Timed Mode Set 1 – AZ-104 Azure Administrator (Dojo) Flashcards

1
Q

Your company has an Azure Storage account named TutorialsDojo1.

You have to copy your files hosted on your on-premises network to TutorialsDojo1 using AzCopy.

What Azure Storage services will you be able to copy your data into?

A. Table and Queue only
B. Blob, Table, and File only
C. Blob, File, Table, and Queue
D. Blob and File only
A

The Azure Storage platform is Microsoft’s cloud storage solution for modern data storage scenarios. Core storage services offer a massively scalable object store for data objects, disk storage for Azure virtual machines (VMs), a file system service for the cloud, a messaging store for reliable messaging, and a NoSQL store.

AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.

Azure Blob storage is Microsoft’s object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data. Unstructured data is data that doesn’t adhere to a particular data model or definition, such as text or binary data.

Blob storage is designed for:

– Serving images or documents directly to a browser.

– Storing files for distributed access.

– Streaming video and audio.

– Writing to log files.

– Storing data for backup and restore disaster recovery, and archiving.

– Storing data for analysis by an on-premises or Azure-hosted service.

Azure Files enables you to set up highly available network file shares that can be accessed by using the standard Server Message Block (SMB) protocol. That means that multiple VMs can share the same files with both read and write access. You can also read the files using the REST interface or the storage client libraries.

One thing that distinguishes Azure Files from files on a corporate file share is that you can access the files from anywhere in the world using a URL that points to the file and includes a shared access signature (SAS) token. You can generate SAS tokens; they allow specific access to a private asset for a specific amount of time.

File shares can be used for many common scenarios:

– Many on-premises applications use file shares. This feature makes it easier to migrate those applications that share data to Azure. If you mount the file share to the same drive letter that the on-premises application uses, the part of your application that accesses the file share should work with minimal, if any, changes.

– Configuration files can be stored on a file share and accessed from multiple VMs. Tools and utilities used by multiple developers in a group can be stored on a file share, ensuring that everybody can find them and that they use the same version.

– Diagnostic logs, metrics, and crash dumps are just three examples of data that can be written to a file share and processed or analyzed later.

Hence, the correct answers are: Blob and File only.

The option that says: Table and Queue only is incorrect because Table and Queue are not supported services by AzCopy.

The option that says: Blob, Table, and File only is incorrect because Table is not a supported service by AzCopy. The AzCopy command-line utility can only copy blobs or files to or from a storage account.

The option that says: Blob, File, Table, and Queue is incorrect. Although Blob and File types are supported by AzCopy, the Table and Queue services are not supported.

References:

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview

https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10

Check out this Azure Storage Overview Cheat Sheet:

https://tutorialsdojo.com/azure-storage-overview/

Azure Blob vs. Disk vs. File Storage:

https://tutorialsdojo.com/azure-blob-vs-disk-vs-file-storage/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your organization has deployed multiple Azure virtual machines configured to run as web servers and an Azure public load balancer named TD1.

There is a requirement that TD1 must consistently route your user’s request to the same web server every time they access it.

What should you configure?

A. Hash based
B. Session persistence: None
C. Session persistence: Client IP
D. Health probe
A

C. Session persistence: Client IP

Explanation:
A public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance Internet traffic to your VMs.

Session persistence is also known session affinity, source IP affinity, or client IP affinity. This distribution mode uses a two-tuple (source IP and destination IP) or three-tuple (source IP, destination IP, and protocol type) hash to route to backend instances.

When using session persistence, connections from the same client will go to the same backend instance within the backend pool.

Session persistence mode has two configuration types:

– Client IP (2-tuple) – Specifies that successive requests from the same client IP address will be handled by the same backend instance.

– Client IP and protocol (3-tuple) – Specifies that successive requests from the same client IP address and protocol combination will be handled by the same backend instance.

Hence, the correct answer is: Session persistence: Client IP.

Hash based is incorrect because this simply allows traffic from the same client IP to be routed to any healthy instance in the backend pool. You would need session persistence if you need users to connect to the same virtual machine for each request.

Session persistence: None is incorrect because this will route the user request to any health instance in the backend pool.

Health probe is incorrect because this is only used to determine the health status of the instances in the backend pool. During load balancer creation, configure a health probe for the load balancer to use. This health probe will determine if an instance is healthy and can receive traffic.

References:

https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

https://learn.microsoft.com/en-us/azure/load-balancer/distribution-mode-concepts

Check out this Azure Load Balancer Cheat Sheet:

https://tutorialsdojo.com/azure-load-balancer/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your company has an Azure AD tenant named tutorialsdojo.onmicrosoft.com and a public DNS zone for tutorialsdojo.com.

You added the custom domain name tutorialsdojo.com to Azure AD. You need to verify that Azure can verify the domain name.

What DNS record type should you use?

A. SRV
B. NSEC
C. NSEC3
D. MX
A

D. MX

Explanation:
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in:

– External resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications.

– Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization.

Microsoft Online business services, such as Office 365 or Microsoft Azure, require Azure AD for sign-in and to help with identity protection. If you subscribe to any Microsoft Online business service, you automatically get Azure AD with access to all the free features.

Every new Azure AD tenant comes with an initial domain name, <domainname>.onmicrosoft.com. You can’t change or delete the initial domain name, but you can add your organization’s names. Adding custom domain names helps you to create user names that are familiar to your users, such as azure@tutorialsdojo.com.</domainname>

You can verify your custom domain name by using TXT or MX record types.

Hence, the correct answer is: MX.

SRV, NSEC, and NSEC3 are incorrect because these record types are not supported by the Azure Active Directory for verifying your custom domain. Only TXT and MX record types are supported.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have an existing Azure subscription that has the following Azure Storage accounts.

az104-1-04 scenario imAGEThere is a requirement to identify the storage accounts that can be converted to zone-redundant storage (ZRS) replication. This must be done only through a live migration from Azure Support.

Which of the following accounts can you convert to ZRS?

A.tdaccount1
B. tdaccount2
C. tdaccount3
D. tdaccount4

A

A.tdaccount1

Explanation:
Azure Storage always stores multiple copies of your data so that it is protected from planned and unplanned events, including transient hardware failures, network or power outages, and massive natural disasters. Redundancy ensures that your storage account meets its availability and durability targets even in the face of failures.

When deciding which redundancy option is best for your scenario, consider the tradeoffs between lower costs and higher availability. The factors that help determine which redundancy option you should choose to include are:

– How your data is replicated in the primary region.

– Whether your data is replicated to a second region that is geographically distant to the primary region, to protect against regional disasters.

– Whether your application requires read access to the replicated data in the secondary region if the primary region becomes unavailable for any reason.

Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers four options for how your data is replicated:

Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option but is not recommended for applications requiring high availability.
Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability.
Geo-redundant storage (GRS) copies your data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in a secondary region that is hundreds of miles away from the primary region.
Geo-zone-redundant storage (GZRS) copies your data synchronously across three Azure availability zones in the primary region using ZRS. It then copies your data asynchronously to a single physical location in the secondary region.

You can switch a storage account from one type of replication to any other type, but some scenarios are more straightforward than others. If you want to add or remove geo-replication or read access to the secondary region, you can use the Azure portal, PowerShell, or Azure CLI to update the replication setting. However, if you want to change how data is replicated in the primary region, by moving from LRS to ZRS or vice versa, then you must perform a manual migration.

The following table provides an overview of how to switch from each type of replication to another:

To request a live migration to ZRS, GZRS, or RA-GZRS, you need to migrate your storage account from LRS to ZRS in the primary region with no application downtime. To migrate from LRS to GZRS or RA-GZRS, first switch to GRS or RA-GRS and then request a live migration. Similarly, you can request a live migration from GRS or RA-GRS to GZRS or RA-GZRS. To migrate from GRS or RA-GRS to ZRS, first switch to LRS, then request a live migration.

Live migration is supported only for storage accounts that use LRS or GRS replication. If your account uses RA-GRS then you need to first change your account’s replication type to either LRS or GRS before proceeding. This intermediary step removes the secondary read-only endpoint provided by RA-GRS before migration.

Hence, the correct answer is: tdaccount1.

tdaccount2 is incorrect because you need to first change your account’s replication type to either LRS or GRS before you change to zone-redundant storage (ZRS). The requirement states that you must only request live migration.

tdaccount3 is incorrect because a general-purpose V1 storage account type does not support zone-redundant storage (ZRS) as its replication option. Only General-purpose V2, FileStorage, and BlockBlobStorage support ZRS.

tdaccount4 is incorrect because a BlobStorage account type does not support zone-redundant storage (ZRS) as its replication option. Only General-purpose V2, FileStorage, and BlockBlobStorage support ZRS.

References:

https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy

https://docs.microsoft.com/en-us/azure/storage/common/redundancy-migration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your company has two virtual networks named TDVnet1 and TDVnet2 in your subscription. You have a site-to-site VPN connection between your on-premises network and TDVnet1using a VPN Gateway named TDGW1 that uses static routing.

Your computer named TD1 runs on a Windows 10 OS and you configure a point-to-site VPN connection to TDVnet1.

You then create a virtual network peering between TDVnet1 and TDVnet2. You verified that you are able to connect to TDVnet2 from the on-premises network and TDVnet1 from TD1.

Upon verification, TD1 is unable to connect to TDVnet2.

What do you need to do to establish connection between TD1 and TDVnet2?

A. Download the VPN client configuration file and re install it on TD1
B. Restart TDGW1 to re establish the connection
C. Enable transit gateway for TDVnet1
D. Enable transit gateway for TDVnet2

A

A. Download the VPN client configuration file and re install it on TD1

Explanation:
Point-to-Site (P2S) VPN connection allows you to create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client’s computer. This solution is useful for telecommuters who want to connect to Azure VNets from a remote location, such as from home or a conference. P2S VPN is also a helpful solution to utilize instead of S2S VPN when you have only a few clients that need to connect to a VNet.

As part of the Point-to-Site configuration, you install a certificate and a VPN client configuration package which are contained in a zip file. Configuration files provide the settings required for a native Windows, Mac IKEv2 VPN, or Linux clients to connect to a virtual network over Point-to-Site connections that use native Azure certificate authentication and are specific to the VPN configuration for the virtual network.

Take note that after creating the point-to-site connection between TD1 and TDVnet1, there is already a change in network topology when you created the virtual network peering with TDVnet1 and TDVnet2. Whenever there is a change in the topology of your network, you will always need to download and re-install the VPN configuration file.

Hence, the correct answer is: Download the VPN client configuration file and re-install it on TD1.

The option that says: Restart TDGW1 to re-establish the connection is incorrect because restarting the VPN gateway is only done when you lose cross-premises VPN connectivity on one or more Site-to-Site VPN tunnels. In this scenario, TD1 can connect to TDVnet1 which implies that TDGW1 is working and running.

The options that say: Enable transit gateway for TDVnet1 and Enable transit gateway for TDVnet2 are incorrect. Transit gateway is a peering property that lets one virtual network use the VPN gateway in the peered virtual network for cross-premises or VNet-to-VNet connectivity. Since TDVnet2 can connect to the on-premises network, it means that the transit gateway is already enabled and as such, enabling the transit gateway is not necessary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You have a file share in your Azure subscription named Manila-Subscription-01.

You plan to synchronize files from your on-premises file server named TDFileServer1 to Azure.

You created an Azure file share and a storage sync service.

Which four actions should you perform in sequence to synchronize files from TDFileServer1 to Azure?

Instructions: To answer, drag the appropriate item from the column on the left to its description on the right. Each correct match is worth one point.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have an Azure subscription named Davao-Subscription1.

You will be deploying a three-tier application as shown below:

Due to compliance requirements, you need to find a solution for the following:

Traffic between the web tier and application tier must be spread equally across all the virtual machines.

The web tier must be protected from SQL injection attacks.

Which Azure solution would you recommend for each requirement?

Select the correct answer from the drop-down list of options. Each correct selection is worth one point.

Traffic between the web tier and application tier must be spread equally across all the virtual machines. 

A. Internal Load Balancer
B. Public Load Balancer
C. Traffic Manager
D. Application Gateway Standard Tier
E. Application Gateway WAF tier

The web tier must be protected from SQL injection attacks.

A. Internal Load balancer
B. Public Load Balancer
C. Traffic Manager
D. Application Gateway Standard Tier
E. Application Gateway WAF Tier

A
  1. A. Internal Load Balancer
  2. E. Application Gateway WAF Tier

Explanation:
Private (or Internal) Load balancer provides a higher level of availability and scale by spreading incoming requests across virtual machines (VMs). Private load balancer distributes traffic to resources that are inside a virtual network.

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. For example, you can route traffic based on the incoming URL. So if /images are in the incoming URL, you can route traffic to a specific set of servers (known as a pool) configured for images. If /video is in the URL, that traffic is routed to another pool that’s optimized for videos.

Application Gateway web application firewall (WAF) protects web applications from common vulnerabilities and exploits. This is done through rules that are defined based on the OWASP core rule sets 3.1, 3.0, or 2.2.9. These rules can be disabled on a rule-by-rule basis.

The WAF protects against the following web vulnerabilities:

– SQL injection attacks

– Cross-site scripting attacks

– Other common attacks, such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion

– HTTP protocol violations

– HTTP protocol anomalies, such as missing host user-agent and accept headers

– Bots, crawlers, and scanners

– Common application misconfigurations (for example, Apache and IIS)

Take note that Internal load balancers distribute traffic within a VNET while public load balancers balance traffic to and from an internet-connected endpoint.

Therefore, you have to use the Internal Load Balancer to equally spread traffic between your web tier and application tier virtual machines.

Conversely, to protect your web tier from SQL injection attacks, you need to deploy the Application Gateway WAF tier.

Public Load Balancer is incorrect because you only use this if you want to load balance Internet traffic to your virtual machines. Public Load Balancer also does not support WAF protection for your web tier.

Traffic Manager is incorrect because Traffic Manager does not protect your application from SQL injection attacks. This service is mainly used for DNS-based traffic load balancing.

Application Gateway Standard tier is incorrect because the standard tier cannot protect your web tier from SQL Injection attacks. You have to use the Application Gateway WAF tier instead.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You have the following resources deployed in Azure:

There is a requirement to connect TDVnet1 and TDVnet2.

What should you do first?

A. Create two virtual network gateways.
B. Change the address space of TDVnet2.
C. Transfer TDVnet1 to TD2.
D. Transfer VM1 to TD2.

A

A. Create two virtual network gateways.

Explanation:
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the Internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own datacenter but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

There are two ways to connect two virtual networks, based on your specific scenario and needs, you might want to pick one over the other.

VNet Peering provides low latency, high bandwidth connection useful in scenarios such as cross-region data replication and database failover scenarios. Since traffic is completely private and remains on the Microsoft backbone, customers with strict data policies prefer to use VNet Peering as public Internet is not involved. Since there is no gateway in the path, there are no extra hops, ensuring low latency connections.

VPN Gateways provide a limited bandwidth connection and is useful in scenarios where encryption is needed, but bandwidth restrictions are tolerable. In these scenarios, customers are also not latency-sensitive.

You can use a VPN gateway to send traffic between VNets. Each VNet can have only one VPN gateway.

Take note, VNet-to-VNet connections that use Azure VPN gateways work across Azure Active Directory tenants. It will also work for virtual networks that have different subscriptions. Based on the image above, you will need one VPN gateway for each virtual network. Since we have TDVnet1 and TDVnet2, two virtual network gateways are required.

Hence, the correct answer is: Create two virtual network gateways.

The option that says: Change the address space of TDVnet2 is incorrect because the address spaces of TDVnet1(10.1.0.0/16) and TDVnet2(10.10.0.0/18) do not overlap. Therefore, you can directly connect the two VMs by creating two virtual network gateways without changing the IP address ranges.

The options that say: Transfer TDVnet1 to TD2 and Transfer VM1 to TD2 are incorrect because VNet-to-VNet connections that use VPN gateways work across Azure AD tenants. You can also connect two virtual networks that have different subscriptions.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal

Check out this Azure Virtual Network Cheat Sheet:

https://tutorialsdojo.com/azure-virtual-network-vnet/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You have an Azure subscription that contains an Azure virtual network named TDVnet1 with an address space of 10.1.0.0/18 and a subnet named TDSub1 with an address space of 10.1.0.0/22.

You need to connect your on-premises network to Azure by using a site-to-site VPN.

Which four actions should you perform in sequence?

Instructions: To answer, drag the appropriate item from the column on the left to its description on the right. Each correct match is worth one point.

A. Deploy a VPN gateway
B. Deploy a gateway subnet
C, Deploy a local network gateway
D. Deploy a VPN connection

A

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the Internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own datacenter but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it.

You can create a site-to-site VPN connection by deploying the following in order:

  1. Deploy a virtual network
  2. Deploy a gateway subnet

– You need to create a gateway subnet for your VNet in order to configure a virtual network gateway. All gateway subnets must be named ‘GatewaySubnet’ to work properly. Don’t name your gateway subnet something else. It is recommended that you create a gateway subnet that uses a /27 or /28.

  1. Deploy a VPN gateway

– A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet.

  1. Deploy a local network gateway

– The local network gateway is a specific object that represents your on-premises location (the site) for routing purposes.

  1. Deploy a VPN connection

– A VPN connection creates the link for the VPN gateway and local network gateway. It also gives you the status of your site-to-site connection.

Since you have deployed TDVnet1, the next step is to deploy a gateway subnet.

Hence, the correct order of deployment are:

  1. Deploy a gateway subnet
  2. Deploy a VPN gateway
  3. Deploy a local network gateway
  4. Deploy a VPN connection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your company has an Azure subscription that contains the following resources:

You plan to create an internal load balancer with the following parameters:

Name: TDB1
SKU: Basic
Subnet: TDSub2
Virtual network: TDVnet1

For each of the following items, choose Yes if the statement is true or choose No if the statement is false. Take note that each correct item is worth one point.

Questions 	Yes 	No	
Traffic between TD1 and TD2 can be load balanced by TDB1	
	
Traffic between TD3 and TD4 can be load balanced by TDB1	
	
Traffic between TD5 and TD6 can be load balanced by TDB1
A

Private (or Internal) Load balancer provides a higher level of availability and scale by spreading incoming requests across virtual machines (VMs). A private load balancer distributes traffic to resources that are inside a virtual network. Azure restricts access to the frontend IP addresses of a virtual network that is load balanced. Front-end IP addresses and virtual networks are never directly exposed to an internet endpoint. Internal line-of-business applications run in Azure and are accessed from within Azure or from on-premises resources.

Take note that in this scenario, you need to determine if you can load balance traffic in between virtual machines according to the parameters of TDB1. TD1 and TD2 are the only virtual machines that are associated with an availability set. In the image above, it states that only virtual machines within a single availability set or virtual machine scale set can be used as backend pool endpoints for load balancers that use Basic as its SKU.

The backend pool is a critical component of the load balancer. The backend pool defines the group of resources that will serve traffic for a given load-balancing rule.

Hence, this statement is correct: Traffic between TD1 and TD2 can be load balanced by TDB1

The following statements are incorrect because TDB1 is using the Basic SKU. Since the virtual machines below do not have an availability set or a virtual machine scale set, it does not have the capability to load balance the traffic.

– Traffic between TD3 and TD4 can be load balanced by TDB1

– Traffic between TD5 and TD6 can be load balanced by TDB1

References:

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

https://docs.microsoft.com/en-us/azure/load-balancer/skus

Check out this Azure Load Balancer Cheat Sheet:

https://tutorialsdojo.com/azure-load-balancer/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have an Azure subscription that contains the following storage accounts:

Select the correct answer from the drop-down list of options. Each correct selection is worth one point.

What storage account supports Azure File storage?

A. tdaccount1 only
B. tdaccount2 only
C. tdaccount3 only
D. tdaccount1 and tdaccount2 only

What storage account supports Azure Queue storage?

A. tdaccount1 only
B. tdaccount2 only
C. tdaccount3 only
D. tdaccount1 and tdaccount2 only

A
  1. D. tdaccount1 and tdaccount2 only
  2. A. tdaccount1 only

Explanation:
An Azure storage account contains all of your Azure Storage data objects: blobs, files, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS. Data in your Azure storage account is durable and highly available, secure, and massively scalable.

Based on the image above, Azure File storage is only supported using General-purpose V2, General-purpose V1, and FileStorage account types while Azure Queue storage is only supported using General-purpose V2 and General-purpose V1 only.

Therefore, tdaccount1 and tdaccount2 are the storage accounts that can support Azure File storage because the account type of tdaccount1 is General-purpose V2 while tdaccount2 is FileStorage.

Conversely, tdaccount1 only can support Azure Queue storage because the account type of tdaccount1 is general-purpose v2.

The option that says: tdaccount3 only is incorrect because the account type of tdaccount3 is BlobStorage. It does not support Azure File storage and Azure Queue storage. Take note that BlobStorage only supports Azure Blob storage.

References:

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview

https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy

Check out this Azure Storage Overview Cheat Sheet:

https://tutorialsdojo.com/azure-storage-overview/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Your company has an Azure subscription that contains the following resources:

The resource group of TDBackup1 is TDGroup2.

You have the following virtual machines that you want to backup:

You need to identify which virtual machines can be backed up to TDBackup1.

Which virtual machines should you identify?

A. TD1 and TD4 only
B. TD2 and TD3 only
C. TD5 and TD6 only
D. TD1, TD2, TD3, TD4, TD5, and TD6
A

A. TD1 and TD4 only

Explanation:
A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases. Recovery Services vaults support System Center DPM, Windows Server, Azure Backup Server, and more. Recovery Services vaults make it easy to organize your backup data while minimizing management overhead.

Azure Backup is a cost-effective, secure, one-click backup solution that’s scalable based on your backup storage needs. The centralized management interface makes it easy to define backup policies and protect a wide range of enterprise workloads, including Azure Virtual Machines, SQL and SAP databases, and Azure file shares.

Take note that you can only backup data sources or virtual machines that are in the same region as the Recovery Services vault. You can backup virtual machines that have different resource groups or operating systems as long as they are in the same region as the vault.

Hence, the correct answer is: TD1 and TD4 only.

The following options are incorrect because TD2, TD3, TD5, and TD6 are located in a different locations from TDBackup1. Remember that the Recovery Services vault must be in the same region as the virtual machines.

– TD2 and TD3 only

– TD5 and TD6 only

– TD1,TD2,TD3,TD4,TD5, and TD6

References:

https://docs.microsoft.com/en-us/azure/backup/backup-overview

https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-vms-prepare

Check out this Azure Virtual Machines Cheat Sheet:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You have a server in your on-premises datacenter that contains a DNS server named TD1 with a primary DNS zone for the tutorialsdojo.com domain.

You have an Azure subscription named TD-Subscription1.

You plan to migrate the tutorialsdojo.com zone to an Azure DNS zone in TD-Subscription1. You must ensure that you minimize administrative effort.

Which tool should you use?

A. Azure PowerShell
B. Azure CLI
C. Azure Portal
D. Azure CloudShell
A

B. Azure CLI

Explanation:
Incorrect

Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

You can’t use Azure DNS to buy a domain name. For an annual fee, you can buy a domain name by using App Service domains or a third-party domain name registrar. Your domains can then be hosted in Azure DNS for record management.

A DNS zone file is a text file that contains details of every Domain Name System (DNS) record in the zone. It follows a standard format, making it suitable for transferring DNS records between DNS systems. Using a zone file is a quick, reliable, and convenient way to transfer a DNS zone into or out of Azure DNS.

Take note that Azure DNS supports importing and exporting zone files by using the Azure command-line interface (CLI). Zone file import is NOT supported via Azure PowerShell, Azure Cloud Shell, and Azure portal.

The Azure CLI is a cross-platform command-line tool used for managing Azure services. It is available for the Windows, Mac, and Linux platforms.

Hence, the correct answer is: Azure CLI.

Azure PowerShell, Azure Portal, and Azure CloudShell are incorrect because these user tools are not supported by Azure DNS for importing a DNS zone file. Only Azure CLI is supported.

