Whiz Labs Practice Test 3 Flashcards
A team member has created a point to site VPN connection between a computer named WorkstationA and an Azure virtual network.
Another point to site VPN connection needs to be made between the same Azure Virtual network and a computer named WorkstationB
The VPN client package was generated and install on WorkstationB
You need to ensure that you can create a successful point to site VPN connection
You decide to export the Workstation A client certificate and install it on Workstation B
Would this solution fulfill the requirement?
A. Yes
B. No
A. Yes
Explanation:
Yes this is one of the requirements
You have a storage account named whizlabstore. You have created a file shae named demo using the file service. You need to ensure that users can connect to the file share from their home computers. Which of the following ports should be open to provide the connectivity?
A. 80
B. 443
C. 445
D. 3389
C. 445
Explanation:
To access files from home computers, users have to use SMB protocol that expects port 445 to be open
A company have created a storage account in their Azure subscription. The name of the storage account is whizlabstore. They also have created a file sharee named demo. They need to access the files in the file share via a UNC path
You need to fill in the following blocks to ensure that the right UNC path is provided.
Which of the following goes into slot 1?
A. blob
B. blob.conre.windows.net
C. portal.azure.com
D. file
E. file.core.windows.net
F. whizlabstore
G. demo
F. whizlabstore
Explanation:
A company has created a storage account in their Azure subscription. The name of the storage account is whizlabstore. They have also created a file share named demo. They need toa ccess the files in the file share via a UNC path.
You need to fill in the following blocks to ensure that the right UNC path is provided.
Which of the following would need to go into Slot 2?
A. blob
B. blob.conre.windows.net
C. portal.azure.com
D. file
E. file.core.windows.net
F. whizlabstore
G. demo
E. file.core.windows.net
Explanation:
A company has created a storage account in their Azure subscription. The name of the storage account is whizlabstore. They have also created a file share named demo. They need toa ccess the files in the file share via a UNC path.
You need to fill in the following blocks to ensure that the right UNC path is provided.
Which of the following would need to go into Slot 3?
A. blob
B. blob.conre.windows.net
C. portal.azure.com
D. file
E. file.core.windows.net
F. whizlabstore
G. demo
G. demo
Explanation:
Would virtual machines launched in the whizlab-client virtual network automatically get registered in the private domain of private.whizlabs.com if auto registration is enabled?
A. Yes
B. No
A. Yes
Explanation:
A company has set up virtual machine in Azure. A web server listening on port 80 and a DNS server has been installed on the vm. A network security group is attached to the network interface for the virtual machine. The rules for the NSG are given below
If RuleB is deleted/omitted, please select the service through which Internet users connect to the virtual machine.
A. Through the web server
B. Through the DNS server
C. Both web and DNS servers
D. Through RDP
E. Through RDP, Web and DNS Servers
D. Through RDP
Explanation:
Your company has set up a storage account in Azure, as shown below
The company needs to allow only connection to the storage account from an IP address range of 51.107.2.0 to 51.107.2..255. From which of the following section of the storage account would you modify to fulfill this requirement?
A. Network
B. Advanced Security
C. Soft Delete
D. Lifecycle Management
A. Network
Explanation:
Your company has set up a storage account in Azure, as shown below
There is a requirement to retain any blob data that might accidentally be deleted. The deleted data needs to be retained for 14 days. From which of the following options of the storage account would you modify to fulfill this requirement?
A. Firewall and virtual networks
B. Advanced security
C. Data protection (soft delete)
D. Lifecycle management
C. Data protection (soft delete)
Explanation:
A company wants to deploy a virtual machine using a Resource Manager template. The template needs to be submitted via Azure CLI commans. The template is stored in a file named storage.json
You need to complete the below CLI
Which of the following would go into SLOT1?
A. template
B. Deployment
C. Resource
D. vm
B. Deployment
Explanation:
A company wants to deploy a virtual machine using a Resource Manager template. The template needs to be submitted via Azure CLI Commands. The template is stored in a file named storage.json
You need to complete the below CLI command
Which of the following would go into SLOT 2?
