test10 Flashcards
To enable Resource Manager templates to access secrets in Azure Key Vault during deployment, which setting must be enabled?
Access policies for the Key Vault
Access policies control access to secrets, keys, and certificates, granting permissions to applications or services.
Which Azure service best tracks requests and exceptions to specific lines of code in a .Net Core app on Azure Web Apps?
Azure Application Insights
Application Insights provides detailed telemetry, including request and exception tracking to specific code lines.
Which synchronization methods ensure users don’t enter passwords on corporate machines with AD and Entra ID? (Select two)
PHS (Password Hash Synchronization) and PTA (Pass-Through Authentication)
PHS syncs password hashes, and PTA passes authentication requests to AD.
To notify two admins of >5 security log events in 120 seconds on two VMs with minimal effort, what should you create?
One action group and one alert rule
This setup simplifies management and notifies both admins efficiently.
How can users access an Azure web app via Entra ID from company-owned Windows 10 PCs without authentication prompts?
An Entra ID Application registration
Application registration enables seamless Entra ID authentication without prompts.
To ensure all ExpressRoute resources are created in ‘mynew-rg’ with least privilege, what should you use?
An Azure Policy at the subscription level with an exclusion
This policy enforces resource creation location simply and securely.
For AKS pods to authenticate against AD for Azure resources with granular logs, what’s the best solution?
Enable Azure Workload Identity in each pod as a system-managed identity with reader role at resource group level
Workload Identity provides pod-level AD authentication and logs.
Which Azure service is best for storing semi-structured data with low latency and global high availability?
Azure Cosmos DB
Cosmos DB offers low-latency, high-availability storage for semi-structured data globally.
Does deploying two databases as Azure SQL Managed Instances on one server support server-side transactions across them?
Yes
Azure SQL Managed Instance supports distributed transactions across databases on the same server.
What’s the best approach to transfer 500 GB from an on-premises file server to Azure Storage using Azure Data Factory?
Create a pipeline
A pipeline in Data Factory automates data transfer efficiently.
What must be done first to access a Sample.txt file in an Azure storage account?
Modify the access tier
If archived, the file must be rehydrated to an online tier before access.
For a storage account storing documents and tables with drive mappings and max redundancy, what performance is best?
Standard General Purpose v2
Standard v2 balances cost and performance, supporting drive mappings.
What’s the best managed Spark cluster for nightly SQL data transfers and multi-language analytics in Azure?
Azure Databricks
Databricks provides a managed Spark cluster with multiple language support for analytics.
Which two parameters ensure an IPSCustomers database in Azure SQL scales effectively for workload demands?
Define the maximum of Database Transaction Units and maximum size for a database
DTUs and max size allow dynamic scaling of compute and storage.
Which backup solution meets a 15-minute RPO, 30-day retention, and encryption for an SQL Server on an Azure VM?
Azure Storage account
Storage accounts support Automated Backup with encryption.
Which Azure service maintains reliable performance on a set of VMs?
Azure Scale Sets
Scale Sets auto-scale VM instances based on demand.
Which service ensures applications keep running during a data center failure?
Azure Availability Zones
Availability Zones distribute apps across data centers in a region.
Which Azure service reduces database load and improves access times for an e-commerce app’s product info?
Azure Cache for Redis
Redis caches data in-memory, reducing load and speeding access.
Does a Basic App Service Plan meet auto-scaling and cost-minimization requirements for an Azure Web App?
Yes
Basic plans support auto-scaling based on demand.
How do you enable communication between VMs in two virtual networks using private IPs?
Virtual Network Peering
Peering connects networks for private IP communication.
To handle 200,000 requests in 5 minutes for a Logic App, what should be configured?
Workflow settings
Workflow settings can enable high throughput mode or distribute workload.
What’s the first step to deploy ‘getcloudskillsapp2’ on four DS3 v2 nodes in an AKS cluster?
Create a new node pool
A new node pool specifies the size and number of nodes needed.
How do you ensure continuous deployment to AKS from Azure Container Registry image updates?
Use an Azure DevOps Pipeline
DevOps Pipelines trigger deployments on image updates.
What load balancer supports port forwarding, HTTPS probes, and availability sets from web front end to app tier?
An Internal Azure Standard Load Balancer
Internal Standard Load Balancer meets all requirements.
Does using AzCopy with a storage account replicate Hyper-V VM disks to Azure while keeping them available?
