test9

Question 1

What solution would you recommend for pre-authentication with Entra ID accounts for an ASP.Net application on Azure VM?

Answer 1

An Entra ID enterprise application

An Entra ID enterprise application integrates seamlessly with Entra ID and ensures authentication before accessing the application.

Question 2

Which Azure service ensures IT administrators receive alerts for critical conditions in a .Net Core application?

Answer 2

Azure Monitor

Azure Monitor collects and analyzes telemetry data, allowing proactive alerts based on metrics, logs, and events.

Question 3

What would you suggest for the Procurement department’s unique identity management needs with Premium P2 licenses?

Answer 3

Privileged Identity Management (PIM)

PIM manages and monitors privileged access, enforcing strict controls and least privilege principles.

Question 4

Which Azure service correlates Azure resource usage with application performance data for a .Net Core app?

Answer 4

Azure Log Analytics

Azure Log Analytics collects and analyzes data from various sources, correlating resource usage with application performance.

Question 5

What services should be used to enforce least privilege and just-in-time access?

Answer 5

PIM and Access Reviews

PIM enforces just-in-time access, while Access Reviews validate high-level permissions periodically.

Question 6

What solution minimizes administrative effort for setting up a root management group and role assignments in Azure?

Answer 6

Azure Bicep

Azure Bicep is a declarative language that simplifies deploying Azure resources.

Question 7

Which Azure Cosmos DB API accommodates JSON documents?

Answer 7

SQL or MongoDB

Both APIs handle JSON documents with native storage and querying capabilities.

Question 8

Which Azure data store supports JSON items, SQL-like queries, and low latency access?

Answer 8

Azure CosmosDB

Azure CosmosDB supports JSON storage and SQL-like queries with low-latency access.

Question 9

Which Azure SQL DB model allows independent compute/storage selection?

Answer 9

vCore Mode

The vCore model offers independent compute/storage selection and supports hybrid benefits.

Question 10

What parameters ensure an Azure SQL Managed Instance handles workload demands?

Answer 10

Define maximum CPU cores and allocated storage

Setting max CPU cores and storage ensures adequate processing and storage capacity.

Question 11

Where is a Sample.txt file stored in an Azure storage account by default?

Answer 11

The lowest storage cost

Storing at the lowest cost tier is the most cost-effective default option.

Question 12

How can you mask the ‘Credit Card rating’ column in an Azure SQL database?

Answer 12

Dynamic Data Masking

Dynamic Data Masking shows sensitive data only to authorized users.

Question 13

What solution automates monthly transfer of web access logs from Azure Blob storage to an Azure SQL database?

Answer 13

Azure Data Factory

Azure Data Factory is designed for automating data movement and transformation.

Question 14

How do you protect VM3 and VM4 with Azure Recovery Services if VM1 and VM2 use a vault in East US?

Answer 14

Create a new Recovery Services vault

A new vault is needed in the same region as VM3 and VM4.

Question 15

Can Store3 be converted to a GRS account in Azure?

Answer 15

Yes

Store3 can be converted to GRS for data replication to a secondary region.

Question 16

Which Azure storage feature recovers accidentally deleted BLOB data up to 14 days?

Answer 16

Soft Delete

Soft Delete allows recovery of deleted BLOB data within a specified timeframe.

Question 17

During planned maintenance of an Availability Set with 10 VMs, what’s the least number of VMs available?

Answer 17

6

At least 6 VMs remain available during maintenance due to Update Domain distribution.

Question 18

Does registering Windows Admin Center and configuring Azure Backup prevent data loss for an on-premises file server?

Answer 18

Yes

Azure Backup with Windows Admin Center ensures regular backups to Azure.

Question 19

Which components are needed in an Azure Logic App to notify an admin of VM setting changes?

Answer 19

Condition control, Action, Azure Event Grid trigger

These components work together to detect changes and notify the admin.

Question 20

What’s the first step to peer a virtual network (10.1.0.0/16) with another (10.2.0.0/16)?

Answer 20

Modify the address space

Modifying the address space avoids IP overlap, a prerequisite for peering.

Question 21

How do you restrict VM traffic to only Azure Front Door using load balancing?

Answer 21

Network Security Groups with service tags

NSGs with service tags effectively restrict traffic to Azure Front Door.

Question 22

Which Azure service load-balances at Layer 7 and protects against SQL injection?

Answer 22

Azure Application Gateway with WAF

Application Gateway with WAF offers Layer 7 load balancing and SQL injection protection.

Question 23

What protects an Azure API Management instance from DDoS attacks?

Answer 23

Rate Limiting

Rate Limiting restricts request rates to prevent DDoS attacks.

Question 24

What storage solution replicates container images across multiple AKS clusters?

Answer 24

Azure Container Registry (Premium SKU)

The Premium SKU’s geo-replication automatically syncs images across regions.

Question 25

How do you prevent the 'GetCloudSkillsAdmin' group from assigning external IPs to VMs?

