Q1 Flashcards
A company has 2 Azure subscriptions named “skillcertlab-staging” and “skillcertlab-production”.
The “skillcertlab-staging” subscription has the following resource groups
Name Region Lock type
skillcertlabs-rg1 West Europe None
skillcertlabs-rg2 West Europe Read Only
The company has deployed an Azure Web resource named “skillcertlabapp2050” to the skillcertlabs-rg1 resource group.
The “skillcertlab-production” subscription has the following resource groups
Name Region Lock type
skillcertlabs-rg3 East Europe Delete
skillcertlabs-rg4 Central US None
Would you be able to move the web application “skillcertlabapp2050” to the resource group “skillcertlabs-rg3”?
• A. Yes
• B. No
Yes
Here since the lock type is a Delete lock, resources can still be added or updated in the resource group. Hence the Azure Web app can be moved to this resource group.
Remember – You can move resources across subscriptions. Also remember that the resource group could be located in a different region from the resource itself.
For more information on resource locks, please visit the following URL
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
Your company has an Azure AD tenant named skillcertlabs.com
The following users are defined in the tenant
Name Role
skillcertlabusr1 Cloud device administrator
skillcertlabusr2 User administrator
The tenant also consists of the following Windows 10 devices
Name Join type
skillcertlabvm1 Azure AD registered
skillcertlabvm2 Azure AD joined
The tenant also has the following groups defined
Name Join Type Owner
skillcertlabgrp1 Assigned skillcertlabusr1
skillcertlabgrp2 Dynamic Device skillcertlabusr2
Would the user “skillcertlabusr1” be able to add the device “skillcertlabvm2” to the group skillcertlabgrp1?
• A. Yes
• B. No
Yes
Since the user is a group admin, the user can manage the group membership
The user would be able to add registered or joined devices to the group.
For more information on working with group administrators, please visit the following URL
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-accessmanagement-managing-group-owners
A company has an Azure AD tenant. They have users that are also synced from their on-premise environment. The domain contains the following users
Name Role
skillcertlabadmin1 Security administrator
Skillcertlabadmin2 Billing administrator
skillcertlabusr Reports reader
The administrator has enabled self-service password reset for all users.
The administrator has enabled the following SSPR settings
Number of methods required to reset – 2
Methods available to users – Mobile phone and Security questions
Number of questions to register – 3
Number of questions to reset – 3
The following security questions are chosen
In what city was your first job?
What was the name of the first school you attended?
What was your first job?
Would skillcertlabadmin1 be required to answer the security question “In what city was your first job?” to reset their password?
• A. Yes
• B. No
No
For administrators, the password reset policy is different wherein they are not asked for security questions.
The Microsoft documentation mentions the following
For more information on the password reset policy for administrators, please visit the following URL
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy
A company has deployed the following Azure Load Balancer resources to their Azure subscription
Name SKU
skillcertlabload1 Basic
Skillcertlabload2 Standard
The load balancers would need to load balance requests across six virtual machines.
Each load balancer would have to load balance requests across three virtual machines.
Which of the following has to be implemented to ensure skillcertlabload2 can load balance requests across the three virtual machines?
• A. Ensure the virtual machines are running the same operating system
• B. Ensure the virtual machines are created in the same resource group
• C. Ensure the virtual machines are created in the same virtual network
• D. Ensure the virtual machines are created in the same availability set or virtual machine scale set
• C. Ensure the virtual machines are created in the same virtual network
If you look at the comparison between the Standard and the Basic Load Balancer in the Microsoft documentation, it clearly mentions that the virtual machines need to be part of a single virtual network.
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on the Azure Load Balancer, please visit the following URL
https://docs.microsoft.com/en-us/azure/load-balancer/concepts-limitations
A company has an Azure subscription. They want to transfer around 6 TB of data to the subscription. They plan to use the Azure Import/Export service. Which of the following can they use as the destination for the imported data? • A. Azure Data Lake Storage • B. Azure SQL Database • C. Azure File Sync Storage • D. Azure Blob storage
• D. Azure Blob storage
When transferring data to an Azure storage account, you can transfer data to Azure blob storage or Azure file storage.
The Microsoft documentation mentions the following
Since this is clear from the Microsoft documentation, all other options are incorrect
For more information on the Import Export service, please visit the following URL
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
Your company has an on-premises file server named demoserver that runs Windows Server 2016. Your company also has an Azure subscription that contains an Azure file share. You have to deploy an Azure File Sync Storage Sync Service, so you go ahead and create a sync group. You now need to synchronize files from demoserver to Azure. Which of the following actions would you need to perform for this purpose? Choose 3 answers from the options given below.
• A. Create an Azure on-premise data gateway
• B. Install the Azure File Sync agent on demoserver
• C. Create a Recovery Services vault
• D. Register demoserver
• E. Install the DFS Replication server role on demoserver
• F. Add a server endpoint
- B. Install the Azure File Sync agent on demoserver
- D. Register demoserver
- F. Add a server endpoint
This is also given in the Microsoft documentation in the steps for the deployment
For more information on file sync deployment, please visit the below URL
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?tabs=portal
You need to deploy two Azure virtual machines named VM1 and VM2 based on the Windows server 2016. The deployment must meet the following requirements:
Provide a Service Level Agreement (SLA) of 99.95 percent availability.
Use managed disks
You propose a solution to create a scale set for the requirement.
Would the solution meet the goal?
• A. Yes
• B. No
No
Scale sets are used to scale the Virtual machines based on load. But here to achieve the desired level of availability, you also need to use an Availability set. You can use availability sets along with scale sets to achieve high availability.
