tecnico

Question No : 1 -

You manage a solution deployed in two Azure subscriptions for testing and production.

Both subscriptions have virtual networks named fabVNet.

You plan to add two new virtual machines (VMs) in a new subnet.

You have the following requirements:

- Deploy the new VMs to the virtual network in the testing subscription.

- Minimize any errors in defining the network changes.

- Minimize the work that will be required when the change is made to the production virtual network.

Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

Explanation: Box 1: Add a subnet to the network configuration file. Box 2: Import the network configuration. Box 3: Deploy the new VMs to the new subnet. After youve configured your network configuration file, use the procedure below to import it into the Management Portal. To import a network configuration file:

Question No : 2 -

You administer an Azure Web Site named contoso.

The development team has implemented changes to the website that need to be validated.

You need to validate and deploy the changes with minimum downtime to users.

What should you do first?

· A. Create a new Linked Resource.

· B. Configure Remote Debugging on contoso.

· C. Create a new website named contosoStaging.

· D. Create a deployment slot named contosoStaging.

· E. Back up the contoso website to a deployment slot.

ANSWER

Answer : D

Explanation: The deployment slots feature for Azure Websites allows validating a version of your site with full content and configuration updates on the target platform before directing customer traffic to this version. The expectation is that a deployment slot would be fully configured in the desired target format before performing a swap.

Question No : 3 -

Your company network includes users in multiple directories.

You plan to publish a software-as-a-service application named SaasApp1 to Azure Active Directory.

You need to ensure that all users can access SaasApp1.

What should you do?

· A. Configure the Federation Metadata URL

· B. Register the application as a web application.

· C. Configure the application as a multi-tenant.

· D. Register the application as a native client application.

ANSWER

Answer : C

Explanation:

* When you get deeper into using Windows Azure Active Directory, you ll run into new terminology.

For instance, is called "directory" is also referred to as a Windows Azure AD Tenant or simply as "tenant." This stems from the fact that WAAD ()Windows Azure Active Directory is a shared service for many clients.

In this service, every client gets its own separate space for which the client is the tenant.

In the case of WAAD this space is a directory. This might be a little confusing, because you can create multiple directories, in WAAD terminology multiple tenants, even though you are a single client. * Multitenant Applications in Azure A multitenant application is a shared resource that allows separate users, or "tenants," to view the application as though it was their own. A typical scenario that lends itself to a multitenant application is one in which all users of the application may wish to customize the user experience but otherwise have the same basic business requirements. Examples of large multitenant applications are Office 365, Outlook.com, and visualstudio.com.

Question No : 4 -

You manage an Azure subscription.

You develop a storage plan with the following requirements:

- Database backup files that are generated once per year are retained for ten years.

- High performance system telemetry logs are created constantly and processed for analysis every month.

In the table below, identify the storage redundancy type that must be used. Make only one selection in each column.

ANSWER

Question No : 5 -

You manage a web application published to Azure Cloud Services.

Your service level agreement (SLA) requires that you are notified in the event of poor performance from customer locations in the US, Asia, and Europe.

You need to configure the Azure Management Portal to notify you when the SLA performance targets are not met.

What should you do?

  • A. Create an alert rule to monitor web endpoints.
  • B. Create a Notification Hub alert with response time metrics.
  • C. Add an endpoint monitor and alert rule to the Notification Hub.
  • D. Configure the performance counter on the cloud service.

ANSWER

Explanation: C)* An alert rule enables you to monitor an available metric within a supported Azure service. When the value of a specified metric violates the threshold assigned for a rule, the alert rule becomes active and registers an alert. When you create an alert rule, you can select options to send an email notification to the service administrator and co-administrators, or another administrator, when the rule becomes active, and when an alert condition is resolved. * You can configure cloud service alert rules on: Web endpoint status metrics Monitoring metrics from the cloud service host operating system Performance counters collected from the cloud service guest virtual machine

Question No : 6 -

You manage an Azure Web Site for a consumer-product company.

The website runs in Standard mode on a single medium instance.

You expect increased traffic to the website due to an upcoming sale during a holiday weekend.

You need to ensure that the website performs optimally when user activity is at its highest.

Which option should you select? To answer, select the appropriate option in the answer area.

ANSWER

Note: The small instance is selected. This setting would be for the weekdays. Then you would select a larger instance for the weekend schedule setting to cover the increased activity.

Question No : 7 -

You deploy an ASP.NET application to an Azure Cloud Service.

You must collect telemetry data for troubleshooting performance issues and resource usage.

You need to configure Azure diagnostics.

For each requirement, which data source should you specify? To answer, select the appropriate data source from each list in the answer area.

ANSWER

Question No : 8 -

You plan to deploy a cloud service named contosoapp that has a web role named contosoweb and a worker role named contosoimagepurge.

You need to ensure the service meets the following requirements:

- Contosoweb can be accessed over the Internet by using http.

- Contosoimagepurge can only be accessed through tcp port 5001 from contosoweb.

- Contosoimagepurge cannot be accessed directly over the Internet

Which configuration should you use? To answer, drag the appropriate configuration setting to the correct location in the service configuration file. Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

ANSWER

Question No : 9 -

You administer a virtual machine (VM) that is deployed to Azure.

You configure a rule to generate an alert when the average availability of a web service on your VM drops below 95 percent for 15 minutes.

The development team schedules a one-hour maintenance period.

You have the following requirements:

- No alerts are created during the maintenance period.

- Alerts can be restored when the maintenance is complete.

You want to achieve this goal by using the least amount of administrative effort.

What should you do from the Management Portal?

· A. Select and disable the rule from the Dashboard page of the virtual machine.

· B. Select and delete the rule from the Configure page of the virtual machine.

· C. Select and disable the rule from the Monitor page of the virtual machine.

· D. Select and disable the rule on the Configure page of the virtual machine.

ANSWER

C. Select and disable the rule from the Monitor page of the virtual machine.

Question No : 10 -

You have a virtual machine (VM) that must be secured. Direct access to the VM is not permitted.

You create the following Azure PowerShell script. Line numbers are included for reference only.


You assign the virtual network to the variable $vnet. You assign the subnet to the variable $backendSubnet. For each of the following statements, select Yes if the statement is true.

Otherwise, select No.

ANSWER

Question No : 11 -

You develop a set of Power Shell scripts that will run when you deploy new virtual machines (VMs).

You need to ensure that the scripts are executed on new VMs. You want to achieve this goal by using the least amount of administrative effort.

What should you do?

  • A. Create a new GPO to execute the scripts as a logon script.
  • B. Create a SetupComplete.cmd batch file to call the scripts after the VM starts.
  • C. Create a new virtual hard disk (VHD) that contains the scripts.
  • D. Load the scripts to a common file share accessible by the VMs.
  • E. Set the VMs to execute a custom script extension.

ANSWER

Explanation:

E. Set the VMs to execute a custom script extension.

After you deploy a Virtual Machine you typically need to make some changes before its ready to use. This is something you can do manually or you could use Remote PowerShell to automate the configuration of your VM after deployment for example. But now theres a third alternative available allowing you customize your VM: the CustomScript extension. This CustomScript extension is executed by the VM Agent and its very straightforward: you specify which files it needs to download from your storage account and which file it needs to execute. You can even specify arguments that need to be passed to the script. The only requirement is that you execute a .ps1 file.

Question No : 12 -16

You administer a Microsoft Azure SQL Database database in the US Central region named contosodb.

Contosodb runs on a Standard tier within the SI performance level.

You have multiple business-critical applications that use contosodb.

You need to ensure that you can bring contosodb back online in the event of a natural disaster in the US Central region. You want to achieve this goal with the least amount of downtime.

Which two actions should you perform? Each correct answer presents part of the solution.

  • A. Upgrade to S2 performance level.
  • B. Use active geo-replication.
  • C. Use automated Export.
  • D. Upgrade to Premium tier.
  • E. Use point in time restore.
  • F. Downgrade to Basic tier.

ANSWER

Explanation:

B: The Active Geo-Replication feature implements a mechanism to provide database redundancy within the same Microsoft Azure region or in different regions (geo- redundancy). One of the primary benefits of Active Geo-Replication is that it provides a database-level disaster recovery solution. Using Active Geo-Replication, you can configure a user database in the Premium service tier to replicate transactions to databases on different Microsoft Azure SQL Database servers within the same or different regions. Cross-region redundancy enables applications to recover from a permanent loss of a datacenter caused by natural disasters, catastrophic human errors, or malicious acts.

D: Active Geo-Replication is available for databases in the Premium service tier only.

Question No : 13 -

Your company network includes an On-Premises Windows Active Directory (AD) that has a DNS domain named contoso.local and an email domain named contoso.com.

You plan to migrate from On-Premises Exchange to Office 365.

You configure DirSync and set all Azure Active Directory {Azure AD) usernames as %username%@contoso.com

You need to ensure that each user is able to log on by using the email domain as the username.

Which two actions should you perform? Each correct answer presents part of the solution.

· A. Verify the email domain in Azure AD domains.

· B. Run the Set-MsolUserPrincipalName -UserPrincipalName %username%@contoso.onmicrosoft.com -NewUserPrincipalName %usemame %@contoso.com Power Shell cmdlet.

· C. Edit the ProxyAddress attribute on the On-Premises Windows AD user account.

· D. Verify the Windows AD DNS domain in Azure AD domains.

· E. Update the On-Premises Windows AD user account UPN to match the email address.

ANSWER

Explanation:

B: D:

Question No : 14 -

You administer an Azure Active Directory (Azure AD) tenant.

You add a custom application to the tenant.

The application must be able to:

· Read data from the tenant directly.

· Write data to the tenant on behalf of a user.

In the table below, identify the permission that must be granted to the application. Make only one selection in each column.

ANSWER

Question No : 15 -

You have an application that uses an Azure SQL Database.

The database becomes corrupt and is not usable.

You must configure point in time recovery to replace the database.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

Question No : 16 -

You administer a Microsoft Azure SQL Database data base in the US Central region named contosodb.

Contosodb runs on a Standard tier within the S1 performance level.

You have multiple business-critical applications that use contosodb.

You need to ensure that you can bring contosodb back online in the event of a natural disaster in the US Central region. You want to achieve this goal with the least amount of downtime.

Which two actions should you perform? Each correct answer presents part of the solution.

  • A. Upgrade to S2 performance level.
  • B. Use active geo-replication.
  • C. Use automated Export.
  • D. Upgrade to Premium tier.
  • E. Use point in time restore.
  • F. Downgrade to Basic tier.

ANSWER

Explanation:

B: The Active Geo-Replication feature implements a mechanism to provide database redundancy within the same Microsoft Azure region or in different regions (geo- redundancy). One of the primary benefits of Active Geo-Replication is that it provides a database-level disaster recovery solution. Using Active Geo-Replication, you can configure a user database in the Premium service tier to replicate transactions to databases on different Microsoft Azure SQL Database servers within the same or different regions. Cross-region redundancy enables applications to recover from a permanent loss of a datacenter caused by natural disasters, catastrophic human errors, or malicious acts.

D: Active Geo-Replication is available for databases in the Premium service tier only.

Question No : 17 -

You administer an Azure Virtual Machine (VM) named CON-CL1.

CON-CL1 is in a cloud service named ContosoService1.

You want to create a new VM named MyApp that will have a fixed IP address and be hosted by an Azure Datacenter in the US West region.

You need to assign a fixed IP address to the MyApp VM.

Which Azure Power Shell cmdlets and values should you use? To answer, drag the appropriate cmdlet or value to the correct location in the PowerShell command. Each cmdlet or value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content

ANSWER

Question No : 18 -

You have an Azure Web App that uses the URL contoso.azurewebsites.net.

The virtual IP address of the web app is subject to change.

Users must be able to navigate to a custom domain name to access the Web App.

You set up the DNS records for a custom domain at a third party registrar.

You need to configure the web app to use the custom domain name.

For each mapping, which DNS record type should you create? To answer, select the appropriate DNS record type from each list in the answer area.

ANSWER

Question No : 19 -

You are the administrator for three Azure subscriptions named Dev, Test, and Prod.

Your Azure Power Shell profile is configured with the Dev subscription as the default.

You need to create a new virtual machine in the Test subscription by using the least administrative effort.

Which Power Shell command should you use?

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D

Question No : 20 -

You administer an Azure Storage account with a blob container.

You enable Storage account logging for read, write and delete requests.

You need to reduce the costs associated with storing the logs.

What should you do?

  • A. Execute Delete Blob requests over https.
  • B. Create an export job for your container.
  • C. Set up a retention policy.
  • D. Execute Delete Blob requests over http.

ANSWER

Explanation:

C. Set up a retention policy.

To ease the management of your logs, we have provided the functionality of retention policy which will automatically cleanup old logs without you being charged for the cleanup. It is recommended that you set a retention policy for logs such that your analytics data will be within the 20TB limit allowed for analytics data (logs and metrics combined)

Question No : 21 -

You manage a cloud service that has a web role named fabWeb.

You create a virtual network named fabVNet that has two subnets defined as Web and Apps.

You need to be able to deploy fabWeb into the Web subnet.

What should you do?

