test 5 Flashcards
You’ve been tasked with enhancing the redundancy of Azure Files NFSv4.1 shares within a storage account, currently configured with Locally Redundant Storage (LRS). Your company aims to migrate the existing file storage to Zone-Redundant Storage (ZRS).
What is the supported method to carry out this migration?
A. Perform the migration via Azure Portal
B. Request a live migration
C. Perform a manual migration
D. Perform the migration using AzureCli
Perform a manual migration
You can Choose manual migration or request a live migration. But, Live migration is not supported in below case.
NFSv3 protocol support is enabled for Azure Blob Storage
The storage account contains Azure Files NFSv4.1 shares
You have an Azure subscription, which contains the following resources:
Prod-VM1 (virtual machine)
Prod-Webapp1 (app service)
Contoso.com (Azure AD domain services)
All the resources connect to prod-vnet1. You are planning to deploy an Azure Bastion host from Prod-Bastion1 to Prod-Vnet1.
Which resources can be protected by Prod-Bastion1?
A. Contoso.com only
B. Prod-VM1 and Prod-Webapp1
C. Prod-VM1 only
D. All of the resources
Prod-VM1 only
Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network on which it is provisioned.
Which PowerShell cmdlet allows you to create a new Virtual machine scale set?
New-AzVM
Set-AzVmss
New-AzVmss
New-AzVmss
In the Azure Recovery Services vault, if you delete any data mistakenly, it goes to soft delete to protect your data and recover backups. For how many days is the data retained before being permanently deleted?
90 days
30 days
14 days
Infinite
14 days
You need to create a Network Security group using the PowerShell cmdlet and configure NSG rules to allow RDP and HTTP traffic.
$rule1 = New-AzNetworkSecurityRuleConfig -Name rdp-rule -Description “Allow RDP” `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix `
Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389
$rule2 = New-AzNetworkSecurityRuleConfig -Name web-rule -Description “Allow HTTP” `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 101 -SourceAddressPrefix `
Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80
New-AzNetworkSecurityGroup -ResourceGroupName TestRG -Location westus -Name `
“NSG-FrontEnd” -SecurityRules $rule1, $rule2
You executed the above PowerShell cmdlet; is it correct?
Yes
No
Yes
You have an Active Directory Forest named contoso.com. You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled. You review the synchronization results and discover that the
Synchronization Service Manager does not display any sync jobs.
You need to ensure that the synchronization completes successfully, and that exports, imports and synchronization could run.
What should you do?
A. From Azure PowerShell, run start-AdSyncSyncCycle policy type initial.
B. Run Azure AD connect and disable staging mode.
C. Run Azure AD connect and set the SSO method to pass-through Authentication.
Run Azure AD connect and disable staging mode.
Staging mode must be disabled. If the Azure AD connect is in staging mode, password hash synchronization will not work.
In your Azure subscription, there is a highly important resource group named “Prod-rg1.” The subscription owner intends to prevent the deletion of the resource group itself or any resources contained within it.
Which solution would you recommend. You also want to use a minimal amount of administrative effort.
Add a delete lock on individual resources inside the resource group.
Add a delete lock on the resource group.
Add a read-only lock on the subscription level.
Add a delete lock on the resource group.
Add a delete lock on the resource group itself. We can also place a lock on the resources inside a resource group as well, but it involves more administrative effort. Since our requirement is to use a minimal amount of administrative effort, we should place a lock on the resource group itself.
Your Azure subscription contains 10 virtual machines. You need to enable alerts if any virtual machine restarts, stops, or delocalizes. Alerts must be sent to three administrators by email and Azure App push notifications.
You need to create alert rules, action groups, and actions in the Azure portal.
What are the minimum number of alert rules, action groups, and actions you should create?
Alert Rules = 2; Action groups = 3; Actions = 1
Alert Rules = 3; Action groups = 1; Actions = 1
Alert Rules = 3; Action groups = 1; Actions = 3
Alert Rules = 1; Action groups = 1; Actions = 1
Alert Rules = 3; Action groups = 1; Actions = 3
You need to establish three alert rules, each corresponding to a specific condition: restarting a virtual machine, powering off a virtual machine, and deallocating a virtual machine.
Additionally, you should create a single action group, which can be linked to multiple alert rules. Within this action group, you will define multiple actions.
To cater to three administrators, you must create three distinct actions within the action group.
You plan to use a deployment template to deploy 6 instances of web app in east us region.
You need to ensure that you have met minimum prerequisites for deployment. Your solution must minimize costs in Azure.
Deploy Azure application gateway.
Deploy one Azure App service plan.
Deploy Azure Load Balancer.
Deploy five Azure app service plans.
Deploy One Azure App Service Plan:
Cost-Effective: This option is typically the most cost-effective because you only need one App Service Plan to host all six web app instances.
You have a subnet named Subnet1 that contains Azure virtual machines. A network security group (NSG) named NSG1 is associated to Subnet1. NSG1 only contains the default rules.
You need to create a rule in NSG1 to prevent the hosts on Subnet1 form connecting to the Azure portal. The hosts must be able to connect to other internet hosts.
To what should you set Destination in the rule?
Application security group
IP Addresses
Service Tag
Any
Service Tag
Explanation
You can use service tags.
You have an Azure subscription that contains a virtual machine named VM1.
To VM1, you plan to add a 1-TB data disk that meets the following requirements:
- Provides data resiliency in the event of a datacenter outage.
- Provides the lowest latency and the highest performance.
- Ensures that no data loss occurs if a host fails.
You need to recommend which type of storage and host caching to configure for the new data disk.
Storage Type: Premium SSD that uses locally-redundant storage(LRS)
Host caching: None
Storage Type: Premium SSD that uses Zone-redundant storage(ZRS)
Host caching: Read-only
Storage Type: Premium SSD that uses Zone-redundant storage(ZRS)
Host caching: Read/Write
Storage Type: Premium SSD that uses Zone-redundant storage(ZRS)
Host caching: Read-only
Explanation
Configuring the data disk with Premium SSD that uses Zone-redundant storage (ZRS) ensures data resiliency in the event of a datacenter outage by replicating data across multiple availability zones. Setting the host caching to read-only can improve performance by caching read operations, providing lower latency, and ensuring no data loss if a host fails.
Ensures that no data loss occurs if a host fails.
- Write caching can pose a risk of data loss in the event of a host failure. Thus, we need to be careful when enabling write caching.
