Quiz

Question 1

• Subscription A:
• -RG 1 (North Europe)
• –Storage Account S1
• -RG 2 (North Europe)
• Subscription C:
• -RG 3 (Australia East)
• -RG 4 (Australia East)

Can you move the storage account S1:

RG1 -> RG2?
RG1 -> RG3?
RG1 -> RG4?

Answer 1

Yes, Yes, Yes.

You CAN MOVE a resource from subscription to another subscription, even if the location is different

Question 2

• Subscription A:
• -RG 1 (North Europe)
• –App Service AS1
• -RG 2 (North Europe)
• Subscription C:
• -RG 3 (Australia East)
• -RG 4 (Australia East)
• –App Service AS2

Can you move the App Service AS1:

RG1 -> RG2?
RG1 -> RG3?
RG1 -> RG4?

Answer 2

Yes, Yes, No.

Usually you can move a resource across subscriptions, regardless of differences in region. However, in this specific case you can not have more than 1 app service in a resource group.

Question 3

RG1

• VM
• VNet
• Internal Load Balancer
• Public Load Balancer

What permissions would a user need to configure a backend pool to the internal load balancer?
What permissions would a user need to configure a health probe to the public load balancer?

Answer 3

Network Contributor on RG1 for both!

Remember: Follow the principle of least privilege.

Question 4

RG1

• VM1
• VM2
• VM3
• VNet
• Basic Load Balancer
• Standard Load Balancer

In order to balance requests across the 3 VMs using the basic load balancer, the VMs must be?
In order to balance requests across the 3 VMs using the standard load balancer, the VMs must be?

Answer 4

In the same VNet for the basic load balancer

In the same availability set or VM scale set for the standard load balancer.

Question 5

RG1

• VNet1
• -VM1
• –NIC1
• NIC 2

All resources in Same location.

Can you attach NIC2 to VM1?

Answer 5

Yes! As long as the VM and the NIC are in the same region

Question 6

RG1 (West Europe)

• VNet1 (West Europe)
• -VM1 (West US)
• -NIC1 (West US)

RG 2 (East Us)
-NIC2 (West US)

Can you attach NIC2 to VM1?

Answer 6

Yes you can because the VM and NIC are in the same region.

Question 7

RG1 (North Europe)

• Storage Account SA1 (North Europe)
• Recovery Services Vault RSV1 (West Europe)

RG2 (North Europe)

• Recovery Services Vault RSV2 (North Europe)
• VM1 (West Europe)
• DB1 (West US)

What resources can be backed up with RSV1?
What resources can be backed up with RSV2?

Answer 7

VM1 can be backed up to RSV1 because they are in the same region.
File share can be backed up to RSV1. SA1 is in the same location. Caution!! Blobs can not be backed up!

Question 8

John has no role
Anne is a global admin
Sophie is Intune admin
Marc is cloud device admin.

John joins his computer to an Azure AD tenant.

What users are admins on this Computer?

Answer 8

John and Anne.

The person who joins the computer will be admin. Global admins will also be admins.

Question 9

Azure

• Storage Account SA1
• -cat.txt
• Azure File Sync ASF1
• -Sync Group SG1

On Prem

• server1
• -D:\data1
• –cat.txt
• –dog.txt
• server2
• -D:\data2
• –mouse.txt
• –dog.txt

If we add the file shares to the sync group then add the servers as endpoints. Will files with naming conflicts be overwritten (i.e., cat.txt in SA1 and cat.txt on server1)

Answer 9

No they will not be overwritten.

cat.txt
cat-server1.txt
dog-server1.txt
mouse.txt
dog.txt

Question 10

Subscription A

• RG 1
• -VNet1
• –Subnet1
• —VM1
• —DNS Server
• RG 2
• -VNet2
• –Subnet2
• —VM2

How to enable VM2 to resolve DNS names?