· A. Modify the service definition (csdef) for the cloud service.

· B. Run the Set-AzureSubnet PowerShell cmdlet.

· C. Run the Set-AzureVNetConfig PowerShell cmdlet.

· D. Modify the network configuration file.

· E. Modify the service configuration (cscfg) for the fabWeb web role.

ANSWER

A. Modify the service definition (csdef) for the cloud service.

Explanation: Azure Service Definition Schema (.csdef File) The service definition file defines the service model for an application. The file contains the definitions for the roles that are available to a cloud service, specifies the service endpoints, and establishes configuration settings for the service.

Question No : 22 -

For development purposes, you deploy several virtual machines in an Azure subscription.

Developers report that the virtual machines fail to access each other.

You export the virtual network configuration for the subscription as shown in the following output.

You need to modify the network configuration to resolve the connection issue.

What should you modify?


· A. the IP address range of Subnet-1

· B. the IP address range of the gateway subnet. the IP address of the DNS server

· C. the site of the virtual network

Question No : 23 -

You administer an Azure Storage account named contosostorage.

The account has a blob container to store image files.

A user reports being unable to access an image file.

You need to ensure that anonymous users can successfully read image files from the container.

Which log entry should you use to verify access?

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D

ANSWER

Answer : A

Explanation: Check for GetBlob and for AnonymousSuccess. Example: Get Blob AnonymousSuccess: 1.0;2011-07- 28T18:52:40.9241789Z;GetBlob;AnonymousSuccess;200;18;10;anonymous;;sally;blob;"htt p:// sally.blob.core.windows.net/thumbnails/lake.jpg?timeout=30000";"/sally/thumbnails/lake.jpg ";a84aa705-8a85-48c5-b064-b43bd22979c3;0;123.100.2.10;2009-09- 19;252;0;265;100;0;;;"0x8CE1B6EA95033D5";Thursday, 28-Jul-11 18:52:40 GMT;;;;"7/28/2011 6:52:40 PM ba98eb12-700b-4d53-9230-33a3330571fc" Incorrect: Not C: Check for AnonymousSuccess not Access. Not B, not D: Check for GetBlob not GetBlobProperties

Question No : 24 -

You manage an Azure virtual network that hosts 15 virtual machines (VMs) on a single subnet, which is used for testing a line of business (LOB) application. The application is deployed to a VM named TestWebServiceVM.

You need to ensure that TestWebServiceVM always starts by using the same IP address.

You need to achieve this goal by using the least amount of administrative effort.

What should you do?

· A. Use the Management Portal to configure TestWebServiceVM.

· B. Use RDP to configure TestWebServiceVM.

· C. Run the Set-AzureStaticVNetIP PowerShell cmdlet.

· D. Run the Get-AzureReservedIP PowerShell cmdlet.

ANSWER

Answer : C

Explanation: Specify a static internal IP for a previously created VM If you want to set a static IP address for a VM that you previously created, you can do so by using the following cmdlets. If you already set an IP address for the VM and you want to change it to a different IP address, youll need to remove the existing static IP address before running these cmdlets. See the instructions below to remove a static IP. For this procedure, youll use the Update-AzureVM cmdlet. The Update-AzureVM cmdlet restarts the VM as part of the update process. The DIP that you specify will be assigned after the VM restarts. In this example, we set the IP address for VM2, which is located in cloud service StaticDemo. Get-AzureVM -ServiceName StaticDemo -Name VM2 | Set-AzureStaticVNetIP -IPAddress 192.168.4.7 | Update-AzureVM

Question Nº:25

You have an Azure subscription.

In Azure, you create two virtual machines named VM1 and VM2. Both virtual machines are instances in a cloud service named Cloud1.

You need to ensure that the virtual machines only replicate within the data center in which they were created.

Which settings should you modify?

  • A. virtual machine
  • B. storage account
  • C. cloud services
  • D. Azure subscription

Question Nº:26

You manage an Azure subscription with virtual machines (VMs) that are running in Standard mode.

You need to reduce the storage costs associated with the VMs. What should you do?

  • A. Locate and remove orphaned disks.
  • B. Add the VMs to an affinity group.
  • C. Change VMs to the Basic tier.
  • D. Delete the VHD container.

ANSWER

Answer : C

Explanation: Standard offers 50 GB of storage space, while Basic only gives 10 GB but it will save costs.

Question No : 27 -

Your development team has created a new solution that is deployed in a virtual network named fabDevVNet.

Your testing team wants to begin testing the solution in a second Azure subscription.

You need to create a virtual network named fabTestVNet that is identical to fabDevVNet.

You want to achieve this goal by using the least amount of administrative effort.

Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

Question No : 28 -

You administer an Azure Virtual Machine (VM) named server1. The VM is in a cloud service named ContosoService1.

You discover that the VM is experiencing storage issues due to increased application logging on the server.

You need to create a new 256-GB disk and attach it to the server.

Which Power Shell cmdlets should you use? To answer, drag the appropriate cmdlet to the correct location in the Power Shell command. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

ANSWER

Question No : 29 -

You manage an application hosted on cloud services. The development team creates a new version of the application. The updated application has been packaged and stored in an Azure Storage account.

You have the following requirements:

· Deploy the latest version of the application to production with the least amount of downtime.

· Ensure that the updated application can be tested prior to deploying to the Production site.

· Ensure that the original version of the application can be restored until the new version is verified.

Which four steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

Question No : 30 -

You create a Push Notification service by using an Azure Notification Hub.

You need to monitor the Notification Hub programmatically.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

Question No : 31 -

You have an Azure SQL Database named Contosodb. Contosodb is running in the Standard/S2 tier and has a service level objective of 99 percent.

You review the service tiers in Microsoft Azure SQL Database as well as the results of running performance queries for the usage of the database for the past week as shown in

the exhibits. (Click the Exhibits button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

ANSWER

Question No : 32 -

You manage a software-as-a-service application named SaasApp1 that provides user management features in a multi-directory environment.

You plan to offer SaasApp1 to other organizations that use Azure Active Directory.

You need to ensure that SaasApp1 can access directory objects.

What should you do?

· A. Configure the Federation Metadata URL

· B. Register SaasApp1 as a native client application.

· C. Register SaasApp1 as a web application.

· D. Configure the Graph API

ANSWER

· D. Configure the Graph API

Question No : 33 -

You manage a large datacenter that has limited physical space.

You plan to extend your datacenter to Azure.

You need to create a connection that supports a multiprotocol label switching (MPLS) virtual private network.

Which connection type should you use?

  • A. Site-to-site
  • B. VNet-VNet
  • C. ExpressRoute.
  • D. Site-to-peer

ANSWER

  • C. ExpressRoute.

Question No : 34 -

You manage a cloud service that supports features hosted by two instances of an Azure virtual machine (VM).

You discover that occasional outages cause your service to fail.

You need to minimize the impact of outages to your cloud service.

Which two actions should you perform? Each correct answer presents part of the solution.

  • A. Deploy a third instance of the VM.
  • B. Configure Load Balancing on the VMs.
  • C. Redeploy the VMs to belong to an Affinity Group.
  • D. Configure the VMs to belong to an Availability Set.

ANSWER

  • A. Deploy a third instance of the VM.
  • B. Configure Load Balancing on the VMs.

Question No : 35 -

You manage an Azure virtual machine (VM) named AppVM. The application hosted on AppVM continuously writes small files to disk. Recently the usage of applications on AppVM has increased greatly.

You need to improve disk performance on AppVM.

Which Microsoft Azure Power Shell cmdlet should you use with each Power Shell command line? To answer, drag the appropriate Microsoft Azure Power Shell cmdlet to the correct location in the Power Shell code. Each Power Shell cmdlet may be used once,

more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

ANSWER

Question No : 36 -

You administer an Azure subscription with an existing cloud service named contosocloudservice. Contosocloudservice contains a set of related virtual machines (VMs) named ContosoDC, ContosoSQL and ContosoWeb1.

You want to provision a new VM within contosocloudservice.

You need to use the latest gallery image to create a new Windows Server 2012 R2 VM that has a target IOPS of 500 for any provisioned disks.

Which PowerShell command should you use?

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D

ANSWER

  • B. Option B

Question No : 37 -

Your company manages several Azure Web Sites that are running in an existing web-hosting plan named plan1.

You need to move one of the websites, named contoso, to a new web-hosting plan named plan2.

Which Azure PowerShell cmdlet should you use with each PowerShell command line? To answer, drag the appropriate Azure PowerShell cmdlet to the correct location in the PowerShell code. Each PowerShell cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

ANSWER

Question No : 38 -

You create a virtual network named fabVNet01.

You design the virtual network to include two subnets, one named DNS-subnet and one

named Apps-subnet, as shown in the exhibit. (Click the Exhibits button.)


In the table below, identify the number of IP addresses that will be available for virtual

machines (VMs) or cloud services in each subnet. Make only one selection in each column.

ANSWER

Question No : 39 -

You manage an Azure Web Site named contosoweb. Logging is enabled for contosoweb.

You need to view only errors from your log files in a continuous stream as they occur.

Which Windows Power Shell command should you execute?

  • A. Get-AzureWebSiteLog -Name contosoweb -OutBuffer Error
  • B. Save-AzureWebSiteLog -Name contosoweb -Output Errors
  • C. Get-AzureWebSiteLog -Name contosoweb -Tail –Message Error
  • D. Get-Azure WebSiteLog -Name contosoweb -Message Error

ANSWER

  • C. Get-AzureWebSiteLog -Name contosoweb -Tail –Message Error

Question No : 40 -

You are the server administrator for several on-premises systems.

You need to back up all the systems to the cloud by using Azure Backup.

In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

Question No : 41 -

Your company plans to migrate from On-Premises Exchange to Office 365.

The existing directory has numerous service accounts in your On-Premises Windows Active Directory (AD), stored in separate AD Organizational Units (OU) for user accounts.

You need to prevent the service accounts in Windows AD from syncing with Azure AD.

What should you do?

· A. Create an OU filter in the Azure AD Module for Windows PowerShell.

· B. Configure directory partitions in miisclient.exe.

· C. Set Active Directory ACLs to deny the DirSync Windows AD service account MSOL_AD_SYNC access to the service account OUs.

· D. Create an OU filter in the Azure Management Portal.

ANSWER

B. Configure directory partitions in miisclient.exe.

Question No : 42 -

An organization has several web applications and uses Azure Active Directory (Azure AD).

You are developing a new web application that supports sign-on using the WS-Federation to Azure AD.

You need to describe the authentication process flow to your team.

In which order are the actions performed? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

Question No : 43 -

Your company has two physical locations configured in a geo-clustered environment that includes:

Your company has recently signed up for Azure.

You plan to leverage your current network environment to provide a backup solution for your VMs.

You need to recommend a solution that ensures all VMs are redundant and deployable between locations. You also want the solution to minimize downtime in the event of an outage at either physical location.

Which solution should you recommend?

· A. Configure a backup vault in Azure and use Data Protection Manager to back up The Windows Servers.

· B. Use Data Protection Manager and back up the VMs in each location.

· C. Use Azure site recovery in an on-premises to Azure protection configuration.

· D. Use Azure site recovery in an on-premises to on-premises protection configuration.

ANSWER

· D. Use Azure site recovery in an on-premises to on-premises protection configuration.

Question No : 44 -

You manage a cloud service named fabrikamReports that is deployed in an Azure data center.

You deploy a virtual machine (VM) named fabrikamSQL into a virtual network named fabrikamVNet.

FabrikamReports must communicate with fabrikamSQL.

You need to add fabrikam Reports to fabrikamVNet.

Which file should you modify?

· A. the network configuration file for fabrikamVNet

· B. the service definition file (.csdef) for fabrikamReports

· C. the service definition file (.csdef) for fabrikamSQL

· D. the service configuration file (.cscfg) for fabrikamReports

· E. the service configuration file (.cscfg) fabrikamSQL

ANSWER

· B. the service definition file (.csdef) for fabrikamReports

Question No : 45 -

You have a virtual machine (VM) that runs in Azure. The VM is located in a geographically distant location from you.

You experience performance issues when you connect to the VM.

You need to resolve the performance issue.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

Question No : 46 -

You deploy a web application to an Azure Cloud Service. The application uses a storage account that contains a large number of storage objects.

You need to grant clients access to application data for a specified interval of time while minimizing effort.

What should you create?

· A. a stored access policy

· B. a service shared access signature

· C. an account shared access signature

· D. a network security group

ANSWER

· C. an account shared access signature

Question No : 47 -

You administer a virtual machine (VM) that is deployed to Azure. The VM hosts a web service that is used by several applications.

You need to ensure that the VM sends a notification in the event that the average response time for the web service exceeds a pre-defined response time for an hour or more.

Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

* (Step 1). First we must add a metric. * (Step 2) To configure endpoint monitoring: * (Step 3). In Standard website mode, you can receive alerts based on your website monitoring metrics. The alert feature requires that you first configure a web endpoint for monitoring, which you can do in the Monitoring section of the Configure page. On theSettings page of the Azure Management Portal, you can then create a rule to trigger an alert when the metric you choose reaches a value that you specify.

