Part 2 Azure Flashcards
Your Azure trial account expired last week. You are now unable to ** CREATE ADDITIONAL AZURE ACTIVE DIRECTORY (AZURE AD) USER ACCOUNTS **.
Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
Answers: No change is needed. Start an existing Azure virtual machine. Access your data stored in Azure. Access the Azure portal.
Start an existing Azure virtual machine.
What is required to use Azure Cost Management?
Answers: A Dev/Test subscription. Software Assurance. An Enterprise Agreement (EA). A pay-as-you-go subscription.
An Enterprise Agreement (EA).
A pay-as-you-go subscription.
You have several virtual machines in an Azure subscription. You create a new subscription. ** THE VIRTUAL MACHINES CANNOT BE MOVED TO THE NEW SUBSCRIPTION **.
Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
Answers:
No change is needed.
The virtual machines can be moved to the new subscription.
The virtual machines can be moved to the new subscription only if they are all in the same resource group.
The virtual machines can be moved to the new subscription only if they run Windows Server 2016.
The virtual machines can be moved to the new subscription.
Moving between subscriptions can be handy if you originally created a VM in a personal subscription and now want to move it to your company’s subscription to continue your work. You do not need to start the VM in order to move it and it should continue to run during the move.
You attempt to create several managed Microsoft SQL Server instances in an Azure environment and receive a message that you must increase your Azure Subscription Limits.
What should you do to increase the limits?
Answers: Create a service health alert. Upgrade your support plan. Modify an Azure policy. Create a new support request.
Create a new support request.
If you want to raise the limit or quota above the default limit, open an online customer support request at no charge.
Free Trial subscriptions aren’t eligible for limit or quota increases. If you have a Free Trial subscription, you can upgrade to a Pay-As-You-Go subscription.
You deploy an Azure resource. The resource becomes unavailable for an extended period due to a service outage. Microsoft will * AUTOMATICALLY REFUND YOUR BANK ACCOUNT*.
Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
Answers:
No change is needed.
Automatically migrate the resource to another subscription.
Automatically credit your account.
Send you a coupon code that you can redeem for Azure credits.
Automatically credit your account.
If we do not achieve and maintain the Service Levels for each Service as described in this SLA, then you may be eligible for a credit towards a portion of your monthly service fees.
Your company plans to migrate to Azure. The company has several departments. All the Azure resources used by each department will be managed by a department administrator.
You need to recommend an Azure deployment that provides the ability to segment Azure for the departments. The solution must minimize administrative effort.
What should you include in the recommendation?
Answers: Multiple subscriptions. Multiple Azure Active Directory (Azure AD) directories. Multiple regions. Multiple resource groups.
Multiple subscriptions.
A subscription is an agreement with Microsoft to use one or more Microsoft cloud platforms or services, for which charges accrue based on either a per-user license fee or on cloud-based resource consumption. Microsoft’s Software as a Service (SaaS)-based cloud offerings (Office 365, Intune/EMS, and Dynamics 365) charge per-user license fees. Microsoft’s Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) cloud offerings (Azure) charge based on cloud resource consumption.
Your company has an Azure subscription that contains the following unused resources:
20 user accounts in Azure Active Directory (Azure AD).
Five groups in Azure AD.
10 public IP addresses.
10 network interfaces.
You need to reduce the Azure costs for the company.
Solution: You remove the unused network interfaces.
Does this meet the goal?
Answers:
Yes.
No.
No
When creating a virtual machine using the Azure portal, the portal creates a network interface with default settings for you.
When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines ** TO THE SAME AZURE REGION **.
Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
Answers: No change is needed. By using the same Azure Resource Manager template. To the same resource group. To the same availability zone.
To the same resource group.
Role-based access control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
Here are some examples of what you can do with RBAC:
- Allow one user to manage virtual machines in a subscription and another user to manage virtual networks.
- Allow a DBA group to manage SQL databases in a subscription
- Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets
- Allow an application to access all resources in a resource group
One of the benefits of Azure SQL Data Warehouse is that ** HIGH AVAILABILITY ** is built into the platform.
Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
Answers: No change is needed. Automatic scaling. Data compression. Versioning.
No change is needed.
SQL Data Warehouse is supported by a broad ecosystem of partners, including data preparation, ingestion service and visualisation tool providers. Enjoy guaranteed 99.9 percent availability in 40 Azure regions worldwide.
You need to identify the type of failure for which an Azure availability zone can be used to protect access to Azure services.
What should you identify?
Answers: A physical server failure. An Azure region failure. A storage failure. An Azure data center failure.
An Azure data center failure.
Availability Zones is a high-availability offering that protects your applications and data from datacenter failures. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there’s a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures.
Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
Solution: You modify a DDoS protection plan.
Does this meet the goal?
Answers
Yes.
No.
No
You open a port, or create an endpoint, to a virtual machine (VM) in Azure by creating a network filter on a subnet or a VM network interface. You place these filters, which control both inbound and outbound traffic, on a network security group attached to the resource that receives the traffic.
Your company plans to deploy several web servers and several database servers to Azure.
You need to recommend an Azure solution to limit the types of connections from the web servers to the database servers.
What should you include in the recommendation?
Answers Network security groups (NSGs). Azure Service Bus. A local network gateway. A route filter.
Network security groups (NSGs).
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
** AUTHORIZATION ** is the process of verifying a user’s credentials.
Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
Answers No change is needed. Authentication. Federation. Ticketing.
Authentication
Authentication is the process of determining whether someone or something is, in fact, who or what it declares itself to be.
Authorization is a security mechanism used to determine user/client privileges or access levels related to system resources, including computer programs, files, services, data and application features.
Azure Germany can be used by ** LEGAL RESIDENTS OF GERMANY ONLY **.
Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
Answers:
No change is needed.
Only enterprises that are registered in Germany.
Only enterprises that purchase their azure licenses from a partner based in Germany.
Any user or enterprise that requires its data to reside in Germany.
Any user or enterprise that requires its data to reside in Germany.
An organization that hosts its infrastructure ** IN A PRIVATE CLOUD ** can decommission its data center.
Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
Answers: No change is needed. In a hybrid cloud. In the public cloud. On a Hyper-V host.
In the public cloud.
Retired assets can then be decommissioned, reducing operational costs. Decommissioning a resource can be as simple as turning off the power to the asset and disposing of the asset responsibly.
When you are implementing a software as a service (SaaS) solution, you are responsible for ** CONFIGURING HIGH AVAILABILITY **.
Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
Answers: No change is needed. Defining scalability rules. Installing the SaaS solution. Configuring the SaaS solution.
Configuring the SaaS solution.
Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365).
You rent the use of an app for your organization, and your users connect to it over the Internet, usually with a web browser. All of the underlying infrastructure, middleware, app software, and app data are located in the service provider’s data center. The service provider manages the hardware and software, and with the appropriate service agreement, will ensure the availability and the security of the app and your data as well.
You have an on-premises network that contains several servers.
You plan to migrate all the servers to Azure.
You need to recommend a solution to ensure that some of the servers are available if a single Azure data center goes offline for an extended period.
What should you include in the recommendation?
Answers: Fault tolerance. Elasticity. Scalability. Low latency.
Fault tolerance.
A Fault Tolerant system is extremely similar to HA, but goes one step further by guaranteeing zero downtime.
Disaster Recovery goes beyond FT or HA and consists of a complete plan to recover critical business systems and normal operations in the event of a catastrophic disaster like a major weather event (hurricane, flood, tornado, etc), a cyberattack, or any other cause of significant downtime.
You have an Active Directory forest named contoso.com.
You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled.
You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.
You need to ensure that the synchronization completes successfully.
What should you do?
Answers:
Run Azure AD Connect and set the SSO method to Pass-through Authentication.
From Synchronization Service Manager, run a full import.
From Azure PowerShell, run Start-AdSyncSyncCycle ?PolicyType Initial.
Run Azure AD Connect and disable staging mode.
Run Azure AD Connect and disable staging mode.
Staging mode must be disabled. If the Azure AD Connect server is in staging mode, password hash synchronization is temporarily disabled.
You have an Azure Active Directory (Azure AD) tenant.
All administrators must enter a verification code to access the Azure portal.
You need to ensure that the administrators can access the Azure portal only from your on-premises network.
What should you configure?
Answers:
An Azure AD Identity Protection user risk policy.
The multi-factor authentication service settings.
The default for all the roles in Azure AD Privileged Identity Management.
An Azure AD Identity Protection sign-in risk policy.
The multi-factor authentication service settings.
You have two Azure Active Directory (Azure AD) tenants named contoso.com and fabrikam.com.
You have a Microsoft account that you use to sign in to both tenants.
You need to configure the default sign-in tenant for the Azure portal.
What should you do?
Answers
From Azure Cloud Shell, run Set-AzureRmSubscription.
From Azure Cloud Shell, run Set-AzureRmContext.
From the Azure portal, configure the portal settings.
From the Azure portal, change the directory.
From Azure Cloud Shell, run Set-AzureRmContext.
The Set-AzureRmContext cmdlet sets authentication information for cmdlets that you run in the current session. The context includes tenant, subscription, and environment information.
