You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" Microsoft Azure AZ-304 Practice Test 12 "
0 of 65 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
Microsoft Azure AZ-304
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking view questions. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Answered
Review
Question 1 of 65
1. Question
You have a virtual machine scale set named SS1.
You configure autoscaling as shown in the following exhibit.
You configure the scale out and scale in rules to have a duration of 10 minutes and a cool down time of 10 minutes.
If SS1 scales to nine virtual machines and then the average processor utilization is 30 percent for one hour, how many virtual machines will be in SS1?
Correct
The scale-in condition is at 25% CPU threshold. So, the number of instances will not change.
Incorrect
The scale-in condition is at 25% CPU threshold. So, the number of instances will not change.
Unattempted
The scale-in condition is at 25% CPU threshold. So, the number of instances will not change.
Question 2 of 65
2. Question
You have a web application that uses a MongoDB database. You plan to migrate the web application to Azure.
You must migrate to Cosmos DB while minimizing code and configuration changes.
You need to design the Cosmos DB configuration.
What should you recommend for MongoDB compatibility and API?
Correct
When you create a Cosmos account, you must specify the Kind, that enables MongoDB client connections.
az cosmosdb create –name –resource-group myResourceGroup –kind MongoDB
You have an application that sends events to an Azure event hub by using HTTP requests over the internet. You plan to increase the number of application instances. You need to recommend a solution to reduce the overhead associated with sending events to the hub. What should you recommend?
Correct
The Advanced Message Queueing Protocol 1.0 is a standardized framing and transfer protocol for asynchronously, securely, and reliably transferring messages between two parties. It is the primary protocol of Azure Service Bus Messaging and Azure Event Hubs.
Changing the retention period would not reduce the overhead.
Azure event hub has a low latency compared to Azure Service Bus.
Overhead increases with HTTPS compared to HTTP.
Incorrect
The Advanced Message Queueing Protocol 1.0 is a standardized framing and transfer protocol for asynchronously, securely, and reliably transferring messages between two parties. It is the primary protocol of Azure Service Bus Messaging and Azure Event Hubs.
Changing the retention period would not reduce the overhead.
Azure event hub has a low latency compared to Azure Service Bus.
Overhead increases with HTTPS compared to HTTP.
Unattempted
The Advanced Message Queueing Protocol 1.0 is a standardized framing and transfer protocol for asynchronously, securely, and reliably transferring messages between two parties. It is the primary protocol of Azure Service Bus Messaging and Azure Event Hubs.
Changing the retention period would not reduce the overhead.
Azure event hub has a low latency compared to Azure Service Bus.
Overhead increases with HTTPS compared to HTTP.
Question 4 of 65
4. Question
Your company wants to use an Azure Active Directory (Azure AD) hybrid identity solution.
You need to ensure that users can authenticate if the internet connection to the on-premises Active Directory is unavailable. The solution must minimize authentication prompts for the users.
What should you include in the solution?
Correct
Azure AD password hash synchronization. The simplest way to enable authentication for on-premises directory objects in Azure AD. Users can use the same username and password that they use on-premises without having to deploy any additional infrastructure.
Since password hash gets stored in Azure AD, it will not impact if the internet connection to on-premise is not available.
Azure AD password hash synchronization. The simplest way to enable authentication for on-premises directory objects in Azure AD. Users can use the same username and password that they use on-premises without having to deploy any additional infrastructure.
Since password hash gets stored in Azure AD, it will not impact if the internet connection to on-premise is not available.
Azure AD password hash synchronization. The simplest way to enable authentication for on-premises directory objects in Azure AD. Users can use the same username and password that they use on-premises without having to deploy any additional infrastructure.
Since password hash gets stored in Azure AD, it will not impact if the internet connection to on-premise is not available.
Your company has setup an Azure subscription and an Azure AD tenant. The company wants to develop several applications that would make use of Azure based services. Each application has a different messaging requirement. Below are the key requirements for each application
Which of the following would you use as a messaging service for XYZ-app1?
Correct
Answer B You can use Azure Service Bus queues for this requirement The Microsoft documentation mentions the following
Your company has setup an Azure subscription and an Azure AD tenant. The company wants to develop several applications that would make use of Azure based services. Each application has a different messaging requirement. Below are the key requirements for each application
Which of the following would you use as a messaging service for XYZ-app2?
Correct
Answer A You can use Azure Event Hubs for this requirement The Microsoft documentation mentions the following
Your company has setup an Azure subscription and an Azure AD tenant. The company wants to develop several applications that would make use of Azure based services. Each application has a different messaging requirement. Below are the key requirements for each application
Which of the following would you use as a messaging service for XYZ-app3?
