test 9 Flashcards by Study Datadog

You need to use traffic analytics to analyze NSG flow logs in Azure Network Watcher to gain insights into traffic flow in your virtual network, vnet01. Which of the following is NOT a prerequisite resource for you to create?
A. Data Collection Rule
B. Network Security Group
C. Storage Account
D. Log Analytics workspace

How well did you know this?

Not at all

Perfectly

You have three resource groups in your Azure subscription. You deploy Azure Virtual Machine and its related resources in the rg-dev-01 resource group. Given below are two statements based on the above information. Select Yes if the statement is correct. Else select No.
A. Yes, No
B. No, Yes
C. Yes, Yes
D. No, No

How well did you know this?

Not at all

Perfectly

Following are the resources deployed in your Azure subscription.
a. An App Service app running in an App Service plan.
b. The virtual network vnet01 with subnet01.
c. Azure Firewall (with a public IP configuration) deployed in an AzureFirewallSubnet in vnet01.
Select and place the steps you would perform so that all outbound traffic from the app is inspected by the Azure Firewall and the traffic is allowed/blocked based on the firewall rules.
A. Delegate the subnet to Microsoft.web/serverfarms
B. Create a route table
C. Add a route to route the traffic from subnet01 to Azure Firewall
D. Associate the route table with subnet01

How well did you know this?

Not at all

Perfectly

You are planning to create an internal load balancer in Azure for your workloads. Which of the following resources needs to be compulsorily created while/before creating the load balancer?
A. Public IP address
B. Backend pool
C. Virtual Network
D. A load balancer rule

How well did you know this?

Not at all

Perfectly

Using Azure Bicep, you need to create a resource group and deploy an Azure Virtual Network to the resource group. In Visual Studio Code, you have two Bicep files: X] A main.bicep file defines a resource group. Y] A vnet.bicep file defines a virtual network that’s deployed to the resource group. As shown above, the main.bicep file defines a module that references the vnet.bicep file. What property would you add to the module to fix the error?
A. Params
B. Properties
C. dependsOn
D. Scope

How well did you know this?

Not at all

Perfectly

There are three blob containers source1, source2, and source3 with a Public access level of Container, Blob, and Private, respectively, in the strdev011 storage account. There are another two blob containers target1 and target2, with a Public access level of Container and Private, respectively, in the strdev012 storage account. There is a backup file in all the source containers. Which of the following azcopy commands helps you copy the backup file to either target1 or target2? Select two options.
A. azcopy copy ‘[MASKED].windows.net/source1’ ‘[MASKED].windows.net/target1«SAS token»’ –recursive
B. azcopy copy ‘[MASKED].windows.net/source2«SAS token»’ ‘[MASKED].windows.net/target1’ –recursive
C. azcopy copy ‘[MASKED].windows.net/source2/bak.exe’ ‘[MASKED].windows.net/target2«SAS token»’ –recursive
D. azcopy copy ‘[MASKED].windows.net/source2’ ‘[MASKED].windows.net/target2«SAS token»’ –recursive

How well did you know this?

Not at all

Perfectly

User One with the Azure RBAC role Contributor at the resource group scope can access data in Azure blobs using the storage account key via shared key authorization in the Azure portal. Select and place (in any order) the steps you would perform to: 1. Disable key-based authorization only for User One. 2. Enable read access to data in Azure blobs via Microsoft Entra ID authentication in the Azure portal for User One.
A. Enable Default to Microsoft Entra authorization in the Azure portal
B. Assign the Storage Blob Data Reader role
C. Disable Allow storage account key access
D. Remove the Contributor role

How well did you know this?

Not at all

Perfectly

How well did you know this?

Not at all

Perfectly

You have two virtual machines, vm01 & vm02, connected to two different subnets in a virtual network in the East US region. A SQL Server hosting a SQL database is also deployed in the same region. Users connect to the VMs using the Azure Bastion service. The VMs do not have any instance-level public IP address. You need to allow traffic to SQL Server only from the private IP of vm01. Solution: You configure the SQL Server firewall to: a. Allow only the private IP of vm01. b. Enable Allow Azure services and resources to access this server. Does the solution meet the stated goal?
A. Yes
B. No

How well did you know this?

