AZ-304 Microsoft Azure Architect Design Questions Total Questions: 1056 – 16 Mock Exams & 1 Master Cheat Sheet
Practice Set 1
Time limit: 0
0 of 75 questions completed
Questions:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
Information
Click on Start Test.
You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" Microsoft Azure AZ-304 Practice Test 1 "
0 of 75 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
Microsoft Azure AZ-304 Practice Tests
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking view questions. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
Answered
Review
Question 1 of 75
1. Question
A company currently has an on-premise network. They have an Active directory domain defined as skillcertlab.com. They recently purchased an Azure AD tenant and now want to synchronize users from their on-premise Active Directory domain to Azure AD. They also want to enable single-sign on the users.
The company decides to setup Active Directory Federation Services and setup a sync with Azure AD.
Would this fulfil the requirement?
A company currently has the following networks defined in Azure
Virtual Network name Subscription Name Virtual Network Type
skillcertlabs-network1 subcriptionA Classic
skillcertlabs-network2 subcriptionB Resource Manager
skillcertlabs-network3 subcriptionC Resource Manager
You have to ensure that resources in the virtual networks can communicate with each other. You have to reduce the administrative effort required for the implementation.
Which Virtual network topology would you recommend for this requirement?
Correct
You can create virtual network peering connections between Virtual networks in different subscriptions. You can also create virtual network peering connections between a Classic and Resource Manager Virtual Network. This is mentioned in the Microsoft documentation in the benefits for Virtual Network Peering.
Option A is incorrect since there is no peering connection between skillcertlabs-network1 and skillcertlabs-network3
Option B is incorrect since there is no peering connection between skillcertlabs-network1 and skillcertlabs-network3. There is also no connection between skillcertlabs-network2 and skillcertlabs-network3
Option D is incorrect since there is no peering connection between skillcertlabs-network2 and skillcertlabs-network3
For more information on Virtual Network peering, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
Incorrect
You can create virtual network peering connections between Virtual networks in different subscriptions. You can also create virtual network peering connections between a Classic and Resource Manager Virtual Network. This is mentioned in the Microsoft documentation in the benefits for Virtual Network Peering.
Option A is incorrect since there is no peering connection between skillcertlabs-network1 and skillcertlabs-network3
Option B is incorrect since there is no peering connection between skillcertlabs-network1 and skillcertlabs-network3. There is also no connection between skillcertlabs-network2 and skillcertlabs-network3
Option D is incorrect since there is no peering connection between skillcertlabs-network2 and skillcertlabs-network3
For more information on Virtual Network peering, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
Unattempted
You can create virtual network peering connections between Virtual networks in different subscriptions. You can also create virtual network peering connections between a Classic and Resource Manager Virtual Network. This is mentioned in the Microsoft documentation in the benefits for Virtual Network Peering.
Option A is incorrect since there is no peering connection between skillcertlabs-network1 and skillcertlabs-network3
Option B is incorrect since there is no peering connection between skillcertlabs-network1 and skillcertlabs-network3. There is also no connection between skillcertlabs-network2 and skillcertlabs-network3
Option D is incorrect since there is no peering connection between skillcertlabs-network2 and skillcertlabs-network3
For more information on Virtual Network peering, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
Question 3 of 75
3. Question
A company is planning on developing and developing a web-based application to Azure. The application would be developed in .Net core. The company wants the development team to be able to diagnose issues in the application. They should also be able to see the performance of individual requests made to the web application. This would enable them to detect any performance issues in the application
The development team decides to use Application Insights for this purpose
Would this fulfil the requirement?
A company currently has a set of Azure SQL databases defined. They want to ensure the following when it comes to the Azure SQL Database instance
Gain an insight onto all the database activity
Help detect any suspected security violations
Which of the following feature within Azure SQL database could help fulfil these requirements?
Correct
This could be accomplished with the Auditing feature. The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on database auditing, please visit the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing
Incorrect
This could be accomplished with the Auditing feature. The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on database auditing, please visit the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing
Unattempted
This could be accomplished with the Auditing feature. The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on database auditing, please visit the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing
Question 5 of 75
5. Question
A company currently has an Azure subscription and an account in place. You have to integrate an existing application with Azure AD. The application currently uses a username and password as an authentication mechanism. You have to ensure users can sign on to the application using single sign on. You have to choose the most secure authentication technique with Azure AD. The existing application code is not available for any application modifications.
You have to choose an authentication mechanism for Single Sign on. Which of the following would you choose?
Correct
Since the application authentication is based on a username and password, you have to choose the password-based authentication scheme for Single Sign On.
The Microsoft documentation mentions the following
All other options are incorrect since you don’t have access to the application code to make any sort of additional changes.
For more information on Password based Single Sign On, please go to the below URL https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#password-based-sso
Incorrect
Since the application authentication is based on a username and password, you have to choose the password-based authentication scheme for Single Sign On.
The Microsoft documentation mentions the following
All other options are incorrect since you don’t have access to the application code to make any sort of additional changes.
For more information on Password based Single Sign On, please go to the below URL https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#password-based-sso
Unattempted
Since the application authentication is based on a username and password, you have to choose the password-based authentication scheme for Single Sign On.
The Microsoft documentation mentions the following
All other options are incorrect since you don’t have access to the application code to make any sort of additional changes.
For more information on Password based Single Sign On, please go to the below URL https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#password-based-sso
Question 6 of 75
6. Question
A company currently an on-premise setup in place. They want to migrate a set of their on-premise SQL Servers to Azure. They want to make use of their existing SQL server licences that they have as part of their Software Assurance contract with Microsoft. This would help them make use of their existing investment.
They decide to setup Azure Virtual Machines and install the SQL Server engine on those machines.
Would this fulfil the requirement?
Correct
Since here you are fully in control of the underlying virtual machine, you can install the SQL Server engine and make use of your existing licences.
For more information on Azure virtual machines, please visit the below URL https://azure.microsoft.com/en-us/services/virtual-machines/
Incorrect
Since here you are fully in control of the underlying virtual machine, you can install the SQL Server engine and make use of your existing licences.
For more information on Azure virtual machines, please visit the below URL https://azure.microsoft.com/en-us/services/virtual-machines/
Unattempted
Since here you are fully in control of the underlying virtual machine, you can install the SQL Server engine and make use of your existing licences.
For more information on Azure virtual machines, please visit the below URL https://azure.microsoft.com/en-us/services/virtual-machines/
Question 7 of 75
7. Question
A company currently an on-premise setup in place. They want to migrate a set of their on-premise SQL Servers to Azure. They want to make use of their existing SQL server licences that they have as part of their Software Assurance contract with Microsoft. This would help them make use of their existing investment.
They decide to use the Azure SQL database service along with the DTU licensing model.
Would this fulfil the requirement?
A company currently an on-premise setup in place. They want to migrate a set of their on-premise SQL Servers to Azure. They want to make use of their existing SQL server licences that they have as part of their Software Assurance contract with Microsoft. This would help them make use of their existing investment.
They decide to use the Azure SQL database service along with the v-core licensing model.
Would this fulfil the requirement?
Correct
Yes, this would work. In this model, you can make use of the Azure Hybrid Benefit. Here you can make use of your existing licences.
The Microsoft documentation mentions the following
For more information on the v-core licensing model, please visit the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-vcore
Incorrect
Yes, this would work. In this model, you can make use of the Azure Hybrid Benefit. Here you can make use of your existing licences.
The Microsoft documentation mentions the following
For more information on the v-core licensing model, please visit the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-vcore
Unattempted
Yes, this would work. In this model, you can make use of the Azure Hybrid Benefit. Here you can make use of your existing licences.
The Microsoft documentation mentions the following
For more information on the v-core licensing model, please visit the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-vcore
Question 9 of 75
9. Question
A company currently has a Microsoft SQL Server database located in their on-premise environment. They need to migrate the database to an Azure SQL database. They provision the following database as part of their Azure subscription.
The data would be migrated using the Azure Database Migration Service
The migration needs to be implemented with the least amount of downtime
Which of the following would you need to implement for the Azure SQL database as a pre-requisite for the migration?
Correct
Since here we need to implement the migration with the least amount of downtime, that means we need to implement the migration in online mode. For that we need to change the pricing tier to “Premium” for the database.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on a tutorial for implementing the migration, please visit the below URL https://docs.microsoft.com/en-us/azure/dms/tutorial-sql-server-azure-sql-online
Incorrect
Since here we need to implement the migration with the least amount of downtime, that means we need to implement the migration in online mode. For that we need to change the pricing tier to “Premium” for the database.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on a tutorial for implementing the migration, please visit the below URL https://docs.microsoft.com/en-us/azure/dms/tutorial-sql-server-azure-sql-online
Unattempted
Since here we need to implement the migration with the least amount of downtime, that means we need to implement the migration in online mode. For that we need to change the pricing tier to “Premium” for the database.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on a tutorial for implementing the migration, please visit the below URL https://docs.microsoft.com/en-us/azure/dms/tutorial-sql-server-azure-sql-online
Question 10 of 75
10. Question
A company currently has a Microsoft SQL Server database located in their on-premise environment. They need to migrate the database to an Azure SQL database. They provision the following database as part of their Azure subscription.
