Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AZ > Text > Flashcards

Text Flashcards

1
Q

Your users want to sign in to devices, apps, and services from anywhere. they want to sign in using an organizational work or scholl account instead of a personal accournt. you must ensure corporate assets are protected and taht devices meet standards for security and compliance. Specifically, you need to be able to enable or disable a device.. What sould you do ?

A

Join the device to Azure AD

=> by registering a device you get an
ability to enable or disable a device
but by joining a device to azure id this gives you an ability to make sure that your users can sign in with their work or school account. joining a device is an extension to registering a device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com and an Azure Ative Drirectory (Azure AD) domain named contoso.onmicrosoft.com.
Anzure AD conect is installed and Acitve Directory Federation Services (AD FS) is configured. Password wirteback is enabled. You need to monitor syncrhronization events generated by Azure AD Connect.

A

Install Azure AD Connect Health

=> azurity connect health is a feature that will monitor
on-premises adds identities and provide alerts this requires an agent on each server being monitored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Identify 3 differences from the folowing list btween Azure Active Directory and Acitve Directory Domain Services (AD DS). Select 3

A
  • Azure AD uses HTTP and HTTPS communications
  • There are no Organiztionl Unit (OUs) or Group Policy Obejects (GPOs) in Azure AD
  • Azure AD includes Federatin Services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You would like to add a user who has a Microsoft account to your subscription. Which type of user account is this?

A

Guest user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You are configuring self service password reset. which of following is not a validation method

A

A paging services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You are assigning Azure AD roles. Which role will allow the user to manage all the groups in your Teams tenants and be able to assign other administrator roles?

A

Global adminitrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You need to target policies and review spend budgets across several subscriptions you manage. What should youdo?

A

Create management groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You would like to categorize resouces and billing for different departments like IT and HR. The billing needs to be consolidated 综合across multiple resource groups and you need to ensure everone complies with solution. what should you do ? choose 2

A
  • Create tags for each department
  • Create an Azure policy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your company financial controller wants to e notified whenever the company is half-way to spending the money allocated for cloud services. what should you do?

A

Create a budget and a spending threshold

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your organization has several Azure polices that they would like to create and enforce for a new branch office. what should you do ?

A

Create a policy initiative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Your manager aks you to explain how Azure uses resource groups. you provide all of the following information, except?

A

Resouce groups can be nested

(- Recouces can be in only one resource group.
- Rescources can be moved from one resouce group to another resoucre group
- Role -based access control can be applied to the resource group)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following would be good example fo when to use a resouce lock?

A

An ExpressRoute circuit with connectivity back to your on-premises network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Your company hires a new IT adminitstrator. She needs to manage a resource group with first tier web servers including assingin permission. however she should no have access to other resource groups inside the subscription. you need to configure role-based access. what should you do ?

A

Assgin her as a reource group owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your have 3 VM (VM1, VM2, and VM3) in a resource group. The Helpdesk hires an ew emplozee. The new emplozee must be able to modify the setttings on VM3, but not on VM1 and VM2. you soltuion must minimize administrative onverhead. what should you do ?

A

Assgin the user to the contributor role on VM3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You are createing a new resource group to use for testing. which two of following parameters are required when you create a resouce group with PowerShell or CLI?

A
  • Location
  • Name
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of following is not true about Cloud Shell?

A

Each user account can be assigned multiple machines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You are managing Azure locally using PowerShell. You have luanched the app as an Admin. Which of the commands would you do first

A

Connect AzAccount

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You have a new Azure subscription and need to move resoucrs to that subscription. whic of resources cannot be moved?

A

Tenant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the folowing is not an element in temeplate schema?

A

Inputs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following best describes the format of an Azure Resource Manager template?

A

a JSON document with key-value pairs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

You are reviewing your VM usage. you notice that you have reached the limit for VM in the US east region. which of the following provides the easiest solution?