Question No : 48 -

You manage an Azure Web Site named contososite.

You download the subscription publishing credentials named Contoso-Enterprise.publishsettings.

You need to use Azure Power Shell to achieve the following:

· Connect to the Contoso-Enterprise subscription.

· Create a new App Setting named CustomSetting with a value of True.

· Restart the website.

Which commands should you use? To answer, drag the appropriate Azure PowerShell command to the correct location in the solution. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

ANSWER

Question No : 49 -

You manage several Azure virtual machines (VMs). You create a custom image to be used by employees on the development team.

You need to ensure that the custom image is available when you deploy new servers.

Which Azure Power Shell cmdlet should you use?

· A. Update-AzureVMImage

· B. Add-AzureVhd

· C. Add-AzureVMImage

· D. Update-AzureDisk

· E. Add-AzureDataDisk

ANSWER

Explanation: C:The Add-AzureVMImage cmdlet adds an operating system image to the image repository. The image should be a generalized operating system image, using either Sysprep for Windows or, for Linux, using the appropriate tool for the distribution. Example This example adds an operating system image to the repository. Windows PowerShell C:\PS>Add-AzureVMImage -ImageName imageName -MediaLocation http://yourstorageaccount.blob.core.azure.com/container/sampleImage.vhd -Label References:

Question No : 50 -

You have an Azure Virtual Network named fabVNet with three subnets named Subnet-1, Subnet-2 and Subnet-3.

You have a virtual machine (VM) named fabVM running in the fabProd service.

You need to modify fabVM to be deployed into Subnet-3. You want to achieve this goal by using the least amount of time and while causing the least amount of disruption to the existing deployment.

What should you do? To answer, drag the appropriate Power Shell cmdlet to the correct location in the Power Shell command. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

ANSWER

Question No : 51 -

You have a solution deployed into a virtual network in Azure named fabVNet. The fabVNet

virtual network has three subnets named Apps, Web, and DB that are configured as shown

in the exhibit. (Click the Exhibits button.)


You want to deploy two new VMs to the DB subnet.

You need to modify the virtual network to expand the size of the DB subnet to allow more IP addresses.

Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

Explanation:

Box 1: Empty and delete the DB Subnet.

Box 2: Create the DB subnet to be larger.

Box 3: Recreate the Virtual Network as now required.

Note (which seems to indicate that only two steps would be required): * Q: Can I modify my virtual network size after I created them? A: You can add, remove, expand or shrink a subnet if there are no VMs or services deployed within it by using PowerShell cmdlets or the NETCFG file. * Q: Can I modify subnets after I created them? A: You can modify the subnet addresses as long as there are no services or VMs deployed within them by using PowerShell cmdlets or the NETCFG file. You cannot modify or delete a subnet once services or VMs have been deployed to it. References:

Question No : 52 -

You manage a cloud service that has a web application named WebRole1.

WebRole1 writes error messages to the Windows Event Log.

Users report receiving an error page with the following message: "Event 26 has occurred.

Contact your system administrator."

You need to access the WebRole1 event log.

Which three actions should you perform? Each correct answer presents part of the solution.

  • A. Enable verbose monitoring.
  • B. Update the WebRole1 web.config file.
  • C. Update the cloud service definition file and the service configuration file.
  • D. Run the Set-AzureVMDiagnosticsExtension PowerShell cmdlet.
  • E. Run the Enable-AzureWebsiteApplicationDiagnostic PowerShell cmdlet.
  • F. Create a storage account.

ANSWER

  • B. Update the WebRole1 web.config file.
  • C. Update the cloud service definition file and the service configuration file.
  • E. Run the Enable-AzureWebsiteApplicationDiagnostic PowerShell cmdlet.

Question No : 53 -

You have an Azure subscription that has five virtual machines (VMs).

You provision the VMs in an availability set to support an existing web service.

You anticipate additional traffic. You identify the following additional requirements for the VMs:

You need to scale the service.

What should you recommend?

· A. P10 Premium Storage. P20 Premium Storage

· B. a Basic Tier VM

· C. a Standard Tier VM

ANSWER

· B. a Basic Tier VM

Question No : 54 -

You have a virtual network and virtual machines that use the Resource Manager Deployment model.

You plan to create a Network Security Group (NSG).

You must apply rules to both inbound and outbound traffic.

You need to create the NSG.

In which order will the rules be applied to the virtual network? To answer, drag the appropriate option to the correct location. Each option may be used once, more than once,

or not at all. You may need to drag the split bar between panes or scroll to view content.

ANSWER

Question No : 55 -

You manage an Azure virtual network that hosts 15 virtual machines (VMs) on a single subnet, which is used for testing a line of business (LOB) application. The application is deployed to a VM named TestWebServiceVM.

You need to ensure that TestWebServiceVM always starts by using the same IP address.

You need to achieve this goal by using the least amount of administrative effort.

What are two possible ways to achieve the goal? Each correct answer presents a complete solution.

· A. Run the following Azure PowerShell cmdlet:Set-AzureStaticVNetIP

· B. Use the Azure portal to configure TestWebServiceVM.

· C. Run the following Azure PowerShell cmdlet:Get-AzureReservedIP

· D. Use RDP to configure TestWebServiceVM.

ANSWER

· A. Run the following Azure PowerShell cmdlet:Set-AzureStaticVNetIP

· B. Use the Azure portal to configure TestWebServiceVM.

Question No : 56 -

You have an Azure subscription that contains a backup vault named BV1. BV1 contains five protected servers. Backups run daily. You need to modify the storage replication settings for the backups.

What should you do first?

  • A. Create a new backup vault.
  • B. Run the Remove-OBPolicy cmdlet.. Configure the backup agent properties on all five servers.
  • C. Run the Remove-OBFileSpec cmdlet.

ANSWER

C. Run the Remove-OBFileSpec cmdlet

Question No : 57 -

You manage an Azure Web Site that is running in Shared mode.

You discover that the website is experiencing increased average response time during periods of heavy user activity.

You need to update the website configuration to address the performance issues as they occur.

What should you do?

· A. Set the website to Standard mode and configure automatic scaling based on CPU utilization.

· B. Configure automatic seating during specific dates.

· C. Modify the website instance size.

· D. Configure automatic scaling based on memory utilization.

· E. Set the website to Basic mode and configure automatic scaling based on CPU utilization.

ANSWER

Answer : A

Explanation: Scaling to Standard Plan Mode Selecting Standard expands the Capacity section to reveal the Instance Size and Instance Count options, which are also available in Basic mode. The Edit Scale Settings for Schedule and Scale by Metric options are available only in Standard mode.

Question No : 58 -

You have an Azure subscription that contains two Azure SQL Database servers named lpqd0zbr8y and bk0b8kf65. lpqd0zbr8y contains a database named Orders.

You need to implement active geo-replication for the Orders database.

Which command should you run? To answer, select the appropriate options in the answer area.

ANSWER

Question No : 59 -

You manage an Azure virtual network environment for a company that has an office in Boston.

The company plans to open a new office location in Paris.

You must replicate the Boston virtual network environment in Paris.

How should you complete the relevant Azure PowerShell commands?

To answer, drag the appropriate Azure PowerShell segment to the correct location.

Each Azure PowerShell segment may be used once, more than once, or not at all.

You may need to drag the split bar between panes or scroll to view content.

ANSWER

Question No : 60 -

Your company plans to migrate from On-Premises Exchange to Exchange Online in Office 365.

You plan to integrate your existing Active Directory Domain Services (AD DS) infrastructure with Azure AD.

You need to ensure that users can log in by using their existing AD DS accounts and passwords.

You need to achieve this goal by using minimal additional systems.

Which two actions should you perform? Each answer presents part of the solution.

· A. Configure Password Sync.

· B. Set up a DirSync Server.

· C. Set up an Active Directory Federation Services Server.

· D. Set up an Active Directory Federation Services Proxy Server.

ANSWER

· B. Set up a DirSync Server.

· C. Set up an Active Directory Federation Services Server.

Question No : 61 -

You administer two virtual machines (VMs) that are deployed to a cloud service. The VMs are part of a virtual network.

The cloud service monitor and virtual network configuration are configured as shown in the exhibits. (Click the Exhibits button.)

You need to create an internal load balancer named fabLoadBalancer that has a static IP address of 172.16.0.100.

Which value should you use in each parameter of the Power Shell command?

To answer, drag the appropriate value to the correct location in the Power Shell command.

Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

ANSWER

Question No : 62 -

You manage an application running on Azure Web Sites Standard tier.

The application uses a substantial amount of large image files and is used by people around the world.

Users from Europe report that the load time of the site is slow.

You need to implement a solution by using Azure services.

What should you do?

· A. Configure Azure blob storage with a custom domain.

· B. Configure Azure CDN to cache all responses from the application web endpoint.

· C. Configure Azure Web Site auto-scaling to increase instances at high load.

· D. Configure Azure CDN to cache site images and content stored in Azure blob storage.

ANSWER

Answer : D

Explanation: Blobs that benefit the most from Azure CDN caching are those that are accessed frequently during their time-to-live (TTL) period. A blob stays in the cache for the TTL period and then is refreshed by the blob service after that time is elapsed. Then the process repeats. References:

Question No : 63 -

A company has an Azure subscription with four virtual machines (VM) that are provisioned in an availability set. The VMs support an existing web service. The company expects additional demand for the web service. You add 10 new VMs to the environment.

You need to configure the environment.

How many Update Domains (UDs) and Fault Domains (FDs) should you create?

  • A. 2 UDs and 5 FDs
  • B. 5 UDs and 2 FDs
  • C. 14 UDs and 2 FDs
  • D. 14 UDs and 14 FDs

ANSWER

  • B. 5 UDs and 2 FDs

Question No : 65 -

You administer a solution deployed to a virtual machine (VM) in Azure.

The VM hosts a web service that is used by several applications.

You are located in the US West region and have a worldwide user base.

Developers in Asia report that they experience significant delays when they execute the services.

You need to verify application performance from different locations.

Which type of monitoring should you configure?

  • A. Disk Read
  • B. Endpoint
  • C. Network Out
  • D. CPU
  • E. Average Response Time

ANSWER

  • A. Disk Read

Question No : 66 -

You administer a DirSync server configured with Azure Active Directory (Azure AD).

You need to provision a user in Azure AD without waiting for the default DirSync synchronization interval.

What are two possible ways to achieve this goal? Each correct answer presents a complete solution.

  • A. Restart the DirSync server.
  • B. Run the Start-OnlineCoexistenceSync PowerShell cmdlet.
  • C. Run the Enable-SyncShare PowerShell cmdlet.
  • D. Run the Azure AD Sync tool Configuration Wizard.
  • E. Replicate the Directory in Active Directory Sites and Services.

ANSWER

Answer : B,D

Explanation: If you dont want to wait for the recurring synchronizations that occur every three hours, you can force directory synchronization at any time. B: Force directory synchronization using Windows PowerShell You can use the directory synchronization Windows PowerShell cmdlet to force synchronization. The cmdlet is installed when you install the Directory Sync tool. On the computer that is running the Directory Sync tool, start PowerShell, type Import- Module DirSync, and then press ENTER. Type Start-OnlineCoexistenceSync, and then press ENTER. D: Azure Active Directory Sync Services (AAD Sync) In September 2014 the Microsoft Azure AD Sync tool was released. This changed how manual sync requests are issued. To perform a manual update we now use the DirectorySyncClientCmd.exe tool. The Delta and Initial parameters are added to the command to specify the relevant task. This tool is located in: C:\Program Files\Microsoft Azure AD Sync\Bin You can use the directory synchronization Windows PowerShell cmdlet to force synchronization. The cmdlet is installed when you install the Directory Sync tool. On the computer that is running the Directory Sync tool, start PowerShell, type Import- Module DirSync, and then press ENTER. Type Start-OnlineCoexistenceSync, and then press ENTER.

Question No : 67 -

You manage an Azure Web Site named contosoweb.

Some users report that they receive the following error when they access contosoweb:

http Status 500.0 - Internal Server Error.

You need to view detailed diagnostic information in XML format.

Which option should you enable? To answer, select the appropriate option in the answer area.

ANSWER

Request-based tracing is available both in stand-alone IIS Servers and on Windows Azure Web Sites (WAWS) and provides a way to determine what exactly is happening with your requests and why, provided that you can reproduce the problem that you are experiencing. Problems like poor performance on some requests, or authentication-related failures on other requests, or the server 500 error from ASP or ASP.NET can often be difficult to troubleshoot--unless you have captured the trace of the problem when it occurs

Question No : 68 -

You create a virtual machine (VM) in Azure. The VM runs an important line of business application.

Users report that the application is slow and unstable.

You need to enable diagnostics for the VM.

In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

Question No : 69 -

You manage an application running on Azure web apps in a Standard tier. The application uses a substantial amount of large image files from a storage account and is used by people around the world.

Users from Europe report that the load time of the site is slow.

You need to implement a solution by using Azure services.

Which two actions will achieve the goal? Each correct answer presents a complete solution.

· A. Configure Azure web app auto-scaling to increase instances at high load.