A. –template
B. –template-uri
C. –template-file
D. –template-resource
C. –template-file
Explanation:
A company has set up an Azure subscription and a tenant. They want to ensure that only virtual machines of a particular SKU size can be launched in their Azure account.
They decide to implement RBAC
Does this fulfill the requirement?
A. Yes
B. No
B. No
Explanation:
A company has set up an Azure subscription and a tenant. They want to ensure that only virtual machines of a particular SKU size can be launched in their Azure account. They decide to implement Azure locks
Does this fulfill the requirement?
A. Yes
B. No
B. No
Explanation:
Azure locks are used to prevent users from accidentally deleting or modifying critical resources. If you need to limit the resource creation, like provision VM only of a particular SKU, you need to implement Azure policies
A company has set up an Azure subscription and a tenant. They want to ensure that only virtual machines of a particular SKU size can be launched in their Azure account. They decide to implement Azure Policies
Does this fulfill the requirement?
A. Yes
B. No
A. Yes
Explanation:
Yes this can be done with Azure policies. There is also already an in built policy which can implement this policy as shown below
A. IP Flow Verify
B. Next Hop
C. Packet Capture
D. Traffic Analysis
A. IP Flow Verify
Explanation:
This can be done with the IP Flow Verify Feature.
A. IP Flow Verify
B. Next Hop
C. Connection Monitor
D. Traffic Analytics
C. Connection Monitor
Explanation:
A company is planning to deploy an application to a set of virtual machines in an Azure network. The company needs to have an SLA of 99.99% for the application hosted on the virtual machines. Which of the following should be implemented to guarantee an SLA of 99.99% on the infrastructure level?
A. Make the virtual machines part of an availability set
B. Deploy the virtual machines across availability zones
C. Assign a standard public IP address to the virtual machines
D. Deploy single virtual machines across multiple regions
B. Deploy the virtual machines across availability zones
Explanation:
You company wants to provision an Azure storage account. The storage acocunt needs to meet the following requirements
- Should be able to support hot, cool and archive blob tiers
- SHould be able to provide fault tolerance if a disaster hits the Azure region, which has the storage account
- Should minimize on costs
You need to complete the below commoand to create the storage account
Which of the following would go into Slot1?
A. FileStorage
B. Storage
C. StorageV2
D. Table
E. BlockBlobStorage
C. StorageV2
Explanation:
The task requires to support the hot, cool and archive tiers. There is only one option from our list of options that can provide this: StorageV2 or General Purpose v2 Storage account. With this storage account type, we will have the complete functionality of the BLOB service
You company wants to provision an Azure storage account. The storage acocunt needs to meet the following requirements
- Should be able to support hot, cool and archive blob tiers
- SHould be able to provide fault tolerance if a disaster hits the Azure region, which has the storage account
- Should minimize on costs
You need to complete the below commoand to create the storage account
Which of the following would go into Slot2?
A. Standard_GRS
B. Standard_LRS
C. Standard_RAGRS
D. Premium_LRS
A. Standard_GRS
Explanation:
Standard_GRS which is geo redundant storage would ensure that data is available in a secondary region if the primary region goes down.
The Microsoft Documentation mentions the following:
Currently, in your production environment, containerized applications are running on the Azure Kubernetes Service cluster (AKS cluster). Managed disks, for persistent storage are being used. Currently, managed disk backup is being done via automation scripts. The scripts are hard to maintain. Youre working as an Azure admin and are expected to suggest a backup solution for managing disk, with the following requirements:
- It should support snapshot backup lifecycle which is policy drive and provide fast backup and recovery
- It should have a very light admin overhead
- The cost of the overall solution is low
Which of the following solutions will you select?