A

Request support increase your limit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Your company has an existing Aure tenant named aplineskihour.onmicrosoft.com. The company wants to start using aplineskihour.com for their Azure resource. you add a customer domian to Azure. Now you need to add a DNS record to preapre for verifying the custom domain. which of follwoing record types could you create. Select 2

A
  • Add a TXT record to the DNS zone
  • Add a MX record to the DNS zone
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

You are planning to configure networking in Mircorsoft Azure. Youre compnay has a new Mircrosoft Azure presence with the following network characteristics:
- 1 Virtual network
- 1 sumbnet using 192.168.0.0/23 (does not have existing resources)
your on premises data center has following network charateristics:
- 10 subnets using 192.168.1.0/24 through 192.168.10.0/24
The company intends to use 192.168.1.0/24 on premises and 192.168.0.0/24 in Azure. You need to update your company’s enviroment to enable the needd funcitonality. what should you do? choose 2

A
  • Delete 192.168.0.0/23 frin Azure
  • Create an subnet for 192.168.0.0/24 in Azure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

You are planning your Azure netowrk implementation to support your compnay’s migration to Azure. Your first task is to prepare for the deployment of the first set of VMs. the first set of VMs that your are deolpying have the follwing requirements:
- consumers on the internet must be able to communicate direclty with the web application on the VMs
- The IP configuration must be zone redundant.
you need to configure the environment to preapre for the first VM. Additionally, you need to mimize costs, whenever possible, while still meeting the requirements. what should you do.

A

Create a standard public IP address. During the creation of the first VM, associate the public IP address with the VM’s NIC

25
Q

You deploy a new domain named contoso.com to domain controllers in Azure. you have the follwoing domain joined VMs in Azure:
- VM1 at 10.20.30.10
- VM2 at 10.20.30.11
- VM3 at 10.20.30.12
- VM4 at 10.20.40.101
You need to add DNS records so that the hosnames resolve to their respective IP address. additionally you need toadd a DNS record so that intranet.contoso.com resolves to VM99. Whaould should you do? choose 2

A
  • Add A records for each VM
  • Add a CNAME record for intranet.contoso.com with a value of VM99.contoso.com
26
Q

Your company is preparing to move some servcies and VMs to Mircorsof Azure. the company has opted to use Azure DNS to provide name resolution. A project begins to configure the name resolution. the project identifes the following requirement:
- A new domain will be used
- the domain will have DNS recordsfor internal and external resources
- Minimze ongoing administrative overhead.
you need to prepare and configure the environment with a new domain name and a test hostname of WWW. which of the following steps should you perform? choose 3

A
  • Register a domain name with a domain registrar.
  • Delegate the new domain name to Azure DNS
  • Add a record for WWW
27
Q

You have a VM with two NICs names NIC1 and NIC2. NIC1 is connected to the 10.10.8.0/24 subnet. NIC2 is connceted to 10.20.8.0/24 subnet. you plan to update the VM configruation to pvide the following functionality:
- Enable direct communication from the internet to TCP port 443
- maintain existing communication across the 10.10.8.0/24 and 10.20.8.0/24 subnets.
- maintain a simple configuration whenever possible.
You need to update VM configuratinto support the new functionality. what should you do?

A

associate a public IP address to NIC2 and create an inbound security rule

28
Q

you’re currently using nework scurity group (NSGs) to control how your network traffic flows in and out of your virtual network subnets and network interfaces. you want to customize how your NSGs work. for all incoming traffic, you need to apply zour security rules to both the virtual machine and subnet level. which of the following options will let you accomplish this? choose 2

A
  • create rules for both NICs and subnet with an allow action
  • add rules with a higher priority than the default rules
29
Q

You need to ensure that Azure DNS can resolve names for your registered domain. what should you implement?

A

Zone delegation

30
Q

You are configuring the Azure Firewall. You need to allow Windows update network traffic through the firewall. which of the following should you use?

