Mall Academy AZ-104 Azure Administrator Practice Exam #3 Flashcards

1
Q

You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.You need to view the error events from a table named Event.Which query should you run in Workspace1?

A. select * from Event where EventType == “error”
B. search in (Event)”error”
C. Get -Event Event |where {$_.EventType==”error”}
D. Get-Event Event | where {$_EventType”eq “error”}
E. search in (Event)*| where EventType “eq”error”
E. Event | where EventType is “error”

A

B. search in (Event)”error”

Explanation:
To search a term in a specific table, add in (table-name) just after the search operator. Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/search-queries

https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-portal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Access to storage accounts can be controlled using several techniques. Among them are: storage account name and key, shared access signature (SAS), SAS with access policy, and using the storage firewalland virtual network service endpoints. Access to blob storage can also be controlled using the public access level of the blob container.

A. FALSE
B. TRUE

A

B. TRUE

Explanation:
Access to storage accounts can be controlled using several techniques. Among them are: storage account name and key, shared access signature (SAS), SAS with access policy, and using the storage firewalland virtual network service endpoints. Access to blob storage can also be controlled using the public access level of the blob container.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your company registers a domain name of contoso.com.You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.You need to resolve the name resolution issue.Solution: You create a PTR record for www in the contoso.com zone.Does this meet the goal?

A. Yes
B. No

A

B. No

Explanation:
Modify the Name Server (NS) record. References: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.

You create a new user account named AdminUser1.

You need to assign the User administrator administrative role to AdminUser1.

What should you do from the user account properties?

A. When selecting an user, you need to select assigned roles, then add assignments and find the role
B. From the Groups blade, invite the user account to a new group
C. From the Licenses blade, assign a new license

A

A. When selecting an user, you need to select assigned roles, then add assignments and find the role

Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

There are 2 kinds of storage account: general purpose and blob storage. The availability of features varies between these 2 storage account kinds.

A. FALSE
B. TRUE

A

A. FALSE

Explanation:
There are 3 kinds of storage account: general purpose v1, general purpose v2 and blob storage. The availability of features varies between storage account kinds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A local network connection is an Azure resource used to represent the on-premises VPN device and network in Azure.

A. TRUE
B. FALSE

A

A. TRUE

Explanation:
A local network connection is an Azure resource used to represent the on-premises VPN device and network in Azure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1.

Adatum contains a group namedDevelopers. Subscription1 contains a resource group named Dev.

You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.

Does this meet the goal?

A. No
B. Yes

A

A. No

Explanation:
You would need the Logic App Contributor role.

References:

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.You need to view the date and time when the resources were created in RG1.Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment.Does this meet the goal?

A. No
B. Yes

A

A. No

Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1.

VNet1 connects to your on-premises network by using Azure ExpressRoute.

You need to connect VNet1 to the on-premises network by using a site-to-site VPN.

The solution must minimize cost.

Which three actions should you perform?

Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Create a connection
B. Create a local site VPN gateway
C. Create a gateway subnet
D. Create a VPN gateway that uses the Basic SKU
E. Create a VPN gateway that uses the VpnGw1 SKU

A

A. Create a connection
B. Create a local site VPN gateway
E. Create a VPN gateway that uses the VpnGw1 SKU

Explanation:
For a site2site VPN, you need a local GW, a gateway subnet, a VPN GW, and a connection between local an VPN GW.

However, when an ExpressRoute is used, the VNET must already have a gateway subnet, so is not needed.

Basic SKU is not a valid option since VPN Gateway for ExpressRoute needs BGP routing

References:

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways#gwsub https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#planningtable https://docs.microsoft.com/en-us/azure/expressroute/site-to-site-vpn-over-microsoft-peering#termination

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

IP address ranges can also be specified using service tags which are platform shortcuts for the IP ranges for key Azure services.

A. TRUE
B. FALSE

A

A. TRUE

Explanation:
IP address ranges can also be specified using service tags which are platform shortcuts for the IP ranges for key Azure services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have an Azure subscription that contains a resource group named RG1. RG1 contains 100 virtual machines.Your company has three cost centers named Manufacturing, Sales, and Finance.You need to associate each virtual machine to a specific cost center.What should you do?

