AZURE 104

1) Your company provides cloud software to audit administrative access in Microsoft Azure
resources. The software logs all administrative actions (including all clicks and text input) to log files.
The software is about to be released from beta and the company is concerned about storage
performance. You need to deploy a storage solution for the log files to maximize performance. What
should you do?

Select one.
† Deploy Azure Files using SMB 3.0.
† Deploy blob storage using block blobs.
■ Deploy blob storage using append blobs

3) You are backing up your App Service. Which of the following is included in the backup?

Select two.

■ App configuration

■ Azure database for MySQL

Files and database content totalling 15GB

Firewall enabled-storage account

SSL enabled Azure Database for MySQL

4) You are administering a production web app. The app requires scaling to five instances, 40GB of
storage, and a custom domain name. Which App Service Plan should you select?

Select one.

† Basic
■ Standard
† Premium

5) You deploy a new domain named contoso.com to domain controllers in Azure. You have the
following domain-joined VMs in Azure: You need to add DNS records so that the hostnames resolve
to their respective IP addresses. Additionally, you need to add a DNS record so that
intranet.contoso.com resolves to VM99. What should you do? (Each answer presents part of the
solution.

Choose two.)

Add AAAA records for each VM.

■ Add A records for each VM.

Add a TXT record for intranet.contoso.com with the text of VM99.contoso.com.

Add an SRV record for intranet.contoso.com with the target pointing at

■ Add a CNAME record for intranet.contoso.com with a value of VM99.contoso.com

Select one.

† Azure managed node

7) You are using blob storage. Which of the following is true?

Select one.

† The cool access tier is for frequent access of objects in the storage account.

† The hot access tier is for storing large amounts of data that is infrequently accessed.

■ You can switch between hot and cool performance tiers at any time.

8) You are reviewing the Alerts page and notice an alert has been Acknowledged. What does this
mean?

Select one.

■ An administrator has reviewed the alert and started working on it.

† The issue has been resolved.

† The issue has been closed

9) Your users want to sign-in to devices, apps, and services from anywhere. They want to signin using
an organizational work or school account instead of a personal account. You must ensure corporate
assets are protected and that devices meet standards for security and compliance. Specifically, you
need to be able to enable or disable a device. What should you do? Select one.

Ans- Join the device to Azure AD

10) Your company is preparing to move some services and VMs to Microsoft Azure. The company
has opted to use Azure DNS to provide name resolution. A project begins to configure the name
resolution. The project identifies the following requirements:

● A new domain will be used.

● The domain will have DNS records for internal and external resources

● Minimize ongoing administrative overhead.

You need to prepare and configure the environment with a new domain name and a test hostname
of WWW.Which of the following steps should you perform? (Each answer presents part of the
solution. Choose three.)

■ Register a domain name with a domain registrar.

Register a domain name with MicrosoftAzure.

■ Delegate the new domain name to Azure DNS.

Add an Address (A) record for Azure name servers in the zone.
 Add DNS glue records to point to the Azure name servers.

■ Add a record for WWW.

11) Your organization has an app that is used across the business. The performance of this app is
critical to day-to-day operations. Because the app is so important, four IT administrators have been
identified to address any issues. You have configured an alert and need to ensure the administrators
are notified if there is a problem. In which area of the portal will you provide the administrator email
addresses?

Select one.

† Activity log

† Performance group

■ Action Group

12) Identify three differences from the following list between Azure Active Directory (AD) and Active
Directory Domain Services (AD DS). Select three.

■ Azure AD uses HTTP and HTTPS communications

Azure AD uses Kerberos authentication

■ There are no Organizational Units (OUs) or Group Policy Objects (GPOs) in Azure AD

■ Azure AD includes Federation Services

Azure AD can be queried through LDAP

13) In order to add a user who has a Microsoft account to your subscription, the type of the used
user account should be:

1) Cloud identity
2) Directory-Synchronized
3) Provider identity
4) Guest User
5) Hosted identity

Ans- Guest User

14) The role that allows the user to manage all the groups in the Microsoft Azure AD Teams tenants
and be able to assign other administrator roles:

■ Global administrator

Password administrator

Security administrator

User administrator

15)What should you do to target policies and review spend budgets across several subscriptions you
manage?

† Create resource groups

† Create billing groups

† Create Azure policies

16) In order to categorize resources and billing for different departments like IT and HR, consolidate
the billing across multiple resource groups and ensure that everyone complies with the solution, you
should:

■ Create tags for each department.

Create a billing group for each department.

■ Create an Azure policy.

Add the groups into a single resource group.

Create a subscription account rule.

17)Your company financial controller wants to be notified whenever the company is half-way to
spending the money allocated for cloud services, you should create:

† Create an Azure reservation.

■ Create a budget and a spending threshold.

† Create a management group.