A

Application rules

31
Q

You want to connect different VNets in the same region as weel as different regions and decide to use VNet peering to accomplish完成 this. Whicf of following statement are true benifits of VNet peering? select 2

A
  • Network traffic between peered virtual networks is private
  • Peering is easy to configured and manage, requiring little to no downtime
32
Q

Your company is preparing to iplemtn a site to site VPN to Mircosoft Azure. You are selected to plan and implement the VPN. currently, you have an Azure subscription, an Azure virtual network and an Azure gateway subnet. You need to prepare the on-premises environment and Mircorsoft Azure to meet the prerequisites of the sit to site VPN. Later, you will create the VPN connection and test it. Should you you do? select 3

A
  • Obtain a VPN device for the on-premises envrionment
  • Create a virtual network gateway (VPN) and the local network gateway in Azure
  • OBtain a public IPv4 IP address without NAT for the VPN device
33
Q

Your company is preparing to implement presistent connectivity to Mircrosoft Azure. The company has a signle site, headquarter, which has an on-premises data center. the company establishes the following requirement for the connectivity:
- Connectivity must be presistent 持续
- Connectivity must provide for the entire on premises site.
You need to implement a connectivit solution to meet the requirements. what should you do?

A

Implement a site to site VPN

34
Q

You are configuring VNet peering across two Azure two virtual networks, VNET1 and VENT2. you are configuring the VPN gateways. you want VNET2 to be able to use to VNET1’s gateway to get to resources outside the peering. What should you do?

A

Select allow gateway transit on VNET1 and use remote gateways on VNET2

35
Q

You are configuring a site to siet VPN connection between your on-premises network and your Azure network. the on-premises network uses a Cisco ASA VPN device. you have checked to ensure the device is on teh validated list of VPN devices. Before you proceed to configure the device what 2 pieces of info should you ensure you have? select 2.

A
  • The shared key you provided when you created your site to site VPN connection.
  • The public IP address of your virtual network gateway
36
Q

You manage a large datacenter that is running out of space空间不足. You propose extending teh datacenter to AZure using a mulit-protocol label switching virtual private network. which connecitvity optoin would you select?

A

ExpressRoute

37
Q

You are creating a connection between 2 virtual netwoks. Performance is a key concern. which of following will most influence performance?

A

Ensuring you select an appropriate Gateway SKU

38
Q

Your manager asks you to verfiy some info about Azur VIrtual WANs. which of the following state are true. select 3

A
  • You must use a VPN device that proides IKEv2/IKEv1 IPsec support
  • Virtual WAN supports ExpressRoute
  • Virtual WAN supports site to site connections
39
Q

Which of following two featurs of Azure networking provide the ability to redirect all internet traffic back to your company’s on premises servers for packet inspectins? select 2

A
  • User Defined Routes
  • Forced Tunnelling
40
Q

Your company provides customers a virtual network in the cloud. You have dozens of Linux machines in another virtual network. you need to install an Azure load balancer to direct traffic between the virtual networks. What should you do?

A

Install an internal load balancer

41
Q

Your compnany has a popular regional web site. The company plans to move it to Mircrosoft Azure and host in the Canda East region. the web team has established the following requirements for managing the web trafiic:
- Evenly distribute incoming web requests across a farm of 10 Azure VMs
- Support many incoming requests, including spikes during peak times
- Minize complexity
- Minimize ongoing costs
which of the following would you select for this scenario?

A

Azure Load balancer

42
Q

You deploy an internal load balancer between your web tier and app tier servers. you confiugre a custom HTTP health proble. which two of the following are not true?

A
  • By defualt, the health probe checks the endpoint every 30 seconds (correct: 15 s)
    -you can change umber of failures within a time period
43
Q

Which criteria does applicatin gateway use to route requests to a web server?

A

the hostname,port and paht in the URL of the request

44
Q

Which load balancing strategay does the application gateway implment?

A

Distributes reqeuests to each available server in a backend pool in trun, round robin

45
Q

You haver several websites and are using traffic manager to distribute the netwrk traffic. you are bringing a new endpoint online but are not sure that it is ready to accept a full load of requests. which traffic manager routing algorithm shold you use

A

Weighted

46
Q

Your company has a website that allows users to customzie their expereience by downloading an app. Demand for the app has increased so you have added another virtual network with two virtual machines. thes machines are dedicated to serving the app downloads. you need to enusre the addtional download reqeusts do not affect the website performance. your solution must route all downlaod requests to the two new servers you have installed. what actions will you recommend

A

confiugre traffic manager

47
Q

You are deploying the application gateway and watn to ensure incoming requests are checked for common secruirty threats like corss site scripting and crawler. to address your concerns what should you do?