· B. Configure Azure CDN to cache all responses from the application web endpoint, Configure Azure CDN to cache site images and content stored in Azure blob storage.

· C. Configure Azure blob storage with a custom domain.

ANSWER

· B. Configure Azure CDN to cache all responses from the application web endpoint.. Configure Azure CDN to cache site images and content stored in Azure blob storage.

· C. Configure Azure blob storage with a custom domain.

Question No : 70 -

You administer a cloud service.

You plan to host two web applications named contosoweb and contosowebsupport.

You need to ensure that you can host both applications and qualify for the Azure Service Level Agreement.

You want to achieve this goal while minimizing costs.

How should you host both applications?

· A. in different web roles with two instances in each web role

· B. in the same web role with two instances

· C. in different web roles with one instance in each web role

· D. in the same web role with one instance

ANSWER

· B. in the same web role with two instances

Question No : 71 -

A company is developing a new on-premises desktop application.

The app must be able to access Azure Active Directory (Azure AD) in addition to the on-premises Active Directory. You need to configure the application.

Which two actions should you perform? Each correct answer presents part of the solution.

· A. Install and run Azure AD Connect

· B. Add an application manifest JSON file to the application and configure the oauth2Permissions section.

· C. Update the application to be multi-tenant.

· D. Update the application to use OAuth 2.0 authentication.

· E. In the Azure Management portal, register the application.

ANSWER

· A. Install and run Azure AD Connect

· E. In the Azure Management portal, register the application.

Question No : 72 -

You publish a multi-tenant application named MyApp to Azure Active Directory (Azure AD).

You need to ensure that only directory administrators from the other organizations can access MyApp's web API.

How should you configure MyApp's manifest JSON file? To answer, drag the appropriate PowerShell command to the correct location in the application's manifest JSON file. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

ANSWER

Question No : 73 -

You plan to deploy a cloud service named contosoapp.

The service includes a web role named contosowebrole. The web role has an endpoint named restrictedEndpoint.

You need to allow access to restricted Endpoint only from your office machine using the IP address 145.34.67.82.

Which values should you use within the service configuration file? To answer, drag the appropriate value to the correct location in the service configuration file. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

ANSWER

* Rule with lower order are applied first. * We can selectively permit or deny network traffic (in the management portal or from PowerShell) for a virtual machine input endpoint by creating rules that specify permit or deny. By default, when an endpoint is created, all traffic is permitted to the endpoint. So for that reason, its important to understand how to create permit/deny rules and place them in the proper order of precedence to gain granular control over the network traffic that you choose to allow to reach the virtual machine endpoint. Note that at the instant you add one or more permit ranges, you aredenying all other ranges by default. Moving forward from the first permit range, only packets from the permitted IP range will be able to communicate with the virtual machine endpoint.

Question No : 74 -

You are migrating a local virtual machine (VM) to an Azure VM. You upload the virtual hard disk (VHD) file to Azure Blob storage as a Block Blob.

You need to change the Block blob to a page blob.

What should you do?

· A. Delete the Block Blob and re-upload the VHD as a page blob.

· B. Update the type of the blob programmatically by using the Azure Storage .NET SDK.

· C. Update the metadata of the current blob and set the Blob-Type key to Page.

· D. Create a new empty page blob and use the Azure Blob Copy Power Shell cmdlet to copy the current data to the new blob.

ANSWER

· A. Delete the Block Blob and re-upload the VHD as a page blob.

Question No : 75 -

You manage a cloud service that utilizes data encryption.

You need to ensure that the certificate used to encrypt data can be accessed by the cloud service application.

What should you do?

· A. Upload the certificate referenced in the application package.

· B. Deploy the certificate as part of the application package.

· C. Upload the certificate’s public key referenced in the application package.

· D. Use RDP to install the certificate.

ANSWER

· A. Upload the certificate referenced in the application package.

Question No : 76 -

Your company has a subscription to Azure.

You configure your contoso.com domain to use a private Certificate Authority.

You deploy a web site named MyApp by using the Shared (Preview) web hosting plan.

You need to ensure that clients are able to access the MyApp website by using https.

What should you do?

  • A. Back up the Site and import into a new website.
  • B. Use the internal Certificate Authority and ensure that clients download the certificate chain.
  • C. Add custom domain SSL support to your current web hosting plan.
  • D. Change the web hosting plan to Standard.

ANSWER

D. Change the web hosting plan to Standard.

Question No : 77 -

You administer an Azure Active Directory (Azure AD) tenant that has a SharePoint web application named TeamSite1. TeamSite1 accesses your Azure AD tenant for user information.

The application access key for TeamSite1 has been compromised.

You need to ensure that users can continue to use TeamSite1 and that the compromised key does not allow access to the data in your Azure AD tenant.

Which two actions should you perform? Each correct answer presents part of the solution.

  • A. Remove the compromised key from the application definition for TeamSite1.
  • B. Delete the application definition for TeamSite1.
  • C. Generate a new application key for TeamSite1.
  • D. Generate a new application definition for TeamSite1.
  • E. Update the existing application key.

ANSWER

  • A. Remove the compromised key from the application definition for TeamSite1.
  • C. Generate a new application key for TeamSite1.

Question No : 78 -

Fourth Coffee has an on-premises, multiple-forest Activity Directory (AD) domain. The company hosts web applications and mobile application services. Fourth Coffee uses Microsoft Office 365 and uses Azure Active Directory (Azure AD).

You have the following requirements:

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

Question No : 79 -

You manage a web application named Contoso that is accessible from the URL http://www.contoso.com.

You need to view a live stream of log events for the web application.

How should you configure the Azure PowerShell command? T answer, select the appropriate Azure PowerShell segment from each list in the answer area.

ANSWER

Question No : 80 -

Your company has a subscription to Azure. You plan to deploy 10 websites.

You have the following requirements:

+ Each website has at least 15 GB of storage.

+ All websites can use azurewebsite.net.

You need to deploy the 10 websites while minimizing costs.

Which web tier plan should you recommend?

  • A. Free
  • B. Small Business
  • C. Standard
  • D. Basic

ANSWER

  • C. Standard

Question No : 81 -

You manage a collection of large video files that is stored in an Azure Storage account.

A user wants access to one of your video files within the next seven days.

You need to allow the user access only to the video file, and then revoke access once the user no longer needs it.

What should you do?

· A. Give the user the secondary key for the storage account.Once the user is done with the file, regenerate the secondary key.

· B. Create an Ad-Hoc Shared Access Signature for the Blob resource.Set the Shared Access Signature to expire in seven days.

· C. Create an access policy on the container.Give the external user a Shared Access Signature for the blob by using the policy.Once the user is done with the file, delete the policy.

· D. Create an access policy on the blob.Give the external user access by using the policy.Once the user is done with the file, delete the policy.

ANSWER

Answer : C

Explanation: See 3) below. By default, only the owner of the storage account may access blobs, tables, and queues within that account. If your service or application needs to make these resources available to other clients without sharing your access key, you have the following options for permitting access: 1.You can set a container's permissions to permit anonymous read access to the container and its blobs. This is not allowed for tables or queues.

2. You can expose a resource via a shared access signature, which enables you to delegate restricted access to a container, blob, table or queue resource by specifying the interval for which the resources are available and the permissions that a client will have to it.

3. You can use a stored access policy to manage shared access signatures for a container or its blobs, for a queue, or for a table. The stored access policy gives you an additional measure of control over your shared access signatures and also provides a straightforward means to revoke them.

Question No : 82 -

You administer an Access Control Service namespace named contosoACS that is used by a web application. ContosoACS currently utilizes Microsoft and Yahoo accounts.

Several users in your organization have Google accounts and would like to access the web application through ContosoACS.

You need to allow users to access the application by using their Google accounts.

What should you do?

  • A. Register the application directly with Google.
  • B. Edit the existing Microsoft Account identity provider and update the realm to include Google.
  • C. Add a new Google identity provider.
  • D. Add a new WS-Federation identity provider and configure the WS-Federation metadata to point to the Google sign-in URL.

ANSWER

  • C. Add a new Google identity provider.

Question No : 83 -

You administer an Azure virtual network named fabrikamVNet.

You need to deploy a virtual machine (VM) and ensure that it is a member of the fabrikamVNet virtual network. Which two actions will achieve the goal? Each correct answer presents a complete solution.

  • A. Run the following Windows PowerShell cmdlet:New-AzureVM
  • B. Run the following Windows PowerShell cmdlet:New-AzureAffinityGroup
  • C. Update fabrikamVNet’s existing Availability Set.
  • D. Run the following Windows PowerShell cmdlet:New-AzureQuickVM

ANSWER

  • A. Run the following Windows PowerShell cmdlet:New-AzureVM
  • D. Run the following Windows PowerShell cmdlet:New-AzureQuickVM

Question No : 84 -

You manage a cloud service that utilizes an Azure Service Bus queue.

You need to ensure that messages that are never consumed are retained.

What should you do?

  • A. Run the following Azure PowerShell cmdlet:New-AzureSchedulerStorageQueueJob
  • B. From the Azure portal, create a new queue named Dead-Letter.
  • C. In the Azure portal, select the MOVE TO THE DEAD-LETTER SUBQUEUE option for expired messages.
  • D. Run the following Azure PowerShell cmdlet:Set-AzureServiceBus

ANSWER

  • C. In the Azure portal, select the MOVE TO THE DEAD-LETTER SUBQUEUE option for expired messages.

Question No : 85 -

You administer an Azure solution that uses a virtual network named FabVNet. FabVNet has a single subnet named Subnet-1.

You discover a high volume of network traffic among four virtual machines (VMs) that are part of Subnet-1.

You need to isolate the network traffic among the four VMs. You want to achieve this goal with the least amount of downtime and impact on users.

What should you do?

  • A. Create a new subnet in the existing virtual network and move the four VMs to the new subnet.
  • B. Create a site-to-site virtual network and move the four VMs to your datacenter.
  • C. Create a new virtual network and move the VMs to the new network.
  • D. Create an availability set and associate the four VMs with that availability set.

ANSWER

  • C. Create a new virtual network and move the VMs to the new network.

Question No : 86 -

Your company network has two physical locations configured in a geo-clustered environment. You create a Blob storage account in Azure that contains all the data associated with your company.

You need to ensure that the data remains available in the event of a site outage.

Which storage option should you enable?

  • A. Locally redundant storage
  • B. Geo-redundant storage
  • C. Zone-redundant storage
  • D. Read-only geo-redundant storage

ANSWER

Answer : D

Explanation: Introducing Read-only Access to Geo Redundant Storage (RA-GRS): RA-GRS allows you to have higher read availability for your storage account by providing read only access to the data replicated to the secondary location. Once you enable this feature, the secondary location may be used to achieve higher availability in the event the data is not available in the primary region. This is an opt-in feature which requires the storage account be geo-replicated. References:

Question No : 87 -

Your company has recently signed up for Azure.

You plan to register a Data Protection Manager (DPM) server with the Azure Backup service.

You need to recommend a method for registering the DPM server with the Azure Backup vault.

What are two possible ways to achieve this goal? Each correct answer presents a complete solution.

  • A. Import a self-signed certificate created using the makecert tool.
  • B. Import a self-signed certificate created using the createcert tool.
  • C. Import an X.509 v3 certificate with valid clientauthentication EKU.
  • D. Import an X.509 v3 certificate with valid serverauthentication EKU.

ANSWER

Answer : A,C

Explanation: A: You can create a self-signed certificate using the makecert tool, or use any valid SSL certificate issued by a Certification Authority (CA) trusted by Microsoft, whose root certificates are distributed via the Microsoft Root Certificate Program. C: The certificate must have a valid ClientAuthentication EKU. References:

Question No : 88 -

You manage two datacenters in different geographic regions and one branch office.

You plan to implement a geo-redundant backup solution.

You need to ensure that each datacenter is a cold site for the other.

You create a recovery vault. What should you do next?

  • A. Install the provider.
  • B. Upload a certificate to the vault.
  • C. Generate a vault key.
  • D. Set all virtual machines to DHCP.
  • E. Prepare System Center Virtual Machine Manager (SCVMM) servers.
  • F. Create mappings between the virtual machine (VM) networks.

ANSWER

  • C. Generate a vault key.

Question No : 89 -

You migrate a Windows Server .NET web application to Azure Cloud Services.

You need enable trace logging for the application.

Which two actions should you perform? Each correct answer presents part of the solution.

  • A. Update the service definition file.
  • B. Update the Azure diagnostics configuration.
  • C. Update the service configuration file.
  • D. Enable verbose monitoring.
  • E. Update the application web.config file.

ANSWER

  • A. Update the service definition file.
  • E. Update the application web.config file.

Question No : 90 -

You publish an application named MyApp to Azure Active Directory (Azure AD).

You grant access to the web APIs through OAuth 2.0.

MyApp is generating numerous user consent prompts.

You need to reduce the amount of user consent prompts.

What should you do?

  • A. Enable Multi-resource refresh tokens.
  • B. Enable WS-federation access tokens.
  • C. Configure the Open Web Interface for .NET.
  • D. Configure SAML 2.0.