The data would be migrated using the Azure Database Migration Service
The migration needs to be implemented with the least amount of downtime
In which region would you create an instance of the Azure Database Migration Service?
Correct
The Azure Database Migration Service instance should be located in the same region as the target database
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on a tutorial for implementing the migration, please visit the below URL https://docs.microsoft.com/en-us/azure/dms/tutorial-sql-server-azure-sql-online
Incorrect
The Azure Database Migration Service instance should be located in the same region as the target database
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on a tutorial for implementing the migration, please visit the below URL https://docs.microsoft.com/en-us/azure/dms/tutorial-sql-server-azure-sql-online
Unattempted
The Azure Database Migration Service instance should be located in the same region as the target database
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on a tutorial for implementing the migration, please visit the below URL https://docs.microsoft.com/en-us/azure/dms/tutorial-sql-server-azure-sql-online
Question 11 of 75
11. Question
A company currently has a set of Azure SQL databases defined. They want to ensure the following when it comes to the Azure SQL Database instance
Gain an insight onto all the database activity
Help detect any suspected security violations
Which of the following could be used to log all the database activity based on the solution chosen? Choose 3 answers from the options given below
A company currently has a set of servers in their on-premise environment. They want to use Azure Site Recovery for disaster recovery purposes. During a failover to Azure, they want to ensure custom scripts are run as part of the failover.
Which of the following can be used to incorporate the scripts in the failover?
Correct
You can use Azure Automation Runbooks to run scripts as part of the failover.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on using runbooks with Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-runbook-automation
Incorrect
You can use Azure Automation Runbooks to run scripts as part of the failover.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on using runbooks with Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-runbook-automation
Unattempted
You can use Azure Automation Runbooks to run scripts as part of the failover.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on using runbooks with Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-runbook-automation
Question 13 of 75
13. Question
A company currently has a set of servers in their on-premise environment. They want to use Azure Site Recovery for disaster recovery purposes. During a failover to Azure, they want to ensure custom scripts are run as part of the failover.
Which of the following would you need to customize in Azure Site Recovery to fulfil this requirement?
Correct
You have to customize the Recovery plan for this.
The Microsoft documentation mentions the following as the first step for adding a runbook to Azure Site Recovery.
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on using runbooks with Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-runbook-automation
Incorrect
You have to customize the Recovery plan for this.
The Microsoft documentation mentions the following as the first step for adding a runbook to Azure Site Recovery.
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on using runbooks with Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-runbook-automation
Unattempted
You have to customize the Recovery plan for this.
The Microsoft documentation mentions the following as the first step for adding a runbook to Azure Site Recovery.
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on using runbooks with Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-runbook-automation
Question 14 of 75
14. Question
A company currently has a Web application deployed in classic ASP. The application makes use of third-party DLL’s. The deployment process for the application is to prone to errors and scaling and high availability are always issues.
You need to devise an approach to modernize the application that could be deployed to Azure and also ensure deployment and administrative overheads are reduced.
Which of the following would you recommend as the deployment approach?
A company currently has a Web application deployed in classic ASP. The application makes use of third-party DLL’s. The deployment process for the application is too prone to errors and scaling and high availability are always issues.
You need to devise an approach to modernize the application that could be deployed to Azure and also ensure deployment and administrative overheads are reduced.
Which of the following would you use as the Modernization approach?
Correct
The ideal approach for modernization of applications is to use Containers. And then to run in the cloud, you can use Azure Container Services. The Microsoft documentation mentions the following on Azure Container Instances
Option A is incorrect since this is more of a workflow-based service
Option B is incorrect since is a compute service that ideally should not run web-based applications
Option C is incorrect since this just ports the application but does not present a modern approach to application design
For more information on Azure Container instances, please visit the below URL https://docs.microsoft.com/en-us/azure/container-instances/container-instances-overview
Incorrect
The ideal approach for modernization of applications is to use Containers. And then to run in the cloud, you can use Azure Container Services. The Microsoft documentation mentions the following on Azure Container Instances
Option A is incorrect since this is more of a workflow-based service
Option B is incorrect since is a compute service that ideally should not run web-based applications
Option C is incorrect since this just ports the application but does not present a modern approach to application design
For more information on Azure Container instances, please visit the below URL https://docs.microsoft.com/en-us/azure/container-instances/container-instances-overview
Unattempted
The ideal approach for modernization of applications is to use Containers. And then to run in the cloud, you can use Azure Container Services. The Microsoft documentation mentions the following on Azure Container Instances
Option A is incorrect since this is more of a workflow-based service
Option B is incorrect since is a compute service that ideally should not run web-based applications
Option C is incorrect since this just ports the application but does not present a modern approach to application design
For more information on Azure Container instances, please visit the below URL https://docs.microsoft.com/en-us/azure/container-instances/container-instances-overview
Question 16 of 75
16. Question
A company currently has an Azure account and subscription. They want to host an application using Virtual Machines and a load balancer. There is a requirement to ensure that the application is made available 99.99% of the time. Which of the following would need to be in place? You also have to minimize costs associated with the solution. Choose 2 answers from the options given below
Correct
This is clearly mentioned in the Microsoft documentation
Since this is clearly given in the Microsoft documentation, all other options are incorrect
For more information on the SLA for the Load balancer, please go to the below URL https://azure.microsoft.com/en-us/support/legal/sla/load-balancer/v1_0/
Incorrect
This is clearly mentioned in the Microsoft documentation
Since this is clearly given in the Microsoft documentation, all other options are incorrect
For more information on the SLA for the Load balancer, please go to the below URL https://azure.microsoft.com/en-us/support/legal/sla/load-balancer/v1_0/
Unattempted
This is clearly mentioned in the Microsoft documentation
Since this is clearly given in the Microsoft documentation, all other options are incorrect
For more information on the SLA for the Load balancer, please go to the below URL https://azure.microsoft.com/en-us/support/legal/sla/load-balancer/v1_0/
Question 17 of 75
17. Question
A company currently has an Azure subscription and an account in place. You have to integrate an existing application with Azure AD. The application currently uses a username and password as an authentication mechanism. You have to ensure users can sign on to the application using single sign on. You have to choose the most secure authentication technique with Azure AD. The existing application code is not available for any application modifications.
Where would you go to register the application?
A company currently has an on-premise data center that has a set of servers hosting several applications. The company is setting up an Azure subscription. Below are the network details
Name Type Address space
skillcertlab-vnet1 Azure virtual network 10.1.0.0/16
skillcertlab-vnet2 Azure virtual network 10.2.0.0/16
skillcertlabnetwork On-premise 101.10.1.0/24
The company wants to establish connectivity between the networks.
Which of the following would they use to connect “skillcertlab-vnet1” to “skillcertlab-vnet2”? The traffic should not flow via the Internet.
Correct
To connect 2 Azure virtual networks together and ensure the traffic does not flow via the Internet, we have to choose Virtual Network Peering
Option A is incorrect since this is used when you want to connect workstations to an Azure virtual network
Option B is incorrect since this would cause the traffic to flow via the Internet
Option C is incorrect since this is normally used to connect an on-premise data center to an Azure virtual network
For more information on virtual network peering, please go to the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
Incorrect
To connect 2 Azure virtual networks together and ensure the traffic does not flow via the Internet, we have to choose Virtual Network Peering
Option A is incorrect since this is used when you want to connect workstations to an Azure virtual network
Option B is incorrect since this would cause the traffic to flow via the Internet
Option C is incorrect since this is normally used to connect an on-premise data center to an Azure virtual network
For more information on virtual network peering, please go to the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
Unattempted
To connect 2 Azure virtual networks together and ensure the traffic does not flow via the Internet, we have to choose Virtual Network Peering
Option A is incorrect since this is used when you want to connect workstations to an Azure virtual network
Option B is incorrect since this would cause the traffic to flow via the Internet
Option C is incorrect since this is normally used to connect an on-premise data center to an Azure virtual network
For more information on virtual network peering, please go to the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
Question 19 of 75
19. Question
A company currently has an on-premise data center that has a set of servers hosting several applications. The company is setting up an Azure subscription. Below are the network details
Name Type Address space
skillcertlab-vnet1 Azure virtual network 10.1.0.0/16
skillcertlab-vnet2 Azure virtual network 10.2.0.0/16
skillcertlabnetwork On-premise 101.10.1.0/24
The company wants to establish connectivity between the networks.
Which of the following could be used to connect the networks “skillcertlab-vnet1” to “skillcertlabnetwork”? Choose 2 answers from the options given below
A company currently has an on-premise infrastructure that consists of
An Active directory domain named skillcertlab.com
Active Directory Federation services
Application Proxy servers for external connection
The company has recently setup an Azure AD tenant. They have also setup Azure AD Connect for the synchronization of users from the on-premise AD to Azure AD. They have the following additional requirements
Ability to monitor the solutions that integrate with Azure AD
Identify any potential issues in AD FS
Identify any directory synchronization issues
You need to identify the right monitoring solution for each type of server
Which of the following would you use to monitor the AD FS servers?