Not at all

Perfectly

You have two virtual machines, vm01 & vm02, connected to two different subnets in a virtual network in the East US region. A SQL Server hosting a SQL database is also deployed in the same region. Users connect to the VMs using the Azure Bastion service. The VMs do not have any instance-level public IP address. You need to allow traffic to SQL Server only from the private IP of vm01. Solution: You configure the virtual network service endpoint for Microsoft.Sql service on the subnet of vm01. Does the solution meet the stated goal?
A. Yes
B. No

How well did you know this?

Not at all

Perfectly

You have two virtual machines, vm01 & vm02, connected to two different subnets in a virtual network in the East US region. A SQL Server hosting a SQL database is also deployed in the same region. Users connect to the VMs using the Azure Bastion service. The VMs do not have any instance-level public IP address. You need to allow traffic to SQL Server only from the private IP of vm01. Solution: You configure a private endpoint for Azure SQL Server in subnet01. Does the solution meet the stated goal?
A. Yes
B. No

How well did you know this?

Not at all

Perfectly

From Visual Studio Code, you publish the below app to the App Service app with two deployment slots: Production, and Staging. From the client manager, you receive a request to add one more line as shown below: After you swap the staging slot with the production slot, you realize that the update is not successful in production, and you need to get your “last known good site” back. Which of the following actions offer the best/easiest solution?
A. Create another deployment slot and deploy the app to the slot
B. Swap the slot with source: staging and target: production
C. Redeploy the app
D. Swap the slot with source: production and target: staging

How well did you know this?

Not at all

Perfectly

You have a virtual machine and its related resources in a resource group. A daily job backs up the VM to a Recovery Services Vault. After a few months, you no longer require the VM, so you delete the backup data in the vault and try to delete the resource group and all its resources. You were able to delete all resources in the resource group, except the vault. What necessary sequence of steps you would follow to delete the group and the vault?
A. Delete the backup policy, Disable soft delete for backups, Delete backup data, Delete resource group
B. Undelete the restore points, Disable soft delete for backups, Delete backup data, Delete resource group
C. Disable soft delete for backups, Delete the backup policy, Delete backup data, Delete resource group
D. Undelete the restore points, Delete backup data, Disable soft delete for backups, Delete resource group

How well did you know this?

Not at all

Perfectly

You need to publish two Azure App Service apps, one with a runtime stack ASP.NET v4.8 and another running on Python 3.12. Further, the apps should meet the following requirements: Can autoscale based on rules, Allows daily backups, Provides at least four staging slots. Based on the given information, answer the below two questions:
A. 1, Standard S1
B. 1, Basic B1
C. 2, Basic B1
D. 2, Standard S1

How well did you know this?

Not at all

Perfectly

You have two resource groups in different locations in your Azure subscription. Two Azure Private DNS zones, bigstuff.com, and birdsource.com, are created in each resource group. Also, two virtual networks, one in the South Central US and the other in North Europe location are deployed. Finally, the two private DNS zones are linked with the two VNets as shown below: Given below are two statements based on the above information. Select Yes if the statement is correct. Else select No.
A. Yes, No
B. Yes, Yes
C. No, No
D. No, Yes

How well did you know this?

Not at all

Perfectly

You have three VMs, two Windows and one Linux, deployed across two VNets in your Azure subscription. A private Azure DNS zone named bigstuff.com is linked to the two virtual networks, vnet01 and vnet02, with auto-registration enabled and disabled, respectively. Given below are three statements based on the above information. Select Yes if the statement is correct. Else select No.
A. No, No, No
B. No, Yes, Yes
C. Yes, No, Yes
D. Yes, Yes, No

How well did you know this?

Not at all

Perfectly

In your Microsoft Entra ID tenant, you have to add nearly 100 users. You plan to use the bulk create operation feature. Which of the following user attributes are NOT mandatory to include while uploading the CSV file? Select two options.
A. Name
B. First Name
C. Usage location
D. Block sign in

How well did you know this?

Not at all

Perfectly

Below are two statements based on associating Azure public IP addresses with an Azure Firewall. Select Yes if the statement is correct. Else select No.
A. Yes, No
B. Yes, Yes
C. No, Yes
D. No, No

How well did you know this?

Not at all

Perfectly

You have four virtual machines, two running and two deallocated in the East US and North Europe locations as shown below. Further, there are two Azure Recovery Services Vaults in the East US region. The virtual machine vm03 is already protected with daily backups to the Recovery Services Vault, vault02. Which of the given VMs can you back up to vault01?
A. Only vm01
B. Only vm01 and vm03
C. Only vm01, vm02 and vm04
D. Only vm01 and vm04

How well did you know this?