References:

https://docs.microsoft.com/en-us/azure/dns/dns-overview

https://docs.microsoft.com/en-us/azure/dns/dns-import-export

Check out these Azure DNS and Azure User Tools cheat sheet:

https://tutorialsdojo.com/azure-dns/

https://tutorialsdojo.com/azure-user-tools/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You have an Azure subscription that contains the following virtual network peerings:

Select the correct answer from the drop-down list of options. Each correct selection is worth one point.

Virtual Machines on TDVnet1 has network connectivity with hosts on: 

A. TDVnet1 only
B. TDVnet2 only
C. TDVnet3 only
D. TDVnet1, TDVnet2, TDVnet3

What is the first thing you need to do to change the status of the peering connection for TDVnet2 to Connected:

A. Delete TDVnet 1-2
B. Change the address space
C. Delete a subnet
D. Enable gateway transit

A

A. TDVnet1 only
A. Delete TDVnet 1-2

Explanation:
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the Internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own datacenter but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

Virtual network peering enables you to connect two or more Virtual Networks in Azure seamlessly. The virtual networks appear as one for connectivity purposes. The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure. Like traffic between virtual machines in the same network, traffic is routed only through Microsoft’s private network.

In the image above, TDVnet1 is the hub while TDvnet2 and TDVnet3 are the spoke. TDVnet1 hosts can not communicate with TDvnet2 and TDVnet3 because their peerings are in a disconnected state.

Take note that if your VNet peering connection is in a Disconnected state, it means one of the links created was deleted. To re-establish a peering connection, you will need to delete the disconnected peer and recreate it.

Therefore, virtual machines on TDVnet1 can communicate to hosts on TDVnet1 only because the peerings associated with TDVnet1 are in a disconnected state. It means that traffic between virtual networks is prohibited.

Conversely, you need to Delete TDVnet1-2 to re-establish the connection. Once you have deleted the disconnected peer, you can then recreate it.

The following options are incorrect because TDVnet2 and TDVnet3 have a disconnected peer with TDVnet1. No traffic will be able to flow between virtual networks as long as the peer’s status is disconnected. To re-establish the connection, you must delete the disconnected peer and recreate it.

– TDVnet2 only

– TDVnet3 only

– TDVnet1,TDVnet2, and TDVnet3

The option that says: Change the address space is incorrect because you can not change the address space of a virtual network if there is an active peering connection. You need to delete the peer first to change the address space.

The option that says: Delete a subnet is incorrect because even if you delete or add a subnet, it will not have any impact on the state of the peering connection.

The option that says: Enable gateway transit is incorrect because this feature is simply a peering property that lets one virtual network use the VPN gateway in the peered virtual network for cross-premises or VNet-to-VNet connectivity.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

Check out this Azure Virtual Network Cheat Sheet:

https://tutorialsdojo.com/azure-virtual-network-vnet/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your company has an Azure subscription that contains a virtual machine named TD1.

You need to connect to TD1 from a computer connected to the Internet named Workstation1. TD1 has a network security group with the following inbound security rules:

You try to connect to TD1 using Workstation1 but you are unable to.

What should you do first to establish a Remote Desktop connection to TD1?

A. Remove the RDP rule
B. Modify the priority of the RDP rule
C. Start TD1
D. Redeploy TD1

A

C. Start TD1

Explanation:
zure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the Internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own datacenter but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

Public IP addresses allow Internet resources to communicate inbound to Azure resources. Public IP addresses enable Azure resources to communicate to the Internet and public-facing Azure services. The address is dedicated to the resource until it’s unassigned by you. A resource without a public IP assigned can communicate outbound. Azure dynamically assigns an available IP address that isn’t dedicated to the resource.

There are two types of public IP address assignment methods: static and dynamic.

Static addresses are assigned when a public IP address is created. Static addresses are not released until a public IP address resource is deleted. If the address is not associated to a resource, you can change the assignment method after the address is created. If the address is associated to a resource, you may not be able to change the assignment method.

Dynamic addresses are assigned only after a public IP address is associated to an Azure resource, and the resource is started for the first time. Dynamic addresses can change if they’re assigned to a resource, such as a virtual machine, and the virtual machine is stopped (deallocated) and then started.

The address remains the same if a virtual machine is rebooted or stopped (but not deallocated). Dynamic addresses are released when a public IP address resource is dissociated from a resource it is associated with.

Take note that since TD1 does not have an assigned IP address, it only means that TD1 is deallocated (stopped). Remember, if you want to retain your public IP address, you need to use a static IP address.

Hence, the correct answer is: Start TD1.

The option that says: Remove the RDP rule is incorrect because the RDP rule already allows Remote Desktop connection from the Internet. Removing the RDP rule will prevent Workstation1 from establishing a Remote Desktop connection to TD1 once it is in a Running state.

The option that says: Modify the priority of the RDP rule is incorrect. Since this is the highest rule, it will be the first one that the network security group will evaluate.

The option that says: Redeploy TD1 is incorrect because redeploying TD1 will only add to the administrative effort. It would be best if you simply started TD1 for it to receive a public IP address.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview

https://docs.microsoft.com/en-us/azure/virtual-network/public-ip-addresses

Check out this Azure Virtual Network Cheat Sheet:

https://tutorialsdojo.com/azure-virtual-network-vnet/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You have an Azure subscription named TDSubscription that contains Azure file share called TDShare1 and TDShare2. Both have the same storage account and the same region.

You then add E:\tutorials of FileServer1 as the server endpoint of TDGroup1.

For each of the following items, choose Yes if the statement is true or choose No if the statement is false. Take note that each correct item is worth one point.

Yes or No?

A. You can add TDShare2 to TDGroup1 as a cloud endpoint
B. You can add F:\dojo of FileServer1 as a server endpoint to TDGroup1
C. You can add C:\files of FileServer2 as a server endpoint of TDGroup1

A

Azure Files enables you to set up highly available network file shares that can be accessed by using the standard Server Message Block (SMB) protocol. That means that multiple VMs can share the same files with both read and write access. You can also read the files using the REST interface or the storage client libraries.

A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share, and one or more server endpoints.

A cloud endpoint is a pointer to an Azure file share. All server endpoints will sync with a cloud endpoint, making the cloud endpoint the hub.

A server endpoint represents a specific location on a registered server, such as a folder on a server volume.

Take note that multiple server endpoints can exist on the same volume if their namespaces are not overlapping (for example, F:\sync1 and F:\sync2) and each endpoint is syncing to a unique sync group meaning you can not have more than one server endpoint from the same server in the same sync group.

The statement that says: You can add C:\files of FileServer2 as a server endpoint of TDGroup1 is correct because FileServer2 has no server endpoint yet on TDGroup1. Therefore, you can add the file server to the sync group without any restrictions.

The statement that says: You can add TDShare2 to TDGroup1 as a cloud endpoint is incorrect because you can only have one cloud endpoint per sync group. If you want to add another cloud endpoint, you must create another sync group.

The statement that says: You can add F:\dojo of FileServer1 as a server endpoint to TDGroup1 is incorrect because TDGroup1 already has a server endpoint for FileServer1 for the folder E:\tutorials. Take note that you can not have more than one server endpoint from the same server in the same sync group. If you need to add the folder F:\dojo of FileServer1, you need to create another sync group.

References:

https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction

https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

Check out this Azure Files Cheat Sheet:

https://tutorialsdojo.com/azure-file-storage/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You need to perform the following actions in a Windows virtual machine:

Create a document on drive C.

Create a document on drive D.

Create a new folder on the desktop.

Create a local user account.

Modify the desktop background

You plan to redeploy the virtual machine.

Which of the following changes will be lost after you redeploy the virtual machine to a new Azure node?

A. The created folder.
B. The data on drive D.
C. The created local user account.
D. The data on drive C.
A

B. The data on drive D.

Explanation:
Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment. An Azure VM gives you the flexibility of virtualization without having to buy and maintain the physical hardware. However, you still need to maintain the VM by performing tasks, such as configuring, patching, and installing the software that runs on it.

Most VMs contain a temporary disk, which is not a managed disk. The temporary disk provides short-term storage for applications and processes and is intended to only store data such as page or swap files. Data on the temporary disk may be lost during a maintenance event or when you redeploy a VM. During a successful standard reboot of the VM, data on the temporary disk will persist.

On Azure Linux VMs, the temporary disk is typically /dev/sdb and on Windows VMs the temporary disk is D: by default. The temporary disk is not encrypted by server-side encryption unless you enable encryption at host.

In this scenario, the only changes that will be lost are the data in the temporary disk. The temporary disk is just short-term storage for applications and processes. Take note that you can’t recover any data from this disk. The data loss occurs when the virtual machine moves to a different host server, the host is updated, and the host experiences a hardware failure. By default, the temporary disk on a Windows virtual machine is on drive D.

Hence, the correct answer is: The data on drive D.

The option that says: The created folder is incorrect. Even if you redeploy the virtual machine into a new node, the new folder will still be on the desktop of the virtual machine since drive C is the default storage.

The option that says: The created local user account is incorrect because user accounts are stored in drive C. After you redeploy the virtual machine to a new Azure node, the user account would still be stored in the virtual machine.

The option that says: The data on drive C is incorrect because drive C is a persistent storage. This means the data stored on this drive wouldn’t be deleted even if you redeploy the virtual machine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You created a new Recovery Services vault in your Azure account as part of your company’s Disaster Recovery Plan. Your account subscription has the following virtual machines, each with its respective auto-shutdown configuration:

The scheduled backup will run every day at 23:59.

Which of the following virtual machines allows you to create a backup using the Azure Backup service?

A. VirtualMachine1, VirtualMachine2, VirtualMachine3, and VirtualMachine4
B. VirtualMachine1 and VirtualMachine3
C. VirtualMachine1, VirtualMachine2, and VirtualMachine4
D. VirtualMachine2 and VirtualMachine4

A

A. VirtualMachine1, VirtualMachine2, VirtualMachine3, and VirtualMachine4

Explanation:
Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment. An Azure VM gives you the flexibility of virtualization without having to buy and maintain the physical hardware. However, you still need to maintain the VM by performing tasks, such as configuring, patching, and installing the software that runs on it.

With Azure Backup service, you can back up on-premises machines, workloads, and Azure VMs. If you would recall, the VM in a stopped/deallocated state only stops the virtual machine. Take note that Azure Backup only takes snapshots of the VM disks. This means that even if the VM status is running or stopped, you can still create a backup as long as the disk is attached to the VM.

When creating a backup, you need to ensure that the virtual machines are in the same region as the Recovery Services vault. Based on the given table in the question, all the virtual machines enable you to create a backup using the Azure Backup service.

Hence, the correct answer is: VirtualMachine1, VirtualMachine2, VirtualMachine3 and VirtualMachine4.

The option that says: VirtualMachine1 and VirtualMachine3 is incorrect because you can also create a backup on both VirtualMachine2 and VirtualMachine4.

The option that says: VirtualMachine2 and VirtualMachine4 is incorrect. Just like the option above, you can also create a backup on VirtualMachine1 and VirtualMachine3. Take note that scheduled backups still run even if you shut down the virtual machine.

The option that says: VirtualMachine1, VirtualMachine2, and VirtualMachine4 is incorrect. Even if the VirtualMachine3 is scheduled to shut down at 23:00 and VirtualMachine4 at 17:00, you can still create a backup on both VM.

References:

https://docs.microsoft.com/en-us/azure/backup/backup-support-matrix-iaas

https://docs.microsoft.com/en-us/azure/backup/backup-azure-vm-backup-faq

Check out this Azure Virtual Machines Cheat Sheet:

https://tutorialsdojo.com/azure-virtual-machines/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You plan to provision ten virtual machines using the Azure VM scale sets.

The virtual machines must be optimized for large-scale stateless workloads.

Which of the following options allows you to deploy VMs as quickly as possible?

A. Create ten virtual machines in the Azure portal.
B. Create a VM scale set and set the orchestration mode to Flexible.	
C. Create ten virtual machines in Azure CLI using the az vm create command.	
D. Create a VM scale set and set the orchestration mode to Uniform.
A

D. Create a VM scale set and set the orchestration mode to Uniform.

Explanation:
Azure Virtual Machine Scale Sets provide a logical grouping of platform-managed virtual machines. With scale sets, you create a virtual machine configuration model, automatically add or remove additional instances based on CPU or memory load, and automatically upgrade to the latest OS version. Traditionally, scale sets allow you to create virtual machines using a VM configuration model provided at the time of scale set creation, and the scale set can only manage virtual machines that are implicitly created based on the configuration model.