A

install the web application firewall

48
Q

You work for an open source development company. you use Mrcorsoft Azure for a varitety of storage needs.up to now, all the storage was used for internal purposes only. it is organized in block blobs. each block blob is in its own container. each container is set to default settings. in total, you have 50 block blobs. the company has decided to privde read access to the data in theblock blobs, as part of releasing more infomratin about their open source devlopment efforts. you need to reconfigure the storage to meet the following requirement:
- All block blobs must be readable by annoymous internt users.
you need to confiugre the storage to meet the requirements. What should you do?

A

Create a new container, move all the blobs to the new container, and then set the public access level to Blob.

49
Q

Your compnay is planne to stroage log data, cras dump files, and other diagnostic data for Azure VMs in Azure. the company has issued the following requirements for the storage:
- Administrators must be able to browse to the data in file explorer.
- Access over SMB 3.0 must be supported
- The storage must support quotas.
You need to choose the storage tpye to meet the requirments. which storage tpye should you use

A

Azure Files

50
Q

Your compnay proeds cold sw to audit admin access in Mircrosoft Azure resources. the sw logs all admin actions (including all clicks and text input) to log files. SW is about to be released from beta and compnay is concerned about stroage performance. you need to depoly a storage slution for the log files to maximize performance. What should you do?

A

Depoly blob stroage using append blobs

51
Q

Your company is building an app in Azure. the app has the follwoing storage requirement:
- Storage must be reachable programmatically through a REST API
- Storage must be globally redundant
- Storage must be accessible privately within the compnay’s azure environment
- Storage must be optional for unstructured data

which type of Azure stroage should you for the app

A

Azure Blob storage

52
Q

You use a mircrosoft Azure storage account for storing large numbers of video and audio files. you create containers to store each tpye of file and want ot limit access to those files for sepicific periods. addtionally the files can only be access through shared access signatures (SAS). You need the ability to revoke access to the files and to change the period for which users can access the files. What should you do in order to accconplish this most simple and effecitve way?

A

Implment stored access policies for each container to enable revoation of access or change of duration

53
Q

You need to provide a contingent staff emplozee temoraray read only access to the contents of an Azure storage account contianer named media. it is important that oyu grant access while adhering to the security principle of least privilege. What should you do?

A

generate a share access signature toke for the container.

54
Q

You oragnization maintains historical images for large media companies. there are thousands of photos requireing over 600 TB of storage. your datacenter has only limited bandwidh, and you need to quickly ove the data to azure blob storage. addtionally security of the data including chain of custody logs and 256 bit encryption is required. which of the following prodcuts would you recommend using?

A

Dat box heavy

55
Q

You are using blob storage. which of the following is true

A

you can swith between hot and cool performance tiers at any time.

56
Q

Your company are planning a delegation model for your Azure storage. the company has issued the following requirements for Azure storage access
- Apps in the non productin environment must have automated time-limited access
- Apps in the production enironement must have unrestricted access tostorage resources
you need to configure storage access to meet hte requirments. What should you do? select 2

A
  • Use shared access signatures for the non production apps
  • use access keys for the productin apps
57
Q

Your company has a file server named FS01. the server has a sinle shared folder that users’ access to shared files. the company wants to make the same files available from Mircorsoft Azure. the company has the following requirement:
- Mircorsoft Azure should maintain the exact same data as the shared folder on FS01
- Files deleted on either side (on premises or cloud) shall be subsequently and automatically deleted from the other side (on premises or cloud)
you need to implment a solutin to meet the requirements. (on premises or cloud)

A

Depoly Azre file sync

58
Q

Which of the folowing replicates your daat to a secondary region, maintains six copies of your data and is teh defualt replication option.

A

Read access geo redundant storage

59
Q

Your have an exiting storage account in Mircorsoft Azure,it stores unstrctured data. you create a new storage account. yuo need to move half of the data from the existing storage account to the new storage account. What tool should oyu use

A

Use the AzCopy command line tool

AZ (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions