test12 Flashcards
To identify denied data packets to Azure VMs connected via ExpressRoute, which tool should you use?
Azure Network Watcher – IP Flow Verify Tool
IP Flow Verify checks if packets are allowed or denied to/from VMs, unlike Traffic Analytics or Connection Troubleshoot.
To protect a web app on Azure from SQL injection and XSS attacks, which service should you use?
Azure Application Gateway
Application Gateway’s Web Application Firewall (WAF) protects against web-based attacks.
What are the least permissions needed for an app to copy secrets from appvault89989 to another vault?
Get and List only
The app needs ‘Get’ to fetch secret values and ‘List’ to see available secrets in the source vault.
To restrict Azure portal login to on-premises network computers for a user group, what should you use?
Azure AD Conditional Access Policies
Conditional Access Policies can enforce location-based login restrictions.
To grant a team temporary permissions to start/stop Azure VMs while minimizing costs, what should you recommend?
Azure AD Privileged Identity Management
PIM provides just-in-time access, reducing costs by limiting permissions.
What license is required to use Azure AD Privileged Identity Management for temporary VM permissions?
Azure AD Premium P2
PIM requires Azure AD Premium P2 licenses for advanced identity management features.
Which two artifacts can be added to Azure Blueprints?
Resource Groups and Role Assignment
Blueprints support artifacts like resource groups and role assignments.
For hosting a Linux Docker container web app with auto-scaling, custom domains, SSL, and minimal admin effort, what should you use?
Azure Web Apps
Web Apps supports Linux containers, auto-scaling, and simplifies management.
Which two services can copy 100 GB of on-premises files to Azure Blob Storage?
Azure Import/Export and Azure Data Factory
Import/Export ships physical drives, and Data Factory automates data transfer.
For a storage solution storing immutable data for 3 years with minimal access costs, which access tier should you choose?
Hot Access tier
Hot tier minimizes access costs for frequent operations.
To ensure data in a storage account remains immutable for 3 years, what should you use?
Container Access Policy
An immutable Blob access policy prevents modifications.
To restrict Azure VM deployment to specific regions, what should you use?
Azure Policies
Azure Policies enforce deployment rules like region restrictions.
To collect System Log events from Windows Server 2019 Azure VMs, what should you create in Azure?
A Log Analytics Workspace
Log Analytics Workspace stores and analyzes event log data from VMs.
What must be installed on Windows Server 2019 VMs to send System Logs to a Log Analytics Workspace?
Microsoft Monitoring Agent
The Microsoft Monitoring Agent collects and sends log data to the workspace.
To enable communication between appvm1 and appvm2 in different Azure VNETs, what should you implement?
Virtual Network Peering
VNET Peering connects virtual networks cost-effectively.
To minimize costs when running parallel jobs in Azure Batch, what should you recommend?
Low-priority virtual machines
Low-priority VMs reduce costs for Batch workloads.
Is the storage cost of demo1.txt (Hot tier) less than demo2.txt (Cool tier) in a GPv2 storage account?
No
Cool tier storage costs less than Hot tier for Blob storage.
Can you access demo3.txt in the Archive tier immediately?
No
Archive tier requires rehydration to Hot or Cool tier before access.
For deploying a public web app and private Web API container group with minimal admin effort, what should you use?
Azure Container Instances
ACI supports container groups with low overhead.
To assess on-premises Hyper-V VM migration to Azure with VM sizing, what should you use?
Azure Migrate
Azure Migrate assesses migration and recommends VM sizes.
For processing images in parallel from an Azure Storage Account, what service should you recommend?
Azure Batch
Batch excels at parallel compute tasks like image processing.
To evaluate group membership monthly with self-reviews and auto-removal, what should you use?
Azure AD Access Reviews
Access Reviews automate group membership evaluation.
For a sender app to broadcast transaction messages to multiple listeners, what should you use?
A Service Bus Topic
Service Bus Topics support publish-subscribe messaging.
To migrate an on-premises SQL Server 2014 database to Azure SQL Database, what should you use?