Scale set orchestration modes give you more control over how virtual machine instances are managed by the scale set. The two types of orchestration modes are:

Uniform – uses a virtual machine profile or template to scale up to desired capacity. This orchestration mode is mainly used for large-scale stateless workloads that require identical VM instances. It also provides fault domain high availability (less than 100 VMs).
Flexible – offers high availability with identical or multiple VM types (up to 1000 VMs) by spreading VMs across fault domains in a region or within an Availability Zone.

Orchestration mode also helps you design a highly available infrastructure since the virtual machines are deployed in fault domains and Availability Zones. In Flexible orchestration mode, you manually create and add the VM to the scale set. While in Uniform orchestration mode, you just need to define a VM model and Azure will automatically create identical instances based on that model. Remember that the orchestration mode is defined when you create the scale set and cannot be changed or updated later.

In this scenario, you must use the Azure virtual machine scale sets to provision ten virtual machines. Among the options given, you can select between the two orchestration modes: Uniform and Flexible. It is stated in the scenario that the virtual machines must be optimized for large-scale stateless workloads. Therefore, you must set the orchestration mode to Uniform in order to satisfy this requirement.

Hence, the correct answer is: Create a VM scale set and set the orchestration mode to Uniform.

The option that says: Create a VM scale set and set the orchestration mode to Flexible is incorrect because the requirement is to create virtual machines that are optimized for large-scale stateless workloads. Flexible orchestration mode is mainly used for quorum-based or stateful workloads.

The option that says: Create ten virtual machines in Azure CLI using the az vm create command is incorrect because you need to use Uniform orchestration scale set to provision ten virtual machines and not just using the Azure VM via the CLI. Also, the az vm create command will only create 1 virtual machine.

The option that says: Create ten virtual machines in the Azure portal is incorrect. Instead of creating one virtual machine at a time, you must use a VM scale set and set the orchestration mode to Uniform.

References:

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Yes or No
A. You can create VM4 in North Central US Region
B. You can create VM5 in North Central US Region
C. You can create VM6 in North Central US Region

A

Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment. An Azure VM gives you the flexibility of virtualization without having to buy and maintain the physical hardware that runs it. However, you still need to maintain the VM by performing tasks such as configuring, patching, and installing the software that runs on it.

The vCPU quotas for virtual machines and virtual machine scale sets are arranged in two tiers for each subscription in each region.

– Total Regional vCPUs

– VM size family cores

Every time you deploy a new VM, the vCPUs must not exceed the vCPU quota for the VM size family or the total regional vCPU. If either of those quotas has been exceeded, the VM deployment will not be allowed. Take note that there is also a quota for the overall number of virtual machines in the region. The quota is calculated based on the total number of cores in use, both allocated and deallocated. If you need additional cores, you can request a quota increase or delete VMs that are no longer needed.

The statement that says: You can create VM4 in North Central US Region is correct because the remaining vCPU quota in North Central US is 3 vCPUs. If you created VM4 in the North Central US Region, the total vCPUs in that Region is 14 of 15 vCPUs.

The statement that says: You can create VM5 in North Central US Region is incorrect. Take note that you already created the VM4 instance. Therefore, the remaining vCPU quota in the North Central US is only 1 vCPU.

The statement that says: You can create VM6 in North Central US Region is incorrect because if you create VM6 in the North Central US, it will exceed the total regional vCPU quota.

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/quotas

https://docs.microsoft.com/en-us/azure/virtual-machines/sizes

https://docs.microsoft.com/en-us/azure/azure-portal/supportability/per-vm-quota-requests

Check out this Azure Virtual Machines Cheat Sheet:

https://tutorialsdojo.com/azure-virtual-machines/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

You plan to host a web application in three Azure virtual machines.

You need to make sure that there are at least two virtual machines running if an Azure data center becomes inaccessible.

What should you do?

A. Deploy all the virtual machines in a single Availability Zone.
B. Deploy one virtual machine in each Availability Zone.
C. Deploy all the virtual machines in a single Availability Set.
D. Deploy one virtual machine in each Availability Set.
A

B. Deploy one virtual machine in each Availability Zone.

Explanation:
Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment. An Azure VM gives you the flexibility of virtualization without having to buy and maintain the physical hardware that runs it. However, you still need to maintain the VM by performing tasks, such as configuring, patching, and installing the software that runs on it.

In Azure, there are two options for managing availability and resiliency for your applications. The first option is availability sets. It is used to protect applications from hardware failures within an Azure data center. Meanwhile, availability zones are used to protect applications against Azure data center failures. Take note that an availability set only protects your resources from planned and unplanned maintenance. It cannot protect your applications from data center outages. Also, in the availability set, if a hardware or software failure happens, only a subset of your VMs are impacted and your overall solution stays operational.

For example, when you create a new VM, you specify the availability set as a parameter. Azure makes sure the VMs are isolated across multiple physical hardware resources within the data center. If the physical hardware that one of your servers is running on has a problem, you know the other instances of your servers will keep running because they’re on different hardware.

Based on the given requirements, you can protect your web application from data center outages if you will deploy the three virtual machines in a separate Availability Zone. Remember that Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more data centers equipped with independent power, cooling, and networking. To ensure resiliency, there is a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures.

Hence, the correct answer is: Deploy one virtual machine in each Availability Zone.

The option that says: Deploy all the virtual machines in a single Availability Zone is incorrect because if the Availability Zone becomes inaccessible then all of the resources in that location will also be affected. To achieve a highly available application, you must deploy the virtual machines in multiple Availability Zones.

The option that says: Deploy all the virtual machines in a single Availability Set is incorrect because an Availability Set only isolates virtual machines from each other. This means that the virtual machines are still in the same data center. To protect your application from a data center outage, you must deploy the virtual machines in three Availability Zones.

The option that says: Deploy one virtual machine in each Availability Set is incorrect. Deploying the virtual machines in a separate Availability Set does not mean that it is protected from a data center outage. Take note that this option only ensures that your VMs are distributed across multiple fault domains in the Azure data center. Therefore, if the data center becomes unavailable, your application becomes unavailable too.

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/manage-availability#use-availability-zones-to-protect-from-datacenter-level-failures

https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#availability-zones

Check out this Azure Virtual Machines Cheat Sheet:

https://tutorialsdojo.com/azure-virtual-machines/

22
Q

You have deployed two Azure virtual machines to host a web application.

You plan to set up an Availability Set for your application.

You need to make sure that the application is available during planned maintenance.

Which of the following options will allow you to accomplish this?

A. Assign one update domain in the Availability Set.
B. Assign two fault domains in the Availability Set.
C. Assign one fault domain in the Availability Set.
D. Assign two update domains in the Availability Set.
A

D. Assign two update domains in the Availability Set.

Explanation:
Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment. An Azure VM gives you the flexibility of virtualization without having to buy and maintain the physical hardware. However, you still need to maintain the VM by performing tasks, such as configuring, patching, and installing the software that runs on it.

Planned maintenance is periodic updates made by Microsoft to the underlying Azure platform to improve the platform infrastructure’s overall reliability, performance, and security that your virtual machines run on.

To ensure that the application is available during planned maintenance, you must assign two update domains in the Availability Set. An update domain will make sure that the VMs in the Availability Set are not updated at the same time. The order of update domains being rebooted may not proceed sequentially during planned maintenance, but only one update domain is rebooted at a time. A rebooted update domain is given 30 minutes to recover before maintenance is initiated on a different update domain.

Hence, the correct answer is: Assign two update domains in the Availability Set.

The option that says: Assign one update domain in the Availability Set is incorrect because you need to assign one update domain for each virtual machine.

The option that says: Assign two fault domains in the Availability Set is incorrect because the requirement in the scenario is only planned maintenance. Even if you assigned two or more fault domains, the application will still be unavailable during planned maintenance. You must assign two update domains and one virtual machine for each update domain.

The option that says: Assign one fault domain in the Availability Set is incorrect because the fault domain is mainly used for unplanned maintenance. Instead of assigning a fault domain in the Availability Set, you must assign an update domain in order to satisfy this requirement.

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/manage-availability

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets

Check out this Azure Virtual Machines Cheat Sheet:

https://tutorialsdojo.com/azure-virtual-machines/

23
Q

You are planning to host several web applications in Azure App Service with the following runtime stack.

Az104-1-23How many App Service plan should you create at the minimum to properly deploy all applications?

A. Five
B. Zero
C. Two
D. One
A

C. Two

Explanation:
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments. App Service not only adds the power of Microsoft Azure to your application, such as security, load balancing, autoscaling, and automated management. You can also take advantage of its DevOps capabilities, such as continuous deployment from Azure DevOps, GitHub, Docker Hub, other sources, package management, staging environments, custom domain, and TLS/SSL certificates.

Before you launch a web app in Azure App Service, you must create an App Service plan. You must also select the Operating System that will be used in the App Service plan. Take note that some runtime stacks will only work on Windows such as ASP.NET while Ruby will only work with Linux.

If your runtime stack can be deployed to both Linux and Windows like Java, then you can only select one Operating System when creating a Web App.

– ASP.NET V4.8 = Windows

– Node 16 LTS = Windows & Linux

– PHP 8.2 = Linux

– Python 3.10 = Linux

– Java 11 = Windows & Linux

Based on the given runtime stack, you need to create two App Service plan (Linux and Windows).

Hence, the correct answer is: Two.

Zero is incorrect because you have to create an Azure App Service plan to properly deploy a Linux-based application. Therefore, you need to have at least one App Service plan to use it.

One is incorrect because one of the applications is running an ASP.NET V4.8 Windows runtime stack, while the other ones are using Linux runtime. Thus, you have to use at least two App Service plans.

Five is incorrect because you don’t need to create one App Service plan for each application. You only have to create one plan each for Windows and Linux OS.

References:

https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans

https://docs.microsoft.com/en-us/azure/app-service/overview

Check out this Azure App Service Cheat Sheet:

https://tutorialsdojo.com/azure-app-service/

24
Q

You deployed four Azure virtual machines in the following regions.

You have created a Recovery Services vault to hold backup data for VirtualMachine1 and VirtualMachine2.

You need to ensure that VirtualMachine3 and VirtualMachine4 are protected by a storage entity in Azure that houses data.

What should you do?

A. Create another Recovery Services vault.
B. Deploy a Storage Sync Service.
C. Create a BlockBlobStorage account.
D. Use the az backup policy set command in the Azure CLI.
A

A. Create another Recovery Services vault.

Explanation:
A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases. Recovery Services vaults support System Center DPM, Windows Server, Azure Backup Server, and more. Recovery Services vaults make it easy to organize your backup data while minimizing management overhead.

In this scenario, VirtualMachine1 and VirtualMachine2 are already protected by the Recovery Services vault. A Recovery Services vault is an entity that stores the backups and recovery points created over time for a particular Region only. Since VirtualMachine3 and VirtualMachine4 are in a different region, you must create a new Recovery Services vault. Remember that a Recovery Services vault must be in the same region as the virtual machines to create a recovery point. Therefore, to successfully back up the virtual machines, they must be in the same subscription or region as the vault.

Hence, the correct answer is: Create another Recovery Services vault.

The option that says: Deploy a Storage Sync Service is incorrect because setting up an Azure File Sync is not needed in the scenario. Take note that the only requirement in the scenario is to protect the data of VirtualMachine3 and VirtualMachine4 by a storage entity in Azure that houses the data. Therefore, to copy the data and configuration information of a virtual machine, you must use a Recovery Services vault.

The option that says: Create a BlockBlobStorage account is incorrect because this storage account is mainly used for workloads with high transaction rates or that require very fast access times. Since you need to protect the data in VirtualMachine3 and VirtualMachine4, you must use a Recovery Services vault and not a BlockBlobStorage account.