For more information on Scale Sets, please visit the below URL
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview
Your company has an Azure account and an Azure subscription. They have created a Virtual Network named skillcertlabs-net. The following users have been setup
User Role
skillcertlabs-usr1 Owner
skillcertlabs-usr2 Security admin
skillcertlabs-usr3 Network Contributor
Which of the following users would be able to add a subnet to the Virtual Network?
• A. skillcertlabs-usr1 only
• B. skillcertlabs-usr2 only
• C. skillcertlabs-usr3 only
• D. skillcertlabs-usr1 and skillcertlabs-usr2 only
• E. skillcertlabs-usr1 and skillcertlabs-usr3 only
• F. skillcertlabs-usr2 and skillcertlabs-usr3 only
• E. skillcertlabs-usr1 and skillcertlabs-usr3 only
If you look at the Network Contributor Role, they have access to manage Virtual Networks. And then by default the Owner will have all privileges over Azure resources.
For more information on the built-in roles, please go to the below URL
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
You have an Azure subscription named skillcertlabstaging. Under the subscription, you go ahead and create a resource group named skillcertlabs-rg.
You then go ahead and create an Azure policy based on the “Not allowed resources types” definition. Here you define the parameters as Microsoft.Network.virtualNetworks as the not allowed resource type. You assign this policy to the Tenant Root Group.
Would you be able to create a virtual machine in the skillcertlabs-rg resource group?
• A. Yes
• B. No
No
Here since the policy is applied at the Tenant Root Group, it would be applied to all subscriptions and resource groups. And since virtual networks are allowed for the creation of virtual machines, you won’t be able to create the virtual machines.
You have an Azure virtual machine based on the Windows Server 2016 image. You implement Azure backup for the virtual machine. You want to restore the virtual machine by using the Replace existing option. Which of the following needs to be done first before you go ahead and replace the virtual machine using the Azure Backup option? • A. Create a custom image • B. Stop the virtual machine • C. Allocate a new disk • D. Enable encryption on the disk
• B. Stop the virtual machine
The virtual machine has to be in the Stopped or Deallocated state in order to replace the existing disks on the virtual machine.
For more information on replace existing disks, please visit the following URL
https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms#replace-existing-disks
A company has the following virtual machines defined as part of their subscription
Name Operating System Connect to
skillcertlabvm1 Windows Server 2019 SubnetA
skillcertlabvm2 Windows Server 2019 SubnetB
Public IP addresses are assigned to the virtual machines
At the operating system level, incoming remote desktop connections have been allowed on the operating system level
Both of the subnets are in the same virtual network
A network security group named skillcertlabnsg1 has been assigned to SubnetA. This network security group only has the default rules
A network security group named skillcertlabnsg2 has been assigned to the network interface of skillcertlabvm2. This network security group has an additional rule with the following details
Priority: 100
Name: skillcertlabrule
Port: 3389
Protocol: TCP
Source: Any
Destination: Any
Action: Allow
Is it possible to remote desktop into skillcertlabvm2 from skillcertlabvm1?
• A. Yes
• B. No
Yes
Since there is a rule which specifically allows remote desktop connections from any source, connections are possible into skillcertlabvm2
For more information on network security groups, please visit the following URL
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
You company has an Azure subscription that has the following providers registered Authorization Automation Resources Compute Network Storage Billing Web You have a virtual machine named skillcertlabvm that has the following configuration Private IP address – 10.1.0.4 Network Security Group – skillcertlabnsg Public IP Address – None Subnet – 10.1.0.0/24 Location – East US You have to record all of the successful and failed connection attempts to the virtual machine Which of the following actions would you implement for this requirement? Choose 3 answers from the options given below
A. Ensure to register the Microsoft.Insights resource provider
B. Ensure to add the Network Watcher connection monitor
C. Enable the Azure Network Watcher service in the East US region
D. Create a storage account
E. Enable the Azure Network Watcher flow logs
B. Ensure to add the Network Watcher connection monitor
C. Enable the Azure Network Watcher service in the East US region
E. Enable the Azure Network Watcher flow logs
Your company has an Azure subscription that is used by multiple departments in your company. The subscription contains around 5 resource groups. Each department uses resources in several resource groups. Your supervisor has requested to send a report that details the costs for each department. Which of the following actions would you need to perform for this purpose? Choose 3 answers from the options given below.
A. Assign a tag to each resource group
B. Use the Resource costs blade of each resource group
C. Download the usage report
D. Assign a tag to each resource
E. From the Costs Analysis blade, filter the view by tag
C. Download the usage report
D. Assign a tag to each resource
E. From the Costs Analysis blade, filter the view by tag
You have an Azure Active Directory (Azure AD) tenant that has the initial domain name.
You have a domain name of skillcertlabs.com registered at a third-party registrar. You need to ensure that you can create Azure AD users that have names containing a suffix of @skillcertlabs.com.
Which of the following would need to be implemented to fulfil this requirement? Choose 3 answers from the options given below
A. Configure the company branding B. Add an Azure AD tenant C. Verify the domain D. Create an Azure DNS Zone E. Add a custom domain name F. Add a record to the public skillcertlabs.com DNS zone
C. Verify the domain
E. Add a custom domain name
F. Add a record to the public skillcertlabs.com DNS zone
A company currently has an Azure account and subscription. They want to host an application using Virtual Machines and a load balancer. There is a requirement to ensure that the application is made available 99.99% of the time. Which of the following would need to be in place? You also have to minimize costs associated with the solution. Choose 2 answers from the options given below
A. Create a Basic Load balancer
B. Create a Standard Load balancer
C. Add 2 Virtual Machines to the backend pool
D. Add a Virtual Machine to the backend pool
B. Create a Standard Load balancer
C. Add 2 Virtual Machines to the backend pool