Correct
Azure AD Connect Health has the ability to monitor AD FS servers as well. If you see the Microsoft documentation, you can clearly see the option present.
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on Azure AD Connect, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
Incorrect
Azure AD Connect Health has the ability to monitor AD FS servers as well. If you see the Microsoft documentation, you can clearly see the option present.
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on Azure AD Connect, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
Unattempted
Azure AD Connect Health has the ability to monitor AD FS servers as well. If you see the Microsoft documentation, you can clearly see the option present.
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on Azure AD Connect, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
Question 21 of 75
21. Question
A company currently has an on-premise infrastructure that consists of
An Active directory domain named skillcertlab.com
Active Directory Federation services
Application Proxy servers for external connection
The company has recently setup an Azure AD tenant. They have also setup Azure AD Connect for the synchronization of users from the on-premise AD to Azure AD. They have the following additional requirements
Ability to monitor the solutions that integrate with Azure AD
Identity any potential issues in AD FS
Identify any directory synchronization issues
You need to identify the right monitoring solution for each type of server
Which of the following would you use to monitor the AD Connect Servers?
Correct
Azure AD Connect Health has the ability to monitor all AD Connect Servers and check for any synchronization issues. If you see the Microsoft documentation, you can clearly see the option present.
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on Azure AD Connect, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
Incorrect
Azure AD Connect Health has the ability to monitor all AD Connect Servers and check for any synchronization issues. If you see the Microsoft documentation, you can clearly see the option present.
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on Azure AD Connect, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
Unattempted
Azure AD Connect Health has the ability to monitor all AD Connect Servers and check for any synchronization issues. If you see the Microsoft documentation, you can clearly see the option present.
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on Azure AD Connect, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
Question 22 of 75
22. Question
A company currently has an on-premise infrastructure that consists of
An Active directory domain named skillcertlab.com
Active Directory Federation services
Application Proxy servers for external connection
The company has recently setup an Azure AD tenant. They have also setup Azure AD Connect for the synchronization of users from the on-premise AD to Azure AD. They have the following additional requirements
Ability to monitor the solutions that integrate with Azure AD
Identity any potential issues in AD FS
Identify any directory synchronization issues
You need to identify the right monitoring solution for each type of server
Which of the following would you use to monitor the web application proxy servers?
Correct
Azure AD Connect Health can also be used to monitor web application proxy servers as well.
This is given in the Microsoft documentation
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on Azure AD Connect, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
Incorrect
Azure AD Connect Health can also be used to monitor web application proxy servers as well.
This is given in the Microsoft documentation
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on Azure AD Connect, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
Unattempted
Azure AD Connect Health can also be used to monitor web application proxy servers as well.
This is given in the Microsoft documentation
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on Azure AD Connect, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
Question 23 of 75
23. Question
A company currently has an on-premise network with an IP address space of 186.16.0.0/16. The company is going to deploy 20 Virtual machines to Azure. The Virtual machines will be placed in a subnet in an Azure virtual network. The requirement is to ensure the on-premise servers can communicate with the virtual machines hosted in Azure via a site-to-site VPN connection. You have to design the subnet for the virtual network in Azure which will be used to host the virtual machines.
Which of the following address space would you assign for the subnet in the Virtual Network?
Correct
The address space for the Virtual Network should not conflict with the address space for the on-premise network. So, in this case the ideal option to choose as the address space is 192.168.0.0/24.
A note on this is also given in the Microsoft documentation
Options A and B are incorrect since these address spaces would conflict with the on-premise address space.
Option D is incorrect since this address space should ideally be used for the gateway subnet
For more information on site-to-site VPN, please visit the below URL https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Incorrect
The address space for the Virtual Network should not conflict with the address space for the on-premise network. So, in this case the ideal option to choose as the address space is 192.168.0.0/24.
A note on this is also given in the Microsoft documentation
Options A and B are incorrect since these address spaces would conflict with the on-premise address space.
Option D is incorrect since this address space should ideally be used for the gateway subnet
For more information on site-to-site VPN, please visit the below URL https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Unattempted
The address space for the Virtual Network should not conflict with the address space for the on-premise network. So, in this case the ideal option to choose as the address space is 192.168.0.0/24.
A note on this is also given in the Microsoft documentation
Options A and B are incorrect since these address spaces would conflict with the on-premise address space.
Option D is incorrect since this address space should ideally be used for the gateway subnet
For more information on site-to-site VPN, please visit the below URL https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Question 24 of 75
24. Question
A company currently has an on-premise network with an IP address space of 186.16.0.0/16. The company is going to deploy 20 Virtual machines to Azure. The Virtual machines will be placed in a subnet in an Azure virtual network. The requirement is to ensure the on-premise servers can communicate with the virtual machines hosted in Azure via a site-to-site VPN connection. You have to design the subnet for the virtual network in Azure which will be used to host the virtual machines.
Which of the following address space would you assign for the gateway subnet in the Virtual Network?
Correct
The address space for the Virtual Network should not conflict with the address space for the on-premise network. So, in this case the ideal option to choose as the address space is 192.168.0.0/24 for the subnet in the virtual network. And then use 192.168.1.0/28 as the address space for the gateway subnet.
The Microsoft documentation mentions the following on the gateway subnet
Options A and B are incorrect since these address spaces would conflict with the on-premise address space.
Option C is incorrect since this address space should ideally be used for the subnet to host the virtual machines.
For more information on site-to-site VPN, please visit the below URL https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Incorrect
The address space for the Virtual Network should not conflict with the address space for the on-premise network. So, in this case the ideal option to choose as the address space is 192.168.0.0/24 for the subnet in the virtual network. And then use 192.168.1.0/28 as the address space for the gateway subnet.
The Microsoft documentation mentions the following on the gateway subnet
Options A and B are incorrect since these address spaces would conflict with the on-premise address space.
Option C is incorrect since this address space should ideally be used for the subnet to host the virtual machines.
For more information on site-to-site VPN, please visit the below URL https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Unattempted
The address space for the Virtual Network should not conflict with the address space for the on-premise network. So, in this case the ideal option to choose as the address space is 192.168.0.0/24 for the subnet in the virtual network. And then use 192.168.1.0/28 as the address space for the gateway subnet.
The Microsoft documentation mentions the following on the gateway subnet
Options A and B are incorrect since these address spaces would conflict with the on-premise address space.
Option C is incorrect since this address space should ideally be used for the subnet to host the virtual machines.
For more information on site-to-site VPN, please visit the below URL https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Question 25 of 75
25. Question
A company currently has an on-premise network. They have an Active directory domain defined as skillcertlab.com. They recently purchased an Azure AD tenant and now want to synchronize users from their on-premise Active Directory domain to Azure AD. They also want to enable single-sign on the users.
The company decides to setup an Active Directory domain on a set of servers in a Virtual Network. They then develop a sync strategy with Azure AD.
Would this fulfil the requirement?
A company currently has an on-premise network. They have an Active directory domain defined as skillcertlab.com. They recently purchased an Azure AD tenant and now want to synchronize users from their on-premise Active Directory domain to Azure AD. They also want to enable single-sign on the users.
The company decides to install Azure AD Connect with pass-through authentication. They then configure Single-Sign in Azure AD Connect.
Would this fulfil the requirement?
Correct
Azure AD connect is a tool that can be used to sync on-premise AD users with Azure AD.
Below is the diagram from the Microsoft documentation that showcases this.
You can also combine this with Single Sign-On as mentioned below.
For more information on pass through authentication, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta
Incorrect
Azure AD connect is a tool that can be used to sync on-premise AD users with Azure AD.
Below is the diagram from the Microsoft documentation that showcases this.
You can also combine this with Single Sign-On as mentioned below.
For more information on pass through authentication, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta
Unattempted
Azure AD connect is a tool that can be used to sync on-premise AD users with Azure AD.
Below is the diagram from the Microsoft documentation that showcases this.
You can also combine this with Single Sign-On as mentioned below.
For more information on pass through authentication, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta
Question 27 of 75
27. Question
A company currently has an on-premise setup that contains an Active directory instance. They have recently purchased an Azure subscription and an Azure tenant. They are planning on setting up Azure AD Connect to synchronize the users from their on-premise Active Directory onto Azure AD. They have the following requirements for this setup
Enforcement of on-premise Active Directory security policies
Provide the ability for Single-Sign On
Which of the following would you setup as the authentication mechanism?
Correct
If you need to enforce your on-premise Active Directory security policies, then you should choose “Pass-through authentication” as the authentication technique.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on Pass-through authentication, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta
Incorrect
If you need to enforce your on-premise Active Directory security policies, then you should choose “Pass-through authentication” as the authentication technique.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on Pass-through authentication, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta
Unattempted
If you need to enforce your on-premise Active Directory security policies, then you should choose “Pass-through authentication” as the authentication technique.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on Pass-through authentication, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta
Question 28 of 75
28. Question
A company currently has an on-premise setup that contains an Active directory instance. They have recently purchased an Azure subscription and an Azure tenant. They are planning on setting up Azure AD Connect to synchronize the users from their on-premise Active Directory onto Azure AD. They have the following requirements for this setup
Enforcement of on-premise Active Directory security policies
Provide the ability for Single-Sign On
Where would you configure the “Seamless Sign-on” setting?