Example: PS C:>Set-AzureRmContext -SubscriptionId “xxxx-xxxx-xxxx-xxxx”
You need to limit the amount of inbound traffic to all the Azure virtual networks.
What should you create?
Answers: One network security group (NSG). 10 virtual network gateways. 10 Azure ExpressRoute circuits. One Azure firewall.
One Azure firewall.
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources.
You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks.
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that is configured for hybrid coexistence with the on-premises Active Directory Domain.
The tenant contains the users shown in the following users.
User1: User Type - Member, Source - AzureAD, Sign-in - User1@contoso.com.
User2: User Type - Member, Source - Windows Server Active Directory, Sign-in - User2@contoso.com.
User3: User Type - Guest, Source - Multiple, Sign-in - User3@outlook.com.
User4: User Type - Guest, Source - Multiple, Sign-in - User4@gmail.com.
Whenever possible, you need to enable Azure Multi-Factor Authentication (MFA) for the users in contoso.com.
Which users should you enable for Azure MFA?
Answers: User1 only. User1, User2, and User3 only. User1 and User2 only. User1, User2, User3, and User4. User2 only.
User1, User2, User3, and User4.
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the user1@outlook.com sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: ?Unable to invite user.
User1@outlook.com ? Generic authorization exception.?.
You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?
Answers:
From the Roles and administrators blade, assign the Security administrator role to Admin1.
From the Organizational relationships blade, add an identity provider.
From the Custom domain names blade, add a custom domain.
From the Users blade, modify the External collaboration settings.
From the Users blade, modify the External collaboration settings.
External collaboration settings let you turn guest invitations on or off for different types of users in your organization. You can also delegate invitations to individual users by assigning roles that allow them to invite guests.
You have an Azure DNS zone named adatum.com.
You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure.
What should you do?
Answers:
Create an A record named *.research in the adatum.com zone.
Create a PTR record named research in the adatum.com zone.
Modify the SOA record of adatum.com.
Create an NS record named research in the adatum.com zone.
Create an NS record named research in the adatum.com zone.
You need to create a name server (NS) record for the zone.
The A Record points your hostname to an IP address. The record A specifies IP address (IPv4) for given host. This is one of the most frequently used records in the DNS Zones.
PTR records are used for the Reverse DNS (Domain Name System) lookup. Using the IP address you can get the associated domain/hostname. An A record should exist for every PTR record. The usage of a reverse DNS setup for a mail server is a good solution.
The SOA means Start Of Authority. The SOA record defines the beginning of the authority DNS zone and specifies the global parameters for the zone. The SOA record has the following structure: “Serial number”, “Primary name server (NS)”, “DNS admin e-mail”, “Refresh Rate”, “Retry Rate”, “Expire time” and “Default TTL”.
The NS records identify the name servers, responsible for your DNS zone. In order to have a valid DNS configuration, the NS records configured in the DNS zone must be exactly the same as these configured as name servers at your domain name provider.
Your company has a main office in London that contains 100 client computers.
Three years ago, you migrated to Azure Active Directory (Azure AD).
The company’s security policy states that all personal devices and corporate-owned devices must be registered or joined to Azure AD.
A remote user named User1 is unable to join a personal device to Azure AD from a home network.
You verify that other users can join their devices to Azure AD.
You need to ensure that User1 can join the device to Azure AD.
What should you do?
Answers:
From the Device settings blade, modify the Users may join devices to Azure AD setting.
From the Device settings blade, modify the Maximum number of devices per user setting.
Create a point-to-site VPN from the home network of User1 to Azure.
Assign the User administrator role to User1.
From the Device settings blade, modify the Maximum number of devices per user setting.
Maximum number of devices - This setting enables you to select the maximum number of devices that a user can have in Azure AD. If a user reaches this quota, they are not be able to add additional devices until one or more of the existing devices are removed. The device quota is counted for all devices that are either Azure AD joined or Azure AD registered today. The default value is 20.
Your company plans to request an architectural review of an Azure environment from Microsoft.
The company currently has a Basic support plan.
You need to recommend a new support plan for the company. The solution must minimize costs.
Which support plan should you recommend?
Answers: Premier. Developer. Professional Direct. Standard.
Premier
Architecture Support for Premier Plan: Customer-specific architectural support such as design reviews, performance tuning, configuration and implementation assistance delivered by Microsoft Azure technical specialists.
You set the multi-factor authentication status for a user named admin1@contoso.com to Enabled.
Admin1 accesses the Azure portal by using a web browser.
Which additional security verifications can Admin1 use when accessing the Azure portal?
