MS Learn Flashcards
You have an Azure virtual machine named VM1 that is protected by using Azure site recovery.
You fail over VM1 from the primary region to the secondary region.
You need to reprotect VM1 after the failover so that VM1 will replicate back to the primary region.
What is the VM1 status before the reprotection?
A. Committing failover
B. Failover committed
C. Failover confirmed
D. Starting failover
B. Failover committed
Before you begin, you must ensure that the virtual machine status is Failover committed. This will ensure replication back to the primary region.
You have an Azure subscription that contains the following resources:
Eight virtual networks
24 virtual machines
16 storage accounts
You need to implement a monitoring solution that provides the ability to view diagnostics and telemetry data generated by Azure resources.
What should you include in the solution?
A. a Log Analytics workspace
B. an Azure Machine Learning workspace
C. metrics logs
D. resource logs
A. a Log Analytics workspace
A Log Analytics workspace is a unique environment for log data from Azure Monitor and other Azure services, such as Microsoft Sentinel and Microsoft Defender for Cloud. Each workspace has its own data repository and configuration and can combine data from multiple services.
You have an Azure subscription that contains 20 virtual networks and 500 virtual machines.
You deploy a new virtual machine named VM501.
You discover that VM501 is unable to communicate with a virtual machine named VM20 in the subscription. You suspect that a network security group (NSG) is the cause of the issue.
You need to identify whether an NSG is blocking communications. The solution must minimize administrative effort.
What should you use?
A. diagnostic logs
B. IP flow verify
C. NSG flow logs
D. packet capture
B. IP flow verify
IP flow verify lets you specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify can identify the specific network security group (NSG) that prevents communication. NSG flow logs is a feature of Azure Network Watcher that allows you to log information about IP traffic flowing through an NSG. Although the logs may help you identify the source of the issue, it requires much more configuration and manual evaluation. Packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine. Packet capture may help narrow down the scope of the issue, but it will not identify the specific NSG that prevents communication.
You need to generate the shared access signature (SAS) token required to authorize a request to a resource.
Which two parameters are required for the SAS token? Each correct answer presents part of the solution
Select all answers that apply.
A. SignedIP (sip)
B. SignedResourceTypes (srt)
C. SignedServices (ss)
D. SignedStart (st)
B. SignedResourceTypes (srt)
C. SignedServices (ss)
SignedServices (ss) is required to refer blobs, queues, tables, and files. SignedResourceTypes (srt) is required to refer services, containers, or objects. SignedStart (st) is an optional parameter that refers to the time when the SAS becomes valid. If unmentioned, the start time is assumed to be the time when the storage service receives the request. SignedIP (sip) is an optional parameter that refers to the range of IP addresses from which to accept requests.
You have an Azure Storage account named corpimages and an on-premises shared folder named \server1\images.
You need to migrate all the contents from \server1\images to corpimages.
Which two commands can you use? Each correct answer presents a complete solution?
Select all answers that apply.
A. Azcopy copy \server1\images https://corpimages.blog.core.windows.net/public -recursive
B: Azcopy sync \server1\images https://corpimages.blog.core.windows.net/public -recursive
C. Get-ChildItem -Path \server1\images -Recurse | Set-AzStorageBlobContent -Container “ corpimages”
D. Set-AzStorageBlobContent -Container “ContosoUpload” -File “\server1\images” -Blob “ corporateimages “
A. Azcopy copy \server1\images https://corpimages.blog.core.windows.net/public -recursive
C. Get-ChildItem -Path \server1\images -Recurse | Set-AzStorageBlobContent -Container “ corpimages”
The AzCopy command allows you to copy all files to a storage account. You then use Get-ChildItem with the path parameter, recurse to select everything, and then use the Set-AzureStorageBlobContent cmdlet.
You have an Azure subscription that contains multiple storage accounts.
A storage account named storage1 has a file share that stores marketing videos. Users reported that 99 percent of the assigned storage is used.
You need to ensure that the file share can support large files and store up to 100 TiB.
Which two PowerShell commands should you run? Each correct answer presents part of the solution.
Select all answers that apply.