A. Azure recovery service vault
B. Azure Backup vault
C. Azure site recovery
D. Azure backup center
B. Azure Backup vault
D. Azure backup center
Explanation:
Option B is correct because a backup vault can be used for managing Azure disk snapshot life cycle management, as explained later
Option D is correct because the backup center is the best option for creating the backup vault
Option A is incrrect because the recovery service vault does not support disk snapshot life cycle management
Option C is incorrect because Azure site recovery is used for creating disaster recovery sites
Azure backup vaults support manage disk snapshot backup lifecycle, which is policy driven and provides fast backup and recovery from the snapshots of managed disk
The backup process of the backup vault does not cause any performance issues on the virtual machine. It has virtually no administrative overhead and low cost. We can easily create a backup vault from the backup Center
Backup Center provides a single unified management experience in Azure for enterprises to govern, monitor, operate and analyze backups at scale
A team has set up Log Analytics for a virtual machine named demovm. They are running the following query in the Log Analytics Workspace
In which of the below format will the data be displayed?
A. table that has 2 columns
B. table that has 3 columns
C. graph that has the computer values on the Y axis
D. graph that has the avg(CounterValue) values on the Y axis
D. graph that has the avg(CounterValue) values on the Y axis
Explanation:
If you try to run the query in Log Analytics, you will see the below output. It consists of a graph that has the average of the counter value on the Y axis
A company has set up an Azure Virtual Machine. A team member is trying to connect to the virtual machine but is not able to do so. Below is the snippet of the networking section of the virtual machine
Which of the following needs to be done to ensure that the team member cann connect to the virtual machine?
A. Delete the Rule Port_3389
B. Add a rule to the outbound port rules to allow traffic on port 3389
C. Delete the rule DenyAllInbound
D. Start the virtual machine
D. Start the virtual machine
Explanation:
Here is the issue that no public IP address has been assigned to the virtual machine. This is because the virtual machine is in a stopped state. So you would need to start the virtual machine, You will get a public IP address and then connect to the virtual machine
Your company currently has a site to site connection with an Azure virtual private network. The VPN device allocated on the on premise side will udnergo a change in its public IP address. You have to ensure the site to site VPN connection continues to work after the change. Which of the following step would you need to carry out after the change in the public IP address on the on premise VPN device, ensuring minimum connection downtime?
A. Start the VPN connection
B. Stop the VPN connection
C. Modify the local gateway IP address
D. Modify the VPN gateway address
C. Modify the local gateway IP address
Explanation:
If the VPN device that you want to connect to has changed its public IP address, you need to modify the local network gateway to reflect that change
A company has an application deployed across a set of virtual machines. Users connect to the application either using point to site VPN or site to site VPN connections. You need to ensure that connections to the application are spread across all of the virtual machines. Which of the following could you set up for this requirement? Choose 2 answers from the options given below.
A. Public Load Balancer
B. An Internal Load Balancer
C. A Traffic Manager Profile
D. An Azure Content Delivery Network
E. An Azure Application Gateway
B. An Internal Load Balancer
E. An Azure Application Gateway
Explanation:
Since we need to distribute traffic across the virtual machines, we can use either the load balancer or application gateway service
A company has set up an Azure subscription. They have provisioned a storage account and are currently using the BLOB service. They want to assign permissions to 3 user groups
GroupA - This group should have the ability to manage the storage account
GroupB - This group should be able to manage containers within a storage account
GroupC - This group should be given full access to Azure Storage blob containers and data, including assigning POSIX access control
You need to assign the relevant Role Based Access Control, ensuring the privilege of least access
Which of the following would you assign to GroupA?
A. Owner
B. Contributor
C. Storage Account Contributor
D. Storage Blob Data Contributor
E. Storage Blob Data Owner
C. Storage Account Contributor
Explanation:
This can be accomplished by the storage account contributor
A company has set up an Azure subscription. They have provisioned a storage account and are currently using the BLOB service. They want to assign permissions to 3 user groups
GroupA - This group should have the ability to manage the storage account
GroupB - This group should be able to manage containers within a storage account
GroupC - This group should be given full access to Azure Storage blob containers and data, including assigning POSIX access control
You need to assign the relevant Role Based Access Control, ensuring the privilege of least access
Which of the following would you assign to GroupB?