Answers:
A phone call, a text message that contains a verification code, and a notification or a verification code sent from the Microsoft Authenticator app.
An app password, a text message that contains a verification code, and a notification sent from the Microsoft Authenticator app.
An app password, a text message that contains a verification code, and a verification code sent from the Microsoft Authenticator app.
A phone call, an email message that contains a verification code, and a text message that contains an app password.
A phone call, a text message that contains a verification code, and a notification or a verification code sent from the Microsoft Authenticator app.
PaaS provides full control of the operating system.
Answers:
Yes
No
No
PaaS provides the ability to scale the platform automatically.
Answers:
Yes
No
Yes
PaaS provides professional development services to continuously add features to custom applications.
Answers:
Yes
No
Yes
Mark correct statements:
Answers:
Azure provides flexibility between capital expenditure (CapEx) and operational expenditure (OpEx).
If you create two Azure virtual machines that use the B2S size, each virtual machine will always generate the same monthly costs.
When an Azure virtual machine is stopped, you continue to pay storage costs associated to the virtual machine.
Azure provides flexibility between capital expenditure (CapEx) and operational expenditure (OpEx).
When an Azure virtual machine is stopped, you continue to pay storage costs associated to the virtual machine.
Your company plans to migrate all its data and resources to Azure.
The company’s migration plan states that only platform as a service (PaaS) solutions must be used in Azure.
You need to deploy an Azure environment that supports the planned migration.
Solution: You create an Azure App Service and Azure Storage accounts.
Does this meet the goal?
Answers:
Yes.
No.
No
Your company plans to migrate all its data and resources to Azure.
The company’s migration plan states that only platform as a service (PaaS) solutions must be used in Azure.
You need to deploy an Azure environment that supports the planned migration.
Solution: You create an Azure App Service and Azure virtual machines that have Microsoft SQL Server installed.
Does this meet the goal?
Answers:
Yes.
No.
No
Which cloud deployment solution is used for Azure virtual machines and Azure SQL databases?
Choose all that apply.
Answers:
Azure virtual machines: Infrastructure as a service (IaaS).
Azure virtual machines: Platform as a service (PaaS).
Azure virtual machines: Software as a service (SaaS).
Azure SQL databases: Infrastructure as a service (IaaS).
Azure SQL databases: Platform as a service (PaaS).
Azure SQL databases: Software as a service (SaaS).
Azure virtual machines: Infrastructure as a service (IaaS).
Azure SQL databases: Platform as a service (PaaS).
Choose all that apply.
Answers:
To achieve a hybrid cloud model, a company must always migrate from a private cloud model.
A company can extend the capacity of its internal network by using the public cloud.
In a public cloud model, only guest users at your company can access the resources in the cloud.
A company can extend the capacity of its internal network by using the public cloud.
You plan to migrate several servers from an on-premises network to Azure.
You need to identify the primary benefit of using a public cloud service for the servers.
What should you identify?
Answers
The public cloud is owned by the public, NOT a private corporation.
The public cloud is a crowd-sourcing solution that provides corporations with the ability to enhance the cloud.
All public cloud resources can be freely accessed by every member of the public.
The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud.
The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud.
You plan to deploy several Azure virtual machines.
You need to ensure that the services running on the virtual machines are available if a single data center fails.
Solution: You deploy the virtual machines to two or more availability zones.
Does this meet the goal?
Answers:
Yes
No
Yes
You plan to deploy several Azure virtual machines.
You need to ensure that the services running on the virtual machines are available if a single data center fails.
Solution: You deploy the virtual machines to two or more regions.
Does this meet the goal?
Answers:
Yes
No
No
You have 1,000 virtual machines hosted on the Hyper-V hosts in a data center.
You plan to migrate all the virtual machines to an Azure pay-as-you-go subscription.
You need to identify which expenditure model to use for the planned Azure solution.
Which expenditure model should you identify?
Answers: Operational. Elastic. Capital. Scalable.
Operational
Match the Azure Cloud Services benefit to the correct description.
Choose all that apply.
Answers:
Disaster recovery: A cloud service that remains available after it occurs.
Disaster recovery: A cloud service that can be recovered after it occurs.
Disaster recovery: A cloud service that performs quickly when it increases.
Disaster recovery: A cloud service that can be accessed quickly to the Internet.
Fault tolerance: A cloud service that remains available after it occurs.
Fault tolerance: A cloud service that can be recovered after it occurs.
Fault tolerance: A cloud service that performs quickly when it increases.
Fault tolerance: A cloud service that can be accessed quickly to the Internet.
Disaster recovery: A cloud service that can be recovered after it occurs.
Fault tolerance: A cloud service that remains available after it occurs.