A. Assign tags to the virtual machines
B. Configure locks for the virtual machine
C. Modify the inventory settings of the virtual machine
D. Add an extension to the virtual machines

A

A. Assign tags to the virtual machines

Explanation:
References: https://docs.microsoft.com/en-us/azure/billing/billing-getting-started https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Site-to-Site VPNs support ________________________ to enable high availability.

A. active-active gateways and connections
B. traditional hubs
C. BGP Routing

A

A. active-active gateways and connections
C. BGP Routing

Explanation:
Site-to-Site VPNs support BGP routing and active-active gateways and connections to enable high availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Effective security rules can be reviewed for each network interface.

A. TRUE
B. FALSE

A

A. TRUE

Explanation:
Effective security rules can be reviewed for each network interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A common method of troubleshooting virtual machines with RDP/SSH connectivity or unexplained application issues is to redeploy the virtual machine. Redeploy moves the virtual machine to a different Azure node.

A. FALSE
B. TRUE

A

B. TRUE

Explanation:
A common method of troubleshooting virtual machines with RDP/SSH connectivity or unexplained application issues is to redeploy the virtual machine. Redeploy moves the virtual machine to a different Azure node.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your company registers a domain name of contoso.com.You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.You need to resolve the name resolution issue.Solution: You modify the SOA record in the contoso.com zone.Does this meet the goal?

A. No
B. Yes

A

A. No

Explanation:
Modify the NS record, not the SOA record.Note: The SOA record stores information about the name of the server that supplied the data for the zone, the administrator of the zone, the current version of the data file, the number of seconds a secondary name server should wait before checking for updates, the number of seconds a secondary name server should wait before retrying a failed zone transfer, the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire, and a default number of seconds for the time-to-live file on resource records. References: https://searchnetworking.techtarget.com/definition/start-of-authority-record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Tools to help identifying the required Network Security Groups rules include service map and Network Security Groups flow logs.

A. FALSE
B. TRUE

A

B. TRUE

Explanation:
Tools to help identifying the required Network Security Groups rules include service map and Network Security Groups flow logs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Azure Load Balancer can be deployed only with a public (Internet) frontend IP address and not private (Intranet).

A. FALSE
B. TRUE

A

A. FALSE

Explanation:
Azure Load Balancer can be deployed with either a public (Internet) or private (Intranet) frontend IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1.

Adatum contains a group namedDevelopers.

Subscription1 contains a resource group named Dev.

You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.

Does this meet the goal?

A. No
B. Yes

A

A. No

Explanation:
DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest Labs.

The Logic App Contributor role lets you manage logic app, but not access to them.

It provides access to view, edit, and update a logic app.

References: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.

Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.

Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24. You need to connect VNet1 to VNet2.

What should you do first?

A. Provision virtual network gateways
B. Move VM1 to Subscription2
C. Modify the IP address space of VNet2
D. Move VNet1 to Subscription2

A

A. Provision virtual network gateways

Explanation:
The virtual networks can be in the same or different regions, and from the same or different subscriptions.

When connecting VNets from different subscriptions, the subscriptions do not need to be associated with the same Active Directory tenant.Configuring a VNet-to-VNet connection is a good way to easily connect VNets.

Connecting a virtual network to another virtual network using the VNet-to-VNet connection type (VNet2VNet) is similar to creating a Site-to-Site IPsec connection to an on-premises location.

Both connectivity types use a VPN gateway to provide a secure tunnel using IPsec/IKE, and both function the same way when communicating.

The local network gateway for each VNet treats the other VNet as a local site. This lets you specify additional address space for the local network gateway in order to route traffic.

References: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Connection Monitor enables long-term connection monitoring, using similar diagnostics as used by Connection Troubleshoot.

A. TRUE
B. FALSE

A

A. TRUE

Explanation:
Connection Monitor enables long-term connection monitoring, using similar diagnostics as used by Connection Troubleshoot.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A wide variety of physical (and software) devices are supported as the on-premises Site-to-Site VPN endpoint. The device must have an Internet-facing static IPv4 address.

