web01-Disk1 to attach:

39
Q

To start the lab -
You may start the lab by clicking the Next button.
You plan to allow connections between the VNET01-USEA2 and VNET01-USWE2 virtual networks.
You need to ensure that virtual machines can communicate across both virtual networks by using their private IP address.
The solution must NOT require any virtual network gateways.
What should you do from the Azure portal?

A

Virtual network peering enables you to seamlessly connect two Azure virtual networks. Once peered, the virtual networks appear as one, for connectivity purposes.

Peer virtual networks -
Step 1. In the Search box at the top of the Azure portal, begin typing VNET01-USEA2. When VNET01-USEA2 appears in the search results, select it.
Step 2. Select Peerings, under SETTINGS, and then select + Add, as shown in the following picture:
Step 3. Enter, or select, the following information, accept the defaults for the remaining settings, and then select OK.
Name: myVirtualNetwork1-myVirtualNetwork2 (for example)
Subscription: elect your subscription.
Virtual network: VNET01-USWE2 - To select the VNET01-USWE2 virtual network, select Virtual network, then select VNET01-USWE2. You can select a virtual network in the same region or in a different region.
Now we need to repeat steps 1-3 for the other network VNET01-USWE2:
Step 4. In the Search box at the top of the Azure portal, begin typing VNET01- USEA2. When VNET01- USEA2 appears in the search results, select it.
Step 5. Select Peerings, under SETTINGS, and then select + Add.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal

40
Q

To start the lab -
You may start the lab by clicking the Next button.
You plan to host several secured websites on Web01.
You need to allow HTTPS over TCP port 443 to Web01 and to prevent HTTP over TCP port 80 to Web01.
What should you do from the Azure portal?

A

You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
Step A: Create a network security group
A1. Search for and select the resource group for the VM, choose Add, then search for and select Network security group.
A2. Select Create.
The Create network security group window opens.
A3. Create a network security group
Enter a name for your network security group.
Select or create a resource group, then select a location.
A4. Select Create to create the network security group.
Step B: Create an inbound security rule to allows HTTPS over TCP port 443
B1. Select your new network security group.
B2. Select Inbound security rules, then select Add.

B3. Add inbound rule -
B4. Select Advanced.
From the drop-down menu, select HTTPS.
You can also verify by clicking Custom and selecting TCP port, and 443.
B5. Select Add to create the rule.
Repeat step B2-B5 to deny TCP port 80
B6. Select Inbound security rules, then select Add.

B7. Add inbound rule -
B8. Select Advanced.
Clicking Custom and selecting TCP port, and 80.
B9. Select Deny.
Step C: Associate your network security group with a subnet
Your final step is to associate your network security group with a subnet or a specific network interface.
C1. In the Search resources, services, and docs box at the top of the portal, begin typing Web01. When the Web01 VM appears in the search results, select it.
C2. Under SETTINGS, select Networking. Select Configure the application security groups, select the Security Group you created in Step A, and then select Save, as shown in the following picture:

41
Q

To start the lab -
You may start the lab by clicking the Next button.
Your on-premises network uses an IP address range of 131.107.2.0 to 131.107.2.255.
You need to ensure that only devices from the on-premises network can connect to the rg1lod8322490n1 storage account.
What should you do from the Azure portal?

A

Step 1: Navigate to the rg1lod8322490n1 storage account.
Step 2: Click on the settings menu called Firewalls and virtual networks.
Step 3: Ensure that you have elected to allow access from ‘Selected networks’.
Step 4: To grant access to an internet IP range, enter the address range of 131.107.2.0 to 131.107.2.255 (in CIDR format) under Firewall, Address Ranges.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

42
Q

To start the lab -
You may start the lab by clicking the Next button.
You plan to store media files in the rg1lod8322490 storage account.
You need to configure the storage account to store the media files. The solution must ensure that only users who have access keys can download the media files and that the files are accessible only over HTTPS.
What should you do from the Azure portal?

A

We should create an Azure file share.
Step 1: In the Azure portal, select All services. In the list of resources, type Storage Accounts. As you begin typing, the list filters based on your input. Select
Storage Accounts.
On the Storage Accounts window that appears.
Step 2: Locate the rg1lod8322490 storage account.
Step 3: On the storage account page, in the Services section, select Files.
Step 4: On the menu at the top of the File service page, click + File share. The New file share page drops down.
Step 5: In Name type myshare. Click OK to create the Azure file share.
References:

43
Q

To start the lab -
You may start the lab by clicking the Next button.
Another administrator attempts to establish connectivity between two virtual networks named VNET1 and VNET2. The administrator reports that connections across the virtual networks fail.
You need to ensure that network connections can be established successfully between VNET1 and VNET2 as quickly as possible.
What should you do from the Azure portal?

A

You can connect one VNet to another VNet using either a Virtual network peering, or an Azure VPN Gateway.
To create a virtual network gateway
Step 1: In the portal, on the left side, click +Create a resource and type ‘virtual network gateway’ in search. Locate Virtual network gateway in the search return and click the entry. On the Virtual network gateway page, click Create at the bottom of the page to open the Create virtual network gateway page.
Step 2: On the Create virtual network gateway page, fill in the values for your virtual network gateway.