The option that says: Use the az backup policy set command in the Azure CLI is incorrect because this command only updates the existing policy in the Azure Backup service with the details that you provide. You can’t use the az backup policy set command to hold the backup data of VirtualMachine3 and VirtualMachine4.

References:

https://docs.microsoft.com/en-us/azure/backup/backup-azure-recovery-services-vault-overview

https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault

Check out this Azure Virtual Machines Cheat Sheet:

https://tutorialsdojo.com/azure-virtual-machines/

25
Q

You have a web app named tutorialsdojo-portal that is hosted in Azure App Services. The provisioned deployment slots for tutorialsdojo-portal are shown in the table below:

You configured several settings in the tutorialsdojo-dev and tutorialsdojo-staging.

You performed a swap operation between the production and staging slots. Upon testing the tutorialsdojo-portal app, it was discovered that the new features are not working properly.

Which of the following helps you revert the tutorialsdojo-portal app to its previous state?

A. Swap the slots of tutorialsdojo-dev and tutorialsdojo.
B. Restore the previous version of tutorialsdojo using app backup.
C. Swap the slots of tutorialsdojo-staging and tutorialsdojo-dev.
D. Swap the slots of tutorialsdojo-staging and tutorialsdojo.
A

D. Swap the slots of tutorialsdojo-staging and tutorialsdojo.

Explanation:
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments. App Service not only adds the power of Microsoft Azure to your application, such as security, load balancing, autoscaling, and automated management. You can also take advantage of its DevOps capabilities, such as continuous deployment from Azure DevOps, GitHub, Docker Hub, and other sources, package management, staging environments, custom domain, and TLS/SSL certificates.

A possible reason why the tutorialsdojo-portal web app is not working properly is that several settings are configured in the tutorialsdojo-dev and tutorialsdojo-staging.

When you perform the swap operation the following settings are swapped:

– General settings, such as framework version, 32/64-bit, web sockets

– App settings (can be configured to stick to a slot)

– Connection strings (can be configured to stick to a slot)

– Handler mappings

– Public certificates

– WebJobs content

To revert the tutorialsdojo-portal app to its previous state, you can swap the slots of the tutorialsdojo-staging and tutorialsdojo environments. Since the slots have been swapped again, the app will no longer experience any performance issues.

Hence, the correct answer is: Swap the slots of tutorialsdojo-staging and tutorialsdojo.

The option that says: Swap the slots of tutorialsdojo-dev and tutorialsdojo is incorrect because several settings are also configured in the tutorialsdojo-dev. If you perform the swap operation, it will not restore the previous state of the tutorialsdojo-portal web app.

The option that says: Swap the slots of tutorialsdojo-staging and tutorialsdojo-dev is incorrect because you don’t need to swap the slots of tutorialsdojo-staging and tutorialsdojo-dev. The only requirement in the scenario is to revert the tutorialsdojo-portal web app to its previous state.

The option that says: Restore the previous state of tutorialsdojo using app backup is incorrect because you must configure the backup settings of the web app first before you can restore the previous state. Also, the fastest way is to swap the slots of tutorialsdojo-staging and tutorialsdojo-portal.

References:

https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots

https://azure.microsoft.com/en-in/services/app-service/

26
Q

You created a new Azure web app with an F1 App Service plan.

You want to add a staging slot for your application but the option seems unavailable in the Azure Portal.

What must be done first to satisfy the above requirement?

A. Scale up the App Service plan.
B. Add a new deployment slot.
C. Scale-out the App Service plan.
D. Configure a custom domain.
A

A. Scale up the App Service plan.

Explanation:
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments. App Service not only adds the power of Microsoft Azure to your application, such as security, load balancing, autoscaling, and automated management. You can also take advantage of its DevOps capabilities, such as continuous deployment from Azure DevOps, GitHub, Docker Hub, and other sources, package management, staging environments, custom domain, and TLS/SSL certificates.

If you encountered the image shown above, this means that your App Service plan does not have the capability to add a staging slot for your application. To resolve this problem, you can upgrade your App Service plan to a Standard or Premium tier. After you successfully upgraded your plan, you can now add a slot in the deployment slots.

Hence, the correct answer is: Scale up the App Service plan.

The option that says: Add a new deployment slot is incorrect because you can’t add a slot using the F1 App Service plan. You must first upgrade your plan tier to a Standard or Premium tier.

The option that says: Scale-out the App Service plan is incorrect because the process of scaling out only allows you to enable autoscaling of your resources. This option will not help you add a staging slot to your application.

The option that says: Configure a custom domain is incorrect because a custom hostname is not needed and irrelevant in the scenario. Also, you can’t configure a custom domain in an F1 App Service plan. You must upgrade your plan tier first to enable this feature.

References:

https://docs.microsoft.com/en-us/azure/app-service/manage-scale-up

https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots

Check out this Azure App Service Cheat Sheet:

https://tutorialsdojo.com/azure-app-service/

27
Q

You plan to use an Azure Resource Manager (ARM) template to deploy 5 web apps in the same region.

You are required to launch the application in the most cost-effective way.

Which of the following options fulfills this requirement?

A. Create an Application Gateway
B. Create one App Service plan.
C. Create a CDN endpoint.
D. Create five App Service plans.
A

B. Create one App Service plan.

Explanation:
Azure Resource Manager (ARM) templates are primarily used to implement infrastructure as code for your Azure solutions. The template is a JavaScript Object Notation (JSON) file that defines your project’s infrastructure and configuration. The template uses declarative syntax, which lets you state what you intend to deploy without writing the sequence of programming commands to create it. In the template, you specify the resources to deploy and the properties for those resources.

The main requirement in this scenario is to deploy web apps in the most cost-effective way. To accomplish this requirement, you can create one App Service plan and use the plan to deploy five web apps. If you recall the Azure App Service concepts, you can configure one or more apps to run on the same computing resources (or in the same App Service plan). Therefore, if you deploy the five web apps in the same region, you can use one App Service plan for your resources.

Hence, the correct answer is: Create one App Service plan.

The option that says: Create five App Service plan is incorrect because the requirement in this scenario is to deploy the five web apps to the same region in the most cost-effective way. This approach is applicable if you need to deploy web apps in different regions.

The option that says: Create an Application Gateway is incorrect because you can’t deploy five web apps using Azure Application Gateway. This service is simply a web traffic load balancer and is not capable of hosting an application.

The option that says: Create a CDN endpoint is incorrect because a CDN endpoint only represents a specific configuration of content delivery behavior and access. You must create one App Service plan to fulfill the requirement in the scenario.

References:

https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans

https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview

Check out this Azure App Service Cheat Sheet:

https://tutorialsdojo.com/azure-app-service/

28
Q

You are managing 50 virtual machines.

You need to identify idle and underutilized resources to reduce the overall costs of your account. The service tier of your development virtual machines must also be changed to a less expensive offering.

What Azure service should you use?

A. Azure Advisor
B. Azure Event Hubs
C. Azure Monitor
D. Azure Compliance Manager
A

A. Azure Advisor

Explanation:
Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost-effectiveness, performance, reliability, and security of your Azure resources.

With Azure Advisor, you can optimize and improve the efficiency of your infrastructure by identifying idle and underutilized resources. Azure Cost Management works with Azure Advisor to provide cost optimization recommendations. To view cost optimization recommendations for a subscription, you can open the desired scope in the Azure portal and select Advisor recommendations. The list of recommendations identifies usage inefficiencies or shows purchase recommendations that can help you save costs.

Hence, the correct answer is: Azure Advisor.

Azure Event Hubs is incorrect because this service is mainly used for big data streaming platforms. Instead of using Azure Event Hubs to identify underutilized virtual machines, you must use the Azure Advisor.

Azure Monitor is incorrect. Although Azure Monitor has several features to monitor specific Azure services, this service won’t provide you recommendations that can reduce the overall costs of your account.

Azure Compliance Manager is incorrect. This service only allows you to assign, track, and record compliance and assessment-related activities. You can’t use Azure Compliance Manager to identify idle and underutilized resources in your Azure account.

References:

https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/tutorial-acm-opt-recommendations

https://docs.microsoft.com/en-us/azure/advisor/advisor-overview

Check out this Azure Advisor Cheat Sheet:

https://tutorialsdojo.com/azure-advisor/

29
Q

You are managing an Azure AD tenant that has 500 user accounts.

You created a new user account named AppAdmin.

You must assign the role of Application Administrator to the AppAdmin user account.

What should you do in the Azure Active Directory settings to accomplish this requirement?

A. Select the user profile and add the role assignments.
B. Select the user profile and add the user to the admin group.
C. Select the user profile and assign it to an administrative unit.
D. Select the user profile and enable the My Staff feature.
A

A. Select the user profile and add the role assignments.

Explanation:
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in external and internal resources. External resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization.

Azure AD has a set of built-in admin roles for granting access to manage configuration in Azure AD for all applications. These roles are the recommended way to grant IT experts access to manage broad application configuration permissions without granting access to manage other parts of Azure AD not related to application configuration. Here are the two common built-in roles in Azure Active Directory:

– Application Administrator: Users in this role can create and manage all aspects of enterprise applications, application registrations, and application proxy settings. This role also grants the ability to consent to delegated permissions, and application permissions excluding Microsoft Graph. Users assigned to this role are not added as owners when creating new application registrations or enterprise applications.

– Cloud Application Administrator: Users in this role have the same permissions as the Application Administrator role, excluding the ability to manage application proxy. Users assigned to this role are not added as owners when creating new application registrations or enterprise applications.

If you want to grant a user permission to manage Azure AD resources, you must assign them to a role that provides the permissions they need. Based on the given scenario, the new user account needs the role of Application Administrator. To grant a role to the new user account, you must select the user profile and click on add assignments in the assigned roles option. Add the Application Administrator role, and the user can now create and manage all aspects of app registrations and enterprise apps.

Hence, the correct answer is: Select the user profile and add the role assignments.

The option that says: Select the user profile and add the user to the admin group is incorrect because adding the user to the admin group doesn’t mean that the Application Administrator’s role is automatically assigned to the user account.

The option that says: Select the user profile and assign it to an administrative unit is incorrect because this option only restricts permissions in a role to any portion of your organization that you define. Take note that the requirement in the scenario is to assign an Application Administrator role to the new user account and not to restrict its permissions in your account.

The option that says: Select the user profile and enable the My Staff feature is incorrect because the My Staff feature simply enables you to delegate to a figure of authority, such as a store manager or a team lead, the permissions to ensure that their staff members are able to access to their Azure AD accounts.

References:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal

https://azure.microsoft.com/en-us/services/active-directory/

Check out this Azure Active Directory Cheat Sheet:

https://tutorialsdojo.com/azure-active-directory-azure-ad/

Azure Active Directory vs Role-Based Access Control:

https://tutorialsdojo.com/azure-active-directory-ad-vs-role-based-access-control-rbac/

30
Q

You need to use an existing Azure Resource Manager (ARM) template to provision ten Azure virtual machines.

You should retrieve the password using the ARM template. The password must not be stored in plain text.

Which of the following options can help you accomplish this?

A. Create a key vault and configure an access policy.
B. Configure label protection.
C. Create a storage account and configure data protection.
D. Configure Azure AD Password Protection.
A

A. Create a key vault and configure an access policy.

Explanation:
Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. Key Vault service supports two types of containers: vaults and managed HSM pools. Vaults support storing software and HSM-backed keys, secrets, and certificates. Managed HSM pools only support HSM-backed keys.

In this scenario, you can use the ARM template to retrieve the password in Azure Key Vault. Instead of putting a secure value (like a password) directly in your template or parameter file, you can retrieve the value from an Azure Key Vault during deployment. You retrieve the value by referencing the key vault and secret in your parameter file. The value is never exposed because you only reference its key vault ID.

Hence, the correct answer is: Create a key vault and configure an access policy.

The option that says: Create a storage account and configure data protection is incorrect because you can’t store a secret in a storage account. You must use a key vault to store and use several types of secret/key data. Also, data protection in the storage account is primarily used for the recovery and tracking of blobs.

The option that says: Configure label protection is incorrect. This option is a feature of Azure Information Protection. Label protection is used for protecting sensitive documents and emails by using the Rights Management service. You can’t use label protection to store secret values in Azure Key Vault.

