test9 Flashcards
What solution would you recommend for pre-authentication with Entra ID accounts for an ASP.Net application on Azure VM?
An Entra ID enterprise application
An Entra ID enterprise application integrates seamlessly with Entra ID and ensures authentication before accessing the application.
Which Azure service ensures IT administrators receive alerts for critical conditions in a .Net Core application?
Azure Monitor
Azure Monitor collects and analyzes telemetry data, allowing proactive alerts based on metrics, logs, and events.
What would you suggest for the Procurement department’s unique identity management needs with Premium P2 licenses?
Privileged Identity Management (PIM)
PIM manages and monitors privileged access, enforcing strict controls and least privilege principles.
Which Azure service correlates Azure resource usage with application performance data for a .Net Core app?
Azure Log Analytics
Azure Log Analytics collects and analyzes data from various sources, correlating resource usage with application performance.
What services should be used to enforce least privilege and just-in-time access?
PIM and Access Reviews
PIM enforces just-in-time access, while Access Reviews validate high-level permissions periodically.
What solution minimizes administrative effort for setting up a root management group and role assignments in Azure?
Azure Bicep
Azure Bicep is a declarative language that simplifies deploying Azure resources.
Which Azure Cosmos DB API accommodates JSON documents?
SQL or MongoDB
Both APIs handle JSON documents with native storage and querying capabilities.
Which Azure data store supports JSON items, SQL-like queries, and low latency access?
Azure CosmosDB
Azure CosmosDB supports JSON storage and SQL-like queries with low-latency access.
Which Azure SQL DB model allows independent compute/storage selection?
vCore Mode
The vCore model offers independent compute/storage selection and supports hybrid benefits.
What parameters ensure an Azure SQL Managed Instance handles workload demands?
Define maximum CPU cores and allocated storage
Setting max CPU cores and storage ensures adequate processing and storage capacity.
Where is a Sample.txt file stored in an Azure storage account by default?
The lowest storage cost
Storing at the lowest cost tier is the most cost-effective default option.
How can you mask the ‘Credit Card rating’ column in an Azure SQL database?
Dynamic Data Masking
Dynamic Data Masking shows sensitive data only to authorized users.
What solution automates monthly transfer of web access logs from Azure Blob storage to an Azure SQL database?
Azure Data Factory
Azure Data Factory is designed for automating data movement and transformation.
How do you protect VM3 and VM4 with Azure Recovery Services if VM1 and VM2 use a vault in East US?
Create a new Recovery Services vault
A new vault is needed in the same region as VM3 and VM4.
Can Store3 be converted to a GRS account in Azure?
Yes
Store3 can be converted to GRS for data replication to a secondary region.
Which Azure storage feature recovers accidentally deleted BLOB data up to 14 days?
Soft Delete
Soft Delete allows recovery of deleted BLOB data within a specified timeframe.
During planned maintenance of an Availability Set with 10 VMs, what’s the least number of VMs available?
6
At least 6 VMs remain available during maintenance due to Update Domain distribution.
Does registering Windows Admin Center and configuring Azure Backup prevent data loss for an on-premises file server?
Yes
Azure Backup with Windows Admin Center ensures regular backups to Azure.
Which components are needed in an Azure Logic App to notify an admin of VM setting changes?
Condition control, Action, Azure Event Grid trigger
These components work together to detect changes and notify the admin.
What’s the first step to peer a virtual network (10.1.0.0/16) with another (10.2.0.0/16)?
Modify the address space
Modifying the address space avoids IP overlap, a prerequisite for peering.
How do you restrict VM traffic to only Azure Front Door using load balancing?
Network Security Groups with service tags
NSGs with service tags effectively restrict traffic to Azure Front Door.
Which Azure service load-balances at Layer 7 and protects against SQL injection?
Azure Application Gateway with WAF
Application Gateway with WAF offers Layer 7 load balancing and SQL injection protection.
What protects an Azure API Management instance from DDoS attacks?
Rate Limiting
Rate Limiting restricts request rates to prevent DDoS attacks.
What storage solution replicates container images across multiple AKS clusters?