Name: Name your gateway. This is not the same as naming a gateway subnet. It’s the name of the gateway object you are creating.
Gateway type: Select VPN. VPN gateways use the virtual network gateway type VPN.
Virtual network: Choose the virtual network to which you want to add this gateway. Click Virtual network to open the ‘Choose a virtual network’ page. Select the
VNet. If you don’t see your VNet, make sure the Location field is pointing to the region in which your virtual network is located.
Gateway subnet address range: You will only see this setting if you did not previously create a gateway subnet for your virtual network. If you previously created a valid gateway subnet, this setting will not appear.
Step 4: Select Create New to create a Gateway subnet

Step 5: Click Create to begin creating the VPN gateway. The settings are validated and you’ll see the “Deploying Virtual network gateway” tile on the dashboard.
Creating a gateway can take up to 45 minutes. You may need to refresh your portal page to see the completed status.

44
Q

To start the lab -
You may start the lab by clicking the Next button.
You plan to configure VM1 to be accessible from the internet.
You need to add a public IP address to the network interface used by VM1.
What should you do from the Azure portal?

A

You can add private and public IP addresses to an Azure network interface by completing the steps that follow.
Step 1: In Azure portal, click More services > type virtual machines in the filter box, and then click Virtual machines.
Step 2: In the Virtual machines pane, click the VM you want to add IP addresses to. Click Network interfaces in the virtual machine pane that appears, and then select the network interface you want to add the IP addresses to. In the example shown in the following picture, the NIC named myNIC from the VM named myVM is selected
Step 3: In the pane that appears for the NIC you selected, click IP configurations.
Step 4: Click Create public IP address.
Step 5: In the Create public IP address pane that appears, enter a Name, select an IP address assignment type, a Subscription, a Resource group, and a
Location, then click Create, as shown in the following picture:

45
Q

To start the lab -
You may start the lab by clicking the Next button.
You need to allow RDP connections over TCP port 3389 to VM1 from the Internet. The solutions must prevent connections from the Internet over all other TCP ports.
What should you do from the Azure portal?

A

Step 1: Create a new network security group
Step 2: Select your new network security group.
Step 3: Select Inbound security rules. Under Add inbound security rule, enter the following
Destination: Select Network security group, and then select the security group you created previously.

Destination port ranges: 3389 -

Protocol: Select TCP -

46
Q

You plan to deploy 20 Azure virtual machines by using an Azure Resource Manager template. The virtual machines will run the latest version of Windows Server
2016 Datacenter by using an Azure Marketplace image.
You need to complete the storage profile section of the template.
How should you complete the storage profile section? To answer, select the appropriate options in the answer area.

A

Windows server

2016 -Data center

47
Q

You have an Azure tenant that contains two subscriptions named Subscription1 and Subscription2.
In Subscription1, you deploy a virtual machine named Server1 that runs Windows Server 2016. Server1 uses managed disks.
You need to move Server1 to Subscription2. The solution must minimize administration effort.
What should you do first?
A. Create a new virtual machine in Subscription2
B. In Subscription2, create a copy of the virtual disk
C. Create a snapshot of the virtual disk
D. From Azure PowerShell, run the Move-AzureRmResource cmdlet

A

D. From Azure PowerShell, run the Move-AzureRmResource cmdlet

48
Q
You have an Azure subscription.
You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit. (Click the Exhibit tab.)
You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines.
What should you modify on VM1?
A. the processor
B. the memory
C. Integration Services
D. the hard drive
E. the network adapters
A

Correct Answer: D
From the exhibit we see that the disk is in the VHDX format.
Before you upload a Windows virtual machines (VM) from on-premises to Microsoft Azure, you must prepare the virtual hard disk (VHD or VHDX). Azure supports only generation 1 VMs that are in the VHD file format and have a fixed sized disk. The maximum size allowed for the VHD is 1,023 GB. You can convert a generation 1 VM from the VHDX file system to VHD and from a dynamically expanding disk to fixed-sized.

49
Q

You have an Azure policy as shown in the following exhibit.
Exclusions: subs1/contosoRG1
Not allowed resources SQL server***
What is the effect of the policy?
A. You can create Azure SQL servers in any resource group within Subscription 1.
B. You can create Azure SQL servers in ContosoRG1 only.
C. You are prevented from creating Azure SQL Servers in ContosoRG1 only.
D. You are prevented from creating Azure SQL servers anywhere in Subscription 1.

A

B. You can create Azure SQL servers in ContosoRG1 only

.You are prevented from creating Azure SQL servers anywhere in Subscription 1 with the exception of ContosoRG1

50
Q

You have an Azure subscription that is used by four departments in your company. The subscription contains 10 resource groups. Each department uses resources in several resource groups.
You need to send a report to the finance department. The report must detail the costs for each department.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

A

Assign a tag to each resource.
From the Cost analysis blade, filter the view by tag
Download the usage report