A. TRUE
B. FALSE

A

A. TRUE

Explanation:
A wide variety of physical (and software) devices are supported as the on-premises Site-to-Site VPN endpoint. The device must have an Internet-facing static IPv4 address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

You are troubleshooting a performance issue for an Azure Application Gateway.You need to compare the total requests to the failed requests during the past six hours.What should you use?

A. Connection monitor in Azure Network Watcher
B. Diagnostic Logs in Application Gateway
C. Network Security Group flow logs in Azure network watcher
D. Metrics in Application Gateway

A

D. Metrics in Application Gateway

Explanation:
References:https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics#metrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

You can connect to Azure VMs using a public IP address or a private IP address with RDP, SSH, or even PowerShell. To connect to a VM using a private IP you must also enable connectivity such as site-tosite, point-to-site, or ExpressRoute.

A. TRUE
B. FALSE

A

A. TRUE

Explanation:
You can connect to Azure VMs using a public IP address or a private IP address with RDP, SSH, or even PowerShell. To connect to a VM using a private IP you must also enable connectivity such as site-tosite, point-to-site, or ExpressRoute.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

You have an Azure subscription that contains three virtual networks named VNet1, VNet2, and VNet3.

VNet2 contains a virtual appliance named VM2 that operates as a router.

You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network.

You plan to configure peering between VNet1 and Vnet2 and between VNet2 and VNet3.

You need to provide connectivity between VNet1 and VNet3 through VNet2.

Which two configurations should you perform?

Each correct answer presents part of the solution.

A. Create route tables and assign the table to the subnets
B. On the peering connections, use remote gateways
C. Create a route filter
D. On the peering connections, allow gateway transit
E. On the peering connections, allow forwarded traffic

A

A. Create route tables and assign the table to the subnets
E. On the peering connections, allow forwarded traffic

Explanation:
Spoke connectivity If you require connectivity between spokes, consider deploying Azure Firewall or an NVA for routing in the hub, and using UDRs in the spoke to forward traffic to the hub. The deployment steps below include an optional step that sets up this configuration. In this scenario, you must configure the peering connections to allow forwarded traffic.

Reference: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke

25
Q

Your company registers a domain name of contoso.com.

You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

You need to resolve the name resolution issue.

Solution: You modify the name servers at the domain registrar.Does this meet the goal?

A. Yes
B. No

A

B. No

Explanation:
You don’t modify the Name servers at the registrar, you modify the RECORDS.

References: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

26
Q

Azure Load Balancer is a fully-managed, high performance load-balancing service for TCP and UDP traffic. It operates at the transport layer (OSI Layer 4). Unlike App Gateway, it has visibility into application-level traffic.

A. TRUE
B. FALSE

A

B. FALSE

Explanation:
Azure Load Balancer (Azure Load Balancer) is a fully-managed, high performance load-balancing service for TCP and UDP traffic. It operates at the transport layer (OSI Layer 4). Unlike App Gateway, it does not have visibility into application-level traffic.

27
Q

You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.You need to view the error events from a table named Event.Which query should you run in Workspace1?

A. Get-Event Event |where ($_.EventType “eq “error”)
B. search in (Event)”error”
C. Get-Event Event | where($.EventType ==”error”)
D. select*from Event where EventType ==”Error”
E. search in (Event) * | where EventType “eq “error”

A

B. search in (Event)”error”

Explanation:
To search a term in a specific table, add in (table-name) just after the search operator. References: https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/search-queries https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-portal

28
Q

Unmanaged disks provide additional availability over managed disks by aligning with availability sets and providing storage in redundant storage units.

A. FALSE
B. TRUE

A

A. FALSE

Explanation:
Managed disks provide additional availability over unmanaged disks by aligning with availability sets and providing storage in redundant storage units.

29
Q

Each compute family is optimized for general workloads, so that you don’t care about optimizing your VM by choosing the appropriate size.