† Enter workloads in the Total Cost of Ownership calculator

18) If your organization has several Azure policies that they would like to create and enforce for a
new branch office, you should create:

■ Create a policy initiative

† Create a management group

† Create a resource group

† Create a new subscriptions

19) You have three virtual machines (VM1, VM2, and VM3) in a resource group. You hire a new
employee. The new employee must be able to modify the settings on VM3, but not on VM1 and
VM2. The permission that should be assigned to the new employee:

† Assign the user to the Contributor role on the resource group.

■ Assign the user to the Contributor role on VM3.

† Move VM3 to a new resource group and assign the user to the Contributor role on VM3.

† Assign the user to the Contributor role on the resource group, then assign the user to the Owner
role on VM3.
20) Your company is planning to store log data, crash dump files, and other diagnostic data for Azure
VMs in Azure, where these files will be browsed in the File Explorer and accessed over SMB 3.0 must
be supported. The storage type that meets these requirements:

■ Azure Files

† Table storage

† Blob storage

† Queue storage

21)You need to provide a contingent staff employee temporary read-only access to the contents of
an Azure storage account container named media. It is important that you grant access while
adhering to the security principle of least-privilege. What should you do?

Select one.

† Set the public access level to Container.

■ Generate a shared access signature (SAS) token for the container.

† Share the container entity tag (Etag) with the contingent staff member.

† Configure a Cross-Origin Resource Sharing (CORS) rule for the storage account

22) In order to move thousands of photos requiring over 500 TB of storage to Azure blob storage
from your datacenter data, ensuring that the security of the data including chain of custody logs and
256-bit encryption is required, you should use:

Ans- Data Box Heavy

23)Another IT administrator creates an Azure virtual machine scale set with 5 VMs. Later, you notice
that the VMs are all running at max capacity with the CPU being fully consumed. However,
additional VMs are not deploying in the scale set. You need to ensure that additional VMs are
deployed when the CPU is 75% consumed. What should you do?

Select one.

■ Enable the autoscale option.

† Increase the instance count.

† Add the scale set automation script to the library

24) You are deploying a critical business application to Microsoft Azure, with the uptime of the
application is of utmost importance. The application has 2 web servers, 2 application servers and 2
database servers. Each VM in a tier must run on different hardware. To meet the requirements, you
should:

Ans- Deploy the VMs from each tier into a dedicated availability set for the tier.
25) If your organization has a security policy that prohibits exposing SSH ports to the outside world.
How could you connect to an Azure Linux virtual machine and install software?

■ Configure the Bastion service

† Configure a Guest configuration on the virtual machine

† Create a custom script extension

† Work offline and then reimage the virtual machine.

26) Your company has an existing Microsoft Azure tenant. The company wants to start using it for
their Azure resources. You add a custom domain to Azure. Now, you need to add a DNS record to
prepare for verifying the custom domain, then you should:

Ans- Add a TXT or MX record to the DNS zone

27) You’re currently using network security groups (NSGs) to control how your network traffic flows
in and out of your virtual network subnets and network interfaces. You want to customize how your
NSGs work. For all incoming traffic, you need to apply your security rules to both the virtual machine
and the subnet level. To achieve that, you should:

† Configure the AllowVNetInBound security rule for all new NSGs.

■ Create rules for both NICs and subnets with an allow action.

† Delete the default rules.

■ Add rules with a higher priority than the default rules

28) In order to ensure that Microsoft Azure DNS can resolve names for your registered domain, you
should use:

■ zone delegation

† a CNAME record

† an MX record † a secondary zone

† a primary zone with a NS record

29) You are configuring the Microsoft Azure Firewall. In order to allow Windows Update network
traffic through the firewall, you should use:

■ Application rules

† Destination inbound rules

† NAT rules
† Network rules

30) You are preparing to implement a Site-to-Site VPN to Microsoft Azure. You already have an Azure
subscription, an Azure virtual network, and an Azure gateway subnet. Now you should prepare the
On-premises and Microsoft Azure environment for the Site-to-Site VPN by:

Ans- Obtaining a VPN device for the on-premises environment

Creating a virtual network gateway (VPN) and the local network gateway in Azure

Obtaining a public IPv4 IP address without NAT for the VPN device

31)You are configuring VNet Peering across two Azure two virtual networks, VNET1 and VNET2. You
are configuring the VPN Gateways. You want VNET2 to be able to use to VNET1's gateway to get to
resources outside the peering. What should you do?

Select one.

■ Select allow gateway transit on VNET1 and use remote gateways on VNET2.

† Select allow gateway transit on VNET2 and use remote gateways on VNET1.

† Select allow gateway transit and use remote gateways on both VNET1 and VNET2.