ANSWER

Answer : A

Explanation: When using the Authorization Code Grant Flow, you can configure the client to call multiple resources. Typically, this would require a call to the authorization endpoint for each target service. To avoid multiple calls and multiple user consent prompts, and reduce the number of refresh tokens the client needs to cache, Azure Active Directory (Azure AD) has implemented multi-resource refresh tokens. This feature allows you to use a single refresh token to request access tokens for multiple resources.

Question No : 91 -

Your company has two cloud services named CS01 and CS02.

You create a virtual machine (VM) in CS02 named Accounts.

You need to ensure that users in CS01 can access the Accounts VM by using port 8080.

What should you do?

  • A. Create a firewall rule.
  • B. Configure load balancing.
  • C. Configure port redirection.
  • D. Configure port forwarding.
  • E. Create an end point.

ANSWER

Answer : E

Explanation: All virtual machines that you create in Azure can automatically communicate using a private network channel with other virtual machines in the same cloud service or virtual network. However, other resources on the Internet or other virtual networks require endpoints to handle the inbound network traffic to the virtual machine

Question No : 92 -

You manage an Azure Web Site named salessite1. You notice some performance issues with salessite1. You create a new database for salessite1.

You need to update salessite1 with the following changes, in the order shown:

1. Display the list of current connection strings.

2. Create a new connection string named conn1 with a value of:

Server=tcp:samplel.database.windows.net,1433;Database=NewDB;UserID=User@samplel;Password=Passwordl;Trusted_Connection=False;Encrypt=True;Connection Timeout=30;.

3. Download the application logs for analysis.

Which three xplat-cli commands should you perform in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.

ANSWER

Question No : 93 -

You manage a public-facing web application which allows authenticated users to upload and download large files. On the initial public page there is a promotional video.

You plan to give users access to the site content and promotional video.

In the table below, identify the access method that should be used for the anonymous and authenticated parts of the application. Make only one selection in each column.

ANSWER

Question No : 94 -

You manage a web application that currently uses a small instance size.

You need to scale the instance size to medium.

How should you complete the Azure PowerShell script? To answer, drag the appropriate Azure PowerShell segments to the correct locations. Each Azure PowerShell segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

ANSWER

Question No : 95 -

You manage an Azure Service Bus for your company.

You plan to enable access to the Azure Service Bus for an application named ContosoLOB.

You need to create a new shared access policy for subscriptions and queues that has the following requirements:

Receives messages from a queue Deadletters a message

Defers a message for later retrieval Enumerates subscriptions

Gets subscription description


In the table below, identify the permission you need to assign to ensure that ContosoLOB is able to accomplish the above requirements. Make only one selection in each column.

ANSWER

For Service Bus, the three permission claims are Send for all send operations, Listen to open up listeners or receive messages, and Manage to observe or manage the state of the Service Bus tenant.

Question No : 96 -

You manage two solutions in separate Azure subscriptions.

You need to ensure that the two solutions can communicate on a private network.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

Configure a VNet to VNet connection There are 5 sections to plan and configure. Configure each section in the order listed below: 1. Plan your IP address ranges 2. Create your virtual networks 3. Add local networks 4. Create the dynamic routing gateways for each VNet. 5. Connect the VPN gateways Note: In this procedure, well walk you through connecting two virtual networks, VNet1 and VNet2. Youll need to be comfortable with networking in order to substitute the IP address ranges that are compatible with your network design requirements. From an Azure virtual network, connecting to another Azure virtual network is the same as connecting to an on premises network via Site-to-site (S2S) VPN. This procedure primarily uses the Management Portal, however, you must use Microsoft Azure PowerShell cmdlets to connect the VPN gateways.

Question No : 97 -

You manage an application deployed to a cloud service that utilizes an Azure Storage account.

The cloud service currently uses the primary access key.

Security policy requires that all shared access keys are changed without causing application downtime.

Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

Question No : 98 -

You manage an Internet Information Services (IIS) 6 website named contososite1.

Contososite1 runs a legacy ASP.NET 1.1 application named LegacyApp1.

LegacyApp1 does not contain any integration with any other systems or programming languages.

You deploy contososite1 to Azure Web Sites.

You need to configure Azure Web Sites. You have the following requirements:

- LegacyApp1 runs correctly.

- The application pool does not recycle.

Which settings should you configure to meet the requirements? To answer, select the appropriate settings in the answer area.

ANSWER

* Managed Pipeline Mode. Sets the IIS pipeline mode. Leave this set to Integrated (the default) unless you have a legacy website that requires an older version of IIS * Always on: ON Always On. By default, websites are unloaded if they are idle for some period of time. This lets the system conserve resources. In Basic or Standard mode, you can enable Always On to keep the site loaded all the time. If your site runs continuous web jobs, you should enable Always On, or the web jobs may not run reliably

Question No : 99 -

You administer an Azure Virtual Machine (VM) named CON-CL1.

CON-CL1 is in a cloud service named ContosoService1.

You discover unauthorized traffic to CON-CL1. You need to:

-Create a rule to limit access to CON-CL1.

-Ensure that the new rule has the highest precedence

Which Azure Power Shell cmdlets and values should you use? To answer, drag the appropriate cmdlet or value to the correct location in the Power Shell command. Each cmdlet or value may be used once, more than once, or not at all. You may need to drag the split bat between panes or scroll to view content.

ANSWER

* Example 1 This example uses two commands: The first command creates a new ACL object and stores it in a variable named $acl1. The second command updates the ACL object with a rule that permits incoming network traffic only from remote subnet 10.0.0.0/8. Windows PowerShell PS C:\> $acl1 = New-AzureAclConfigC:\PS> Set-AzureAclConfig AddRule ACL $acl1 Order 100 Action permit RemoteSubnet 10.0.0.0/8 *Parameter: -Order<Int32> Specifies the relative order in which this rule should be processed compared to the other rules applied to the ACL object. The lowest order takes precedence.

Question No : 100 -

You administer an Azure Web Site named contoso.

You create a job named Cleanlogs.cmd that will be executed manually, twice a week.

You need to deploy the job.

To which folder location should you deploy CleanLogs.cmd?

  • A. ./App_Code/jobs/triggered/cleanLogs/CleanLogs.cmd
  • B. ./App_Data/jobs/triggered/clean Logs/CleanLogs.cmd
  • C. ./App_Code/jobs/continuous/cleanLogs/CleanLogs.cmd
  • D. ./App_Data/jobs/continuous/cleanLogs/CleanLogs.cmd

ANSWER

  • B. ./App_Data/jobs/triggered/clean Logs/CleanLogs.cmd

Question No : 101 -

You administer a cloud service named contosoapp that has a web role and worker role.

Contosoapp requires you to perform an in-place upgrade to the service.

You need to ensure that at least six worker role instances and eight web role instances are available when you apply upgrades to the service. You also need to ensure that updates are completed for all instances by using the least amount of time.

Which value should you use with each configuration? To answer, drag the appropriate value to the correct configuration. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

ANSWER

* Scenario: You need to ensure that at least six worker role instances and eight web role instances are available when you apply upgrades to the service. * You can decide whether you want to update all of the roles in your service or a single role in the service. In either case, all instances of each role that is being upgraded and belong to the first upgrade domain are stopped, upgraded, and brought back online. Once they are back online, the instances in the second upgrade domain are stopped, upgraded, and brought back online.

Question No : 102 -

You manage two websites for your company. The sites are hosted on an internal server that is beginning to experience performances issues due to high traffic.

You plan to migrate the sites to Azure Web Sites.

The sites have the following configurations:


In the table below, identity the web hosting plan with the lowest cost for each site. Make only one selection in each column.

ANSWER

Site 2 contains 9 GB of data so Basic mode is enough as it provided 10 GB of data (FREE and Shared only provide 1 GB of data). Site 1 contains 11 GB of data so Standard mode is adequate as it provided 50 GB of data.

Question No : 103 -

You develop a Windows Store application that has a web service backend.

You plan to use the Azure Active Directory Authentication Library to authenticate users to Azure Active Directory (Azure AD) and access directory data on behalf of the user.

You need to ensure that users can log in to the application by using their Azure AD credentials.

Which two actions should you perform? Each correct answer presents part of the solution.

  • A. Create a native client application in Azure AD.
  • B. Configure directory integration.
  • C. Create a web application in Azure AD.
  • D. Enable workspace join.
  • E. Configure an Access Control namespace.

ANSWER

Explanation:

B: An application that wants to outsource authentication to Azure AD must be registered in Azure AD, which registers and uniquely identifies the app in the directory.

C (not A): NativeClient-WindowsStore A Windows Store application that calls a web API that is secured with Azure AD.

Question No : 104 -

You administer an Azure SQL database named contosodb that is running in Standard/S1 tier. The database is in a server named server1 that is a production environment. You also administer a database server named server2 that is a test environment. Both database servers are in the same subscription and the same region but are on different physical clusters.

You need to copy contosodb to the test environment.

Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

* (Step 1, Step 2): Export a Database from Azure SQL Databas After the export operation is complete, you can then import your BACPAC file to create a new Azure SQL Database or SQL Server database. Incorrect: Active Geo-Replication is available for databases in the Premium service tier only.

Question No : 105 -

You administer an Azure Web Site named contosoweb that uses a production database.

You deploy changes to contosoweb from a deployment slot named contosoweb-staging.

You discover issues in contosoweb that are affecting customer data.

You need to resolve the issues in contosoweb while ensuring minimum downtime for users.

You swap contosoweb to contosoweb-staging.

Which four steps should you perform next in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

ANSWER

Note: Step 1: Make sure old production database is online. Step 2: Set up staging database with the test database. Step 3: Fix issues with test database. Step 4: Once you have deployed and tested your new version on the staging environment, simply click the SWAP button and Azure immediately makes your staging environment the live onen

Question No : 106 -

You manage a cloud service that utilizes an Azure Service Bus queue.

You need to ensure that messages that are never consumed are retained.

What should you do?

  • A. Check the MOVE TO THE DEAD-LETTER SUBQUEUE option for Expired Messages in the Azure Portal.
  • B. From the Azure Management Portal, create a new queue and name it Dead-Letter.
  • C. Execute the Set-AzureServiceBus PowerShell cmdlet.
  • D. Execute the New-AzureSchedulerStorageQueueJob PowerShell cmdlet.

ANSWER

  • A. Check the MOVE TO THE DEAD-LETTER SUBQUEUE option for Expired Messages in the Azure Portal.

Question No : 107 -

Your network environment includes remote employees.

You need to create a secure connection for the remote employees who require access to your Azure virtual network.

What should you do?

  • A. Deploy Windows Server 2012 RRAS.
  • B. Configure a point-to-site VPN.
  • C. Configure an ExpressRoute.
  • D. Configure a site-to-site VPN.

ANSWER

Answer : B

Explanation: New Point-To-Site Connectivity With todays release weve added an awesome new feature that allows you to setup VPN connections between individual computers and a Windows Azure virtual network without the need for a VPN device. We call this feature Point-to-Site Virtual Private Networking. This feature greatly simplifies setting up secure connections between Windows Azure and client machines, whether from your office environment or from remote locations. It is especially useful for developers who want to connect to a Windows Azure Virtual Network (and to the individual virtual machines within it) from either behind their corporate firewall or a remote location. Because it is point-to-site they do not need their IT staff to perform any activities to enable it, and no VPN hardware needs to be installed or configured. Instead you can just use the built-in Windows VPN client to tunnel to your Virtual Network in Windows Azure.

Question No : 108 -

You purchase an Azure subscription. You plan to deploy an application that requires four Azure virtual machines (VMs). All VMs use Azure Resource Management (ARM) mode.

You need to minimize the time that it takes for VMs to communicate with each other.

What should you do?

  • A. Create a multi-site virtual network.
  • B. Create a regional virtual network.
  • C. Create a site-to-site virtual network.
  • D. Add the VMs to the same affinity group.

ANSWER

D. Add the VMs to the same affinity group.

Question No : 109 -

Your network includes a legacy application named LegacyApp1. The application only runs in the Microsoft .NET 3.5 Framework on Windows Server 2008.

You plan to deploy to Azure Cloud Services.

You need to ensure that LegacyApp1 will run correctly in the new environment.

What are two possible ways to achieve this goal? Each correct answer presents a complete solution.

  • A. Upload a VHD with Windows Server 2008 installed.
  • B. Deploy LegacyApp1 to a cloud service instance configured with Guest OS Family 2.
  • C. Deploy LegacyApp1 to a cloud service instance configured with Guest OS Family 1.
  • D. Deploy LegacyApp1 to a cloud service instance configured with Guest OS Family 3.

ANSWER

  • B. Deploy LegacyApp1 to a cloud service instance configured with Guest OS Family 2.
  • C. Deploy LegacyApp1 to a cloud service instance configured with Guest OS Family 1.

Explanation: Guest OS Family 1 and Guest OS Family 2 supports .NET 3.5 and .Net 4.0. Guest OS Family 3 and Guest OS Family 4 supports .NET 4.0 and .Net 4.5.

Question No : 110 -

You plan to use Password Sync on your DirSync Server with Azure Active Directory {Azure AD) on your company network. You configure the DirSync server and complete an initial synchronization of the users.