A. FALSE
B. TRUE

A

A. FALSE

Explanation:
Each compute family is optimized for either general or specific workloads. You should optimize your VM by choosing the most appropriate size.

30
Q

You have a public load balancer that balances ports 80 and 443 across three virtual machines. You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only. What should you configure?

A. an inbound NAT rule
B. A load balancing rule
C. A new public load balancer for VM3
D. a frontend IP configuration

A

A. an inbound NAT rule

Explanation:
To forward traffic to a specific port on specific VMs use an inbound NAT rule.

References:

https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-portal

https://pixelrobots.co.uk/2017/08/azure-load-balancer-for-rds/

31
Q

Azure storage can be managed through several tools directly from Microsoft: the Azure portal, PowerShell, CLI, Storage Explorer, and AzCopy. It’s important to know when to use each tool.

A. FALSE
B. TRUE

A

B. TRUE

Explanation:
Azure storage can be managed through several tools directly from Microsoft: the Azure portal, PowerShell, CLI, Storage Explorer, and AzCopy. It’s important to know when to use each tool.

32
Q

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group namedDevelopers. Subscription1 contains a resource group named Dev.You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.Solution: On Dev, you assign the Logic App Contributor role to the Developers group.Does this meet the goal?

A. No
B. Yes

A

B. Yes

Explanation:
The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app. References: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

33
Q

Storage accounts and CDN both support custom domains. Enabling SSL is only supported on custom domains when the blob is accessed via CDN.

A. FALSE
B. TRUE

A

B. TRUE

Explanation:
Storage accounts and CDN both support custom domains. Enabling SSL is only supported on custom domains when the blob is accessed via CDN.

34
Q

The Azure Diagnostics agent can be enabled only on Windows virtual machines to capture diagnostic, performance, logs and boot diagnostic data.

A. TRUE
B. FALSE

A

B. FALSE

Explanation:
The Azure Diagnostics agent can be enabled on Windows and Linux virtual machines to capture diagnostic, performance, logs and boot diagnostic data.

35
Q

You have five Azure virtual machines that run Windows Server 2016.

The virtual machines are configured as web servers.

You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.

You need to ensure that visitors are serviced by the same web server for each request.

What should you configure?

A. a health probe
B. Floating IP (direct sever return) to Disabled
C. Session persistence to Client IP and protocol
D. Floating IP (direct server return) to Enabled
E. Idle Time Out (Minutes) to 20

A

C. Session persistence to Client IP and protocol

Explanation:
With Sticky Sessions when a client starts a session on one of your web servers, session stays on that specific server. To configure An Azure Load-Balancer ForSticky Sessions set Session persistence to Client IP.On the following image you can see sticky session configuration:Reference:https://cloudopszone.com/configure-azure-load-balancer-for-sticky-sessions/

36
Q

Enable ________________ to monitor the status of your storage accounts.

A. Exceptions
B. Alerts
C. Diagnostics
D. Special Classes

A

B. Alerts
C. Diagnostics

Explanation:
Enable diagnostics and alerts to monitor the status of your storage accounts.

37
Q

VPN gateways are virtual network gateways deployed with gateway type VPN. They are used to terminate site-to-site VPN connections.

A. FALSE
B. TRUE

A

B. TRUE

Explanation:
VPN gateways are virtual network gateways deployed with gateway type VPN. They are used to terminate site-to-site VPN connections.

38
Q

You have an Azure subscription named Subscription1.

Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.

You need to view the date and time when the resources were created in RG1.

Solution: From the RG1 blade, you click Automation script.

Does this meet the goal?

A. Yes
B. No

A

B. No

Explanation:
You can find it in the ResourceGroup, click in “Deployments” under the Settings node

39
Q

Commonly-used service tags include VirtualNetwork, Internet, AzureCloud, Storage, and SQL.

A. TRUE
B. FALSE

A

A. FALSE

Explanation:
Commonly-used service tags include VirtualNetwork, Internet, AzureCloud, Storage, and SQL.