The option that says: Configure Azure AD Password Protection is incorrect because this option only detects and blocks known weak passwords in your organization. Take note that the requirement in the scenario is to store the password as a secret that is not in plaintext. Therefore, you must use the Azure Key Vault.

References:

https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy-portal

https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter

https://docs.microsoft.com/en-us/azure/key-vault/secrets/quick-create-template

Check out this Azure Key Vault Cheat Sheet:

https://tutorialsdojo.com/azure-key-vault/

31
Q

Your company has an Azure AD tenant named TD-Azure-AD that contains 3 User Administrators and 2 Global Administrators.

You recently purchased 5 Premium P1 licenses.

You need to make sure that the users in your tenant have access to all the Premium P1 features.

What should you do to satisfy the above requirement?

A. Select the user in your tenant and assign a new role in the Directory role blade of each user.	
B. Select the user in your tenant and assign it to an administrative unit.
C. In the Licenses blade of Azure AD, select the user in your tenant and assign the license.	
D. Select the user in your tenant and add the user to an Active Directory group.
A

C. In the Licenses blade of Azure AD, select the user in your tenant and assign the license.

Explanation:
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in external and internal resources: external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications; internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization.

There are several license plans available for the Azure AD service, including:

– Azure AD Free

– Azure AD Premium P1

– Azure AD Premium P2

To ensure that the users in your tenant have access to Premium P1 license features, you must manually add the license to each user or add the license to a group. Remember that only the users with active licenses can access and use the licensed Azure AD services. Also, licenses are applied per tenant, and you can’t transfer them to other tenants.

Hence, the correct answer is: In the Licenses blade of Azure AD, select the user in your tenant and assign the license.

The option that says: Select the user in your tenant and assign a new role in the Directory role blade of each user is incorrect because this approach only assigns a new role to your user. To assign the Premium P1 licenses to your users, you must go to the Licenses tab and click Assignments.

The option that says: Select the user in your tenant and assign it to an administrative unit is incorrect because this option only restricts permissions in a role to any portion of your organization that you define. You must select the user in your tenant and manually add the Premium P1 license.

The option that says: Select the user in your tenant and add the user to an Active Directory group is incorrect because this approach would only work if the license is already added to the group. Take note that this option only adds the user to an Active Directory group. To ensure that the users in the Active Directory group have access to the Premium P1 license features, you will need to assign a license to the group.

References:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/license-users-groups

https://azure.microsoft.com/en-us/services/active-directory/

Check out this Azure Active Directory Cheat Sheet:

https://tutorialsdojo.com/azure-active-directory-azure-ad/

32
Q

You plan to migrate your business-critical application to Azure virtual machines.

You need to make sure that at least two VMs are available during planned Azure maintenance.

What should you do?

A. Create an Availability Set that has three update domains and one fault domain.
B. Create an Availability Set that has three update domains and two fault domains.
C. Create an Availability Set that has two update domains and three fault domains.
D. Create an Availability Set that has one update domain and three fault domains.
A

B. Create an Availability Set that has three update domains and two fault domains.

Explanation:
Azure periodically updates its platform to improve the reliability, performance, and security of the host infrastructure for virtual machines. The purpose of these updates ranges from patching software components in the hosting environment to upgrading networking components or decommissioning hardware.

Updates rarely affect the hosted VMs. When updates do have an effect, Azure chooses the least impactful method for updates:

– If the update doesn’t require a reboot, the VM is paused while the host is updated, or the VM is live-migrated to an already updated host.

– If maintenance requires a reboot, you’re notified of the planned maintenance. Azure also provides a time window in which you can start the maintenance yourself, at a time that works for you. The self-maintenance window is typically 35 days unless the maintenance is urgent. Azure is investing in technologies to reduce the number of cases in which planned platform maintenance requires the VMs to be rebooted.

The main objective of the question is to test your understanding of update and fault domains. Since it’s a requirement in the scenario that at least two virtual machines must be available during planned maintenance, you should add three update domains in the Availability Set. Take note that each virtual machine in your availability set is assigned to an update domain and a fault domain.

During scheduled maintenance, only one update domain is updated at any given time. Update domains aren’t necessarily updated sequentially. A rebooted update domain is given 30 minutes to recover before maintenance is initiated on a different update domain. For fault domains, you can set a minimum number of fault domains in your Availability Set because the main requirement in the scenario is to prepare for planned maintenance.

Hence, the correct answer is: Create an Availability Set that has three update domains and two fault domains.

The option that says: Create an Availability Set that has three update domains and one fault domain is incorrect because if you set 3 update domains and 1 fault domain in an Availability Set, you will receive an error message: “The update domain count must be 1 when fault domain count is 1.” To resolve this error, you must have 2 fault domains instead of 1 fault domain.

The option that says: Create an Availability Set that has two update domains and three fault domains is incorrect because you need to have three update domains instead of two update domains.

The option that says: Create an Availability Set that has one update domain and three fault domains is incorrect because three fault domains are not needed in this scenario. Fault domains are mainly used for unplanned maintenance. Three update domains must be provisioned to adequately satisfy the requirements.

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/maintenance-and-updates

https://docs.microsoft.com/en-us/azure/virtual-machines/manage-availability

Check out this Azure Virtual Machines Cheat Sheet:

https://tutorialsdojo.com/azure-virtual-machines/

33
Q

Your organization currently has several virtual machines running in their Azure subscription.

You have been assigned to track and compare the latencies of the on-premises site with the latencies of the Azure application.

Which of the following options would satisfy this requirement?

A. IP Flow Verify
B. Connection Monitor
C. Packet Capture
D. Traffic Analytic

A

B. Connection Monitor

Explanation:
Connection Monitor provides unified, end-to-end connection monitoring in Azure Network Watcher. The Connection Monitor feature supports hybrid and Azure cloud deployments. Network Watcher provides tools to monitor, diagnose, and view connectivity-related metrics for your Azure deployments.

In the given scenario, you can use Connection Monitor to compare the latencies of the on-premises site to the latencies of the Azure application. To make Connection Monitor recognize your Azure VMs or VM scale sets as monitoring sources, you should install the Network Watcher Agent extension on the VMs.

Azure Virtual Machines and scale sets require the extension to trigger end-to-end monitoring and other advanced functionality. You can also install the Network Watcher extension when you create a VM or when you create a VM scale set.

Hence, the correct answer is: Connection Monitor.

IP Flow Verify is incorrect because this feature only allows you to detect traffic filtering issues at a VM level.

Packet Capture is incorrect because this will just help you capture all traffic on a VM in your virtual network. Unlike, Connection Monitor that allows you to track both on-premise and cloud infrastructure.

Traffic Analytics is incorrect because this is primarily used to examine NSG flow logs in order to provide insights into traffic flow in your Azure cloud.

References:

https://learn.microsoft.com/en-us/azure/network-watcher/connection-monitor-overview

https://learn.microsoft.com/en-us/azure/network-watcher/frequently-asked-questions

Check out this Azure Virtual Machines Cheat Sheet:

https://tutorialsdojo.com/azure-virtual-machines/

34
Q

Your company has an Azure Kubernetes Service (AKS) cluster and a Windows 10 workstation with Azure CLI installed.

You plan to use the kubectl client on Windows 10.

Which of the following commands should you run?

A. az aks install-cli	
B. az aks nodepool
C. az aks create	
D. az aks browse
A

A. az aks install-cli

Explanation:
Azure Kubernetes Service (AKS) makes it simple to deploy a managed Kubernetes cluster in Azure. AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure. As a hosted Kubernetes service, Azure handles critical tasks like health monitoring and maintenance for you. The Kubernetes masters are managed by Azure. You only manage and maintain the agent nodes.

To connect to the Kubernetes cluster from your local computer, you need to use kubectl (Kubernetes command-line client). But before you can use kubectl, you should first run the command az aks install-cli in the command-line interface. The kubectl allows you to deploy applications, inspect and manage cluster resources, and view logs.

Hence, the correct answers is: az aks install-cli.

The option that says: az aks nodepool is incorrect because this command only allows you to manage node pools in a Kubernetes cluster. It is stated in the scenario that you need to use the kubectl client. Therefore, you should first run the az aks install-cli command.

The option that says: az aks create is incorrect because this will just create a new managed Kubernetes cluster. Take note that in this scenario, you need to use the Kubernetes command-line client in Windows 10. In order for you to manage cluster resources, you should use the kubectl client.

The option that says: az aks browse is incorrect because it will simply show the dashboard of the Kubernetes cluster in your web browser. Instead of running the command az aks browse, you should run az aks install-cli to download and install the Kubernetes command-line tool.

References:

https://docs.microsoft.com/en-us/cli/azure/aks

https://docs.microsoft.com/en-us/azure/aks/intro-kubernetes

Check out this Azure Kubernetes Service Cheat Sheet:

https://tutorialsdojo.com/azure-kubernetes-service-aks/

Azure Container Instances (ACI) vs Azure Kubernetes Service (AKS):

https://tutorialsdojo.com/azure-container-instances-aci-vs-azure-kubernetes-service-aks/

35
Q

Note: This item is part of a series of questions with the exact same scenario but with a different proposed answer. Each one in the series has a unique solution that may, or may not, comply with the requirements specified in the scenario.

You created a new Azure subscription. The subscription has a resource group named TD-RG. The resources in TD-RG is created using ARM templates.

You need to get the exact date and time when the resources in TD-RG was deployed.

Solution: In the resource group settings, select Policies.

Does the solution meet the goal?

A. Yes
B. No
A

B. No

Explanation:
A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization. Generally, add resources that share the same lifecycle to the same resource group so you can easily deploy, update, and delete them as a group.

The policy in the resource group is mainly used for implementing governance for resource consistency, regulatory compliance, security, cost, and management. Azure Policy does not contain the date and time when the resources were deployed.

To verify the date and time the resources were deployed, you can select the resource group and click the deployment settings. You will see a summary of the deployment: the deployment name, status, last modified, duration, and related events. If you select the specific template, you can check the inputs, outputs, and the template used during deployment.

Hence, the correct answer is: No.

References:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-first-template

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal

Check out this Azure Global Infrastructure Cheat Sheet:

https://tutorialsdojo.com/azure-global-infrastructure/

36
Q

Note: This item is part of a series of questions with the exact same scenario but with a different proposed answer. Each one in the series has a unique solution that may, or may not, comply with the requirements specified in the scenario.

You created a new Azure subscription. The subscription has a resource group named TD-RG. The resources in TD-RG is created using ARM templates.

You need to get the exact date and time when the resources in TD-RG was deployed.

Solution: In the resource group settings, select Properties.

Does the solution meet the goal?

A. Yes
B. No
A

B. No

Explanation:
A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization. Generally, add resources that share the same lifecycle to the same resource group so you can easily deploy, update, and delete them as a group.

The properties in the resource group contain the name, location, location ID, resource ID, subscription, and subscription ID. This setting does not contain the date and time when the resources were deployed.

To verify the date and time the resources were deployed, you can select the resource group and click the deployment settings. You will see a summary of the deployment: the deployment name, status, last modified, duration, and related events. If you select a particular template, you can check the inputs, outputs, and the template used during deployment.

Hence, the correct answer is: No.

References:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-first-template

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal

Check out this Azure Global Infrastructure Cheat Sheet:

https://tutorialsdojo.com/azure-global-infrastructure/

37
Q

Note: This item is part of a series of questions with the exact same scenario but with a different proposed answer. Each one in the series has a unique solution that may, or may not, comply with the requirements specified in the scenario.

You created a new Azure subscription. The subscription has a resource group named TD-RG. The resources in TD-RG is created using ARM templates.

You need to get the exact date and time when the resources in TD-RG was deployed.

Solution: In the resource group settings, select Deployments.

Does the solution meet the goal?

A. Yes
B. No

A

A. Yes

Explanation:
A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization. Generally, add resources that share the same lifecycle to the same resource group so you can easily deploy, update, and delete them as a group.

To verify the date and time the resources were deployed, you can select the resource group and click the deployment settings. You will see a summary of the deployment: the deployment name, status, last modified, duration, and related events. If you select the template, you can check the inputs, outputs, and the template used during deployment.