Correct
You would configure this setting in Azure AD Connect. The Microsoft documentation mentions the steps for enabling this.
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on configuring SSO, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
Incorrect
You would configure this setting in Azure AD Connect. The Microsoft documentation mentions the steps for enabling this.
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on configuring SSO, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
Unattempted
You would configure this setting in Azure AD Connect. The Microsoft documentation mentions the steps for enabling this.
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on configuring SSO, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
Question 29 of 75
29. Question
A company currently has around 100 Virtual Machines running on their on-premise infrastructure. There is a plan to move the Virtual machines to Azure. The Virtual machines are running on a VMWare environment. The Virtual machines run different types of workloads. You need to prepare a report on the capacity requirement for the Virtual Machines that need to be created in Azure for the migration. Which of the following would you use for this purpose?
Correct
The Azure Migrate tool is the perfect tool for this scenario. The Microsoft documentation mentions the following
Options A and B are incorrect since these are normally used for cost management once you are already using resources in Azure
Option D is incorrect since this is used for backup and recovery purposes
For more information on Azure Migrate, please visit the below URL https://docs.microsoft.com/en-us/azure/migrate/migrate-overview
Incorrect
The Azure Migrate tool is the perfect tool for this scenario. The Microsoft documentation mentions the following
Options A and B are incorrect since these are normally used for cost management once you are already using resources in Azure
Option D is incorrect since this is used for backup and recovery purposes
For more information on Azure Migrate, please visit the below URL https://docs.microsoft.com/en-us/azure/migrate/migrate-overview
Unattempted
The Azure Migrate tool is the perfect tool for this scenario. The Microsoft documentation mentions the following
Options A and B are incorrect since these are normally used for cost management once you are already using resources in Azure
Option D is incorrect since this is used for backup and recovery purposes
For more information on Azure Migrate, please visit the below URL https://docs.microsoft.com/en-us/azure/migrate/migrate-overview
Question 30 of 75
30. Question
A company currently has resources deployed to their on-premise network and to Azure AD. There is a requirement to ensure that the Azure AD tenant can only be managed from workstations on the on-premise network. Which of the following needs to be part of the implementation of this requirement?
Correct
This can be managed by conditional access policies ensuring that the Locations is set in the policy.
Since this is clear from the implementation, all other options are incorrect
For more information on conditional access, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Incorrect
This can be managed by conditional access policies ensuring that the Locations is set in the policy.
Since this is clear from the implementation, all other options are incorrect
For more information on conditional access, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Unattempted
This can be managed by conditional access policies ensuring that the Locations is set in the policy.
Since this is clear from the implementation, all other options are incorrect
For more information on conditional access, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Question 31 of 75
31. Question
A company currently has the following deployment for an application in Azure
Network Security Groups are applied at both a subnet level and at the network interface level. The Networking team wants to use the Network Watcher tool to diagnose various issues when it comes to the networking aspect.
Which of the following would they use for the below requirement?
“Find out if a network security rule is preventing a network packet from reaching a virtual machine hosted in an Azure virtual network”
Correct
This can be done with the IP Flow Verify feature. The Microsoft documentation mentions the following
Option B is incorrect since this feature is used to get the next hop type and IP address of a packet from a specific VM
Option C is incorrect since this feature is used for deep dive network packet capture
Option D is incorrect since this feature is a cloud-based solution that provides visibility into user and application activity in cloud networks
For more information on the IP Flow Verify feature, please visit the below URL https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
Incorrect
This can be done with the IP Flow Verify feature. The Microsoft documentation mentions the following
Option B is incorrect since this feature is used to get the next hop type and IP address of a packet from a specific VM
Option C is incorrect since this feature is used for deep dive network packet capture
Option D is incorrect since this feature is a cloud-based solution that provides visibility into user and application activity in cloud networks
For more information on the IP Flow Verify feature, please visit the below URL https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
Unattempted
This can be done with the IP Flow Verify feature. The Microsoft documentation mentions the following
Option B is incorrect since this feature is used to get the next hop type and IP address of a packet from a specific VM
Option C is incorrect since this feature is used for deep dive network packet capture
Option D is incorrect since this feature is a cloud-based solution that provides visibility into user and application activity in cloud networks
For more information on the IP Flow Verify feature, please visit the below URL https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
Question 32 of 75
32. Question
A company currently has the following deployment for an application in Azure
Network Security Groups are applied at both a subnet level and at the network interface level. The Networking team wants to use the Network Watcher tool to diagnose various issues when it comes to the networking aspect.
Which of the following would they use for the below requirement?
“Find out if there is outbound connectivity between an Azure virtual machine and an external host”
Correct
This can be done with the Connection Monitor feature. The Microsoft documentation mentions the following
Option A is incorrect since this feature is used to verify the flow of traffic based on security group rules
Option B is incorrect since this feature is used to get the next hop type and IP address of a packet from a specific VM
Option D is incorrect since this feature is a cloud-based solution that provides visibility into user and application activity in cloud networks
For more information on the network watcher tool, please visit the below URL https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
Incorrect
This can be done with the Connection Monitor feature. The Microsoft documentation mentions the following
Option A is incorrect since this feature is used to verify the flow of traffic based on security group rules
Option B is incorrect since this feature is used to get the next hop type and IP address of a packet from a specific VM
Option D is incorrect since this feature is a cloud-based solution that provides visibility into user and application activity in cloud networks
For more information on the network watcher tool, please visit the below URL https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
Unattempted
This can be done with the Connection Monitor feature. The Microsoft documentation mentions the following
Option A is incorrect since this feature is used to verify the flow of traffic based on security group rules
Option B is incorrect since this feature is used to get the next hop type and IP address of a packet from a specific VM
Option D is incorrect since this feature is a cloud-based solution that provides visibility into user and application activity in cloud networks
For more information on the network watcher tool, please visit the below URL https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
Question 33 of 75
33. Question
A company currently has the following systems running on their on-premise environment
An ASP.Net application running on Internet Information Services
A MongoDB database
The company wants to migrate the systems onto Azure. They want to ensure to use managed services to reduce the administrative overhead. They want to minimize the time for migration as well and also reduce costs wherever possible.
Which of the following Azure service would you use for the ASP.Net application?
Correct
The ideal service to use is the Azure Web App in the Azure App Service. The Microsoft documentation mentions the following
Options A and D are incorrect since these would less cost effective and not a managed service
Option B is incorrect since this is used for running small pieces of code or functions on Azure cloud
For more information on the Azure App service, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/app-service/overview
Incorrect
The ideal service to use is the Azure Web App in the Azure App Service. The Microsoft documentation mentions the following
Options A and D are incorrect since these would less cost effective and not a managed service
Option B is incorrect since this is used for running small pieces of code or functions on Azure cloud
For more information on the Azure App service, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/app-service/overview
Unattempted
The ideal service to use is the Azure Web App in the Azure App Service. The Microsoft documentation mentions the following
Options A and D are incorrect since these would less cost effective and not a managed service
Option B is incorrect since this is used for running small pieces of code or functions on Azure cloud
For more information on the Azure App service, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/app-service/overview
Question 34 of 75
34. Question
A company currently has the following systems running on their on-premise environment
An ASP.Net application running on Internet Information Services
A MongoDB database
The company wants to migrate the systems onto Azure. They want to ensure to use managed services to reduce the administrative overhead. They want to minimize the time for migration as well and also reduce costs wherever possible.
Which of the following Azure service would you use for the MongoDB database?
Correct
You can use the MongoDB API which is available as part of CosmosDB
The Microsoft documentation mentions the following
Options A and D are incorrect since these are SQL based data stores
Option C is incorrect since this would less cost effective and not a managed service
For more information on CosmosDB and the MongoDB API, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/cosmos-db/mongodb-introduction
Incorrect
You can use the MongoDB API which is available as part of CosmosDB
The Microsoft documentation mentions the following
Options A and D are incorrect since these are SQL based data stores
Option C is incorrect since this would less cost effective and not a managed service
For more information on CosmosDB and the MongoDB API, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/cosmos-db/mongodb-introduction
Unattempted
You can use the MongoDB API which is available as part of CosmosDB
The Microsoft documentation mentions the following
Options A and D are incorrect since these are SQL based data stores
Option C is incorrect since this would less cost effective and not a managed service
For more information on CosmosDB and the MongoDB API, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/cosmos-db/mongodb-introduction
Question 35 of 75
35. Question
A company has a set of servers and applications located in their on-premise environment. They wanted to design a business continuity solution for the servers and applications. They want to make use of services hosted in Azure. They have setup an Azure subscription. Below are the requirements for 3 applications that need to adhere to different business continuity requirements
skillcertlabA – This is a high revenue generating application for the company. The application must be able to failover to Azure in the event of an on-premise data center failure.
skillcertlabB – Here the data for the application needs to be retained for 3 years.
skillcertlabC – For this application the Recovery Point Objective needs to be 30 minutes. And the Recovery Time Objective needs to be 15 minutes.