A. Owner
B. Contributor
C. Storage Account Contributor
D. Storage Blob Data Contributor
E. Storage Blob Data Owner
D. Storage Blob Data Contributor
Explanation:
This can be accomplished with the Storage Blob Data Contributor
A company has set up an Azure subscription. They have provisioned a storage account and are currently using the BLOB service. They want to assign permissions to 3 user groups
GroupA - This group should have the ability to manage the storage account
GroupB - This group should be able to manage containers within a storage account
GroupC - This group should be given full access to Azure Storage blob containers and data, including assigning POSIX access control
You need to assign the relevant Role Based Access Control, ensuring the privilege of least access
Which of the following would you assign to GroupC?
A. Owner
B. Contributor
C. Storage Account Contributor
D. Storage Blob Data Contributor
E. Storage Blob Data Owner
E. Storage Blob Data Owner
Explanation:
This can be accomplished with Storage Blob Data Owner. The Microsoft documentation men`tions the following:
A company is planning to use the Azure Import/Export service to move data out of its Azure Storage Account. Which of the following service could be used when defining the Azure Export job?
A. BLOB Storage
B. File Storage
C. Queue Storage
D. Table Storage
A. BLOB Storage
Explanation:
As an IT admin, you have to develop scripts that need to add data disks to an existing virtual machine.
Below is the incomplete script.
Which of the following would go into Slot1?
A. New-AzDisk
B. New-AzDiskConfig
C. Add-AzVMDataDisk
D. Set-AzDisk
B. New-AzDiskConfig
Explanation:
As an IT admin, you have to develop scripts that need to add data disks to an existing virtual machine.
Below is the incomplete script
Which of the following would go into Slot2?
A. New-AzDisk
B. New-AzDiskConfig
C. Add-AzVMDataDisk
D. Set-AzDisk
A. New-AzDisk
Explanation:
As an IT admin, you have to develop scripts that need to add data disks to an existing virtual machine.
Below is the incomplete script
Which of the following would go into Slot3?
A. Set-AzVM
B. UpdateAzVM
C. Get-AzVM
D. New-AzVm
As an IT admin, you have to develop scripts that need to add data disks to an existing virtual machine. Below is the incomplete script
Which of the following would go into Slot4?
A. New-AzDisk
B. New-AzDiskConfig
C. Add-AzVMDataDisk
D. Set-AzDisk
C. Add-AzVMDataDisk
Explanation:
As an IT admin, you have to develop scripts that need to be used to add data disks to an existing virtual machine. Below is the incomplete script
Which of the following would go into Slot4?
A. New-AzDisk
B. New-AzDiskConfig
C. Add-AzVMDataDisk
D. Set-AzDisk
C. Add-AzVMDataDisk
Explanation:
fuck
You have an Azure virtual machine based on the Windows Server 2016 image. You implement Azure backup for the virtual machine. You want to restore the virtual machine by using the replace existing option
You need to go ahead and replace the virtual machine using the Azure Backup option. You have started the backup operation but it failed and is showing an error message: VM is not in a state to allow backups
Which of the following should be done to solve this problem?
A. Create a custom image
B. Stop the virtual machine
C. Allocate a new disk
D. Enable encryption on the disk
B. Stop the virtual machine
Explanation:
The backup operation failed because the VM is in a Failed State. For a successful backup, the VM state should be Running, Stopped or Stopped (deallocated)
You have an Azure subscription named whizlabstaging. Under the subscription, you create a resource group named whizlabs-rg
Then you create an Azure policy based on the Not allowed resources types definition. Here you define the parameters as Microsoft.Network.virtual networks as the not allowed resource type.
You assign this policy to the Tenant Root Group and a virtual network does not already exist in this subscription.
Would you be able to create a virtual machine in the whizlabs-rg resource group?