32) In order to redirect all Internet traffic back to your company’s on-premises servers for packet
inspection, you can use:

■ User Defined Routes

† Cross-premises network connectivity

† Traffic Manager

■ Forced Tunneling

† System Routes

33) Your company provides customers a virtual network in the cloud. You have dozens of Linux
virtual machines in another virtual network. The Azure load balancer that can be used to direct
traffic between the virtual networks:

† Install a private load balancer.

† Install a public load balancer.

† Install an external load balancer.

■ Install an internal load balancer.

† Install a network load balancer

† Round robin

† Priority

† Geographic

■ Weighted

† Performance

35) You host a service with two Azure virtual machines. You discover that occasional outages cause
your service to fail. What two actions can you do to minimize the impact of the outages?

Select two.

■ Add a load balancer.

■ Put the virtual machines in an availability set.

Put the virtual machines in a scale set.

Add a network gateway.

Add a third instance of the virtual machine.

36) You are researching Microsoft Azure for your company. The company is considering deploying
Windows-based VMs in Azure. However, before moving forward, the management team has asked
you to research the costs associated with Azure VMs. You need to document the configuration
options that are likely to save the company money on their Azure VMs. Which options should you
document? (Each answer presents part of the solution.

Select four.

■ Use HDD instead of SSD for VM storage.

Use unmanaged premium storage instead of managed standard storage.

Bring your own Windows custom images.

■ Use different Azure regions.

■ Use the least powerful VMs that meet your requirements.

Place all VMs in the same resource group.

■ Bring your own Windows license for each VM.

37) Your company is preparing to implement persistent connectivity to Microsoft Azure. The
company has a single site, headquarters, which has an on-premises data centre. The company
requires the connectivity be persistent. Connectivity must provide for the entire on-premises site.
You need to implement a connectivity solution to meet the requirements. What should you do?
Select one.

■ Implement a Site-to-Site VPN.

† Implement a VNet-to-VNet VPN.

38) You want to connect different VNets in the same region as well as different regions and decide to
use VNet peering to accomplish this. Which of the following statements are true benefits of VNet
peering?

Select two.

The virtual networks can exist in any Azure cloud region.

■ Network traffic between peered virtual networks is private.

■ Peering is easy to configure and manage, requiring little to no downtime.

Gateway transit can be configured regionally or globally.

39)You are working as a Microsoft Azure Administrator in a company. You are deploying the
Application Gateway and want to ensure incoming requests are checked for common security
threats like cross-site scripting and crawlers. To achieve that, you should:

† Install an external load balancer

† Install an internal load balancer

† Install Azure Firewall

■ Install the Web Application Firewall

40) The Kubernetes agent that processes the orchestration requests from the cluster master, and
schedules running the requested containers:

† controller master

† container runtime

† kube-proxy

■ kubelet

41) The method that the Microsoft Azure App Service use to obtain credentials for users attempting
to access an app:

† credentials that are stored in the browser

† pass-through authentication

■ redirection to a provider endpoint

† synchronization of accounts across providers

42) You are responsible for creating a disaster recovery plan for your data center. You must be able
to recreate virtual machines from scratch. This includes the Operating System, its configuration
settings, and patches. The backup tool that provides a bare metal backup of your machines:

† Azure Backup (MARS) agent

† Azure Site Recovery

■ Azure Backup Server

43) You are working as a Microsoft Azure Administrator in a company. You plan to use Azure Backup
to protect your virtual machines and data and are ready to create a backup. The first step that you
should perform is:

† Define recovery points.

■ Create a Recovery Services vault.

† Create a Backup policy.

† Install the Azure VM Agent.

44) You deploy several virtual machines (VMs) to Azure. You are responsible for backing up all data
processed by the VMs. In the event of a failure, you need to restore the data as quickly as possible.
In order to restore the entire virtual machine or files on the virtual machine, you should use:

† Virtual machine backup

† Azure Site Recovery

† Disk image backup

■ Disk snapshot

45) Your organization has an app, and the performance of this app is critical to day to day
operations. You have configured an alert and need to ensure the administrators are notified if there
is a problem. You should provide the administrator email addresses in the:

† Activity log

† Performance group

† Signal Type

■ Action Group

46) You are working as a Microsoft Azure Administrator in a company. You are analyzing the
company virtual network and think it would be helpful to get a visual representation of the
networking elements. The feature that can be used here is:

† Network Watcher Auditing

† Network Watcher Connection Troubleshoot

† Network Watcher Flows

† Network Watcher Views

■ Network Watcher Topology

47) The tool that can help to identify high VM CPU utilization, DNS resolution failures, firewall rules
that are blocking traffic, and misconfigured routes:

† Network Watcher Auditing

■ Network Watcher Connection Troubleshoot

† Network Watcher Flows

† Network Watcher Next Hop

† Network Watcher Views

† Network Watcher Topology

48) You are working as a Microsoft Azure Administrator in a company. You are reviewing the Alerts
page and notice an alert has been Acknowledged. This means that:

Ans- An administrator has reviewed the alert and started working on it