test12

Question 1

To identify denied data packets to Azure VMs connected via ExpressRoute, which tool should you use?

Answer 1

Azure Network Watcher – IP Flow Verify Tool

IP Flow Verify checks if packets are allowed or denied to/from VMs, unlike Traffic Analytics or Connection Troubleshoot.

Question 2

To protect a web app on Azure from SQL injection and XSS attacks, which service should you use?

Answer 2

Azure Application Gateway

Application Gateway’s Web Application Firewall (WAF) protects against web-based attacks.

Question 3

What are the least permissions needed for an app to copy secrets from appvault89989 to another vault?

Answer 3

Get and List only

The app needs ‘Get’ to fetch secret values and ‘List’ to see available secrets in the source vault.

Question 4

To restrict Azure portal login to on-premises network computers for a user group, what should you use?

Answer 4

Azure AD Conditional Access Policies

Conditional Access Policies can enforce location-based login restrictions.

Question 5

To grant a team temporary permissions to start/stop Azure VMs while minimizing costs, what should you recommend?

Answer 5

Azure AD Privileged Identity Management

PIM provides just-in-time access, reducing costs by limiting permissions.

Question 6

What license is required to use Azure AD Privileged Identity Management for temporary VM permissions?

Answer 6

Azure AD Premium P2

PIM requires Azure AD Premium P2 licenses for advanced identity management features.

Question 7

Which two artifacts can be added to Azure Blueprints?

Answer 7

Resource Groups and Role Assignment

Blueprints support artifacts like resource groups and role assignments.

Question 8

For hosting a Linux Docker container web app with auto-scaling, custom domains, SSL, and minimal admin effort, what should you use?

Answer 8

Azure Web Apps

Web Apps supports Linux containers, auto-scaling, and simplifies management.

Question 9

Which two services can copy 100 GB of on-premises files to Azure Blob Storage?

Answer 9

Azure Import/Export and Azure Data Factory

Import/Export ships physical drives, and Data Factory automates data transfer.

Question 10

For a storage solution storing immutable data for 3 years with minimal access costs, which access tier should you choose?

Answer 10

Hot Access tier

Hot tier minimizes access costs for frequent operations.

Question 11

To ensure data in a storage account remains immutable for 3 years, what should you use?

Answer 11

Container Access Policy

An immutable Blob access policy prevents modifications.

Question 12

To restrict Azure VM deployment to specific regions, what should you use?

Answer 12

Azure Policies

Azure Policies enforce deployment rules like region restrictions.

Question 13

To collect System Log events from Windows Server 2019 Azure VMs, what should you create in Azure?

Answer 13

A Log Analytics Workspace

Log Analytics Workspace stores and analyzes event log data from VMs.

Question 14

What must be installed on Windows Server 2019 VMs to send System Logs to a Log Analytics Workspace?

Answer 14

Microsoft Monitoring Agent

The Microsoft Monitoring Agent collects and sends log data to the workspace.

Question 15

To enable communication between appvm1 and appvm2 in different Azure VNETs, what should you implement?

Answer 15

Virtual Network Peering

VNET Peering connects virtual networks cost-effectively.

Question 16

To minimize costs when running parallel jobs in Azure Batch, what should you recommend?

Answer 16

Low-priority virtual machines

Low-priority VMs reduce costs for Batch workloads.

Question 17

Is the storage cost of demo1.txt (Hot tier) less than demo2.txt (Cool tier) in a GPv2 storage account?

Answer 17

No

Cool tier storage costs less than Hot tier for Blob storage.

Question 18

Can you access demo3.txt in the Archive tier immediately?

Answer 18

No

Archive tier requires rehydration to Hot or Cool tier before access.

Question 19

For deploying a public web app and private Web API container group with minimal admin effort, what should you use?

Answer 19

Azure Container Instances

ACI supports container groups with low overhead.

Question 20

To assess on-premises Hyper-V VM migration to Azure with VM sizing, what should you use?

Answer 20

Azure Migrate

Azure Migrate assesses migration and recommends VM sizes.

Question 21

For processing images in parallel from an Azure Storage Account, what service should you recommend?

Answer 21

Azure Batch

Batch excels at parallel compute tasks like image processing.

Question 22

To evaluate group membership monthly with self-reviews and auto-removal, what should you use?

Answer 22

Azure AD Access Reviews

Access Reviews automate group membership evaluation.

Question 23

For a sender app to broadcast transaction messages to multiple listeners, what should you use?

Answer 23

A Service Bus Topic

Service Bus Topics support publish-subscribe messaging.

Question 24

To migrate an on-premises SQL Server 2014 database to Azure SQL Database, what should you use?

Answer 24

Database Migration Assistant

DMA migrates SQL Server to Azure SQL Database.

Question 25

To migrate an on-premises SQL Server 2014 database to Azure Cosmos DB (SQL API), what should you use?