Which of the following would you use for the application “skillcertlabA”?
Correct
The best solution for disaster recovery scenarios is to use the Azure Site Recovery service.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on comparisons between Azure Backup and Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/backup/backup-overview
Incorrect
The best solution for disaster recovery scenarios is to use the Azure Site Recovery service.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on comparisons between Azure Backup and Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/backup/backup-overview
Unattempted
The best solution for disaster recovery scenarios is to use the Azure Site Recovery service.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on comparisons between Azure Backup and Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/backup/backup-overview
Question 36 of 75
36. Question
A company has a set of servers and applications located in their on-premise environment. They wanted to design a business continuity solution for the servers and applications. They want to make use of services hosted in Azure. They have setup an Azure subscription. Below are the requirements for 3 applications that need to adhere to different business continuity requirements
skillcertlabA – This is a high revenue generating application for the company. The application must be able to failover to Azure in the event of an on-premise data center failure.
skillcertlabB – Here the data for the application needs to be retained for 3 years.
skillcertlabC – For this application the Recovery Point Objective needs to be 30 minutes. And the Recovery Time Objective needs to be 15 minutes.
Which of the following would you use for the application “skillcertlabB”?
Correct
If you need backup’s to be retained for a number of years, then you can use the Azure Backup service.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on comparisons between Azure Backup and Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/backup/backup-overview
Incorrect
If you need backup’s to be retained for a number of years, then you can use the Azure Backup service.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on comparisons between Azure Backup and Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/backup/backup-overview
Unattempted
If you need backup’s to be retained for a number of years, then you can use the Azure Backup service.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on comparisons between Azure Backup and Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/backup/backup-overview
Question 37 of 75
37. Question
A company has a set of servers and applications located in their on-premise environment. They wanted to design a business continuity solution for the servers and applications. They want to make use of services hosted in Azure. They have setup an Azure subscription. Below are the requirements for 3 applications that need to adhere to different business continuity requirements
skillcertlabA – This is a high revenue generating application for the company. The application must be able to failover to Azure in the event of an on-premise data center failure.
skillcertlabB – Here the data for the application needs to be retained for 3 years.
skillcertlabC – For this application the Recovery Point Objective needs to be 30 minutes. And the Recovery Time Objective needs to be 15 minutes.
Which of the following would you use for the application “skillcertlabC”?
Correct
If you need a low Recovery Point Objective and Recovery Time Objective, then you should consider using Azure Site Recovery
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on comparisons between Azure Backup and Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/backup/backup-overview
Incorrect
If you need a low Recovery Point Objective and Recovery Time Objective, then you should consider using Azure Site Recovery
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on comparisons between Azure Backup and Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/backup/backup-overview
Unattempted
If you need a low Recovery Point Objective and Recovery Time Objective, then you should consider using Azure Site Recovery
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on comparisons between Azure Backup and Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/backup/backup-overview
Question 38 of 75
38. Question
A company has a set of Windows servers located in their on-premise data centre. They also have Windows virtual machines hosted as part of their Azure subscription. They want to have a combined monitoring solution for both their on-premise and Azure virtual machines.
Which of the following would you create in Azure to fulfil the monitoring requirements?
Correct
You can collect all the logs into a Log Analytics workspace. The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on an example on collecting logs from Windows based machines, please go to the below URL https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-windows-computer
Incorrect
You can collect all the logs into a Log Analytics workspace. The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on an example on collecting logs from Windows based machines, please go to the below URL https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-windows-computer
Unattempted
You can collect all the logs into a Log Analytics workspace. The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on an example on collecting logs from Windows based machines, please go to the below URL https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-windows-computer
Question 39 of 75
39. Question
A company has a set of Windows servers located in their on-premise data centre. They also have Windows virtual machines hosted as part of their Azure subscription. They want to have a combined monitoring solution for both their on-premise and Azure virtual machines.
Which of the following would you implement on the servers located in the on-premise data center?
Correct
You would have to install a Windows agent on the server. An example of this is given in the Microsoft documentation
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on an example on collecting logs from Windows based machines, please go to the below URL https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-windows-computer
Incorrect
You would have to install a Windows agent on the server. An example of this is given in the Microsoft documentation
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on an example on collecting logs from Windows based machines, please go to the below URL https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-windows-computer
Unattempted
You would have to install a Windows agent on the server. An example of this is given in the Microsoft documentation
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect.
For more information on an example on collecting logs from Windows based machines, please go to the below URL https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-windows-computer
Question 40 of 75
40. Question
A company has an API service that currently returns XML data to its internal users. The API is going to be migrated onto Azure. It will sit behind an API Management instance. Below are the requirements for the API when it is moved to Azure
The API must send data in JSON format to its internal users
When external consultants access the API, the header information must be stripped before the data is received
What is the minimum number of API’s that need to be added to Azure API management?
A company has an API service that currently returns XML data to its internal users. The API is going to be migrated onto Azure. It will sit behind an API Management instance. Below are the requirements for the API when it is moved to Azure
The API must send data in JSON format to its internal users
When external consultants access the API, the header information must be stripped before the data is received
What is the minimum number of products to publish in Azure API management?
Correct
You can have one product that is published for the Internal development team. The Microsoft documentation mentions the following on products for API management
Because of this reasoning all other options are incorrect
For more information on the key concepts for API Management, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts
Incorrect
You can have one product that is published for the Internal development team. The Microsoft documentation mentions the following on products for API management
Because of this reasoning all other options are incorrect
For more information on the key concepts for API Management, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts
Unattempted
You can have one product that is published for the Internal development team. The Microsoft documentation mentions the following on products for API management
Because of this reasoning all other options are incorrect
For more information on the key concepts for API Management, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts
Question 42 of 75
42. Question
A company has an API service that currently returns XML data to its internal users. The API is going to be migrated onto Azure. It will sit behind an API Management instance. Below are the requirements for the API when it is moved to Azure
The API must send data in JSON format to its internal users
When external consultants access the API, the header information must be stripped before the data is received
What is the minimum number of policy elements that need to be added to the API?
Correct
You can have one policy element to ensure that XML data is transformed to JSON for the Internal users when it is published to Azure
Below is the policy statement given in the Microsoft documentation
And then you can have one policy element to set the header of the response, so that it is sent as per the requirement to external consultants
Below is the policy statement given in the Microsoft documentation
You can have one policy element to ensure that XML data is transformed to JSON for the Internal users when it is published to Azure
Below is the policy statement given in the Microsoft documentation
And then you can have one policy element to set the header of the response, so that it is sent as per the requirement to external consultants
Below is the policy statement given in the Microsoft documentation
You can have one policy element to ensure that XML data is transformed to JSON for the Internal users when it is published to Azure
Below is the policy statement given in the Microsoft documentation
And then you can have one policy element to set the header of the response, so that it is sent as per the requirement to external consultants
Below is the policy statement given in the Microsoft documentation
A company has an application running as part of Azure We Apps. A database is being hosted in a Virtual Network. There is a requirement to ensure that the web app can access the database without the need of exposing a public endpoint.
You decide to implement Webjobs for the Azure Web App
Does this meet the requirement?
A company has an application running as part of Azure We Apps. A database is being hosted in a Virtual Network. There is a requirement to ensure that the web app can access the database without the need of exposing a public endpoint.
You decide to implement Hybrid connections for the Azure Web App
Does this meet the requirement?
A company has an application running as part of Azure We Apps. A database is being hosted in a Virtual Network. There is a requirement to ensure that the web app can access the database without the need of exposing a public endpoint.
You decide to implement VNET Integration for the Azure Web App
Does this meet the requirement?
A company has an application running as part of Azure Web Apps. A database is being hosted in a Virtual Network. There is a requirement to ensure that the web app can access a cluster of databases installed on multiple VM in hybrid architect without the need of exposing a public endpoint.
You decide to implement Azure Batch jobs as part of the solution
Does this meet the requirement?
A company has an application running as part of Azure Web Apps. A database is being hosted in a Virtual Network. There is a requirement to ensure that the web app can access a cluster of databases installed on multiple VM in hybrid architect without the need of exposing a public endpoint.
You decide to deploy an HPC Pack to Azure.
Does this meet the requirement?
A company has an Azure environment that consists of the following Virtual Networks
Virtual Network Name Subscription Name Virtual Network Type Region
skillcertlab-vnet1 SubscriptionA Classic US East
skillcertlab-vnet2 SubscriptionA Resource Manager US East
skillcertlab-vnet3 SubscriptionB Classic Central US
skillcertlab-vnet4 SubscriptionB Resource Manager Central US
You have to advise on the possible network connectivity options using virtual network peering for the virtual networks
Can you create a virtual network peering connection between skillcertlab-vnet1 and skillcertlab-vnet2?