Database Migration Assistant
DMA migrates SQL Server to Azure SQL Database.
To migrate an on-premises SQL Server 2014 database to Azure Cosmos DB (SQL API), what should you use?
Azure Cosmos DB Data Migration Tool
This tool migrates data to Cosmos DB’s SQL API.
To access files in the Archive tier immediately, what must you do?
Change the access tier for the files
Files in Archive must be rehydrated to Hot/Cool tier for immediate access.
What is the least permission needed for an app to copy secrets into destinationvault1000?
Set only
‘Set’ allows writing secrets to the destination vault.
For load balancing multiple Azure Web Apps globally with rate limiting and region failover, what should you use?
Azure Front Door
Front Door provides global load balancing and failover.
To minimize scale-out time and admin effort in an Azure Kubernetes cluster, what should you use?
Cluster Autoscaler
Cluster Autoscaler automatically scales nodes based on demand.
For a web app with a legacy component requiring high availability and minimal cost, what hosting solution should you use?
Azure Virtual Machine Scale Set
VM Scale Sets support custom installs and scale for availability.
What load balancing solution should you use for a VM Scale Set with a legacy app across data centers?
Azure Load Balancer
Load Balancer ensures availability within a region.
How should you deploy a VM Scale Set with a legacy app for data center availability?
Across two availability zones
Availability zones ensure data center redundancy.
What is the strongest consistency level for an Azure Cosmos DB with multi-region writes?
Bounded Staleness
Strong consistency isn’t supported with multi-region writes.
Which model must Azure SQL Databases use for cost-saving reservations?
vCore-based
vCore-based model supports Azure reservations.
Can you store data in Azure file shares in a General Purpose V2 storage account (cloudstore1000)?
Yes
GPv2 accounts support file shares.
Can you store data in Azure file shares in a Premium Block Blob storage account (cloudstore2000)?
No
Premium Block Blob accounts don’t support file shares.
Can you configure Lifecycle Management for a Premium File Share account (cloudstore3000)?
No
Premium File Share accounts don’t support Lifecycle Management.
For routing users to a North Europe web app with failover, what should you use?
Azure Traffic Manager
Traffic Manager provides global routing with priority to North Europe.
What must you do first to associate an ExpressRoute circuit with a Basic Azure Virtual WAN?
Upgrade the Virtual WAN
Basic Virtual WAN doesn’t support ExpressRoute.
To improve Azure SQL Database performance with minimal effort, what should you use?
Automatic Tuning
Automatic Tuning optimizes performance automatically.
To store Azure AD sign-in event data for monitoring and alerts, what should you use?
Azure Log Analytics Workspace
Log Analytics stores sign-in logs for querying and alerting.
Which two methods can track costs by department in an Azure subscription?
Resource Groups per department and Resource Tags
Resource groups or tags per department allow cost filtering.
For a storage account with immutable data, low latency, and max resiliency, what replication should you choose?
Geo-redundant storage
GRS maximizes resiliency across regions.
What storage account type offers low latency and immutable data support?
Azure BlockBlob Storage account
Premium BlockBlob offers low latency and supports immutable policies.
To block legacy authentication in Azure AD Free edition, what should you use?
Azure AD Security Defaults
Security Defaults block legacy auth without cost.
To prevent Azure AD account lockouts from brute force attacks, what should you use?
Azure AD Smart Lockout
Smart Lockout prevents lockouts from brute force attempts.
For a 2 TB data store with multi-region reads/writes and consistency options, what should you recommend?
Azure Cosmos DB
Cosmos DB supports large data and multi-region access.
For storing 5-year database backups with minimal cost, where should you store them?
Azure General Purpose V2 Storage – Archive Access tier
Archive tier in GPv2 minimizes cost for rarely accessed backups.
What routing method ensures users hit a North Europe web app with failover?
Priority routing method
Priority routing in Traffic Manager directs users to North Europe first.
Can you direct Azure SQL Database audit logs to a BlockBlobStorage account (appstore3000) in the same region?
Yes
BlockBlobStorage supports audit log storage when in the same region as the SQL database.