Not at all

Perfectly

You have three VMs across two subnets in your Azure virtual network. Each VM accepts and/or denies a different type of traffic. At any point in time, only one VM is in a running status. Based on this information, answer the below two questions:
A. 1,3
B. 1,1
C. 3,1
D. 3,3

How well did you know this?

Not at all

Perfectly

You have a standalone virtual machine in Azure. The virtual machine has an IPv4 public and private IP address. The IP address assignment can be either static or dynamic, depending on the need. You have to create an NSG inbound security rule to allow RDP access to the VM from your local computer. Which of the following would you use as the destination IP address? Note: You should be able to connect to the VM even after multiple stops and restarts.
A. Only c
B. Only c and d
C. Only a and c
D. Only a

Every new Microsoft Entra ID tenant comes with a domain name, for example, ravikirans1160.onmicrosoft.com. When you create a new user (adminone) in the Microsoft Entra ID tenant, you are able to create them using only this domain name. Which of the following steps would you perform in sequence to create the user as [MASKED]? Note: ravikirans.com is registered with the Domain registrar GoDaddy.
A. Add the custom domain name ravikirans.com in GoDaddy, Create an A record for ravikirans.com in GoDaddy, Ensure the domain ravikirans.com is valid in GoDaddy
B. Add the custom domain name ravikirans.com to Microsoft Entra ID, Create a TXT record for ravikirans.com in GoDaddy, Ensure the domain ravikirans.com is valid in Microsoft Entra ID
C. Add the custom domain name ravikirans.com to Microsoft Entra ID, Create an A record for ravikirans.com in GoDaddy, Ensure the domain ravikirans.com is valid in Microsoft Entra ID
D. Add the custom domain name ravikirans.com in GoDaddy, Create a TXT record for ravikirans.com in GoDaddy, Ensure the domain ravikirans.com is valid in GoDaddy

You join all the corporate-owned Windows 10 laptops to Microsoft Entra ID. You need to add [MASKED] as a local administrator account to all those systems. Where would you configure this in Microsoft Entra ID?
A. Users -> User settings
B. Devices -> Device settings
C. Devices -> Enterprise State Roaming
D. Under Roles and administrators

You develop Power BI reports that your team members can access from their corporate network. The team also uses an Azure subscription and deploys VMs for organizational workloads. As a team manager, you have two requirements: a. Ensure users who RDP/SSH into those Azure VMs cannot access the Power BI report/dashboard from there. b. Ensure they can access the Internet. Which of the following would you use as the destination while creating an outbound security deny rule in the NSG?
A. IP addresses
B. Service Tag
C. My IP address
D. Application security group

There are three Windows VMs in your Azure Virtual Network. The virtual machines vm01 and vm02 are deployed in subnet01, whereas vm03 is deployed in the centralSubnet. A Network Security Group (nsg01) is associated with both the subnets. In addition to default rules, the NSG also has a rule that denies inbound traffic through the ICMP protocol from any source. Which of the following rules would you create that satisfy the below two requirements: a. Allow ICMP messages to vm01 and vm02 only from vm03 b. None of the other combinations of inter-VM pings are possible
A. Priority: 101, Direction: Inbound, Source: [MASKED], Destination: VirtualNetwork
B. Priority: 102, Direction: Outbound, Source: [MASKED], Destination: VirtualNetwork
C. Priority: 103, Direction: Inbound, Source: VirtualNetwork, Destination: [MASKED],[MASKED]
D. Priority: 99, Direction: Outbound, Source: VirtualNetwork, Destination: [MASKED], [MASKED]

You deploy a website into two Azure VMs in your virtual network behind a standard load balancer. From the below statements, select the actions necessary to allow external traffic to reach the VMs. Also ensure the solution minimizes management overhead for the current setup and possibly in the future when the VMs scale.
A. Create an inbound security rule in an NSG to allow the traffic
B. Create an outbound security rule in an NSG to allow the response traffic
C. Associate the NSG to the subnet where the VMs are deployed
D. Associate the NSG to the Network Interface cards attached to the VMs