Azure Container Registry (Premium SKU)
The Premium SKU’s geo-replication automatically syncs images across regions.
How do you prevent the ‘GetCloudSkillsAdmin’ group from assigning external IPs to VMs?
Azure Policy
Azure Policy enforces rules to block external IP assignments.
Where can you restore a Key Vault backup from East US?
To a key vault in the same geography
Key Vault backups must be restored within the same Azure geography.
Which Azure Cosmos DB API manages graph-oriented data?
Gremlin
The Gremlin API is specifically designed for graph data management.
For PTA (Pass-Through Authentication), what is true about AD and Entra ID synchronization?
AD security and password policies can be enforced
PTA forwards authentication to on-premises AD without syncing both ways.
How many rules and action groups are needed in Azure Monitor to email an admin for VM operations?
Three rules, one action group
Three rules monitor each operation, while one action group handles email notifications.
Which service provides a monthly report of all resources in an Azure subscription?
Azure Activity Log
The Activity Log tracks all subscription activities for reporting.
Which synchronization methods allow password-less access to corporate machines via AD and Entra ID?
PHS and PTA
PHS syncs password hashes, while PTA passes authentication requests to AD.
What ensures an Azure Web App authenticates via Entra ID to access Key Vault keys?
Managed Identities
Managed Identities provide an Entra ID-based identity for secure access.
Which service lets the testing team view app components and calls for a .Net Core app on Azure Web Apps?
Application Insights
Application Insights monitors and visualizes app components and dependencies.
Which service stores JSON documents with a globally distributed scalable architecture?
Azure Cosmos DB
Cosmos DB is designed for JSON documents with global distribution and scalability.
What enhances endpoint threat detection for a company with 10,000 users?
Entra ID Protection
Entra ID Protection offers advanced threat detection and remediation.
Which service hosts a data warehouse for nightly SQL Server data migration?
Azure Synapse Analytics
Synapse Analytics integrates with Spark for analytics and hosts data warehouses.
Does Azure SQL Managed Instance support server-side transactions across two databases?
Yes
Managed Instance supports distributed transactions across databases.
For SQL database migration, which Azure service is recommended?
vCore-based Azure SQL Database
vCore offers flexibility and minimal downtime for migration.
How do you mask credit card numbers for IT help desk operators in an Azure SQL database?
Dynamic Data Masking
Dynamic Data Masking shows only the last four digits to operators.
What provides time-limited access to blobs for the finance department in March?
Shared Access Signatures (SAS)
SAS grants temporary access with an expiration date.
Which service ensures high availability for SQL databases on VMs?
Always On availability groups
Always On provides automatic failover for high availability.
What’s true about configuring a failover group for SQL databases?
Secondary server in a different region; potential 5-second data loss
Different regions enhance disaster recovery capabilities.
Does an Azure Recovery Services vault with Backup agent prevent data loss for a Windows Server 2019 file server?
Yes
The vault and agent ensure regular backups to Azure.
Does Windows Server Backup with a Recovery Services vault suffice to prevent data loss for a file server?
No
Additional Azure backups or HA solutions are needed for comprehensive protection.
What configures daily VM backups at 03:00 UTC with 90-day retention in Azure?
Backup Policy
Backup Policy sets the schedule and retention for backups.
How do you restrict Azure SQL DB admin access to specific static IP workstations?
Server Level IP Firewall rules
Firewall rules restrict access to specific IPs effectively.
Does using a storage account and Data Migration Assistant migrate Hyper-V VMs to Azure with disks replicated?
No
Azure Migrate is needed for replicating VM disks to Azure.
What subnet address space supports 20 VMs communicating with an on-premise 186.16.0.0/16 network?
192.168.0.0/24
This address space avoids overlap and supports VPN connectivity.
Which managed service migrates an on-premise MongoDB database to Azure with minimal overhead?
CosmosDB
CosmosDB is a managed service supporting MongoDB migration.
Which Azure service best provides the testing team with visibility into application components for a .Net Core app?
Application Insights
Application Insights enables real-time monitoring and diagnostics.