A. Yes
B. No
B. No
Explanation:
Azure policy is applied to the Tenant Root Group. It means that it would be applied to all subscriptions and all resource groups within the subscription
A VM can be created only inside a network
If you need to create a virtual machine, you must have permission to create virtual network resources, required for VM provisioning
This policy not allowed resource type includes Microsoft.Network in its parameter list. So the policy will not allow the creation of any network resources
A company currently has the following networks defined in Azure
A. Set the virtual network deployment model as Classic
B. Set the virtual network access settings as Disabled
C. Set the forwarded traffic settings as Enabled
D. Enable Allow gateway transit
C. Set the forwarded traffic settings as Enabled
Explanation:
To ensure that traffic can be forwarded across networks, you need to enable forwarded traffic settings.
This is like the Hub and spoke model given in the Microsoft documentation wherein you need to enable forwarded traffic
Option A is incorrect since this is used when you have a classic deployment of a virtual network
Option B is incorrect since the traffic should be enabled
Option D is incorrect since this is when you want traffic to flow to an on premise setup
A company currently has the following networks defined in Azure
All virtual networks are hosting virtual machines with varying workloads. A virtual machine named whizlab-detect hosted in whizlab-vnet2. This virtual machine will have an intrusion detection software installed on it. All traffic on all virtual networks must be routed via this virtual machine (intrusion based device)
You need to complete the required steps for implementing this requirement
Which of the following would you need to create additional to ensure that traffic is sent via the virtual machine hosting the intrusion software?
A. A new route table
B. Add an address space
C. Add DNS servers
D. Add a service endpoint
A. A new route table
Explanation:
In order to ensure that traffic is routed via the intrusion based device, you need to set up a route table and add the route table to the subnets in the other virtual machines
The diagram of the hub and spoke model also includes the use of a User defined route (UDR), which is nothing but a custom route table
A company currently has the following networks defined in Azure
All virtual networks are hosting virtual machines with varying workloads. A virtual machine named whizlab-detect hosted in whizlab-vnet2. This virtual machine will have an intrusion detection osftware installed on it. All traffic on all virtual networks must be routed via this virtual machine (intrusion based device)
You need tom complete the required steps for implementing this requirement
Which of the following would you need to create additional to ensure traffic is sent via the virtual machine hosting the intrusion software?
A. A new route table
B. Add an address space
C. Add DNS Servers
D. Add a Service Endpoint
A company currently has the following networks defined in Azure
All virtual networks are hosting virtual machines with varying workloads. A virtual machine named whizlab-detect is hosted in whizlab-vnet2. This virtual machine will have an intrusion detection software installed on it. All traffic on all virtual networks must be routed via this virtual machine (intrusion based device)
You need to complete the required steps for implementing this requirement
Which of the following needs to be enabled on the virtual machine whizlab-detect?
A. Enable IP forwarding
B. Enable the identity for the virtual machine
C. Add an extension to the virtual machine
D. Change the size of the virtual machine
A. Enable IP forwarding
Explanation:
A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure policies to separate the bills department wise.
Would this fulfill the requirement?
A. Yes
B. No
B. No
Explanation:
Azure policies are used from a government perspective and cant be used to create bills department wise
A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure resource tags to separate the bills department wise
Would this fulfill the requirement?
A. yes
B. No
A. Yes
Explanation:
Yes, you can use resource tags to organize your Azure resources and also apply billing techniques department wise
A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure RBAC to separate the bills department wise.
Would this fulfill the requirement?
A. Yes
B. No
B. No
Explanation:
This is used to control access to resources and cant be used for billing purposes
A. Yes
B. No
A. Yes
Explanation:
The Not Allowed resource types policy is only applied to the resource group whizlabs-rg. You can move the virtual machine to another resource group
A. Yes
B. No
B. No
Explanation:
Azure policies would only highlight the compliance of existing reousrces and enforce the policy restrictions on new resources.
Here, the virtual machine whizlabvm is currently in a running state and the company assigns the Not allowed resource types Azure policy
Not allowed resource types (Deny): prevents a list of resource types from being deployed. Hence the state of the virtual machine would remain as it is