Hence, the correct answer is: Yes.

References:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-first-template

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal

Check out this Azure Global Infrastructure Cheat Sheet:

https://tutorialsdojo.com/azure-global-infrastructure/

38
Q

Overview

Contoso Limited is an online learning portal for technology-related topics that empowers its users to upgrade their skills and career. Contoso Limited has users from all over the world, ranging from the United States, Europe, and Asia.

Existing Environment

Currently, Contoso Limited utilizes a three-tier system for their LMS application on-premises, including the following:

Web frontend tier

Application tier

SQL Server

Each tier contains three virtual machines with no ability to scale out.

The contents of the application are stored in the file server.

Planned changes

Contoso Limited plans to implement the following modifications for their migration to Azure:

Migrate the web and application tier to Azure virtual machines.

Migrate the SQL server to the Azure SQL database.

Move the existing file server to a more efficient service.

Technical Requirements

Minimize administrative effort and cost whenever possible.

Ensure that the user can increase the number of virtual machines for the web tier and application tier when there is high demand.

Ensure that there will be automated backups for all virtual machines.

Ensure that the file server can be mounted from Azure and on-premises data center.

Enable Multi-Factor Authentication (MFA) for administrators only.

Assets must be stored in the Azure Storage service.

Enable SSL termination at the load balancer layer.

The architecture must be highly available.

You need to use an Azure storage service that can be mounted concurrently on the cloud and on-premises data center.

Which of the following services fulfills this requirement?

A. Azure Files
B. Azure Blob
C. Azure Table
D. Azure Disk
A

A. Azure Files

Explanation:
Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol or Network File System (NFS) protocol. Azure Files SMB file shares are accessible from Windows, Linux, and macOS clients. Azure Files NFS file shares are accessible from Linux or macOS clients. Additionally, Azure Files SMB file shares can be cached on Windows Servers with Azure File Sync for fast access near where the data is being used.

The requirements in the scenario are:

– Move the existing file server to a more efficient service.

– Ensure that the file server can be mounted from Azure and on-premises data center.

Among the given options, only Azure Files can satisfy the given requirements. Azure file shares can be mounted concurrently on the cloud or on-premises deployments. Azure Files can be used to completely replace or supplement traditional on-premises file servers or NAS devices. Azure File SMB file shares can also be replicated with Azure File Sync to Windows Servers, either on-premises or in the cloud, for performance and distributed caching of the data where it’s being used.

Hence, the correct answer is: Azure Files.

Azure Blob is incorrect because this service can’t be mounted concurrently on the cloud and on-premises data center. Instead of using Azure Blob, you should use Azure Files.

Azure Table is incorrect because this service simply stores structured NoSQL data. You can’t mount this storage service to your on-premises data center.

Azure Disk is incorrect because this storage service can only be used on Azure resources. If you need to move your existing file server to the cloud, you can use Azure Files.

References:

https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction

https://azure.microsoft.com/en-us/services/storage/files/

Check out this Azure Files Cheat Sheet:

https://tutorialsdojo.com/azure-file-storage/

Azure Blob vs Disk vs File Storage:

https://tutorialsdojo.com/azure-blob-vs-disk-vs-file-storage/

39
Q

Overview

Contoso Limited is an online learning portal for technology-related topics that empowers its users to upgrade their skills and career. Contoso Limited has users from all over the world, ranging from the United States, Europe, and Asia.

Existing Environment

Currently, Contoso Limited utilizes a three-tier system for their LMS application on-premises, including the following:

Web frontend tier

Application tier

SQL Server

Each tier contains three virtual machines with no ability to scale out.

The contents of the application are stored in the file server.

Planned changes

Contoso Limited plans to implement the following modifications for their migration to Azure:

Migrate the web and application tier to Azure virtual machines.

Migrate the SQL server to the Azure SQL database.

Move the existing file server to a more efficient service.

Technical Requirements

Minimize administrative effort and cost whenever possible.

Ensure that the user can increase the number of virtual machines for the web tier and application tier when there is high demand.

Ensure that there will be automated backups for all virtual machines.

Ensure that the file server can be mounted from Azure and on-premises data center.

Enable Multi-Factor Authentication (MFA) for administrators only.

Assets must be stored in the Azure Storage service.

Enable SSL termination at the load balancer layer.

The architecture must be highly available.

You plan to create a solution that automatically increases the number of VMs when there is high demand.

What should you implement?

A. Deploy the virtual machine in an Availability Set.
B. Create Azure virtual machine scale sets.
C. Create an Azure ARM template to deploy a virtual machine.
D. Deploy the virtual machine in multiple Availability Zones.
A

B. Create Azure virtual machine scale sets.

Explanation:
Azure virtual machine scale sets let you create and manage a group of load-balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications and allow you to centrally manage, configure, and update a large number of VMs. With virtual machine scale sets, you can build large-scale services for areas such as compute, big data, and container workloads.

In this scenario, you can create a VM scale set to automatically increase the number of VMs when there is high demand. Take note that scale sets are built from virtual machines. With scale sets, the management and automation layers are provided to run and scale your applications.

Hence, the correct answer is: Create Azure virtual machine scale sets.

The option that says: Deploy the virtual machine in an Availability Set is incorrect because an Availability Set only allows you to deploy the virtual machine in a single data center. Therefore, this option does not meet the technical requirements of being scalable and highly available.

The option that says: Deploy the virtual machine in multiple Availability Zones is incorrect. Just like the option above, the virtual machine won’t scale as the traffic increases by default. You have to create Azure virtual machine scale sets instead.

The option that says: Create an Azure ARM template to deploy a virtual machine is incorrect because this template only deploys one virtual machine to Azure. If the template would create virtual machine scale sets then this option would satisfy the requirements in the scenario.

References:

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview

https://azure.microsoft.com/en-us/services/virtual-machine-scale-sets/

Check out this Azure Virtual Machines Cheat Sheet:

https://tutorialsdojo.com/azure-virtual-machines/

Azure Scale Set vs Availability Set:

https://tutorialsdojo.com/azure-scale-set-vs-availability-set/

40
Q

Contoso Limited is an online learning portal for technology-related topics that empowers its users to upgrade their skills and career. Contoso Limited has users from all over the world, ranging from the United States, Europe, and Asia.

Existing Environment

Currently, Contoso Limited utilizes a three-tier system for their LMS application on-premises, including the following:

Web frontend tier

Application tier

SQL Server

Each tier contains three virtual machines with no ability to scale out.

The contents of the application are stored in the file server.

Planned changes

Contoso Limited plans to implement the following modifications for their migration to Azure:

Migrate the web and application tier to Azure virtual machines.

Migrate the SQL server to the Azure SQL database.

Move the existing file server to a more efficient service.

Technical Requirements

Minimize administrative effort and cost whenever possible.

Ensure that the user can increase the number of virtual machines for the web tier and application tier when there is high demand.

Ensure that there will be automated backups for all virtual machines.

Ensure that the file server can be mounted from Azure and on-premises data center.

Enable Multi-Factor Authentication (MFA) for administrators only.

Assets must be stored in the Azure Storage service.

Enable SSL termination at the load balancer layer.

The architecture must be highly available.

You need to deploy a load balancer that supports SSL termination.

What Azure service should you use?

A. Azure Application Gateway
B. Azure Load Balancer
C. Azure Traffic Manager
D. Azure Front Door
A

A. Azure Application Gateway

Explanation:
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 – TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port. Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example, URI path or host headers.

SSL termination refers to the process of decrypting encrypted traffic before passing it along to a web server. TLS is just an updated, more secure, version of SSL. An SSL connection sends encrypted data between a user and a web server by using a certificate for authentication. SSL termination helps speed the decryption process and reduces the processing burden on the servers.

Azure Application Gateway supports end-to-end traffic encryption and TLS/SSL termination. Based on the defined routing rules, the gateway applies the rules to the traffic, re-encrypts the packet, and forwards the packet to the appropriate server. Any reply from the web server goes back to the same process.

Hence, the correct answer is: Azure Application Gateway.

Azure Traffic Manager is incorrect because Traffic Manager does not support SSL termination. This service is mainly used for DNS-based traffic load balancing.

Azure Load Balancer is incorrect. Just like the option above, this service does not support SSL termination. You can use this service to create public and internal load balancers only.

Azure Front Door is incorrect. Although it supports SSL offloading, this service is not a load balancer. Azure Front Door is a global, scalable entry-point that uses the Microsoft global edge network to create fast, secure, and widely scalable web applications.

References:

https://docs.microsoft.com/en-us/azure/application-gateway/overview

https://azure.microsoft.com/en-us/services/application-gateway/

Check out this Azure Application Gateway Cheat Sheet:

https://tutorialsdojo.com/azure-application-gateway/

Azure Load Balancer vs Application Gateway vs Traffic Manager vs Front Door:

https://tutorialsdojo.com/azure-load-balancer-vs-app-gateway-vs-traffic-manager/

41
Q

Your company has multiple offices located in the Philippines and a virtual network named TDNet1.

You need to establish a route-based VPN site-to-site connection from TDNet1 to your multiple offices.

Which of the following tunneling protocols should you use?

A. TCP
B. IKEv2
C. OpenVPN
D. SSTP
A

B. IKEv2

Explanation:
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the Internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own datacenter but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it.

Take note that multi-site-to-site VPN connections only support IKEv1 and IKEv2.

Hence, the correct answer is: IKEv2.

TCP, OpenVPN, and SSTPare incorrect because these protocols are not supported by Azure VPN gateway for establishing site-to-site VPN connections. Only IPsec/IKE (IKEv1 or IKEv2) are supported.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview

https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

Check out this Azure VPN Gateway Cheat Sheet:

https://tutorialsdojo.com/azure-vpn-gateway/

42
Q

You have an Azure subscription that contains the resources shown in the following table.

You provisioned an Azure Bastion named TD3 in the Singapore region with TDVnet1 as its virtual network.

For each of the following items, choose Yes if the statement is true or choose No if the statement is false. Take note that each correct item is worth one point.

Questions 	Yes 	No	
A. TD3 can connect to TD2.	
	
B. TD3 can connect to TD1 using the private IP address of TD1.	
	
C. TD3 can only connect to TD1 using the public IP address of TD1.
A

Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines don’t need a public IP address, agent, or special client software.

Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world while still providing secure access using RDP/SSH.

Azure Bastion opens the RDP/SSH connection to your Azure VM by using the private IP address on your VM. You don’t need a public IP address on your virtual machine.

Azure Bastion and VNet peering can be used together so that TD2 and TD3 can communicate with each other. When VNet peering is configured, you don’t have to deploy Azure Bastion in each peered VNet. This means if you have an Azure Bastion host configured in one virtual network (VNet), it can be used to connect to VMs deployed in a peered VNet without deploying an additional bastion host.

You also don’t need to apply any NSGs to the Azure Bastion subnet. Since TD3 and TD1 are using the same virtual network, they can communicate with each other using their respective private IP addresses. This removes the hassle of managing NSGs each time you need to connect securely to your virtual machines.

Normally virtual machines can connect to other virtual machines located in different virtual networks by their public IP addresses provided that their network security groups permit them.

Hence, this statement is correct: TD3 can connect to TD1 using the private IP address of TD1.

The statement that says: TD3 can connect to TD2 is incorrect because since TD3 and TD2 are in different virtual networks, they will not be able to communicate with each other. For them to be able to connect, their respective virtual networks must have VNet peering or VPN gateway enabled.

The statement that says: TD3 can only connect to TD1 using the public address of TD1 is incorrect because TD3 can connect to TD1 using the public and private IP addresses of TD1. It is highly advisable though to use the private IP address of TD1 for security reasons.

References:

https://docs.microsoft.com/en-us/azure/bastion/bastion-overview

https://docs.microsoft.com/en-us/azure/bastion/vnet-peering

43
Q

You have an Azure subscription that contains an Azure Storage account named TD1.
You export TD1 as an Azure Resource Manager template. The template contains the following sections.

azure-lifecycle-arm-template

For each of the following items, choose Yes if the statement is true or choose No if the statement is false. Take note that each correct item is worth one point.

