test10

Question 1

To enable Resource Manager templates to access secrets in Azure Key Vault during deployment, which setting must be enabled?

Answer 1

Access policies for the Key Vault

Access policies control access to secrets, keys, and certificates, granting permissions to applications or services.

Question 2

Which Azure service best tracks requests and exceptions to specific lines of code in a .Net Core app on Azure Web Apps?

Answer 2

Azure Application Insights

Application Insights provides detailed telemetry, including request and exception tracking to specific code lines.

Question 3

Which synchronization methods ensure users don’t enter passwords on corporate machines with AD and Entra ID? (Select two)

Answer 3

PHS (Password Hash Synchronization) and PTA (Pass-Through Authentication)

PHS syncs password hashes, and PTA passes authentication requests to AD.

Question 4

To notify two admins of >5 security log events in 120 seconds on two VMs with minimal effort, what should you create?

Answer 4

One action group and one alert rule

This setup simplifies management and notifies both admins efficiently.

Question 5

How can users access an Azure web app via Entra ID from company-owned Windows 10 PCs without authentication prompts?

Answer 5

An Entra ID Application registration

Application registration enables seamless Entra ID authentication without prompts.

Question 6

To ensure all ExpressRoute resources are created in ‘mynew-rg’ with least privilege, what should you use?

Answer 6

An Azure Policy at the subscription level with an exclusion

This policy enforces resource creation location simply and securely.

Question 7

For AKS pods to authenticate against AD for Azure resources with granular logs, what’s the best solution?

Answer 7

Enable Azure Workload Identity in each pod as a system-managed identity with reader role at resource group level

Workload Identity provides pod-level AD authentication and logs.

Question 8

Which Azure service is best for storing semi-structured data with low latency and global high availability?

Answer 8

Azure Cosmos DB

Cosmos DB offers low-latency, high-availability storage for semi-structured data globally.

Question 9

Does deploying two databases as Azure SQL Managed Instances on one server support server-side transactions across them?

Answer 9

Yes

Azure SQL Managed Instance supports distributed transactions across databases on the same server.

Question 10

What’s the best approach to transfer 500 GB from an on-premises file server to Azure Storage using Azure Data Factory?

Answer 10

Create a pipeline

A pipeline in Data Factory automates data transfer efficiently.

Question 11

What must be done first to access a Sample.txt file in an Azure storage account?

Answer 11

Modify the access tier

If archived, the file must be rehydrated to an online tier before access.

Question 12

For a storage account storing documents and tables with drive mappings and max redundancy, what performance is best?

Answer 12

Standard General Purpose v2

Standard v2 balances cost and performance, supporting drive mappings.

Question 13

What’s the best managed Spark cluster for nightly SQL data transfers and multi-language analytics in Azure?

Answer 13

Azure Databricks

Databricks provides a managed Spark cluster with multiple language support for analytics.

Question 14

Which two parameters ensure an IPSCustomers database in Azure SQL scales effectively for workload demands?

Answer 14

Define the maximum of Database Transaction Units and maximum size for a database

DTUs and max size allow dynamic scaling of compute and storage.

Question 15

Which backup solution meets a 15-minute RPO, 30-day retention, and encryption for an SQL Server on an Azure VM?

Answer 15

Azure Storage account

Storage accounts support Automated Backup with encryption.

Question 16

Which Azure service maintains reliable performance on a set of VMs?

Answer 16

Azure Scale Sets

Scale Sets auto-scale VM instances based on demand.

Question 17

Which service ensures applications keep running during a data center failure?

Answer 17

Azure Availability Zones

Availability Zones distribute apps across data centers in a region.

Question 18

Which Azure service reduces database load and improves access times for an e-commerce app’s product info?

Answer 18

Azure Cache for Redis

Redis caches data in-memory, reducing load and speeding access.

Question 19

Does a Basic App Service Plan meet auto-scaling and cost-minimization requirements for an Azure Web App?

Answer 19

Yes

Basic plans support auto-scaling based on demand.

Question 20

How do you enable communication between VMs in two virtual networks using private IPs?

Answer 20

Virtual Network Peering

Peering connects networks for private IP communication.

Question 21

To handle 200,000 requests in 5 minutes for a Logic App, what should be configured?

Answer 21

Workflow settings

Workflow settings can enable high throughput mode or distribute workload.

Question 22

What’s the first step to deploy ‘getcloudskillsapp2’ on four DS3 v2 nodes in an AKS cluster?

Answer 22

Create a new node pool

A new node pool specifies the size and number of nodes needed.

Question 23

How do you ensure continuous deployment to AKS from Azure Container Registry image updates?

Answer 23

Use an Azure DevOps Pipeline

DevOps Pipelines trigger deployments on image updates.

Question 24

What load balancer supports port forwarding, HTTPS probes, and availability sets from web front end to app tier?

Answer 24

An Internal Azure Standard Load Balancer

Internal Standard Load Balancer meets all requirements.

Question 25

Does using AzCopy with a storage account replicate Hyper-V VM disks to Azure while keeping them available?

Answer 25

No ## Footnote AzCopy isn’t designed for live VM migration; Azure Site Recovery is needed.