40
Q

You can configure alerts based on metric alerts (captured from Azure Diagnostics) to Activity Log alerts that can notify by email, voice, web hook, SMS, Logic Apps, or even an Azure Automation Runbook.

A. TRUE
B. FALSE

A

A. TRUE

Explanation:
You can configure alerts based on metric alerts (captured from Azure Diagnostics) to Activity Log alerts that can notify by email, voice, web hook, SMS, Logic Apps, or even an Azure Automation Runbook.

41
Q

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group namedDevelopers. Subscription1 contains a resource group named Dev.You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.Solution: On Dev, you assign the Contributor role to the Developers group.Does this meet the goal?

A. No
B. Yes

A

B. Yes

Explanation:
The Contributor role can manage all resources (and add resources) in a Resource Group.

42
Q

Effective security rules can be reviewed for each network interface. This allows you to see the exact IP ranges used by each service tag and ASG.

A. FALSE
B. TRUE

A

B. TRUE

Explanation:
This allows you to see the exact IP ranges used by each service tag and ASG.

43
Q

Azure CDN can be used to improve web site performance by caching dynamic data close to the end users. Blob storage can be used as a CDN origin.

A. TRUE
B. FALSE

A

B. FALSE

Explanation:
Azure CDN can be used to improve web site performance by caching static data close to the end users. Blob storage can be used as a CDN origin.

44
Q

VM storage comes only in Standard HDD in preview. Understanding which tier to choose for capacity and performance planning is important.

A. FALSE
B. TRUE

A

A. FALSE

Explanation:
VM storage comes in Standard HDD, Standard SSD, Premium SSD, with Ultimate SSD in preview. Understanding which tier to choose for capacity and performance planning is important.

45
Q

Azure Backup can be used to protect files and folders, applications, and IaaS virtual machines. This cloud-based data protection is only available for providing online backups of servers.

A. FALSE
B. TRUE

A

A. FALSE

Explanation:
Azure Backup can be used to protect files and folders, applications, and IaaS virtual machines. This cloud-based data protection service helps organizations by providing offsite backups of on-premises servers and protection of VM workloads they have already moved to the cloud.

46
Q

There are unmanaged and managed disks and images. The key difference between the two is with unmanaged disks or images it is up to you to manage the storage account. With managed disks, Azure takes care of this for you, so it greatly simplifies managing images and disks.

A. FALSE
B. TRUE

A

B. TRUE

Explanation:
There are unmanaged and managed disks and images. The key difference between the two is with unmanaged disks or images it is up to you to manage the storage account. With managed disks, Azure takes care of this for you, so it greatly simplifies managing images and disks.

47
Q

The Custom Script Extension is commonly used to execute scripts on Windows or Linux-based VMs. The PowerShell DSC extension is used to apply desired state configurations to Windows-based VMs.

A. TRUE
B. FALSE

A

A. TRUE

Explanation:
The Custom Script Extension is commonly used to execute scripts on Windows or Linux-based VMs. The PowerShell DSC extension is used to apply desired state configurations to Windows-based VMs.

48
Q

You have five Azure virtual machines that run Windows Server 2016.

The virtual machines are configured as web servers.

You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.

You need to ensure that visitors are serviced by the same web server for each request.

What should you configure?

A. Idle Time Out (minutes) to 20
B. Session persistence to Client IP and protocol
C. Floating IP (direct server return) to Enabled
D. Floating IP (Direct server return) to disabled

A

B. Session persistence to Client IP and protocol

Explanation:
You can set the sticky session in load balancer rules with setting the session persistence as the client IP and protocol. Client IP and Protocol specifies that successive requests from the same client IP address and protocol combinations will be handles by the same VM. References: https://cloudopszone.com/configure-azure-load-balancer-for-sticky-sessions/

49
Q

You cannot use the async blob copy service to copy files between storage accounts or from outside publicly accessible locations to your Azure storage account.

A. TRUE
B. FALSE

A

B. FALSE

Explanation:
You can also use the async blob copy service to copy files between storage accounts or from outside publicly accessible locations to your Azure storage account.