Answer 25

Azure Cosmos DB Data Migration Tool ## Footnote This tool migrates data to Cosmos DB’s SQL API.

Question 26

To access files in the Archive tier immediately, what must you do?

Answer 26

Change the access tier for the files ## Footnote Files in Archive must be rehydrated to Hot/Cool tier for immediate access.

Question 27

What is the least permission needed for an app to copy secrets into destinationvault1000?

Answer 27

Set only ## Footnote 'Set' allows writing secrets to the destination vault.

Question 28

For load balancing multiple Azure Web Apps globally with rate limiting and region failover, what should you use?

Answer 28

Azure Front Door ## Footnote Front Door provides global load balancing and failover.

Question 29

To minimize scale-out time and admin effort in an Azure Kubernetes cluster, what should you use?

Answer 29

Cluster Autoscaler ## Footnote Cluster Autoscaler automatically scales nodes based on demand.

Question 30

For a web app with a legacy component requiring high availability and minimal cost, what hosting solution should you use?

Answer 30

Azure Virtual Machine Scale Set ## Footnote VM Scale Sets support custom installs and scale for availability.

Question 31

What load balancing solution should you use for a VM Scale Set with a legacy app across data centers?

Answer 31

Azure Load Balancer ## Footnote Load Balancer ensures availability within a region.

Question 32

How should you deploy a VM Scale Set with a legacy app for data center availability?

Answer 32

Across two availability zones ## Footnote Availability zones ensure data center redundancy.

Question 33

What is the strongest consistency level for an Azure Cosmos DB with multi-region writes?

Answer 33

Bounded Staleness ## Footnote Strong consistency isn’t supported with multi-region writes.

Question 34

Which model must Azure SQL Databases use for cost-saving reservations?

Answer 34

vCore-based ## Footnote vCore-based model supports Azure reservations.

Question 35

Can you store data in Azure file shares in a General Purpose V2 storage account (cloudstore1000)?

Answer 35

Yes ## Footnote GPv2 accounts support file shares.

Question 36

Can you store data in Azure file shares in a Premium Block Blob storage account (cloudstore2000)?

Answer 36

No ## Footnote Premium Block Blob accounts don’t support file shares.

Question 37

Can you configure Lifecycle Management for a Premium File Share account (cloudstore3000)?

Answer 37

No ## Footnote Premium File Share accounts don’t support Lifecycle Management.

Question 38

For routing users to a North Europe web app with failover, what should you use?

Answer 38

Azure Traffic Manager ## Footnote Traffic Manager provides global routing with priority to North Europe.

Question 39

What must you do first to associate an ExpressRoute circuit with a Basic Azure Virtual WAN?

Answer 39

Upgrade the Virtual WAN ## Footnote Basic Virtual WAN doesn’t support ExpressRoute.

Question 40

To improve Azure SQL Database performance with minimal effort, what should you use?

Answer 40

Automatic Tuning ## Footnote Automatic Tuning optimizes performance automatically.

Question 41

To store Azure AD sign-in event data for monitoring and alerts, what should you use?

Answer 41

Azure Log Analytics Workspace ## Footnote Log Analytics stores sign-in logs for querying and alerting.

Question 42

Which two methods can track costs by department in an Azure subscription?

Answer 42

Resource Groups per department and Resource Tags ## Footnote Resource groups or tags per department allow cost filtering.

Question 43

For a storage account with immutable data, low latency, and max resiliency, what replication should you choose?

Answer 43

Geo-redundant storage ## Footnote GRS maximizes resiliency across regions.

Question 44

What storage account type offers low latency and immutable data support?

Answer 44

Azure BlockBlob Storage account ## Footnote Premium BlockBlob offers low latency and supports immutable policies.

Question 45

To block legacy authentication in Azure AD Free edition, what should you use?

Answer 45

Azure AD Security Defaults ## Footnote Security Defaults block legacy auth without cost.

Question 46

To prevent Azure AD account lockouts from brute force attacks, what should you use?

Answer 46

Azure AD Smart Lockout ## Footnote Smart Lockout prevents lockouts from brute force attempts.

Question 47

For a 2 TB data store with multi-region reads/writes and consistency options, what should you recommend?

Answer 47

Azure Cosmos DB ## Footnote Cosmos DB supports large data and multi-region access.

Question 48

For storing 5-year database backups with minimal cost, where should you store them?

Answer 48

Azure General Purpose V2 Storage – Archive Access tier ## Footnote Archive tier in GPv2 minimizes cost for rarely accessed backups.

Question 49

What routing method ensures users hit a North Europe web app with failover?

Answer 49

Priority routing method ## Footnote Priority routing in Traffic Manager directs users to North Europe first.

Question 50

Can you direct Azure SQL Database audit logs to a BlockBlobStorage account (appstore3000) in the same region?

Answer 50

Yes ## Footnote BlockBlobStorage supports audit log storage when in the same region as the SQL database.