A. New-AzRmStorageShare -ResourceGroupName RG1 -Name -StorageAccountName storage1 -Name share1 -QuotaGiB 100GB
B. Set-AzStorageAccount -ResourceGroupName RG1 -Name storage1 -EnableLargeFileShare
C. Set-AzStorageAccount -ResourceGroupName RG1 -Name storage1 -Type ”Standard_RAGRS”
D. Update-AzRmStorageShare -ResourceGroupName RG1 -Name -StorageAccountName storage1 -Name share1 -QuotaGiB 102400
B. Set-AzStorageAccount -ResourceGroupName RG1 -Name storage1 -EnableLargeFileShare
D. Update-AzRmStorageShare -ResourceGroupName RG1 -Name -StorageAccountName storage1 -Name share1 -QuotaGiB 102400
You must enable the storage account to support large files and update the storage account quota to 102,400 GB. You do not need to change the type of storage account, and you are updating the existing share.
You have an Azure subscription that contains a resource group named RG1. RG1 contains an Azure virtual machine named VM1.
You need to use VM1 as a template to create a new Azure virtual machine.
Which three methods can you use to complete the task? Each correct answer presents a complete solution.
Select all answers that apply.
A. From Azure Cloud Shell, run the Get-AzVM and New-AzVM cmdlets.
B. From Azure Cloud Shell, run the Save-AzDeploymentScriptLog and New-AzResourceGroupDeployment cmdlets.
C. From Azure Cloud Shell, run the Save-AzDeploymentTemplate and New-AzResourceGroupDeployment cmdlets.
D. From RG1, select Export template, select Download, and then, from Azure Cloud Shell, run the New-AzResourceGroupDeployment cmdlet.
E. From VM1, select Export template, and then select Deploy.
C. From Azure Cloud Shell, run the Save-AzDeploymentTemplate and New-AzResourceGroupDeployment cmdlets.
D. From RG1, select Export template, select Download, and then, from Azure Cloud Shell, run the New-AzResourceGroupDeployment cmdlet.
E. From VM1, select Export template, and then select Deploy.
From RG1, selecting the Download option from the Export template page exports the Azure Resource Manager (ARM) template from the resource group properties. You can then deploy the ARM template by running the New-AzResourceGroupDeployment cmdlet.
By using the Save-AzDeploymentTemplate cmdlet, you can save the resource ARM template. You can then deploy the ARM template by running the New-AzResourceGroupDeployment cmdlet.
From VM1, selecting the Deploy option from the Export template page allows you to deploy a new Azure virtual machine and use the configuration of VM1 as the template.
The Save-AzDeploymentScriptLog cmdlet is used to save the log of a deployment script execution.
The Get-AzVM cmdlet generates a list of virtual machines that are created in the Azure subscription.
You have an Azure subscription that contains a resource group named RG1.
You have an Azure Resource Manager (ARM) template for an Azure virtual machine.
You need to use PowerShell to provision a virtual machine in RG1 by using the template.
Which PowerShell cmdlet should you run?
A: New-AzManagementGroupDeployment
B. New-AzResourceGroupDeployment
C. New-AzSubscriptionDeployment
D. New-AzVM
B. New-AzResourceGroupDeployment
Virtual machines are deployed to resource groups, so you must run the New-AzResourceGroupDeployment cmdlet. You can deploy virtual machines to subscriptions or management groups directly, therefore, New-AzManagementGroupDeployment and New-AzSubscriptionDeployment cannot be used. New-AzVM can be used to provision a new virtual machine, but without using a template.
You have an Azure Resource Manager (ARM) template named deploy.json that is stored in an Azure Blob storage container.
You plan to deploy the template by running the New-AzDeployment cmdlet.
Which parameter should you use to reference the template?
Select only one answer.
A. -Tag
B. -Templatefile
C. -TemplateSpecId
D. -TemplateUri
D. -TemplateUri
The PowerShell deployment cmdlets can be used to deploy JSON templates that are stored locally in a resources group as a template spec, or from a web-based location. You can use the -TemplateUri parameter to specify a web-based location, such as GitHub or an Azure Blob Storage account. You can use -Templatefile to specify a local file. You can use -TemplateSpecId to specify a template that was save to Azure as a template spec.
You have an Azure virtual network that contains two subnets named Subnet1 and Subnet2. You have a virtual machine named VM1 that is connected to Subnet1. VM1 runs Windows Server.
You need to ensure that VM1 is connected directly to both subnets.
What should you do first?
Select only one answer.