Answer 10

Configure virtual network peering between the VNet1 and VNet2

Question 11

Application Gateway AG1

• Pool1 http://ILikeThisExam.com/networking
• Pool2 http://ILikeThisExam.com/AAD

Application Gateway AG2

• Pool1 http://azure-practiceTests.com
• Pool2 http://succeedTheExam.com

What do you need to configure AG1?
What do you need to configure AG2?

Answer 11

A URL path-based routing rule for AG1 (the URL paths are the same)
Multi-site listeners for AG2 (the URL paths are different)

Question 12

Storage Account SA1

Vnet1

• VM1
• VM2

How to access SA1 from VM1 and VM2?

a. Generate access signature
b. Enable vnet peering
c. Enable service endpoints

Answer 12

c. Enable service endpoints (allow you to secure you azure resources to your vnets)

Question 13

Web Application in North Europe.

How do we backup this app?

Answer 13

Create a Recovery Services Vault in the same region as the app.

Question 14

Web Application app1

• SQL Database
• Web Front End
• Processing Middle Tier

How many subnets required for app1?

Answer 14

3, one for each layer.

Question 15

Users

• John Cloud device Admin
• Sophie User Admin

VM1 - Azure AD Registered
VM2 - Azure AD Joined

Group1 - Assigned
-John Owner

Group2 - Dynamic Device
-Sophie Owner

Can John add VM2 to Group1?
Can Sophie add VM1 to Group1?
Can Sophie add VM1 to Group2?

Answer 15

Yes, John is a Cloud Device Admin (can enable, disable and delete devices in Azure AD) and he is the owner of Group1.

Yes, Sophie is a User Admin (can create and manage all groups)

No, group 2 is a dynamic device group.

Question 16

Web Servers, Accessible from Internet, 5 VMs
Business Logic, Not Accessible from Internet, 50 VMs
SQL Database Servers, Not Accessible from Internet, 5 VMs

What resource is required to spread requests from web servers equally across the 50 VMs in the business logic layer?

1. Application Gateway
2. Application Gateway with WAF
3. NSG
4. Internal Load Balancer
5. Public Load Balancer

Answer 16

4. Internal Load Balancer.

Load Balancer is used to balance incoming traffic to a backend pool of VMs.
Internal because the load balancer is not accessible from the Internet.

Question 17

VNet

• Subnet
• -VM 1
• -VM 2

How to inspect all traffic between the VMs?

Answer 17

run Packet Capture on Azure Network Watcher

Question 18

Users (IT admins)

• John
• Sophie
• Marc

Subscription S1

• VM1
• VM2

How to limit IT admins to a parituclar SKU size for VMs?

1. RBAC role
2. AD role for the IT admin group
3. Azure Policy assigned to the subscription
4. Assign subscription policy to the IT admin group

Answer 18

3. Azure Policy assigned to the subscription

Question 19

Subscription A
-VM 1

NIC nic1

Attach nic1 to the existing VM1, what is the first step?

Answer 19

The existing VM1 must be stopped before attaching the NIC

Question 20

VNet1
-VM1

VNet2
-VM2

VNets are peered, how to investigate traffic flow between the 2VMs?

1. Application Insights?
2. Azure Advisory
3. Azure Security Center
4. IP Flow Verify

Answer 20

4. IP Flow Verify

IP flow verify checks if a packet is allowed or denied to/from a virtual machine

Question 21

VNet1

• VM1
• -Public IP
• -Private IP
• VM2
• -Public IP
• -Private IP
• VM3
• -Public IP
• -Private IP

All VMs require the same inbound and outbound security rules.

What is the a) minimum number of network interfaces b) min number of NSGs?

Answer 21

3 NICs, one required for each VM to have Public and Private IP addresses.
1 NSG can cover all VMs because the inbound and outbound security rules are the same.

Question 22

How to achieve an SLA of 99.95% for Two VMs?

a) Scale Set
b) Availability Set
c) Traffic Manager

Answer 22

VMs must be deployed in the same availability set.

Question 23

Users

• Steve (Owner)
• John (Security Admin)
• Alice (Network Contributor)

VNet 1

Who can a) Add a subnet b) Add reader role access for a user

Answer 23

a) Steve and Alice

b) Steve