Questions 	Yes 	No	

A. Blob data will be tiered to archive tier 1000 days after last modification.

B. Blob data will be tiered to cool tier 365 days after last modification.	

C. Previous versions will be deleted 60 days after creation.

A

An Azure Storage Account contains all of your Azure Storage data objects: blobs, files, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS. Data in your Azure storage account is durable and highly available, secure, and massively scalable.

Data sets have unique lifecycles. Early in the lifecycle, people access some data often. But the need for access often drops drastically as the data ages. Some data remains idle in the cloud and is rarely accessed once stored.

Some data sets expire days or months after creation, while other data sets are actively read and modified throughout their lifetimes. Azure Storage lifecycle management offers a rule-based policy that you can use to transition blob data to the appropriate access tiers or to expire data at the end of the data lifecycle.

Based on the image above, the following will happen:

– Previous versions will be deleted 60 days after creation.

– Blob data will be tiered to cool tier 90 days after last modification.

– Blob data will be tiered to archive tier 365 days after last modification.

– Blob data deleted 1000 days after last modification.

Hence, this statement is correct: Previous versions will be deleted 60 days after creation.

The statement that says: Blob data will be tiered to archive tier 1000 days after last modification is incorrect. Blob data will be tiered to archive tier 365 days after last modification.

The statement that says: Blob data will be tiered to cool tier 365 days after last modification is incorrect. Blob data will be tiered to cool tier 90 days after last modification.

References:

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview

https://docs.microsoft.com/en-us/azure/storage/blobs/lifecycle-management-overview

Check out this Azure Storage Overview Cheat Sheet:

https://tutorialsdojo.com/azure-storage-overview/

44
Q
  1. Azure Storage Explorer
  2. File Sync
  3. Azure Import/Export
  4. AzCopy

A. Centralize your organizations file shares
B. Standalone app that makes it easy to work with Azure Storage data on Windows, macOS and Linux
C. Securely import large amounts of data to Azure by shipping disk drives to an Azure datacenter
D. Command line utility for copying data to and from Microsoft Azure Blob and File storage

A
  1. B
  2. A
  3. C
  4. D

Explanation:
You can use Azure File Sync to centralize your organization’s file shares in Azure Files while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share. You can use any protocol that’s available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.

Microsoft Azure Storage Explorer is a standalone app that is accessible, intuitive, and feature-rich graphical user interface (GUI) for full management of cloud storage resources and makes it easy to work with Azure Storage data on Windows, macOS, and Linux. You can upload, download, and manage Azure blobs, files, queues, and tables, as well as Azure Cosmos DB and Azure Data Lake Storage entities.

Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter. This service can also be used to transfer data from Azure Blob storage to disk drives and ship to your on-premises sites. Data from one or more disk drives can be imported either to Azure Blob storage or Azure Files.

An alternative method for transferring data is AzCopy. AzCopy is the next-generation command-line utility for copying data to/from Microsoft Azure Blob and File storage, which offers a redesigned command-line interface and new architecture for high-performance reliable data transfers. Using AzCopy, you can copy data between a file system and a storage account or between storage accounts.

Therefore, the following statements match the corresponding Azure features:

File sync – Centralize your organization’s file shares.

Azure Storage Explorer – Standalone app that makes it easy to work with Azure Storage data on Windows, macOS, and Linux.

Azure Import/Export – Securely import large amounts of data to Azure by shipping disk drives to an Azure datacenter.

AzCopy – Command-line utility for copying data to/from Microsoft Azure Blob and File storage.

References:

https://docs.microsoft.com/en-us/azure/storage/file-sync/file-sync-introduction

https://docs.microsoft.com/en-us/azure/vs-azure-tools-storage-manage-with-storage-explorer

https://docs.microsoft.com/en-us/azure/import-export/storage-import-export-service

https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10

Check out this Azure Files Cheat Sheet:

https://tutorialsdojo.com/azure-file-storage/

45
Q

Your company hosts its business-critical Azure virtual machines in the Australia East region.

The servers are then replicated to a secondary region using Azure site recovery for disaster recovery.

The Australia East region is experiencing an outage and you need to failover to your secondary region.

Which three actions should you perform?

A. Initiate replication.
B. Run a test failover.
C. Verify if the virtual machines are protected and healthy.
D. Run a failback.
E. Run a failover.
F. Reprotect virtual machine.
A

C. Verify if the virtual machines are protected and healthy.
E. Run a failover.
F. Reprotect virtual machine.

Explanation:
A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases.

Recovery Services vaults support System Center DPM, Windows Server, Azure Backup Server, and more. Recovery Services vaults make it easy to organize your backup data while minimizing management overhead.

When you enable replication for a VM to set up disaster recovery, the Site Recovery Mobility service extension installs on the VM and registers it with Azure Site Recovery.

During replication, VM disk writes are sent to a cache storage account in the source region. Data is sent from there to the target region, and recovery points are generated from the data. When you fail over a VM during disaster recovery, a recovery point is used to restore the VM in the target region.

To perform a failover, you should complete the following steps:

Verify the VM settings – Check if the VM is healthy and protected. You also need to verify if the VM is running a support Windows or Linux operation system and if the VM complies with compute, storage and networking requirements.
Run a failover – In the failover tab, you are required to choose a recovery point. The Azure VM in the target region is created using data from this recovery point.
Reprotect the VM – After failover, you reprotect the VM in the secondary region so that it replicates back to the primary region.

Hence, the correct answers are:

– Verify if the virtual machines are protected and healthy.

– Run a failover.

– Reprotect the VM.

Initiate replication is incorrect because this is the first step in setting up a disaster recovery for virtual machines. The question states that the servers are already replicated to the secondary region which indicates that it is ready for a failover

Run a failback is incorrect because this option allows you to failback to your primary region and is only executed once the primary region is running as normal again.

Run a test failover is incorrect because you only run a test failover to check if an actual failover will work. This is done during disaster recovery drills.

References:

https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview

https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication

Check out this Azure Virtual Machines Cheat Sheet:

https://tutorialsdojo.com/azure-virtual-machines/

46
Q

You created an Azure public load balancer with the following settings:

Name: Manila
SKU: Standard
Virtual Network: TDVnet1

You need to be able to attach the virtual machines above to the backend pool of Manila.

Solution: Attach a public IP address with an SKU of Basic to TD1

Does this meet the goal?

A. Yes
B. No
A

B. No

Explanation:
A public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance Internet traffic to your VMs.

A public IP associated with a load balancer serves as an Internet-facing frontend IP configuration. The Frontend is used to access resources in the backend pool. The frontend IP can be used for members of the backend pool to egress to the Internet.

Remember the following concepts when attaching virtual machines to the backend pool of a load balancer:

– The SKU of the IP address of a virtual machine must match the SKU of the load balancer.

– You can attach virtual machines to the backend pool of a load balancer that does not contain an IP address.

– You can attach virtual machines to the backend pool of a load balancer even if they are in a stopped state.

Without implementing any changes, you would only be able to attach TD1, TD2, and TD3 to Manila.

The solution is incorrect because even if you attach a public IP address with an SKU of basic to TD1, you still won’t be able to attach it because its SKU must match the SKU of Manila which is Standard.

Hence, the correct answer is: No.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses

https://docs.microsoft.com/en-us/azure/virtual-network/ip-services/configure-public-ip-load-balancer

Check out this Azure Load Balancer Cheat Sheet:

https://tutorialsdojo.com/azure-load-balancer/

47
Q

A company plans on migrating its data to an Azure storage account named Cebu.

You need to migrate the files by using AzCopy.

Which of the following operating systems are supported by AzCopy?

A. Windows
B. Windows and Linux
C. Windows and macOS
D. Windows, Linux, and macOS
A

D. Windows, Linux, and macOS

Explanation:
AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account. You can also provide authorization credentials on your AzCopy command by using Azure Active Directory (AD) or by using a Shared Access Signature (SAS) token.

The following operating systems are supported:

– Windows

– Linux

– macOS

Download the AzCopy executable file to any directory on your computer. AzCopy V10 is just an executable file, so there’s nothing to install. These files are compressed as a zip file (Windows and Mac) or a tar file (Linux).

Hence, the correct answer is: Windows, Linux, and macOS.

References:

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview

https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10

Check out this Azure Blob Storage Cheat Sheet:

https://tutorialsdojo.com/azure-blob-storage/

48
Q

You created an Azure public load balancer with the following settings:

Name: Manila
SKU: Standard
Virtual Network: TDVnet1

You need to be able to attach the virtual machines above to the backend pool of Manila.

Solution: Ensure TD2 and TD4 are in a running state.

Does this meet the goal?

A. Yes
B. No
A

B. No

Explanation:
A public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance Internet traffic to your VMs.

A public IP associated with a load balancer serves as an Internet-facing frontend IP configuration. The Frontend is used to access resources in the backend pool. The frontend IP can be used for members of the backend pool to egress to the Internet.

Remember the following concepts when attaching virtual machines to the backend pool of a load balancer:

– The SKU of the IP address of a virtual machine must match the SKU of the load balancer.

– You can attach virtual machines to the backend pool of a load balancer that does not contain an IP address.

– You can attach virtual machines to the backend pool of a load balancer even if they are in a stopped state.

Without implementing any changes, you would only be able to attach TD1, TD2, and TD3 to Manila.

The solution is incorrect because you can attach virtual machines to the backend pool of a load balancer even if it’s in a stopped state, and if TD4 is in a running state, you still won’t be able to attach it because its public IP address has an SKU of basic.

Hence, the correct answer is: No.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses

https://docs.microsoft.com/en-us/azure/virtual-network/ip-services/configure-public-ip-load-balancer

Check out this Azure Load Balancer Cheat Sheet:

https://tutorialsdojo.com/azure-load-balancer/

49
Q

You created an Azure public load balancer with the following settings:

Name: Manila
SKU: Standard
Virtual Network: TDVnet1

You need to be able to attach the virtual machines above to the backend pool of Manila.

Solution: Remove the public IP address attached to TD4.

Does this meet the goal?

A. Yes
B. No
A

A. Yes

Explanation:
A public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance Internet traffic to your VMs.

A public IP associated with a load balancer serves as an Internet-facing frontend IP configuration. The Frontend is used to access resources in the backend pool. The frontend IP can be used for members of the backend pool to egress to the Internet.

Remember the following concepts when attaching virtual machines to the backend pool of a load balancer:

– The SKU of the IP address of a virtual machine must match the SKU of the load balancer.

– You can attach virtual machines to the backend pool of a load balancer that does not contain an IP address.

– You can attach virtual machines to the backend pool of a load balancer even if they are in a stopped state.

Without implementing any changes, you would only be able to attach TD1, TD2, and TD3 to Manila.

The solution is correct because you can now attach TD4. Take note that virtual machines attached to a backend pool do not need a public IP address, even if it will be attached to a public load balancer. Another correct solution is by upgrading the SKU the public IP address of TD4 to standard.

Hence, the correct answer is: Yes.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses

https://docs.microsoft.com/en-us/azure/virtual-network/ip-services/configure-public-ip-load-balancer

Check out this Azure Load Balancer Cheat Sheet:

https://tutorialsdojo.com/azure-load-balancer/

50
Q

Which of the following authentication methods can you use when transferring data using AzCopy to Blob storage and File storage?

Select the correct answer from the drop-down list of options. Each correct selection is worth one point. Each method may be used once, more than once, or not at all.

Blob storage

A. Storage Access Key
B. Shared Access Signature
C. Role Based Access Control
D. Microsoft authenticator

File storage

A. Storage Access Key
B. Shared Access Signature
C. Role Based Access Control
D. Microsoft authenticator

A

Blob storage - B. Shared Access Signature

File Storage - B. Shared Access Signature

AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account. You can also provide authorization credentials on your AzCopy command by using Azure Active Directory (AD) or by using a Shared Access Signature (SAS) token.

For blob storage, the supported authorization methods are: shared access signature and by using your Active Directory credentials.

Meanwhile, for file storage, the only supported authorization method is shared access signature.

Therefore, for both blob storage and file storage, you have to use shared access signature token as your authorization method.

References:

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview

https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10

Check out this Azure Blob Storage Cheat Sheet:

https://tutorialsdojo.com/azure-blob-storage/