A. From the Azure portal, add a network interface.
B. From the Azure portal, create an IP group.
C. From the Azure portal, modify the IP configurations of an existing network interface.
This answer is incorrect.
D. Sign in to Windows Server and create a network bridge.
A. From the Azure portal, add a network interface.
A network interface is used to connect a virtual machine to a subnet. Since VM1 is connected to Subnet1, VM1 already has a network interface attached that is connected to Subnet1. To connect VM1 directly to Subnet2, you must create a new network interface that is connected to Subnet2. Next, you must attach the new network interface to VM1.
An IP group is a user-defined collection of static IP addresses, ranges, and subnets. A network bridge allows you to connect multiple existing network connection in Windows together. Changing the IP configurations of the existing network interface results in VM1 being connected to Subnet2 but not to Subnet1.
You have an Azure subscription that contains hundreds of virtual machines that were migrated from a local datacenter.
You need to identify which virtual machines are underutilized.
Which Azure Advisor settings should you use?
Select only one answer.
A. Cost
B. High Availability
C. Operational Excellence
D. Performance
A. Cost
The Cost blade allows you to optimize and reduce your overall Azure spending. You can use this to identify the virtual machines that are underutilized. The Performance blade allows you to improve the speed of your applications. High availability is unavailable via Azure Advisor. Operational Excellence helps you achieve process and workflow efficiency, resource manageability, and deployment best practices.
You have several management groups and Azure subscriptions.
You want to prevent the accidental deletion of resources.
To which three resource types can you apply delete locks? Each correct answer presents a complete solution.
Select all answers that apply.
A. management groups
B. resource groups
C. storage account data
D. subscriptions
E. virtual machines
B. Resource Groups
D. Subscriptions
E. Virtual Machines
You can use delete locks to block the deletion of virtual machines, subscriptions, and resource groups. You cannot use delete locks on management groups or storage account data.
You have three network security groups (NSGs) named NSG1, NSG2, and NSG3. Port 80 is blocked in NSG3 and allowed in NSG1 and NSG2.
You have four Azure virtual machines that have the following configurations:
VM1:
Subnet: Subnet1
Network card: NIC1
NIC1 is assigned to NSG2.
VM2:
Subnet: Subnet1
Network card: NIC2
NIC2 is assigned to NSG3.
VM3:
Subnet: Subnet3
Network card: NIC3
NIC3 is assigned to NSG3.
VM4:
Subnet: Subnet2
You have the following subnets:
Subnet1 is assigned to NSG1.
Subnet2 is assigned to NSG3.
Subnet 3 does not have an NSG assigned.
Which virtual machine will allow traffic from the internet on port 80?
Select only one answer.
A. VM1
B. VM2
C. VM3
D. VM4
A. VM1
On VM1, both NSGs assigned to Subnet1 and the NIC1 card allow traffic on port 80. On VM2, NSG1 allows traffic, but NSG3 blocks traffic for the network interface. On VM3 and VM4, NSG3 blocks traffic.
You deploy web servers to two virtual machines named VM1 and VM2 in an availability set named AVSet1.
You need to configure Azure Load Balancer with a backend pool of VM1 and VM2. The solution must minimize costs.
Which SKU should you use for the Azure Load Balancer configuration?
Select only one answer.
A. Azure Standard Load Balancer with Basic SKU public IP
B. Azure Standard Load Balancer with Standard SKU public IP
C. Basic Azure Load Balancer with Basic SKU public IP
D. Basic Azure Load Balancer with Standard SKU public IP
C. Basic Azure Load Balancer with Basic SKU public IP
Basic Azure Load Balancer supports deployment in a single availability zone. Basic Azure Load Balancer supports only Basic SKU public IP. Azure Standard Load Balancer is zone-redundant, but has a higher cost.
You have an Azure subscription that contains a virtual network named VNet1 and a virtual machine named VM1.
VM1 can only be accessed from the internal network.
An external contractor needs access to VM1. The solution must minimize administrative effort.
What should you configure?
Select only one answer.
A. a public IP address
B. a second private IP address
C. a Site-to-Site (S2S) VPN
D. Azure Firewall
A. a public IP address
To share a virtual machine with an external user, you must add a public IP address to the virtual machine. An additional IP address or firewall configuration will not help in this case. Configuring a S2S VPN does not have minimal administrative effort.