No
AzCopy isn’t designed for live VM migration; Azure Site Recovery is needed.
Which Azure service ensures quick data recovery with minimal downtime for hybrid workloads?
Azure Site Recovery
Site Recovery replicates and fails over workloads.
Which solutions monitor an AKS cluster with metrics, logs, workload performance, and alerts?
Azure Monitor (Log Analytics) Workspaces and Azure Container Insights
Together, they provide comprehensive AKS monitoring.
Why choose a multi-workspace design over a single log workspace for an API app across two regions?
Data location regulations
Regulations may require data to stay in specific regions.
Does a Premium Key Vault with private endpoint and client keys meet FIPS 140-2 Level 3 requirements?
Yes
Premium Key Vault with private endpoint ensures secure key isolation.
Does a Standard Key Vault with public access disabled meet FIPS 140-2 Level 3 requirements?
No
Standard Key Vault lacks the isolation needed for compliance.
Does a Key Vault Managed HSM with private endpoint meet FIPS 140-2 Level 3 requirements?
Yes
Managed HSM provides high availability and compliance.
How can an App Service retrieve SQL DB secrets from Key Vault with least privilege and minimal code changes?
Enable system-assigned Managed Identities in App Services and grant permissions to access Key Vault secrets
Managed Identities securely fetch secrets without code changes.
How do you prevent accidental deletion of Azure resources like an Application Gateway?
Azure Lock at Resource Group Level
Resource locks prevent deletions.
How do you enable hierarchical namespace for an app needing file-level security and analytics?
Upgrade current Storage accounts to Data Lake Gen2
Data Lake Gen2 provides HNS for security and analytics.
What provides temporary read-only access to a private blob for 24 hours monthly?
Shared access signatures (SAS)
SAS offers time-limited, read-only access.
What’s the best service for a data warehouse and big data analytics in Azure?
Azure Synapse Analytics service
Synapse combines warehousing and analytics.
What enhances file share availability across regions for a South American company?
A Storage Account, GRS enabled, containing File shares and Azure File Sync enabled
GRS and File Sync ensure redundancy and access during outages.
How do you mask PII in Azure Synapse Analytics SQL query outputs?
Dynamic data masking
Dynamic data masking hides sensitive data.
Which service transfers Oracle data to Synapse Analytics with Spark and Scala R support?
Azure Databricks
Databricks offers Spark processing and language support.
What’s the best SQL tier for 20 critical databases with 30-day backup retention?
Standard
Standard tier balances cost and features, supporting backups.
Which service meets automatic scalability, millisecond response, and 99.999% availability for a global app?
Azure Cosmos DB
Cosmos DB delivers scalability, speed, and high availability globally.
What’s the most cost-effective disaster recovery solution for VMware VMs with 3-hour RTO and 2-hour RPO?
Azure Site Recovery
Site Recovery meets RTO/RPO targets and enables testing.
Which components meet disaster recovery, monitoring, and geographic load balancing for a .NET app?
Traffic Manager and Application Insights
Traffic Manager handles geographic load balancing, and Insights monitors performance.
What’s the best global caching solution with WAF and geographic content delivery?
Front Door
Front Door offers global CDN, caching, and WAF with OWASP rules.
What PaaS solution fits short-lived processes, database triggers, and scheduled tasks?
Functions
Azure Functions handle event-driven, short-lived tasks efficiently.
What tools calculate TCO and VM sizing for migrating 5,000 VMs and 15 SQL Servers to Azure?
Azure Migrate and Azure Database Migration Service
Migrate assesses TCO and sizing, while DMS handles database migration.
Which AKS networking plugin assigns pod IPs from a different space with NAT and avoids IPv4 exhaustion?
Kubenet
Kubenet provides cost-effective NAT and separate IP spaces.
What components manage VM access with time restrictions, MFA, and auditing?
Just in Time (JIT) Virtual Machine access and conditional access policy for VM Sign-in
JIT limits access timing, and conditional access enforces MFA.
How do you analyze network traffic to VMs over ExpressRoute?
Use IP Flow Verify
IP Flow Verify checks packet allowance/denial.
What load balancer balances non-HTTP(S) traffic on ports 5000 and 1025 between App Services and VMs?
Azure Load Balancer
Load Balancer supports Layer 4 traffic for non-HTTP(S) protocols.