Answer 25

Azure Policy ## Footnote Azure Policy enforces rules to block external IP assignments.

Question 26

Where can you restore a Key Vault backup from East US?

Answer 26

To a key vault in the same geography ## Footnote Key Vault backups must be restored within the same Azure geography.

Question 27

Which Azure Cosmos DB API manages graph-oriented data?

Answer 27

Gremlin ## Footnote The Gremlin API is specifically designed for graph data management.

Question 28

For PTA (Pass-Through Authentication), what is true about AD and Entra ID synchronization?

Answer 28

AD security and password policies can be enforced ## Footnote PTA forwards authentication to on-premises AD without syncing both ways.

Question 29

How many rules and action groups are needed in Azure Monitor to email an admin for VM operations?

Answer 29

Three rules, one action group ## Footnote Three rules monitor each operation, while one action group handles email notifications.

Question 30

Which service provides a monthly report of all resources in an Azure subscription?

Answer 30

Azure Activity Log ## Footnote The Activity Log tracks all subscription activities for reporting.

Question 31

Which synchronization methods allow password-less access to corporate machines via AD and Entra ID?

Answer 31

PHS and PTA ## Footnote PHS syncs password hashes, while PTA passes authentication requests to AD.

Question 32

What ensures an Azure Web App authenticates via Entra ID to access Key Vault keys?

Answer 32

Managed Identities ## Footnote Managed Identities provide an Entra ID-based identity for secure access.

Question 33

Which service lets the testing team view app components and calls for a .Net Core app on Azure Web Apps?

Answer 33

Application Insights ## Footnote Application Insights monitors and visualizes app components and dependencies.

Question 34

Which service stores JSON documents with a globally distributed scalable architecture?

Answer 34

Azure Cosmos DB ## Footnote Cosmos DB is designed for JSON documents with global distribution and scalability.

Question 35

What enhances endpoint threat detection for a company with 10,000 users?

Answer 35

Entra ID Protection ## Footnote Entra ID Protection offers advanced threat detection and remediation.

Question 36

Which service hosts a data warehouse for nightly SQL Server data migration?

Answer 36

Azure Synapse Analytics ## Footnote Synapse Analytics integrates with Spark for analytics and hosts data warehouses.

Question 37

Does Azure SQL Managed Instance support server-side transactions across two databases?

Answer 37

Yes ## Footnote Managed Instance supports distributed transactions across databases.

Question 38

For SQL database migration, which Azure service is recommended?

Answer 38

vCore-based Azure SQL Database ## Footnote vCore offers flexibility and minimal downtime for migration.

Question 39

How do you mask credit card numbers for IT help desk operators in an Azure SQL database?

Answer 39

Dynamic Data Masking ## Footnote Dynamic Data Masking shows only the last four digits to operators.

Question 40

What provides time-limited access to blobs for the finance department in March?

Answer 40

Shared Access Signatures (SAS) ## Footnote SAS grants temporary access with an expiration date.

Question 41

Which service ensures high availability for SQL databases on VMs?

Answer 41

Always On availability groups ## Footnote Always On provides automatic failover for high availability.

Question 42

What’s true about configuring a failover group for SQL databases?

Answer 42

Secondary server in a different region; potential 5-second data loss ## Footnote Different regions enhance disaster recovery capabilities.

Question 43

Does an Azure Recovery Services vault with Backup agent prevent data loss for a Windows Server 2019 file server?

Answer 43

Yes ## Footnote The vault and agent ensure regular backups to Azure.

Question 44

Does Windows Server Backup with a Recovery Services vault suffice to prevent data loss for a file server?

Answer 44

No ## Footnote Additional Azure backups or HA solutions are needed for comprehensive protection.

Question 45

What configures daily VM backups at 03:00 UTC with 90-day retention in Azure?

Answer 45

Backup Policy ## Footnote Backup Policy sets the schedule and retention for backups.

Question 46

How do you restrict Azure SQL DB admin access to specific static IP workstations?

Answer 46

Server Level IP Firewall rules ## Footnote Firewall rules restrict access to specific IPs effectively.

Question 47

Does using a storage account and Data Migration Assistant migrate Hyper-V VMs to Azure with disks replicated?

Answer 47

No ## Footnote Azure Migrate is needed for replicating VM disks to Azure.

Question 48

What subnet address space supports 20 VMs communicating with an on-premise 186.16.0.0/16 network?

Answer 48

192.168.0.0/24 ## Footnote This address space avoids overlap and supports VPN connectivity.

Question 49

Which managed service migrates an on-premise MongoDB database to Azure with minimal overhead?

Answer 49

CosmosDB ## Footnote CosmosDB is a managed service supporting MongoDB migration.

Question 50

Which Azure service best provides the testing team with visibility into application components for a .Net Core app?

Answer 50

Application Insights ## Footnote Application Insights enables real-time monitoring and diagnostics.