Several remote users are unable to log in to Office 365. You discover multiple event log entries for "Event ID 611 Password synchronization failed for domain."

You need to resolve the password synchronization issue.

Which two actions should you perform? Each correct answer presents part of the solution.

  • A. Restart Azure AD Sync Service.
  • B. Run the Set-FullPasswordSync Power Shell cmdlet.
  • C. Force a manual synchronization on the DirSync server.
  • D. Add the DirSync service account to the Schema Admins domain group.

ANSWER

  • A. Restart Azure AD Sync Service.
  • B. Run the Set-FullPasswordSync Power Shell cmdlet.

Question No : 111 -

You administer an Azure virtual network named fabrikamVNet.

You need to deploy a virtual machine (VM) and ensure that it is a member of the fabrikamVNet virtual network.

What should you do?

  • A. Run the New-AzureVM Power Shell cmdlet.
  • B. Run the New-AzureQuickVM Power Shell cmdlet.
  • C. Run the New-AzureAfhnityGroup Power Shell cmdlet.
  • D. Update fabrikamVNet's existing Availability Set.

ANSWER

B. Run the New-AzureQuickVM Power Shell cmdlet.

Question No : 112 -

You manage a cloud service that is running in two small instances. The cloud service hosts a help desk application. The application utilizes a virtual network connection to synchronize data to the company's internal accounting system.

You need to reduce the amount of time required for data synchronization.

What should you do?

  • A. Configure the servers as large instances and re-deploy.
  • B. Increase the instance count to three.
  • C. Deploy the application to Azure Web Sites.
  • D. Increase the processors allocated to the instances.

ANSWER

  • D. Increase the processors allocated to the instances.

Question No : 113 -

Your company network includes a single forest with multiple domains.

You plan to migrate from On-Premises Exchange to Exchange Online.

You want to provision the On-Premises Windows Active Directory (AD) and Azure Active Directory (Azure AD) service accounts.

You need to set the required permissions for the Azure AD service account.

Which settings should you use? To answer, drag the appropriate permission to the service account.

Each permission may be used once, more than once, or not at all.

You may need to drag the split bar between panes or scroll to view content.

ANSWER

When you run the Directory Sync tool Configuration Wizard, you must provide the following information: Enterprise admin credentials for the on-premises Active Directory schema Global admin credentials for the Microsoft cloud service https://support.microsoft.com/kb/2684395?wa=wsignin1.0

Question No : 114 -

Your company is launching a public website that allows users to stream videos.

You upload multiple video files to an Azure storage container.

You need to give anonymous users read access to all of the video files in the storage container.

What should you do?

  • A. Edit each blob's metadata and set the access policy to Public Blob.
  • B. Edit the container metadata and set the access policy to Public Container.
  • C. Move the files into a container sub-directory and set the directory access level to Public Blob.
  • D. Edit the container metadata and set the access policy to Public Blob.

ANSWER

  • C. Move the files into a container sub-directory and set the directory access level to Public Blob.

Explanation: By default, the container is private and can be accessed only by the account owner. To allow public read access to the blobs in the container, but not the container properties and metadata, use the "Public Blob" option. To allow full public read access for the container and blobs, use the "Public Container" option.

Question No : 115 -

You manage an Azure Web Site in Standard mode at the following address: contoso.azurevvebsites.net.

Your company has a new domain for the site that needs to be accessible by Secure Socket Layer (SSL) encryption.

You need to be able to add a custom domain to the Azure Web Site and assign an SSL certificate.

Which three steps should you perform next in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

More than one order of answer choices may be correct You will receive credit for any of the correct orders you select

ANSWER

Step 1: When adding a CNAME record, you must set the Host Name field to the sub- domain you wish to use. For example, www. You must set the Address field to the .azurewebsites.net domain name of your Azure Website. For example, contoso.azurwebsites.net.

Step 2: Modify the service definition and configuration files Your application must be configured to use the certificate, and an HTTPS endpoint must be added. As a result, the service definition and service configuration files need to be updated.

Step 3: IP based SSL associates a certificate with a domain name by mapping the dedicated public IP address of the server to the domain name. This requires each domain name (contoso.com, fabricam.com, etc.) associated with your service to have a dedicated IP address. This is the traditional method of associating SSL certificates with a web server.

Question No : 116 -

You manage two cloud services named Service1 and Service2. The development team updates the code for each application and notifies you that the services are packaged and ready for deployment.

Each cloud service has specific requirements for deployment according to the following table.


In the table below, identify the deployment method for each service. Make only one selection in each column.

ANSWER

* Service 1 As the package must be retained we should deploy it through the Azure Storage cloud.

* Service 2 As maintaining the existing storage package is not required we can deploy the package locally.

* Azure service package Whenever you want to deploy your application to a Cloud Service youll be creating a Service Package and upload it, together with the Service Configuration to a deployment in a Cloud Service. These two artifacts are what makes up a Cloud Service deployment.

Question No : 117 -

You administer a set of virtual machine (VM) guests hosted in Hyper-V on Windows Server

2012 R2.

The virtual machines run the following operating systems:

All guests currently are provisioned with one or more network interfaces with static bindings

and VHDX disks. You need to move the VMs to Azure Virtual Machines hosted in an Azure

subscription.

Which three actions should you perform? Each correct answer presents part of the

solution.

  • A. Install the WALinuxAgent on Linux servers.
  • B. Ensure that all servers can acquire an IP by means of Dynamic Host Configuration Protocol (DHCP).
  • C. Upgrade all Windows VMs to Windows Server 2008 R2 or higher.
  • D. Sysprep all Windows servers.
  • E. Convert the existing virtual disks to the virtual hard disk (VHD) format.

Question No : 118 -

You manage a virtual Windows Server 2012 web server that is hosted by an on-premises

Windows Hyper-V server. You plan to use the virtual machine (VM) in Azure.

You need to migrate the VM to Azure Storage to add it to your repository.

Which Azure Power Shell cmdlet should you use?

  • A. Import-AzureVM
  • B. New-AzureVM
  • C. Add-AzureDisk
  • D. Add-AzureWebRole
  • E. Add-AzureVhd

Question No : 119 -

Your company network has two branch offices. Some employees work remotely, including

at public locations. You manage an Azure environment that includes several virtual

networks.

All users require access to the virtual networks.

In the table below, identify which secure cross-premise connectivity option is needed for

each type of user. Make only one selection in each column.

ANSWER

Question No : 120 -

You administer an Azure Web Site named contosoweb that is used to sell various products.

Contosoweb experiences heavy traffic during weekends.

You need to analyze the response time of the product catalog page during peak times,

from different locations.

What should you do?

  • A. Configure endpoint monitoring.
  • B. Add the Requests metric.
  • C. Turn on Failed Request Tracing.
  • D. Turn on Detailed Error Messages.

ANSWER

Answer : A

Explanation: Endpoint monitoring configures web tests from geo-distributed locations that test response time and uptime of web URLs. The test performs an HTTP get operation on the web URL to determine the response time and uptime from each location. Each configured location runs a test every five minutes. After you configure endpoint monitoring, you can drill down into the individual endpoints to view details response time and uptime status over the monitoring interval from each of the test location

Question No : 121 -

You administer an Azure Storage account named contosostorage. The account has queue

containers with logging enabled.

You need to view all log files generated during the month of July 2014.

Which URL should you use to access the list?

  • A. http://contosostorage.queue.core.windows.net/$logs? restype=container&comp=list&prefix=queue/2014/07
  • B. http://contosostorage.queue.core.windows.net/$files? restype=container&comp=list&prefix=queue/2014/07
  • C. http://contosostorage.blob.core.windows.net/$files? restype=container&comp=list&prefix=blob/2014/07
  • D. http://contosostorage.blob.core.windows.net/$logs? restype=container&comp=list&prefix=blob/2014/07

ANSWER

Answer : D

Explanation: All logs are stored in block blobs in a container named $logs, which is automatically created when Storage Analytics is enabled for a storage account. The$logs container is located in the blob namespace of the storage account, for example: http://<accountname>.blob.core.windows.net/$logs. This container cannot be deleted once Storage Analytics has been enabled, though its contents can be deleted.

Note: Each log will be written in the following format: <service-name>/YYYY/MM/DD/hhmm/<counter>.log

Question No : 122 -

You manage a cloud service on two instances. The service name is Service1 and the role

name is ServiceRole1.

Service1 has performance issues during heavy traffic periods.

You need to increase the existing deployment of Service1 to three instances.

Which Power Shell cmdlet should you use?

  • A. PS C:\>Set-AzureService -ServiceName “Service1” -Label “ServiceRole1” -Description “Instance count=3”
  • B. PS C:\>Set-AzureRole -ServiceName “Service1” -Slot “Production” -RoleName “ServiceRole1” -Count 3
  • C. PS C:\>Add-AzureWebRole -Name “ServiceRole1” -Instances 3
  • D. PS C:\> $instancecount = New-Object Hashtable$settings[INSTANCECOUNT=3] PS C:\> Set-AzureWebsite -AppSettings $instancecount ServiceRole1

ANSWER

Answer : B

Explanation: The Set-AzureRole cmdlet sets the number of instances of a specified role to run in an Azure deployment Example This command sets the "MyTestRole3" role running in production on the "MySvc1" service to three instances. Windows PowerShell C:\PS>Set-AzureRole ServiceName "MySvc1" Slot "Production" RoleName "MyTestRole3" Count 3

Question No : 123 -

Your company network includes two branch offices. Users at the company access internal

virtual machines (VMs).

You want to ensure secure communications between the branch offices and the internal

VMs and network.

You need to create a site-to-site VPN connection.

What are two possible ways to achieve this goal? Each correct answer presents a

complete solution.

  • A. a private IPv4 IP address and a compatible VPN device
  • B. a private IPv4 IP address and a RRAS running on Windows Server 2012
  • C. a public-facing IPv4 IP address and a compatible VPN device
  • D. a public-facing IPv4 IP address and a RRAS running on Windows Server 2012

ANSWER

Answer : C,D

Explanation: C (not A): VPN Device IP Address - This is public facing IPv4 address of your on-premises VPN device that youll use to connect to Azure. The VPN device cannot be located behind a NAT. D (Not B): At least one or preferably two publicly visible IP addresses: One of the IP addresses is used on the Windows Server 2012 machine that acts as the VPN device by using RRAS. The other optional IP address is to be used as the Default gateway for out- bound traffic from the on-premises network. If the second IP address is not available, it is possible to configure network address translation (NAT) on the RRAS machine itself, to be discussed in the following sections. It is important to note that the IP addresses must be public. They cannot be behind NAT and/or a firewall

Question No : 124 -

You administer a Windows Server virtual machine (VM).

You upload the VM to Azure.

You need to ensure that you are able to deploy the BGInfo and VMAccess extensions.

What should you do?

  • A. Select the Install the VM Agent checkbox while provisioning a VM based on your uploaded VHD.
  • B. Select the Enable the VM Extensions checkbox while provisioning a VM based on your uploaded VHD.
  • C. Install the VM Agent MSI and execute the following Power Shell commands:$vm = Get- AzureVM -serviceName $svc -Name $name$vm.VM.ProvisionGuestAgent = $trueUpdate- AzureVM -Name Sname -VM $vm.VM -ServiceName $svc
  • D. Install the VM Agent MSI and execute the following Power Shell commands:$vm = Get- AzureVM -serviceName $svc -Name $nameSet-AzureVMBGInfoExtension -VM $vm.VMSet-AzureVM Access Extension -VM $vm.VMUpdate-AzureVM -Name Sname -VM $vm.VM -ServiceName $svc

Question No : 125 -

You manage an application deployed to virtual machines (VMs) on an Azure virtual network

named corpVnet1.

You plan to hire several remote employees who will need access to the application on

corpVnet1.

You need to ensure that new employees can access corpVnet1. You want to achieve this

goal by using the most cost effective solution.

Which two actions should you perform? Each correct answer presents part of the solution.

  • A. Create a VPN subnet.
  • B. Enable point-to-point connectivity for corpVnet1.
  • C. Enable point-to-site connectivity for corpVnet1.
  • D. Create a gateway subnet.
  • E. Enable site-to-site connectivity for corpVnet1.
  • F. Convert corpVnet1 to a regional virtual network.

ANSWER

Answer : A,C

Explanation: A point-to-site VPN also allows you to create a secure connection to your virtual network. In a point-to-site configuration, the connection is configured individually on each client computer that you want to connect to the virtual network. Point-to-site connections do not require a VPN device. They work by using a VPN client that you install on each client computer. The VPN is established by manually starting the connection from the on- premises client computer. You can also configure the VPN client to automatically restart.

Question No : 126 -

You manage an Azure Active Directory (AD) tenant

You plan to allow users to log in to a third-party application by using their Azure AD

credentials.

To access the application, users will be prompted for their existing third-party user names

and passwords.

You need to add the application to Azure AD.

Which type of application should you add?