You have two virtual machines, vm1, and vm2, deployed in two different virtual networks, vnet1, and vnet2, in two different Azure regions. Below are the VNets with other information like their address space and location details. You need to ensure that vm1 and vm2 can communicate with each other. Which of the following solutions would you implement if you need high bandwidth connectivity without any limits?
A. Move vnet2 and its dependent resources to East US
B. Configure a VNet peering connection between vnet1 and vnet2
C. Deploy a virtual network gateway in either of the networks and establish the connection
D. Deploy a virtual network gateway in both networks and establish the connection

You have the two virtual networks below, vnet01 and vnet02, in Azure. And the two networks have a peering connection. Due to increased demand, you need to resize the address space of vnet01 from [MASKED] to [MASKED] for scaling the workloads. What is the best way to achieve this objective without any downtime?
A. Remove peering between the VNets, modify the address space, and re-add the peering connection.
B. Modify the existing address space and sync the peers with the new changes.
C. Add a new address space to vnet01 since it is not possible to update the existing address space for a network that’s in a peering connection.
D. Modify the existing address space and refresh the peers with the new changes.

You deploy 8 VM instances in an Azure Bastion service in your virtual network. Users in your organization use the Bastion service to connect remotely for performing basic data entry tasks. How many concurrent RDP sessions can the Bastion service serve?
A. 200
B. 160
C. Depends on the Bastion SKU
D. Depends on the subnet size

You have a storage account in the East US region. Some users in the North Europe region need to access the storage account. Which storage account setting would you configure to optimize the network cost when the traffic is routed from the user to the storage account?
A. Routing preference
B. Network access
C. Service endpoints
D. Performance

You have to deploy multiple containers using Azure Container Instances. Container1 runs an internet-facing web application, and another container, Container2, periodically sends an HTTP request to Container1 to ensure it’s up and running. Which of the following Operating Systems would you consider using? Select two options.
A. Alpine Linux
B. Ubuntu Server
C. Windows Nano Server
D. Windows Server Core

You have five Network Interface Cards (NICs) deployed in a virtual network vnet01. Of them, three Network Interface Cards are deployed in subnet03 and attached to vm03, which functions as a virtual appliance. Of the three NICs attached to the virtual appliance, IP forwarding is enabled only on nic03 (private IP: [MASKED]) and nic04 ([MASKED]). IP forwarding is also enabled within vm03’s operating system. Below is the route table defined with two custom routes associated with subnet01 and subnet02. Based on the given information, answer the below two questions. Select Yes if the statement is correct, else select No.
A. Yes, No
B. Yes, Yes
C. No, No
D. No, Yes

Here is an ARM template that defines an Azure Storage Account. Given below are two statements based on the above ARM template. Select Yes if the statement is correct. Else select No.
A. Yes, No
B. Yes, Yes
C. No, No
D. No, Yes

You have a Recovery Services Vault and two storage accounts, and two Log Analytics workspaces in different regions in your Azure subscription. You need to create a diagnostic setting for vault01 to stream platform logs and metrics to the Log Analytics workspace and a storage account. Which resources can you use as the destination?
A. Only strdev012, Only LogAnalytics01
B. Only strdev012, Both LogAnalytics01 and LogAnalytics02
C. Both strdev011 and strdev012, Only LogAnalytics01
D. Both strdev011 and strdev012, Both LogAnalytics01 and LogAnalytics02

You need to deploy an Azure Bastion service in a virtual network to enable RDP connectivity through the Azure portal. Choose the VNet subnet and the subnet size you would select.
A. AzureBastionSubnet, Larger than
B. Smaller than
C. Larger than
D. Smaller than

You have the following Azure subscriptions organized under their parent management groups, as shown below. Given below is the hierarchy of management groups and the total number of subscriptions they contain. Goal: You have to ensure that only the Azure Storage Account resources in only one region (i.e., the East Asia region) can be created in the Sales-tech subscription. Solution: You assign the following built-in policies. Does the solution meet the goal?
A. Yes
B. No

You have a SQL backup file in your on-premises directory named backups. You have to upload only the backup file (01-04.bak) to a blob storage container sqlbackups. Which of the following azcopy commands would you use? Select two options.
A. azcopy copy ‘D:\backups’ ‘[MASKED].windows.net/sqqlbackups/«SAS token»’
B. azcopy copy ‘D:\backups’ ‘[MASKED].windows.net/sqlbackups/«SAS token»’ –recursive
C. azcopy copy ‘D:\backups’ ‘[MASKED].windows.net/sqlbackups/«SAS token»’
D. azcopy copy ‘D:\backups’ ‘[MASKED].windows.net/sqlbackups/«SAS token»’ –recursive

