test11 Flashcards
To meet Fabrikam’s authentication requirements with a hybrid identity model, what is the minimum number of Microsoft Entra ID tenants and conditional access policies needed?
1 tenant, 2 policies
Fabrikam needs 1 Entra ID tenant for a hybrid identity model with corp.fabrikam.com. Two policies are required: one for MFA on Azure portal access and another to enforce corp.fabrikam.com UPN authentication.
For monitoring a tiered app in Azure Container Instances with synthetic transaction monitoring and minimal effort, what should you use?
Application Insights
Application Insights supports synthetic transaction monitoring to track traffic between app components and requires minimal development effort, unlike Network or Container Insights.
To monitor costs per project across 12 Azure subscriptions with minimal effort, which two components should you include?
Budgets and Resource Tags
Budgets set spending limits per project, and resource tags categorize resources by project, enabling cost tracking in Microsoft Cost Management with minimal administrative overhead.
To forward JSON logs from 100 Windows Server 2022 VMs to a Log Analytics workspace and transform them into a table, what should you use?
Azure Monitor Data Collection Endpoint and KQL Query
The Data Collection Endpoint forwards logs to the workspace, and a KQL Query transforms and stores them in a table, meeting both requirements efficiently.
To collect Windows security events from VMs across five subscriptions with different Entra ID tenants into one Log Analytics workspace using DCRs, what should you recommend?
Azure Lighthouse and Azure Monitor Agent
Azure Lighthouse enables cross-tenant log collection, and Azure Monitor Agent supports DCRs to define which events to collect, fulfilling both requirements.
To automate monthly uploads of web access logs from Azure Blob Storage to Azure SQL Database, what should you recommend?
Azure Data Factory
Azure Data Factory automates data movement and transformation workflows, making it ideal for monthly uploads from Blob Storage to SQL Database, unlike SSMA or AzCopy.
To make on-premises Oracle database data available to Azure Databricks for transformation and loading into Azure Synapse Analytics, which two services should you use?
Azure Data Lake Storage and Azure Data Factory
Data Lake Storage stores the data for Databricks access, and Data Factory transfers it from the on-premises Oracle database, enabling the transformation pipeline.
To enable asynchronous XML message communication between Azure cloud services for a sales app, what should you recommend?
Azure Queue Storage
Queue Storage supports asynchronous messaging with XML, ideal for decoupling order processing services, unlike Notification Hubs or Traffic Manager.
For storing 50 MB to 12 GB video files with certificate-based authentication and fast read performance at minimal cost, what storage option should you recommend?
Azure Blob Storage
Blob Storage is optimized for large unstructured data like videos, offering high read performance and cost efficiency, unlike Files or SQL Database.
To grant Entra ID group1 least privilege access to blobs in storage123, which two built-in roles should you assign?
Storage Blob Data Reader and Storage Blob Data Contributor
Reader provides read-only access, and Contributor allows read/write/delete, adhering to least privilege for specific blob access needs.
To ensure users are served by the same web server for every request behind an Azure Load Balancer, what distribution mode should you configure?
Session persistence based on Client IP
Client IP-based persistence ensures consistent routing to the same server, maintaining session state, unlike idle timeout or floating IP options.
For migrating a large on-premises database to Azure with minimal downtime, which strategy should you recommend?
Online migration using Azure Database Migration Service
Online migration with DMS replicates data continuously, minimizing downtime for mission-critical databases, unlike offline or backup methods.
For a financial services company needing encrypted, ACID-compliant, and scalable transactional data storage, which Azure service should you recommend?
Azure SQL Database
SQL Database supports ACID transactions, encryption at rest and in transit, and high availability/scalability, unlike Cosmos DB or Blob Storage.
For a data store with JSON items, SQL-like queries, and low-latency access, which service should you consider?
Azure Cosmos DB
Cosmos DB supports JSON storage, SQL API queries, and low-latency access, making it ideal over Blob Storage or Redis for this use case.
To recover accidentally deleted blobs within 14 days in an Azure storage account, which feature should you use?
Azure Soft Delete
Soft Delete retains deleted blobs for a set period (e.g., 14 days), enabling recovery, unlike Backup or Versioning which serve different purposes.
For massive unstructured data with hierarchical organization and POSIX ACLs, which storage technology is best?
Azure Data Lake Gen2
Data Lake Gen2 offers hierarchical namespaces and POSIX-style ACLs, ideal for big data needs, unlike Blob Storage or Files.
For a 6 TB on-premises file share growing by 3 TB yearly with transaction-heavy workload and no low-latency need, which storage tier should you deploy?
Transaction optimized
Transaction optimized tier supports high transaction workloads cost-effectively, unlike Cool or Premium tiers.
How does Azure SQL Database sharding split identically structured data across databases?
Shard Key
Shard keys enable horizontal partitioning by distributing data based on a key, unlike shard tables or sets.
To grant ten finance users access to blobs for April only, which security solution should you recommend?
Shared Access Signatures (SAS)
SAS provides temporary, permission-limited access (e.g., April), unlike conditional access or access keys which lack time specificity.
For complex Python data transformations in Azure Synapse Analytics, which component should the data engineering team use?
Apache Spark pool
Spark pool supports Python for complex transformations, unlike SQL pools or Data Explorer, which focus on querying.
What query language does Azure Data Explorer use for data visualizations?
KQL
KQL (Kusto Query Language) is optimized for fast data exploration and visualizations in Azure Data Explorer, unlike T-SQL.
Which metrics are crucial for designing a disaster recovery solution with minimal data loss and quick recovery?
RTO and RPO
RTO (Recovery Time Objective) and RPO (Recovery Point Objective) measure downtime and data loss, critical for DR, unlike RPS or CPU metrics.