  • A. Existing Single Sign-On with identity provisioning
  • B. Password Single Sign-On with identity provisioning
  • C. Existing Single Sign-On without identity provisioning
  • D. Password Single Sign-On without identity provisioning

ANSWER

Answer : A

Explanation: * Azure AD supports two different modes for single sign-on: / Federation using standard protocols Configuring Federation-based single sign-on enables the users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account information from Azure AD. / Password-based single sign-on * Support for user provisioning User provisioning enables automated user provisioning and deprovisioning of accounts in third-party SaaS applications from within the Azure Management Portal, using your Windows Server Active Directory or Azure AD identity information. When a user is given permissions in Azure AD for one of these applications, an account can be automatically created (provisioned) in the target SaaS application.

Question No : 127 -

You manage a set of virtual machines (VMs) deployed to the cloud service named fabrikamVM.

You configure auto scaling according to the following parameters:

You discover the following usage pattern of a specific application:

You need to modify the auto scaling configuration to scale up faster when usage peaks.

What are two possible ways to achieve this goal? Each correct answer presents a complete solution.

  • A. Decrease the scale down wait time.
  • B. Decrease the scale up wait time.
  • C. Increase the number of scale up instances.
  • D. Increase the scale up wait time.
  • E. Increase the maximum number of instances.

Question No : 128 -

You are the global administrator for a companys Azure subscription. The company uses Azure Active Directory Premium and the Application Access Panel. You are configuring access to a Software as a Service (SaaS) application.

You need to ensure that the sales team lead is able to manage user access to the application but is unable to modify administrative access to the application.

In the Azure portal, what should you do?

  • A. Create an Azure group and assign it to the SaaS application. Create an Azure user with the User Admin role, and assign the user as the owner of the new group.
  • B. Create an Azure group and assign it to the SaaS application. Create an Azure user with the Service Admin role, and assign the user as the owner of the new group.
  • C. Set the values of the Delegated group management and Users can create groups settings to Enabled.
  • D. Create an Azure group and assign it to the SaaS application. Create an Azure user with the Global Admin role, and assign the user as the owner of the new group.

Question No : 129 -

You administer an Azure Active Directory (Azure AD) tenant where Box is configured for:

An employee moves to an organizational unit that does not require access to Box through the Access Panel.

You need to remove only Box from the list of applications only for this user.

What should you do?

  • A. Delete the user from the Azure AD tenant.
  • B. Delete the Box Application definition from the Azure AD tenant.
  • C. From the Management Portal, remove the user's assignment to the application.
  • D. Disable the user's account in Windows AD.

ANSWER

Explanation: Note: Use Azure AD to manage user access, provision user accounts, and enable single sign-on with Box. Requires an existing Box subscription.

Question No : 130 -

You deploy an Azure Web App named ContosoApp.

You configure a Traffic Manager profile for ContosoApp.

You need to create the required DNS record to redirect queries to ContosoApp from the Internet.

The solution must ensure that remote users can connect to ContosoApp by using the https://webservice.contoso.com URL.

Which DNS record should you create? To answer, select the appropriate options in the answer area.

ANSWER

Question No : 131 –

You manage a cloud service that hosts a customer-facing application.

The application allows users to upload images and create collages.

The cloud service is running in two medium instances and utilizes Azure Queue storage for image processing.

The storage account is configured to be locally redundant.

The sales department plans to send a newsletter to potential clients.

As a result, you expect a significant increase in global traffic.


You need to recommend a solution that meets the following requirements:

What are two possible ways to achieve this goal? Each correct answer presents a complete solution.

  • A. Configure the cloud service to run in two Large instances.
  • B. Configure the cloud service to auto-scale to three instances when processor utilization is above 80%.
  • C. Configure the storage account to be geo-redundant
  • D. Deploy a new cloud service in a separate data center. Use Azure Traffic Manager to load balance traffic between the cloud services.
  • E. Configure the cloud service to auto-scale when the queue exceeds 1000 entries per machine.

ANSWER

Answer : B,E

Explanation:

* An autoscaling solution reduces the amount of manual work involved in dynamically scaling an application. It can do this in two different ways: either preemptively by setting constraints on the number of role instances based on a timetable, or reactively by adjusting the number of role instances in response to some counter(s) or measurement(s) that you can collect from your application or from the Azure environment.

You need to automate the VM maintenance

DRAG DROP

You manage virtual machines (VMs) that have been deployed in Azure.

An application that runs on a VM has a memory leak. When memory usage exceeds 80 percent, multiple

services must be restarted.

You need to automate the VM maintenance.

What should you do? To answer, drag the appropriate actions to the correct options. Each action may be used

once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Select and Place:

Question No : 131 –

HOTSPOT

You manage two websites for your company. The websites are hosted on an internal server that is beginning to

experience performances issues due to high traffic.

You plan to migrate the sites to Azure Web Apps. The sites have the following configurations:

In the table below, identify the app service plan with the lowest cost for each site. Make only one selection in

each column.

NOTE: Each correct selection is worth one point.

Hot Area:

Which role should you assign to each admin account?

HOTSPOT

A company uses Azure to host virtual machines (VMs) and web apps.

You plan to delegate access using Role-Based Access Control (RBAC). Users must not have more permissions than necessary.

Admin1 must not be able to manage resource access.

Admin1 must be able to manage all other Azure components.

Admin2 must be able to stop and restart Azure jobs.

You need to assign the appropriate role to the new admins.

Which role should you assign to each admin account? To answer, select the appropriate options in the answer

area.

NOTE: Each correct selection is worth one point.

Hot Area:

ANSWER

Which tier should you use for each database?

HOTSPOT

You plan to deploy Azure SQL Database instances named DB1 and DB2.

You have the following requirements:

DB1 must support at least 2,000 IOPS.

DB2 must have disk sizes of 750 gigabytes (GB).

Minimize costs when deploying the solution.

You need to assign the appropriate storage tier for the databases.

Which tier should you use for each database? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

ANSWER

Which service tier should you use for each app?

HOTSPOT

A company is using Azure to host virtual machines (VMs) and web apps.

Two web apps named App1 and App2 are configured in the environment. App1 must be able to scale up to 10

instances. App2 must be able to scale up to 25 instances. The app services must be configured to minimize

costs.

You need to set the app service tier for each application.

Which service tier should you use for each app? To answer, select the apropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

ANSWER

You need to identify a transition path for the company

A company has an existing on-premises Active Directory environment that is synchronized using DirSync. They

plan to transition the DirSync deployment to Azure Active Directory (Azure AD) Connect.

You need to identify a transition path for the company.

What should you do?

A. Install a new on-premises domain controller.

B. Create a new Azure AD instance.

C. Upgrade the on-premises Active Directory Domain Service (AD DS) forest functional level to Windows

Server 2016.

D. Deploy Azure AD Connect in parallel.

You need to ensure that the VMs support the LOB application

A company uses Azure to host virtual machines (VMs) and web apps.

A line of business (LOB) application that runs on a VM uses encrypted storage.

You need to ensure that the VMs support the LOB application.

What should you do?

A. Run the Set-AzureRmVMDiskEncryptionExtension Azure PowerShell cmdlet.

B. Use a Premium Storage disk for the VM.

C. Run the Add-AzureRmVmssSecret Azure PowerShell cmdlet.

D. Scan the environment from the Azure Security Manager.

You need to ensure that you can configure HTTPS for the…

A company uses Azure to host virtual machines (VMs) and web apps. You plan to deploy a new web app in the

Shared App Service tier.

The web app must support running up to 25 instances concurrently.

You need to ensure that you can configure HTTPS for the new web app.

What should you do?

A. Configure the domain name mapping.

B. Set the deployment credentials for the app service.

C. Create a new app service.

D. Scale up to the Premium App Service tier.

Does the solution meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in

the series contains a unique solution that might meet the stated goals. Some question sets might have

more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You manage an Azure SQL Database. The database has weekly backups that are stored in an Azure Recovery

Services vault.

You need to maximize the time that previous backup versions are stored.

Solution: You configure a retention policy that is set to three years.

Does the solution meet the goal?

A. Yes

B. No

Which tool should you use?

You are the Azure administrator for your company. The company has developed a mobile application used to

support sales people in the field.

The application uses Azure Active Directory (Azure AD) accounts for authentication. The application sends and

receives HTTP requests on publicly accessible endpoints.

You need to provide the ability to authenticate the application using Azure.

Which tool should you use?

A. OAuth 2.0 authorization code grant

B. Azure AD Connect

C. Azure Portal

D. Azure AD Graph API

Which template element should you modify?

You are an administrator of the Azure subscription for your company.

You are updating an Azure Resource Manager (ARM) template.

You need to ensure that the JSON file uses the latest version available.

Which template element should you modify?

A. parameters

B. resources

C. $schema

D. variables

How should you configure the environment?

HOTSPOT

You are an Azure subscription administrator for your company.

Management asks you to add a contractor named User1 with a Microsoft account of User1@outlook.com to

manage DNS records but have no other permissions. The contractor is not in your Azure Active Directory

(Azure AD) but must be able to manage all of the DNS records in the Adatum zone. The Adatum zone is in the

ITManaged Resource Group.

You need to add the contractor.

How should you configure the environment? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

ANSWER

Hot Area:

HOTSPOT

You are configuring auto-scaling for a virtual machine (VM). The following excerpt is the rules portion of a

resource template.Use the drop-down menus to select the answer choice that answers each question based on the information

presented in the graphic.

NOTE: Each correct selection is worth one point.

Hot Area:

ANSWER

What should you use for each OS?

HOTSPOT

You plan to implement Azure Backup with virtual machines (VMs) that run Windows and Linux.

You need to ensure that the operating systems (OS) use supported encryption.

What should you use for each OS? To answer, select the appropriate encryption options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

ANSWER

How should you configure the policy?

HOTSPOT

A company uses Azure to host virtual machines (VMs) and web apps.

Storage Analytics data for the web apps must be kept as long as possible. The solution must not result in

additional costs.

You need to configure a storage policy for the analytics data.

How should you configure the policy? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.Hot Area:

Which role should you assign to each account?

HOTSPOT

You are implementing Azure Role-Based Control (RBAC).

You need to create two new administrator accounts. The accounts must meet the following requirements:

Admin1 must be able to manage only the storage accounts that are used by virtual machines (VMs) and other

resources.

Admin2 must be able to manage and delete resources in the Recovery Services vault.

Which role should you assign to each account? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area

:

ANSWER

Hot Area:

HOTSPOT

You plan to use Azure Resource Manager (ARM) templates to deploy resources in Azure. You define the

following variables in the template.

Use drop-down meus to select the answer choice that answers each question based on the information

presents in the template.

NOTE: Each correct selection is worth one point.

Hot Area

ANSWER

How should you configure the app service?

A company uses Azure to host virtual machines (VMs) and web apps.

You need to ensure that you can configure a schedule to scale app services.

How should you configure the app service?

A. Set the scale by metric setting to Queue.

B. Set the scale up by instances setting to 5.

C. Set the scale down by instances setting to 5.

D. Ensure that linked resources are also scaled.

E. Set the scale by metric setting to None.

Which Azure Command-Line Interface (CLI) command or Azu…

You plan to use Azure Monitor with AutoScale Services. You create a URI to be used with the monitoring

service.

You need to configure an alert that specifies the URI.

Which Azure Command-Line Interface (CLI) command or Azure PowerShell cmdlet should you run?

A. New-AzureRmAlertRuleEmail

B. azure insights logprofile add

C. New-AzureRmAlertRuleWebhook

D. New-AzureRmAutoscaleRule

You need to complete the installation of the backup agent

You create an Azure Recovery Services vault and download the backup agent installation file.

You need to complete the installation of the backup agent.

What should you do first?

A. Configure network throttling.

B. Set the storage replication option.

C. Download the vault credentials file.

D. Select the data to back up

Which Azure PowerShell cmdlet should you run?

A company deploys Microsoft SQL Server on an Azure Standard_DS3 virtual machine (VM).

You need to modify the disk caching policy.

Which Azure PowerShell cmdlet should you run?

A. Set-AzureRmVmOperatingSystem

B. Set-AzureRmVmDataDisk

C. Update-Disk

D. Update-AzureDisk

Does the solution meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series

contains a unique solution that might meet the stated goals. Some question sets might have more than one

correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will

not appear in the review screen.

You manage an Azure SQL Database. The database has weekly backups that are stored in an Azure Recovery

Services vault.

You need to maximize the time that previous backup versions are stored.

Solution: You configure a retention policy that is set to 20 years.

Does the solution meet the goal?

A. Yes

B. No

Does the solution meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series

contains a unique solution that might meet the stated goals. Some question sets might have more than one

correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will

not appear in the review screen.

You manage an Azure SQL Database. The database has weekly backups that are stored in an Azure Recovery

Services vault.

You need to maximize the time that previous backup versions are stored.

Solution: You configure a retention policy that is set to one year.

Does the solution meet the goal?

A. Yes

B. No

Does the solution meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series

contains a unique solution that might meet the stated goals. Some question sets might have more than one

correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will

not appear in the review screen.

You manage an Azure SQL Database. The database has weekly backups that are stored in an Azure Recovery

Services vault.

You need to maximize the time that previous backup versions are stored.

Solution: You configure a retention policy that is set to 10 years.