A company has an Azure environment that consists of the following Virtual Networks
Virtual Network Name Subscription Name Virtual Network Type Region
skillcertlab-vnet1 SubscriptionA Classic US East
skillcertlab-vnet2 SubscriptionA Resource Manager US East
skillcertlab-vnet3 SubscriptionB Classic Central US
skillcertlab-vnet4 SubscriptionB Resource Manager Central US
You have to advise on the possible network connectivity options using virtual network peering for the virtual networks
Can you create a virtual network peering connection between skillcertlab-vnet1 and skillcertlab-vnet3?
A company has an Azure environment that consists of the following Virtual Networks
Virtual Network Name Subscription Name Virtual Network Type Region
skillcertlab-vnet1 SubscriptionA Classic US East
skillcertlab-vnet2 SubscriptionA Resource Manager US East
skillcertlab-vnet3 SubscriptionB Classic Central US
skillcertlab-vnet4 SubscriptionB Resource Manager Central US
You have to advise on the possible network connectivity options using virtual network peering for the virtual networks
Can you create a virtual network peering connection between skillcertlab-vnet2 and skillcertlab-vnet3?
A company has an Azure environment that consists of the following Virtual Networks
Virtual Network Name Subscription Name Virtual Network Type Region
skillcertlab-vnet1 SubscriptionA Classic US East
skillcertlab-vnet2 SubscriptionA Resource Manager US East
skillcertlab-vnet3 SubscriptionB Classic Central US
skillcertlab-vnet4 SubscriptionB Resource Manager Central US
You have to advise on the possible network connectivity options using virtual network peering for the virtual networks
Can you create a virtual network peering connection between skillcertlab-vnet2 and skillcertlab-vnet4?
A company has an Azure storage account. The storage account needs to be configured in such a way that it is only accessible from one specific Azure Virtual Network. You have to ensure that the storage account is not accessible from the Internet. Which of the following would you use to implement this requirement?
Correct
The Microsoft documentation mentions the following
Virtual Network (VNet) service endpoints extend your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network.
Option A is incorrect since this is just used to manage the traffic into a subnet or network interface
Option B is incorrect since this is used for content delivery
Option C is incorrect since this is used only if you want to have HTTPS data transfer for the storage account
For more information on Virtual Networks service endpoint, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
Incorrect
The Microsoft documentation mentions the following
Virtual Network (VNet) service endpoints extend your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network.
Option A is incorrect since this is just used to manage the traffic into a subnet or network interface
Option B is incorrect since this is used for content delivery
Option C is incorrect since this is used only if you want to have HTTPS data transfer for the storage account
For more information on Virtual Networks service endpoint, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
Unattempted
The Microsoft documentation mentions the following
Virtual Network (VNet) service endpoints extend your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network.
Option A is incorrect since this is just used to manage the traffic into a subnet or network interface
Option B is incorrect since this is used for content delivery
Option C is incorrect since this is used only if you want to have HTTPS data transfer for the storage account
For more information on Virtual Networks service endpoint, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
Question 53 of 75
53. Question
A company has an Azure subscription named skillcertlab. The subscription contains resources for an application named skillcertlab-app. An Azure AD group named skillcertlab-admin is in place to manage the resources assigned to the application.
The company now wants to deploy a new application named skillcertlab-app-staging. The development team for the application will be part of a new Azure AD group called skillcertlab-dev.
The company has the following requirements
The members of the skillcertlab-dev group should be able to create resource in Azure which are required by the skillcertlab-app-staging application
The members of the skillcertlab-dev group should not be able to make any changes to the role assignments in Azure
The role assignments for the skillcertlab-app-staging application should be performed by the members of the skillcertlab-admin group
You decide to implement the following solution
Create a new Azure subscription named skillcertlab-app-staging. Assign the skillcertlab-admin group as the Owner of the new subsription. Assign the Contributor role to the skillcertlab-dev group for the subscription
Does this fulfil the requirement?
Correct
Yes, this is one possible isolation of resources. You have the resources in different subscriptions.
Assigning the Owner privilege for the skillcertlab-admin group would fulfil the requirement of “The role assignments for the skillcertlab-app-staging application should be performed by the members of the skillcertlab-admin group”
Assigning the contributor role to the skillcertlab-dev group will ensure the below constraint is met, “The members of the skillcertlab-dev group should not be able to make any changes to the role assignments in Azure”
For more information on organizing subscriptions, please go ahead and visit the below URL https://azure.microsoft.com/en-us/blog/organizing-subscriptions-and-resource-groups-within-the-enterprise/
Incorrect
Yes, this is one possible isolation of resources. You have the resources in different subscriptions.
Assigning the Owner privilege for the skillcertlab-admin group would fulfil the requirement of “The role assignments for the skillcertlab-app-staging application should be performed by the members of the skillcertlab-admin group”
Assigning the contributor role to the skillcertlab-dev group will ensure the below constraint is met, “The members of the skillcertlab-dev group should not be able to make any changes to the role assignments in Azure”
For more information on organizing subscriptions, please go ahead and visit the below URL https://azure.microsoft.com/en-us/blog/organizing-subscriptions-and-resource-groups-within-the-enterprise/
Unattempted
Yes, this is one possible isolation of resources. You have the resources in different subscriptions.
Assigning the Owner privilege for the skillcertlab-admin group would fulfil the requirement of “The role assignments for the skillcertlab-app-staging application should be performed by the members of the skillcertlab-admin group”
Assigning the contributor role to the skillcertlab-dev group will ensure the below constraint is met, “The members of the skillcertlab-dev group should not be able to make any changes to the role assignments in Azure”
For more information on organizing subscriptions, please go ahead and visit the below URL https://azure.microsoft.com/en-us/blog/organizing-subscriptions-and-resource-groups-within-the-enterprise/
Question 54 of 75
54. Question
A company has an Azure subscription named skillcertlab. The subscription contains resources for an application named skillcertlab-app. An Azure AD group named skillcertlab-admin is in place to manage the resources assigned to the application.
The company now wants to deploy a new application named skillcertlab-app-staging. The development team for the application will be part of a new Azure AD group called skillcertlab-dev.
The company has the following requirements
The members of the skillcertlab-dev group should be able to create resource in Azure which are required by the skillcertlab-app-staging application
The members of the skillcertlab-dev group should not be able to make any changes to the role assignments in Azure
The role assignments for the skillcertlab-app-staging application should be performed by the members of the skillcertlab-admin group
You decide to implement the following solution
Create a new Azure subscription named skillcertlab-app-staging. Assign the skillcertlab-admin group the User Access Administrator role for the new subsription. Assign the Owner role to the skillcertlab-dev group for the subscription
Does this fulfil the requirement?
Correct
Here the role assignments are incorrect.
Assigning the User Access Administrator role to the skillcertlab-admin group will not enable the assignment of roles
Assigning the Owner role to the skillcertlab-dev group will break the requirement of “The members of the skillcertlab-dev group should not be able to make any changes to the role assignments in Azure”
For more information on in-built access roles, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Incorrect
Here the role assignments are incorrect.
Assigning the User Access Administrator role to the skillcertlab-admin group will not enable the assignment of roles
Assigning the Owner role to the skillcertlab-dev group will break the requirement of “The members of the skillcertlab-dev group should not be able to make any changes to the role assignments in Azure”
For more information on in-built access roles, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Unattempted
Here the role assignments are incorrect.
Assigning the User Access Administrator role to the skillcertlab-admin group will not enable the assignment of roles
Assigning the Owner role to the skillcertlab-dev group will break the requirement of “The members of the skillcertlab-dev group should not be able to make any changes to the role assignments in Azure”
For more information on in-built access roles, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Question 55 of 75
55. Question
A company has an Azure subscription named skillcertlab. The subscription contains resources for an application named skillcertlab-app. An Azure AD group named skillcertlab-admin is in place to manage the resources assigned to the application.
The company now wants to deploy a new application named skillcertlab-app-staging. The development team for the application will be part of a new Azure AD group called skillcertlab-dev.
The company has the following requirements
The members of the skillcertlab-dev group should be able to create resource in Azure which are required by the skillcertlab-app-staging application
The members of the skillcertlab-dev group should not be able to make any changes to the role assignments in Azure
The role assignments for the skillcertlab-app-staging application should be performed by the members of the skillcertlab-admin group
You decide to implement the following solution
Create a new resource group named skillcertlab-app-staging in the current subscription. Assign the skillcertlab-admin group as the Owner of resource group. Assign the Contributor role to the skillcertlab-dev group for the subscription.
Does this fulfil the requirement?