The below ARM template creates three VNets: private, internal, and public. It also creates two subnets in each VNet. What will be the address prefixes of the two subnets in the VNet named ‘internal’?
A. [MASKED] and [MASKED]
B. [MASKED] and [MASKED]
C. [MASKED] and [MASKED]
D. [MASKED] and [MASKED]

You have to deploy the below Azure Resource Manager (ARM) template to a resource group. Given below are two PowerShell commands that use the New-AzResourceGroupDeployment cmdlet to deploy the template. Select the output location of the availability set resource for each command.
A. Error, West Europe
B. West Europe, North Europe
C. West US, West US
D. West Europe, West Europe

Your cloud architecture team deploys several VMs in Azure: a. 3 VMs in an availability set, b. 3 VMs, each in a different availability zone, and c. 2 default instances, deployed across two availability zones using Virtual Machine Scale Sets that scale based on load. Given below are two statements based on the above information. Select Yes if the statement is correct. Else select No.
A. Yes, No
B. No, Yes
C. Yes, Yes
D. No, No

To provide end-user self-service capabilities, an organization (ravikiran.onmicrosoft.com) has purchased 50 Microsoft Entra ID P2 licenses. From where can you assign the license to a user in Microsoft Entra ID? Select two options.
A. From the Licenses blade
B. From the User settings blade
C. From the custom domain names blade
D. From the licenses blade of the user

You create and place virtual machines in an availability set with the below configuration. Due to improper testing, a data center couldn’t stand the generators that supply backup power to a server rack. How many virtual machines do you expect to be affected, in a worst-case scenario?
A. 2
B. 4
C. 3
D. 1

You create two Virtual Machine Scale Sets with flexible and uniform orchestration modes. Each VMSS has 3 VMs as the initial instance count. Given below are two statements based on the above information. Select Yes if the statement is correct. Else select No.
A. Yes, Yes
B. Yes, No
C. No, Yes
D. No, No

In your Microsoft Entra ID tenant (ravikirans.onmicrosoft.com), there are three users. The below table summarizes their roles in Microsoft Entra ID and Azure subscription. Which users can assign a subscription owner access to a new user (User Four)?
A. Only User Two
B. Only User Two and User Three
C. Only User One and User Three
D. Only User One and User Two

You plan to deploy an ASP.NET web application in three Azure Virtual Machines, vm01, vm02, and vm03. You consider using Azure availability sets to ensure that an instance of the app is always available when Microsoft patches the hypervisor of the underlying host machine. How would you configure the availability set?
A. 1 fault domain and 3 update domains
B. 3 fault domains and 1 update domain
C. 4 fault domains and 3 update domains
D. 2 fault domains and 2 update domains

Given below is an Azure Resource Manager template that deploys a resource group and a Virtual Network in the resource group. Observe the given template and answer the below two questions based on the template definition.
A. Microsoft.Resources/providers, Add-AzSubscriptionDeployment
B. Microsoft.Resources/providers, Add-AzSubscriptionDeployment
C. Microsoft.Resources/templates, New-AzResourceGroupDeployment
D. Microsoft.Resources/deployments, New-AzDeployment

You have the below list of users in a hybrid deployment of Microsoft Entra ID. 1. user one is on-premises sync enabled, which means the user is created in Windows Server Active Directory and synced to Microsoft Entra ID with Microsoft Entra Connect. 2. test user is not on-premises sync enabled, so test user is created in Microsoft Entra ID. Where can you edit the Department and Age group properties of user one?
A. Only Active Directory, Only Microsoft Entra ID
B. Only Active Directory, Both Microsoft Entra ID and Active Directory
C. Only Microsoft Entra ID, Only Active Directory
D. Both Microsoft Entra ID and Active Directory, Both Microsoft Entra ID and Active Directory

You have two storage accounts in different subscriptions in a Microsoft Entra ID tenant. Given below are two statements about using the azcopy tool to copy data between storage accounts across different platforms. Select Yes if the statement is correct. Else select No.
A. Yes, No
B. Yes, Yes
C. No, No
D. No, Yes

Brainscape's Knowledge GenomeTM

test 9 Flashcards

Brainscape's Knowledge Genome^TM