Does the solution meet the goal?

A. Yes

B. No

Does the solution meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series

contains a unique solution that might meet the stated goals. Some question sets might have more than one

correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will

not appear in the review screen.

You use Azure Resource Manager (ARM) templates to deploy resources.

You need to ensure that storage resources defined in templates cannot be deleted.

Solution: You define the following JSON in the template.

Does the solution meet the goal?

A. Yes

B. No

Which organizational role should you assign to the user…

You have an Azure subscription.

You create an Azure Active Directory (Azure AD) tenant named Tenant1.

You plan to integrate Tenant1 and the on-premises Active Directory.

You need to create a user account that can be used to synchronize changes from the on-premises Active

Directory. The solution must use the principle of least privilege.

Which organizational role should you assign to the user account?

A. Service administrator

B. Global administrator

C. Password administrator

D. User administrator

Which three actions should you perform in sequence befo…

DRAG DROP

Your company has a main office and several branch offices.

You create an Azure subscription and you deploy several virtual machines. The virtual machines are located in

multiple subnets.

You need to provide remote access to the virtual machines to five users in each office by using a VPN

connection. The remote access connections will not require a VPN device nor a public-facing IP address in

order to work.

Which three actions should you perform in sequence before you download the VPN client on each computer?

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the

correct order.

Select and Place:

ANSWER

How should you complete the JSON configuration code?

DRAG DROP

Your company is implementing an Intrusion Detection System (IDS). The IDS has the IP address 192.168.3.92.

You plan to deploy the network by using Azure Resource Manager (ARM).

You need to ensure that all subnet traffic goes through the IDS.

How should you complete the JSON configuration code? To answer, drag the appropriate JSON segments to

the correct location or locations. Each JSON segment may be used once, more than once, or not at all. You

may need to drag the split bar between panes or scroll to view content.

Select and Place:

ANSWER

You need to modify fabVM to be deployed into Subnet-3

DRAG DROP

You have an Azure Virtual Network named fabVNet with three subnets named Subnet-1, Subnet-2 and Subnet-

3. You have a virtual machine (VM) named fabVM running in the fabProd service.

You need to modify fabVM to be deployed into Subnet-3. You want to achieve this goal by using the least

amount of time and while causing the least amount of disruption to the existing deployment.

What should you do? To answer, drag the appropriate Power Shell cmdlet to the correct location in the Power

Shell command. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split

bar between panes or scroll to view content.

Select and Place:

ANSWER

You need to ensure that you can automatically add or re…

You manage the on-premises and cloud for a company. Employees use Microsoft Office 365 to collaborate and

manage product development. They authenticate to Azure Active Directory (Azure AD) to access all onpremises and cloud-based resources.

You must grant employees access to several custom-built applications.

You need to ensure that you can automatically add or remove employee access to Office 365 based on

employee group memberships or attributes.

What should you use?

A. Active Directory Configuration

B. Advanced Rules for an Active Directory Group.

C. Application Access to Active Directory

D. The Users group in Active Directory

Which Azure PowerShell cmdlet should you use?

You have an existing classic virtual network.

You need to export the virtual network settings to an XML file to make modifications.

Which Azure PowerShell cmdlet should you use?

A. Get-AzureVNetSite

B. Get-AzureVNetConnection

C. Get-AzureVNetGateway

D. Get-AzureVNetConfig

Which three storage types will achieve the goal?

You administer an Azure subscription for your company.

You have an application that updates text files frequently. The text files will not exceed 20 gigabytes (GB) in

size. Each write operation must not exceed 4 megabytes (MB).

You need to allocate storage in Azure for the application.

Which three storage types will achieve the goal? Each correct answer presents a complete solution.

A. page blob

B. queue

C. append blob

D. block blob

E. file share

You need to ensure that Azure alerts are sent to the on…

You manage an on-premises monitoring platform. You plan to deploy virtual machines (VMs) in Azure.You must use existing on-premises monitoring solutions for Azure VMs. You must maximize security for any

communication between Azure and the on-premises environment.

You need to ensure that Azure alerts are sent to the on-premises solution.

What should you do?

A.

Enable App Service Authentication for the VMs.

B.

Configure a basic authorization webhook.

C.

Deploy an HDInsight cluster.

D.

Configure a token-based authorization webhook.

You need to update the Azure Web App

You manage Azure Web Apps for a company. You migrate an on-premises web app to Azure. You plan to

update the Azure Web App by modifying the connection string and updating the files that have changed since

previous revision.

The deployment process must use Secure Socket Layer (SSL) and occur during off-peak hours as an

automated batch process.

You need to update the Azure Web App.

What should you do?

A. Configure a File Transfer Protocol (FTP) transfer script.

B. Deploy the project from Microsoft Visual Studio.

C. Run the New-AzureRMWebAppAzure PowerShell cmdlet.

D. Run the New-AzureRmResouceGroupDeploymentAzure PowerShell cmdlet.

You need to implement the replication and failover solu…

You have an application that uses SQL Server in an Azure virtual machine (VM) to store data.If the VM running the primary instance of SQL Server fails:

– The application must automatically begin using a backup copy of the SQL Server data.

– The recovery solution must guarantee that no data is lost.

If the primary datacenter fails:

– There must be a way to manually switch to a secondary data center.

– Some data loss is acceptable.

You create an active datacenter named AD1 and a passive datacenter named PD1. AD1 has two SQL Server

instances. PD1 has one SQL Server instance.

You need to implement the replication and failover solutions for the application.

What should you do?

A. In AD1, configure asynchronous replication and automatic failover. In PD1, configure synchronous

replication and manual failover from AD1.

B. In AD1, configure synchronous replication and automatic failover. In PD1, configure synchronous replication

and manual failover from AD1.

C. In AD1, configure synchronous replication and manual failover. In PD1, configure asynchronous replication

and manual failover from AD1.

D. In AD1, configure asynchronous replication and manual failover. In PD1, configure asynchronous replication

and manual failover from AD1.

which configuration option should you use?

HOTSPOT

You have an application that uses three separate databases to store application data, logs, and application

security details. The maximum database throughput unit (DTU) per database does not exceed 50. You plan to

deploy the application to Azure.

You need to recommend a configuration for the databases that minimizes costs.

For each requirement, which configuration option should you use? To answer, select the appropriate

configuration option from each list in the answer area.

Hot Area:

ANSWER

Which five actions should you perform in sequence?

DRAG DROP

You plan to deploy a new public-facing website on an Azure virtual machine (VM) by using the Azure Resource

Manager (ARM). You have an existing cloud service and a storage account in the Azure subscription.

You need to create and deploy the VM.

Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of

actions to the answer area and arrange them in the correct order.

Select and Place:

ANSWER

Which three commands should you run in sequence?

DRAG DROP

You plan to create an Azure virtual machine (VM) that runs the Linux operating system.

You must use the following values:

You need to create and connect to the VM.

Which three commands should you run in sequence? To answer, move the appropriate commands from the list

of commands to the answer area and arrange them in the correct order.

Select and Place:

You need to design a strategy that allows for security …

You are the architect for a software company that provides application servers to customers. The application

servers are Azure virtual machines (VMs) running Windows Server 2012 R2 under your company’s Azure

subscription.

The VMs are administrated by customers, and each customer customizes the system to meet its specific

needs. You identify the following requirements:

– The customer must not modify the LocalSystem service account on the VMs.

– The customer must run the Azure VM Agent.

– You must set the value of the PowerShell execution policy to RemoteSigned for all customers.

When a critical security issue is discovered, the application servers must be updated with a security update as

quickly as possible, without waiting for customer action.

You need to design a strategy that allows for security issues to be updated as quickly as possible.

What should you do?

A. Convert the application so that it runs under a Hyper-V container, and run the security update script on the

host system.

B. Build the security update script into a new base Windows Server 2012 R2 image and deploy the image by

using a Virtual Machine Scale Set.

C. Use WinRM to run the security update script on each customer VM.

D. Create an AzureVMCustomScriptExtension to run the security update on each VM.

How should you complete the relevant Azure PowerShell s…

DRAG DROP

You manage an Azure Web App named contososite.

You download the subscription publishing credentials named Contoso-Enterprise.publishsettings.

You need to use Azure Power Shell to achieve the following:

Connect to the Contoso-Enterprise subscription.

Create a new App Setting named IsCustomwith a value of True

Restart the Web App.

How should you complete the relevant Azure PowerShell script? To answer, drag the appropriate Azure

PowerShell cmdlet to the correct location in the solution. Each cmdlet may be used once, more than once, or

not at all. You may need to drag the split bar between panes or scroll to view content.

Select and Place:

ANSWER

Which four steps should you perform next in sequence?

DRAG DROP

You administer an Azure Web Site named WebProd that uses a production database. You deploy changes to

WebProd from a deployment slot named WebStaging. You use a test database while making changes to the

Web App.

After you deploy the Web App, you discover issues in WebProd that are affecting customer data.

You need to resolve the issues in WebProd while ensuring minimum downtime for users.You swap WebProd to WebStaging.

Which four steps should you perform next in sequence? To answer, move the appropriate actions from the list

of actions to the answer area and arrange them in the correct order.

Select and Place:

ANSWER

You need to gather information about application crashes

You are deploying an ASP.NET application to an Azure virtual machine (VM). The application throws an

exception when invalid data is entered. When exceptions occur, an administrator must log on to the system to

remove the bad data, and then restart the application.

You need to gather information about application crashes.

What should you do?

A. View the IIS logs.

B. View the Windows event system logs.

C. View the Windows event application logs.

D. Collect network and web metrics.

How should you complete the Azure PowerShell script?

DRAG DROP

You manage an Azure Web App.

You need to move the Web App to a new App Service plan.

How should you complete the Azure PowerShell script? To answer, drag the appropriate Azure PowerShell cmdlets to the correct locations. Each Azure PowerShell cmdlets may be used once, more than once, or not at all.

You may need to drag the split bar between panes or scroll to view content.

Select and Place:

ANSWER

which option should you use?

HOTSPOT

You manage an Azure environment that has 12 virtual machines (VMs). A set of VMs run a Web App that uses

ASP.NET.

The developer of the application must have access to ASP.NET metrics and Internet Information Services (IIS)

logs from the VMs.You need to ensure that the metrics and logs are saved and provide the developer access to the data.

For each requirement, which option should you use? To answer, select the appropriate options in the answer

area.

Hot Area:

Which storage tier and method should you use?

HOTSPOT

You plan to deploy an Azure SQL Database instance.

After deployment, the solution must meet the following requirements:- You must be able to restore the database to any point in time for the last 30 days.

– In the event of a restore, data must be recovered by using the fastest available method.

– SQL backups must be stored in up four secondary regions.

– You must minimize costs when configuring the databases.

You need to configure the secondary databases.

Which storage tier and method should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Does the solution meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each questions in the series

contains a unique solution that might meet the stated goals. Some questions sets might have more than one

correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will

not appear in the review screen.

You create an Ubuntu Linux virtual machine (VM) by using the Azure Portal. You do not specify a password

when you create the VM.

You need to connect to the terminal of the VM.

Solution: You connect to the private IP address of the VM by using Secure Shell (SSH) and specify your public

key.

Does the solution meet the goal?

A. Yes

B. No

How should you deploy App1.exe?

You deploy an Azure Web App named ContosoApp. ContosoApp runs on five instances.

You need to run an application named App1.exe automatically as a background process for ContosoApp. The

solution must ensure that App1.exe runs in one instance only.

How should you deploy App1.exe?

A. as a continuous web job

B. in a new worker role instance

C. as a scheduled web job

D. as a virtual application

Which pricing tier plan should you recommend?

Your company has an Azure subscription. You plan to deploy 10 Web Apps.

You have the following requirements:

Each Web App has at least 15 GB of storage.

All Web App can use azurewebsites.net.

You need to deploy the 10 web apps while minimizing costs.

Which pricing tier plan should you recommend?

A. Standard

B. Free

C. Basic

D. Shared

Which two commands are possible ways to achieve this goal?

You are the administrator for your company’s Azure subscription.

Company policy dictates that you must deploy new Azure Resource Manager (ARM) templates using Azure

Command-Line Interface (CLI). Parameters are included in a file called azuredeploy.parameters.json and do

not contain any password information. All JSON files are located in the root of drive E.

You need to ensure that password parameters are passed to the command.

Which two commands are possible ways to achieve this goal? Each correct answer presents a complete

solution.

A. Add the appropriate password parameters to the azuredeploy.parameters.json file and then run the

following CLI command:azure group create –n “ARMBasic” –l “West US” –f “e:\\azuredeploy.json” –e “e:

\\azuredeploy.parameters.json”

B. Run the following CLI command. Do not add additional switches:azure group create –n “ARMBasic” –l

“West US” –f “e:\\azuredeploy.json” –e “e:\\azuredeploy.parameters.json”

C. Run the following CLI command. Add a switch to include password parameters:azure group create –n

“ARMBasic” –l “West US” –f “e:\\azuredeploy.json”

D. Run the following CLI command. Add switches to include all parameters:azure group create –n “ARMBasic”

–l “West US” –f “e:\\azuredeploy.json”