Correct
The best solution is to create a new resource group for the resources for the skillcertlab-app-staging application. You can then go to IAM for the resource group and assign the Owner privilege for the skillcertlab-admin group. This will fulfil the requirement of “The role assignments for the skillcertlab-app-staging application should be performed by the members of the skillcertlab-admin group”
Assigning the contributor role to the skillcertlab-dev group will ensure the below constraint is met, “The members of the skillcertlab-dev group should not be able to make any changes to the role assignments in Azure”
For more information on in-built access roles, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Incorrect
The best solution is to create a new resource group for the resources for the skillcertlab-app-staging application. You can then go to IAM for the resource group and assign the Owner privilege for the skillcertlab-admin group. This will fulfil the requirement of “The role assignments for the skillcertlab-app-staging application should be performed by the members of the skillcertlab-admin group”
Assigning the contributor role to the skillcertlab-dev group will ensure the below constraint is met, “The members of the skillcertlab-dev group should not be able to make any changes to the role assignments in Azure”
For more information on in-built access roles, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Unattempted
The best solution is to create a new resource group for the resources for the skillcertlab-app-staging application. You can then go to IAM for the resource group and assign the Owner privilege for the skillcertlab-admin group. This will fulfil the requirement of “The role assignments for the skillcertlab-app-staging application should be performed by the members of the skillcertlab-admin group”
Assigning the contributor role to the skillcertlab-dev group will ensure the below constraint is met, “The members of the skillcertlab-dev group should not be able to make any changes to the role assignments in Azure”
For more information on in-built access roles, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Question 56 of 75
56. Question
A company has an Azure subscription. The company has launched virtual machines that uses unmanaged standard hard disk drives.
You need to develop a strategy for the virtual machines that would ensure that the virtual machines would be made available in the event of a region failure. The recovery time objective can be up to 5 days. Costs need to be minimized in the implementation.
Which of the following replication strategy would you incorporate for the storage account?
Correct
Since the disks need to be available in the event of a region failure you need to choose Geo-redundant storage. The Microsoft documentation mentions the following
Options A and B are incorrect since these storage accounts will not make the disks available in case of a region failure.
Option D is incorrect since we need to minimize on costs. We don’t need a read only copy for the disks.
For more information on storage redundancy, please visit the below URL https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
Incorrect
Since the disks need to be available in the event of a region failure you need to choose Geo-redundant storage. The Microsoft documentation mentions the following
Options A and B are incorrect since these storage accounts will not make the disks available in case of a region failure.
Option D is incorrect since we need to minimize on costs. We don’t need a read only copy for the disks.
For more information on storage redundancy, please visit the below URL https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
Unattempted
Since the disks need to be available in the event of a region failure you need to choose Geo-redundant storage. The Microsoft documentation mentions the following
Options A and B are incorrect since these storage accounts will not make the disks available in case of a region failure.
Option D is incorrect since we need to minimize on costs. We don’t need a read only copy for the disks.
For more information on storage redundancy, please visit the below URL https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
Question 57 of 75
57. Question
A company has an Azure subscription. The company has launched virtual machines that uses unmanaged standard hard disk drives.
You need to develop a strategy for the virtual machines that would ensure that the virtual machines would be made available in the event of a region failure. The recovery time objective can be up to 5 days. Costs need to be minimized in the implementation.
Which of the following would you use to recreate the virtual machine in case of a machine failure?
Correct
Since we need to minimize costs and the RTO is quite long, we can just use Resource Manager to recreate the virtual machine.
Option A is incorrect because this is a costly option for such a requirement.
Option B is incorrect because this is used as a hybrid cloud storage option
Option D is incorrect because this is used for implementing governance
For more information on resource manager templates, please visit the below URL https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates
Incorrect
Since we need to minimize costs and the RTO is quite long, we can just use Resource Manager to recreate the virtual machine.
Option A is incorrect because this is a costly option for such a requirement.
Option B is incorrect because this is used as a hybrid cloud storage option
Option D is incorrect because this is used for implementing governance
For more information on resource manager templates, please visit the below URL https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates
Unattempted
Since we need to minimize costs and the RTO is quite long, we can just use Resource Manager to recreate the virtual machine.
Option A is incorrect because this is a costly option for such a requirement.
Option B is incorrect because this is used as a hybrid cloud storage option
Option D is incorrect because this is used for implementing governance
For more information on resource manager templates, please visit the below URL https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates
Question 58 of 75
58. Question
A company has created 2 virtual networks, one in the Central US and the other in the East US region. There is a requirement to ensure that Virtual Machines on the Virtual Networks are able to communicate with each other using their private IP addresses. You also need to ensure low latency access between the Virtual machines. You also need to ensure that the solution is cost effective.
You decide to implement Virtual Network Peering.
Does this fulfil the requirement?
A company has created 2 virtual networks, one in the Central US and the other in the East US region. There is a requirement to ensure that Virtual Machines on the Virtual Networks are able to communicate with each other using their private IP addresses. You also need to ensure low latency access between the Virtual machines. You also need to ensure that the solution is cost effective.
You decide to implement an Express Route connection
Does this fulfil the requirement?
A company has created 2 virtual networks, one in the Central US and the other in the East US region. There is a requirement to ensure that Virtual Machines on the Virtual Networks are able to communicate with each other using their private IP addresses. You also need to ensure low latency access between the Virtual machines. You also need to ensure that the solution is cost effective.
You decide to implement custom route tables.
Does this fulfil the requirement?
A company has deployed a web-based application based on the following architecture
The company needs to control the threshold for the failover to the standby region. Which of the following needs to be done for this to happen?
Correct
Since we are going to be using the Azure Traffic Manager, we can use the Endpoint monitor settings for the Traffic Manager. The Microsoft documentation mentions the following
Since the other settings are not applicable to Azure Traffic Manager, hence the options are incorrect
For more information on Azure Traffic Manager endpoint monitoring, please visit the below URL https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring
Incorrect
Since we are going to be using the Azure Traffic Manager, we can use the Endpoint monitor settings for the Traffic Manager. The Microsoft documentation mentions the following
Since the other settings are not applicable to Azure Traffic Manager, hence the options are incorrect
For more information on Azure Traffic Manager endpoint monitoring, please visit the below URL https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring
Unattempted
Since we are going to be using the Azure Traffic Manager, we can use the Endpoint monitor settings for the Traffic Manager. The Microsoft documentation mentions the following
Since the other settings are not applicable to Azure Traffic Manager, hence the options are incorrect
For more information on Azure Traffic Manager endpoint monitoring, please visit the below URL https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring
Question 62 of 75
62. Question
A company has deployed a web-based application based on the following architecture
The company now wants to implement an active-active configuration. Which of the following needs to be done for this requirement?
Correct
You can change the routing method for the Traffic Manager to the Priority routing method for implementing failover. The Microsoft documentation mentions the following on the routing method.
The other options are incorrect since Load balancer cannot divert traffic across regions
For more information on Azure Traffic Manager routing methods, please visit the below URL https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods
Incorrect
You can change the routing method for the Traffic Manager to the Priority routing method for implementing failover. The Microsoft documentation mentions the following on the routing method.
The other options are incorrect since Load balancer cannot divert traffic across regions
For more information on Azure Traffic Manager routing methods, please visit the below URL https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods
Unattempted
You can change the routing method for the Traffic Manager to the Priority routing method for implementing failover. The Microsoft documentation mentions the following on the routing method.
The other options are incorrect since Load balancer cannot divert traffic across regions
For more information on Azure Traffic Manager routing methods, please visit the below URL https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods
Question 63 of 75
63. Question
A company has deployed an API management instance. They need a solution to protect the API from a DDoS (Distributed denial of service) attack. Which of the following could be recommended for this requirement?
Correct
You can protect the number of calls to the API by using rate limiting. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used for protecting traffic flowing into Virtual Machines
Option C is incorrect since this is used to limit the calls based on the subscription
Option D is incorrect since this is used for authentication for API’s
For more information on transforming and protecting an API, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/transform-api
Incorrect
You can protect the number of calls to the API by using rate limiting. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used for protecting traffic flowing into Virtual Machines
Option C is incorrect since this is used to limit the calls based on the subscription
Option D is incorrect since this is used for authentication for API’s
For more information on transforming and protecting an API, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/transform-api
Unattempted
You can protect the number of calls to the API by using rate limiting. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used for protecting traffic flowing into Virtual Machines
Option C is incorrect since this is used to limit the calls based on the subscription
Option D is incorrect since this is used for authentication for API’s
For more information on transforming and protecting an API, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/transform-api
Question 64 of 75
64. Question
A company has deployed an API using the API management service. They want to add an OAuth2 service as shown below
In order to enable custom data in the grant flow, which of the following should be used to make this happen?
Correct
The support state parameter gives a chance for the application to persist data between the user and the application server. Below is what is mentioned in the documentation for OAuth2
Since this is clearly mentioned in the OAuth2 documentation, all other options are invalid
For more information on authorization code for server-side apps, please visit the below URL https://www.oauth.com/oauth2-servers/server-side-apps/authorization-code/
Incorrect
The support state parameter gives a chance for the application to persist data between the user and the application server. Below is what is mentioned in the documentation for OAuth2
Since this is clearly mentioned in the OAuth2 documentation, all other options are invalid
For more information on authorization code for server-side apps, please visit the below URL https://www.oauth.com/oauth2-servers/server-side-apps/authorization-code/
Unattempted
The support state parameter gives a chance for the application to persist data between the user and the application server. Below is what is mentioned in the documentation for OAuth2
Since this is clearly mentioned in the OAuth2 documentation, all other options are invalid
For more information on authorization code for server-side apps, please visit the below URL https://www.oauth.com/oauth2-servers/server-side-apps/authorization-code/
Question 65 of 75
65. Question
A company has deployed an API using the API management service. They want to add an OAuth2 service as shown below
Which of the following is the application/authentication type for which the authorization grant is being used for?