50
Q

Your company registers a domain name of contoso.com.You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

You need to resolve the name resolution issue.

Solution: You add an NS record to the contoso.com Azure DNS zone.

Does this meet the goal?

A. No
B. YEs

A

B. No

Explanation:
Default NS records are created automatically. you have so modify the NS records of the domain to point to your Azure DNS zone.

References: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

51
Q

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.

You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.

Which two actions should you perform?

Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Create an Azure Policy
B. Upload a configuration script
C. Create a new virtual machine scale set in the Azure Portal
D. Modify the extensionProfile section of the Azure Resource Manager template
E. Create an automation account

A

C. Create a new virtual machine scale set in the Azure Portal
D. Modify the extensionProfile section of the Azure Resource Manager template

Explanation:
Virtual Machine Scale Sets can be used with the Azure Desired State Configuration (DSC) extension handler.

Virtual machine scale sets provide a way to deploy and manage large numbers of virtual machines, and can elastically scale in and out in response to load. DSC is used to configure the VMs as they come online so they are running the production software.

References: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-dsc

52
Q

Data can be imported into Azure storage when on-premises locations have limited or no connectivity using the Azure Import/Export service or Azure Data Box.

A. TRUE
B. FALSE

A

A. TRUE

Explanation:
Data can be imported into Azure storage when on-premises locations have limited or no connectivity using the Azure Import/Export service or Azure Data Box.

53
Q

You can create VMs from the portal, PowerShell, the CLI tools, and Azure Resource Manager templates. You should understand when to use which tool and how to configure the virtual machine resource during provisioning and after provisioning. For example,

A. data disks can only be set at provisioning time, but availability sets can be added at any time
B. data disks and availability sets can only be set at provisioning time
C. availability sets and data disks can only be set at any time
D. availability sets can only be set at provisioning time, but data disks can be added at any time

A

D. availability sets can only be set at provisioning time, but data disks can be added at any time

Explanation:
You can create VMs from the portal, PowerShell, the CLI tools, and Azure Resource Manager templates. You should understand when to use which tool and how to configure the virtual machine resource during provisioning and after provisioning. For example, availability sets can only be set at provisioning time, but data disks can be added at any time.

54
Q

You have an Azure subscription named Subscription1.

Subscription1 contains the resource groups in the following table.

RG1 has a web app named WebApp1.

WebApp1 is located in West Europe.

You move WebApp1 to RG2.

What is the effect of the move?

A
55
Q

Connection Troubleshoot allows you to test the connectivity between

A. two Azure VMs
B. a VM and an arbitrary external endpoint

A

A. two Azure VMs
B. a VM and an arbitrary external endpoint

Explanation:
Connection Troubleshoot allows you to test the connectivity between two Azure VMs, or between a VM and an arbitrary external endpoint.

56
Q

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.You need to view the date and time when the resources were created in RG1.Solution: From the Subscriptions blade, you select the subscription, and then click Resource providers.Does this meet the goal?

A. Yes
B. No

A

B. No

Explanation:

57
Q

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.You need to view the date and time when the resources were created in RG1.Solution: From the Subscriptions blade, you select the subscription, and then click Resource providers.Does this meet the goal?

A. FALSE
B. TRUE

A

B. TRUE

Explanation:
Site-to-Site VPN connections provide connectivity between an on premises network and an Azure virtual network, using an encrypted tunnel over the public Internet.

58
Q

Azure Availability Zones provide high availability at the data center level. Azure Availability Sets provide high availability within a data center.

A. FALSE
B. TRUE

A

B. TRUE

Explanation:
Azure Availability Zones provide high availability at the data center level. Azure Availability Sets provide high availability within a data center.

59
Q

IP address ranges can also be specified using application security groups (ASGs). ASGs allow Network Security Groups rules to be defined for groups of VMs without needing to allocate the VMs into separate subnets.

A. TRUE
B. FALSE

A

A. TRUE

Explanation:
IP address ranges can also be specified using application security groups (ASGs). ASGs allow Network Security Groups rules to be defined for groups of VMs without needing to allocate the VMs into separate subnets.