Which Azure Site Recovery feature allows disaster recovery drills without affecting production?
Failover Test
Failover Test simulates recovery without impacting production, ensuring compliance and readiness, unlike Pilot Light or GRS.
For a high-availability SQL Server solution on Azure VMs without shared storage during patching, what should you recommend?
Always On Availability Groups
Always On Availability Groups ensure availability without shared storage, unlike FCI or backup options.
What is the default timeout for Consumption Plan Azure Functions?
300 seconds
Consumption Plan functions default to a 300-second timeout, unlike other plans with a 30-minute default.
To restrict VM creation to specific regions and sizes for developers, what should you recommend?
Azure Policy
Azure Policy enforces rules like region and size restrictions on VM creation, unlike ARM templates or RBAC.
To migrate an on-premises SQL Server 2008 database to Azure SQL Managed Instance with minimal downtime, what should you use?
Azure Data Studio
Azure Data Studio supports migrating SQL Server 2008 to Managed Instances with minimal downtime, unlike Azure Migrate.
For an Azure Functions app reading subscription activity logs with minimal admin effort, what authentication should you recommend?
System-assigned managed identities
System-assigned managed identities auto-manage authentication, reducing effort, unlike SAS or app registration.
To automate ETL from 12 on-premises SQL, MySQL, and Oracle databases to Azure Data Lake Storage, what should you recommend?
Azure Data Factory
Data Factory automates ETL across diverse sources with minimal effort, unlike Data Explorer or Studio.
To retain the last version of an hourly-updated File1.txt for 30 days with minimal storage, what should you use?
Blob Versioning
Blob versioning keeps previous versions efficiently, allowing 30-day recovery, unlike soft delete or snapshots.
How should you configure an Azure Policy to enable TDE on noncompliant SQL databases using an ARM template?
DeployIfNotExists and RBAC roles for remediation
DeployIfNotExists deploys TDE if missing, and RBAC roles ensure permissions for remediation, not Modify effect.
What is the minimum number of Azure Monitor workspaces needed for Network Insights, Application Insights, Sentinel, and VM Insights managed by one team?
1
A single Log Analytics workspace can collect data from all these monitoring solutions, simplifying management.
To ensure only privileged users view PII in an Azure SQL database, what should you include?
Dynamic Data Masking
Dynamic data masking hides PII in query results for non-privileged users, unlike TDE or RBAC.
To provision and manage an HPC cluster in Azure with a third-party scheduler, what should you recommend?
Azure CycleCloud
CycleCloud supports HPC clusters with third-party schedulers and autoscaling, unlike Automation or Lighthouse.
To protect a web app on Azure VMs from SQL injection with a layer-7 load balancer and minimal code changes, what should you use?
Azure Application Gateway with WAF
Application Gateway (Layer 7) with Web Application Firewall protects against SQL injection without code disruption.
What should Fabrikam use to ensure WebApp1 content is updated from a single point?
Azure App Service with deployment slots
Deployment slots allow centralized content updates swapped into production, aligning with Fabrikam’s requirements.
How can Fabrikam minimize user input when provisioning new WebApp1 instances?
Azure Resource Manager (ARM) templates
ARM templates automate provisioning with predefined settings, reducing manual input per Fabrikam’s needs.
To use existing on-premises licenses for WebApp1 in Azure, what should Fabrikam leverage?
Azure Hybrid Benefit
Azure Hybrid Benefit uses Software Assurance licenses to reduce Azure costs, meeting Fabrikam’s requirement.
How should Fabrikam ensure Azure VM authentication during an on-premises link failure?
Azure AD Domain Services with cached credentials
Cached credentials in Azure AD DS allow authentication if the link to corp.fabrikam.com fails.
What should Fabrikam use to make WebApp1 database metrics available for analysis?
Azure Monitor for SQL Databases
Azure Monitor collects database metrics for performance optimization, per Fabrikam’s requirements.
How can Fabrikam minimize database downtime during WebApp1 migration?
Azure Database Migration Service (online migration)
DMS supports online migration, minimizing customer disruption per Fabrikam’s database requirements.
What ensures Fabrikam retains WebApp1 database backups for seven years?
Azure SQL Database Long-Term Retention
Long-Term Retention stores backups for up to 10 years, meeting the seven-year compliance need.
How should Fabrikam secure company data from external access?
Azure Private Link
Private Link restricts access to Azure services within the company’s network, meeting security requirements.
What ensures Fabrikam admins use MFA for Azure portal access?
Conditional Access Policy with MFA
A Conditional Access policy enforces MFA for portal access using corp.fabrikam.com credentials.
How can Fabrikam test WebApp1 updates without external visibility?
Azure App Service staging slots
Staging slots allow internal testing before swapping to production, keeping updates private.
What redundancy should Fabrikam implement for WebApp1 in case of an Azure region failure?
Multi-region deployment with Azure Traffic Manager
Traffic Manager routes traffic across regions, ensuring redundancy per Fabrikam’s requirements.
How should Fabrikam deploy WebApp1 to use the Standard pricing tier?
Azure App Service Standard Plan
The Standard tier meets Fabrikam’s preference for cost-effective, scalable deployment.
What notifies Fabrikam’s IT Support group of directory sync issues?
Azure Monitor Alerts
Alerts can notify the IT Support email group of synchronization problems, per requirements.
How should Fabrikam handle unpredictable WebApp1 usage to optimize resources?
Auto-scaling in Azure App Service
Auto-scaling adjusts resources based on demand, addressing peak delays and underutilization.
What ensures Fabrikam’s R&D remains on-premises while syncing with Azure AD?
Azure AD Connect with staging mode
Azure AD Connect syncs corp.fabrikam.com, while R&D stays on rd.fabrikam.com without Azure sync.