A company has deployed several applications across Windows and Linux Virtual machines in Azure. Log Analytics are being used to send the required data for alerting purposes for the Virtual Machines.
You need to recommend which tables need to be queried for security related queries.
Which of the following would you query for events from Windows Event Logs?
Correct
This is also given in the Microsoft documentation, wherein you would use the Event Table for the queries on events from Windows Virtual machines
Since this is clearly mentioned, all other options are incorrect
For more information on collecting event data from windows virtual machines, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
Incorrect
This is also given in the Microsoft documentation, wherein you would use the Event Table for the queries on events from Windows Virtual machines
Since this is clearly mentioned, all other options are incorrect
For more information on collecting event data from windows virtual machines, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
Unattempted
This is also given in the Microsoft documentation, wherein you would use the Event Table for the queries on events from Windows Virtual machines
Since this is clearly mentioned, all other options are incorrect
For more information on collecting event data from windows virtual machines, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
Question 67 of 75
67. Question
A company has deployed several applications across Windows and Linux Virtual machines in Azure. Log Analytics are being used to send the required data for alerting purposes for the Virtual Machines.
You need to recommend which tables need to be queried for security related queries.
Which of the following would you query for events from Linux system logging?
Correct
This is also given in the Microsoft documentation, wherein you would use the Syslog Table for the queries on events from Linux Virtual machines
Since this is clearly mentioned, all other options are incorrect
For more information on collecting event data from linux virtual machines, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-syslog
Incorrect
This is also given in the Microsoft documentation, wherein you would use the Syslog Table for the queries on events from Linux Virtual machines
Since this is clearly mentioned, all other options are incorrect
For more information on collecting event data from linux virtual machines, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-syslog
Unattempted
This is also given in the Microsoft documentation, wherein you would use the Syslog Table for the queries on events from Linux Virtual machines
Since this is clearly mentioned, all other options are incorrect
For more information on collecting event data from linux virtual machines, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-syslog
Question 68 of 75
68. Question
A company has deployed several applications to Azure based virtual machines. These virtual machines need to be managed by a set of administrators by using point-to-site VPN connections. The certificates for the connections will be generated by an on-premise certification authority.
You need to provide recommendations on what certificates are required for the deployment
Which of the following needs to be setup on the Trusted Root Certification Authorities certificate store on each laptop?
Correct
At Server: need to install “Root Certificate having public Key” normally *.crt file
At Client Computer: need to install “Client Certificate having Private key”
Detail explanation at https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Incorrect
At Server: need to install “Root Certificate having public Key” normally *.crt file
At Client Computer: need to install “Client Certificate having Private key”
Detail explanation at https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Unattempted
At Server: need to install “Root Certificate having public Key” normally *.crt file
At Client Computer: need to install “Client Certificate having Private key”
Detail explanation at https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Question 69 of 75
69. Question
A company has deployed several applications to Azure based virtual machines. These virtual machines need to be managed by a set of administrators by using point-to-site VPN connections. The certificates for the connections will be generated by an on-premise certification authority.
You need to provide recommendations on what certificates are required for the deployment
Which of the following needs to be setup on the user’s Personal store on each laptop?
A company has deployed several applications to Azure based virtual machines. These virtual machines need to be managed by a set of administrators by using point-to-site VPN connections. The certificates for the connections will be generated by an on-premise certification authority.
You need to provide recommendations on what certificates are required for the deployment
Which of the following needs to be setup in the Azure VPN gateway?
A company has deployed web applications onto Virtual Machines in 2 separate AZ’s. They want to load balance traffic at Layer 7. They also want to protect web application from SQL injection attacks. Which of the following service would you use for this requirement?
Correct
The ideal solution for this is the Azure Application Gateway. This can be used to route traffic at Layer 7. This is also mentioned in the Microsoft documentation as mentioned below
Option A is incorrect since this can only load balance traffic at Layer 4.
Option B is incorrect since this is used to direct traffic as a DNS level.
Option D is incorrect since this is used to monitor, diagnose, and gain insights to your network performance and health
For more information on the Application gateway, please visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/overview
Incorrect
The ideal solution for this is the Azure Application Gateway. This can be used to route traffic at Layer 7. This is also mentioned in the Microsoft documentation as mentioned below
Option A is incorrect since this can only load balance traffic at Layer 4.
Option B is incorrect since this is used to direct traffic as a DNS level.
Option D is incorrect since this is used to monitor, diagnose, and gain insights to your network performance and health
For more information on the Application gateway, please visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/overview
Unattempted
The ideal solution for this is the Azure Application Gateway. This can be used to route traffic at Layer 7. This is also mentioned in the Microsoft documentation as mentioned below
Option A is incorrect since this can only load balance traffic at Layer 4.
Option B is incorrect since this is used to direct traffic as a DNS level.
Option D is incorrect since this is used to monitor, diagnose, and gain insights to your network performance and health
For more information on the Application gateway, please visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/overview
Question 72 of 75
72. Question
A company has deployed web applications onto Virtual Machines in 2 separate regions. They want to load balance traffic at Layer 7. They also want to protect the web application from SQL injection attacks.
Which of the following feature would you use for this requirement?
Correct
This is clearly mentioned in the Microsoft documentation
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on the Web Application Firewall, please visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview
Incorrect
This is clearly mentioned in the Microsoft documentation
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on the Web Application Firewall, please visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview
Unattempted
This is clearly mentioned in the Microsoft documentation
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on the Web Application Firewall, please visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview
Question 73 of 75
73. Question
A company has developed a web service that is made available on a virtual machine deployed to a subnet in the Virtual network skillcertlab-network.
An API Management service has been deployed, which will provide access to the API service hosted on the Virtual Machine.
Consultant companies must be able to connect to the API over the Internet.
Below is the configuration of the API management gateway instance
Based on the configuration, would the API be available to the consultants over the Internet?
Correct
An example of this configuration is given in the Microsoft documentation. By choosing the External option, the API management gateway instance would also be available over the Internet
For more information on using the API Management instance along with Virtual Networks, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
Incorrect
An example of this configuration is given in the Microsoft documentation. By choosing the External option, the API management gateway instance would also be available over the Internet
For more information on using the API Management instance along with Virtual Networks, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
Unattempted
An example of this configuration is given in the Microsoft documentation. By choosing the External option, the API management gateway instance would also be available over the Internet
For more information on using the API Management instance along with Virtual Networks, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
Question 74 of 75
74. Question
A company has developed a web service that is made available on a virtual machine deployed to a subnet in the Virtual network skillcertlab-network.
An API Management service has been deployed, which will provide access to the API service hosted on the Virtual Machine.
Consultant companies must be able to connect to the API over the Internet.
Below is the configuration of the API management gateway instance
Based on the configuration, would the gateway be able to access the data from the Virtual Machine?
Correct
Yes, since the gateway is attached to the Virtual Network, it would have access to the Virtual Network.
An example of this is given in the Microsoft documentation
For more information on using the API Management instance along with Virtual Networks, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
Incorrect
Yes, since the gateway is attached to the Virtual Network, it would have access to the Virtual Network.
An example of this is given in the Microsoft documentation
For more information on using the API Management instance along with Virtual Networks, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
Unattempted
Yes, since the gateway is attached to the Virtual Network, it would have access to the Virtual Network.
An example of this is given in the Microsoft documentation
For more information on using the API Management instance along with Virtual Networks, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
Question 75 of 75
75. Question
A company has developed a web service that is made available on a virtual machine deployed to a subnet in the Virtual network skillcertlab-network.
An API Management service has been deployed, which will provide access to the API service hosted on the Virtual Machine.
Consultant companies must be able to connect to the API over the Internet.
Below is the configuration of the API management gateway instance
Based on the configuration, would a VPN gateway be required for consultant access?
Correct
An example of this configuration is given in the Microsoft documentation. By choosing the External option, the API management gateway instance would also be available over the Internet. Hence a VPN gateway would not be required for access for the consultants.
For more information on using the API Management instance along with Virtual Networks, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
Incorrect
An example of this configuration is given in the Microsoft documentation. By choosing the External option, the API management gateway instance would also be available over the Internet. Hence a VPN gateway would not be required for access for the consultants.
For more information on using the API Management instance along with Virtual Networks, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
Unattempted
An example of this configuration is given in the Microsoft documentation. By choosing the External option, the API management gateway instance would also be available over the Internet. Hence a VPN gateway would not be required for access for the consultants.
For more information on using the API Management instance along with Virtual Networks, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
X
Use Page numbers below to navigate to other practice tests