Question 26

Which Azure service ensures quick data recovery with minimal downtime for hybrid workloads?

Answer 26

Azure Site Recovery ## Footnote Site Recovery replicates and fails over workloads.

Question 27

Which solutions monitor an AKS cluster with metrics, logs, workload performance, and alerts?

Answer 27

Azure Monitor (Log Analytics) Workspaces and Azure Container Insights ## Footnote Together, they provide comprehensive AKS monitoring.

Question 28

Why choose a multi-workspace design over a single log workspace for an API app across two regions?

Answer 28

Data location regulations ## Footnote Regulations may require data to stay in specific regions.

Question 29

Does a Premium Key Vault with private endpoint and client keys meet FIPS 140-2 Level 3 requirements?

Answer 29

Yes ## Footnote Premium Key Vault with private endpoint ensures secure key isolation.

Question 30

Does a Standard Key Vault with public access disabled meet FIPS 140-2 Level 3 requirements?

Answer 30

No ## Footnote Standard Key Vault lacks the isolation needed for compliance.

Question 31

Does a Key Vault Managed HSM with private endpoint meet FIPS 140-2 Level 3 requirements?

Answer 31

Yes ## Footnote Managed HSM provides high availability and compliance.

Question 32

How can an App Service retrieve SQL DB secrets from Key Vault with least privilege and minimal code changes?

Answer 32

Enable system-assigned Managed Identities in App Services and grant permissions to access Key Vault secrets ## Footnote Managed Identities securely fetch secrets without code changes.

Question 33

How do you prevent accidental deletion of Azure resources like an Application Gateway?

Answer 33

Azure Lock at Resource Group Level ## Footnote Resource locks prevent deletions.

Question 34

How do you enable hierarchical namespace for an app needing file-level security and analytics?

Answer 34

Upgrade current Storage accounts to Data Lake Gen2 ## Footnote Data Lake Gen2 provides HNS for security and analytics.

Question 35

What provides temporary read-only access to a private blob for 24 hours monthly?

Answer 35

Shared access signatures (SAS) ## Footnote SAS offers time-limited, read-only access.

Question 36

What’s the best service for a data warehouse and big data analytics in Azure?

Answer 36

Azure Synapse Analytics service ## Footnote Synapse combines warehousing and analytics.

Question 37

What enhances file share availability across regions for a South American company?

Answer 37

A Storage Account, GRS enabled, containing File shares and Azure File Sync enabled ## Footnote GRS and File Sync ensure redundancy and access during outages.

Question 38

How do you mask PII in Azure Synapse Analytics SQL query outputs?

Answer 38

Dynamic data masking ## Footnote Dynamic data masking hides sensitive data.

Question 39

Which service transfers Oracle data to Synapse Analytics with Spark and Scala R support?

Answer 39

Azure Databricks ## Footnote Databricks offers Spark processing and language support.

Question 40

What’s the best SQL tier for 20 critical databases with 30-day backup retention?

Answer 40

Standard ## Footnote Standard tier balances cost and features, supporting backups.

Question 41

Which service meets automatic scalability, millisecond response, and 99.999% availability for a global app?

Answer 41

Azure Cosmos DB ## Footnote Cosmos DB delivers scalability, speed, and high availability globally.

Question 42

What’s the most cost-effective disaster recovery solution for VMware VMs with 3-hour RTO and 2-hour RPO?

Answer 42

Azure Site Recovery ## Footnote Site Recovery meets RTO/RPO targets and enables testing.

Question 43

Which components meet disaster recovery, monitoring, and geographic load balancing for a .NET app?

Answer 43

Traffic Manager and Application Insights ## Footnote Traffic Manager handles geographic load balancing, and Insights monitors performance.

Question 44

What’s the best global caching solution with WAF and geographic content delivery?

Answer 44

Front Door ## Footnote Front Door offers global CDN, caching, and WAF with OWASP rules.

Question 45

What PaaS solution fits short-lived processes, database triggers, and scheduled tasks?

Answer 45

Functions ## Footnote Azure Functions handle event-driven, short-lived tasks efficiently.

Question 46

What tools calculate TCO and VM sizing for migrating 5,000 VMs and 15 SQL Servers to Azure?

Answer 46

Azure Migrate and Azure Database Migration Service ## Footnote Migrate assesses TCO and sizing, while DMS handles database migration.

Question 47

Which AKS networking plugin assigns pod IPs from a different space with NAT and avoids IPv4 exhaustion?

Answer 47

Kubenet ## Footnote Kubenet provides cost-effective NAT and separate IP spaces.

Question 48

What components manage VM access with time restrictions, MFA, and auditing?

Answer 48

Just in Time (JIT) Virtual Machine access and conditional access policy for VM Sign-in ## Footnote JIT limits access timing, and conditional access enforces MFA.

Question 49

How do you analyze network traffic to VMs over ExpressRoute?

Answer 49

Use IP Flow Verify ## Footnote IP Flow Verify checks packet allowance/denial.

Question 50

What load balancer balances non-HTTP(S) traffic on ports 5000 and 1025 between App Services and VMs?

Answer 50

Azure Load Balancer ## Footnote Load Balancer supports Layer 4 traffic for non-HTTP(S) protocols.