Correct
Answer C You can use Azure Event Grid for this requirement The Microsoft documentation mentions the following
Your company has an Azure storage account. The storage account contains two files named XYZ-file1 and XYZ-file2. The data files are 1 GB in size. Each of the files use the archive access tier. You have to ensure that XYZ-file1 is accessible immediately when a retrieval request is initiated You decide to set the Access tier for the file to Cool Would this fulfil the requirement?
Correct
Answer A Yes, by setting the Access tier to Hot, the file would be available for immediate download. This is also mentioned in the Microsoft documentation
Answer A Yes, by setting the Access tier to Hot, the file would be available for immediate download. This is also mentioned in the Microsoft documentation
Answer A Yes, by setting the Access tier to Hot, the file would be available for immediate download. This is also mentioned in the Microsoft documentation
Your company has an Azure storage account. The storage account contains two files named XYZ-file1 and XYZ-file2. The data files are 1 GB in size. Each of the files use the archive access tier. You have to ensure that XYZ-file1 is accessible immediately when a retrieval request is initiated You decide to set move the file to a new storage account and then set the Access tier of the file to Archive
Would this fulfill the requirement?
Correct
Answer B The blob needs to be rehydrated onto the Hot or Cool Access tier to ensure the blob can be downloaded at any time This is also mentioned in the Microsoft documentation
Answer B The blob needs to be rehydrated onto the Hot or Cool Access tier to ensure the blob can be downloaded at any time This is also mentioned in the Microsoft documentation
Answer B The blob needs to be rehydrated onto the Hot or Cool Access tier to ensure the blob can be downloaded at any time This is also mentioned in the Microsoft documentation
Your company has an Azure storage account. The storage account contains two files named XYZ-file1 and XYZ-file2. The data files are 1 GB in size. Each of the files use the archive access tier. You have to ensure that XYZ-file1 is accessible immediately when a retrieval request is initiated You decide to set the Access tier for the file to Hot Would this fulfil the requirement?
Correct
Answer A Yes, by setting the Access tier to Hot, the file would be available for immediate download.
A company has the following Azure SQL servers defined as part of their subscription
If the company enables auditing on the database XYZdb1, would they be able to store the audit information to XYZ-store1?
Correct
Answer A You can store the audit information in Blob storage as long as the storage account is in the same location as the Azure SQL Server. For more information on auditing for Azure SQL Databases , you can visit the below link https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview
Incorrect
Answer A You can store the audit information in Blob storage as long as the storage account is in the same location as the Azure SQL Server. For more information on auditing for Azure SQL Databases , you can visit the below link https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview
Unattempted
Answer A You can store the audit information in Blob storage as long as the storage account is in the same location as the Azure SQL Server. For more information on auditing for Azure SQL Databases , you can visit the below link https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview
Question 12 of 65
12. Question
A company has the following Azure SQL servers defined as part of their subscription
If the company enables auditing on the database XYZdb2, would they be able to store the audit information to XYZ-store2?
Correct
Answer B You can store the audit information in Blob storage as long as the storage account is in the same location as the Azure SQL Server. Here the Azure SQL Server and the storage account are in different locations For more information on auditing for Azure SQL Databases , you can visit the below link https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview
Incorrect
Answer B You can store the audit information in Blob storage as long as the storage account is in the same location as the Azure SQL Server. Here the Azure SQL Server and the storage account are in different locations For more information on auditing for Azure SQL Databases , you can visit the below link https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview
Unattempted
Answer B You can store the audit information in Blob storage as long as the storage account is in the same location as the Azure SQL Server. Here the Azure SQL Server and the storage account are in different locations For more information on auditing for Azure SQL Databases , you can visit the below link https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview
Question 13 of 65
13. Question
A company has the following Azure SQL servers defined as part of their subscription
If the company enables auditing on the database XYZdb3, would they be able to store the audit information to XYZ-store2?
Correct
Answer B You can store the audit information in Blob storage as long as the storage account is in the same location as the Azure SQL Server. Here the Azure SQL Server and the storage account are in different locations For more information on auditing for Azure SQL Databases , you can visit the below link https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview
Incorrect
Answer B You can store the audit information in Blob storage as long as the storage account is in the same location as the Azure SQL Server. Here the Azure SQL Server and the storage account are in different locations For more information on auditing for Azure SQL Databases , you can visit the below link https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview
Unattempted
Answer B You can store the audit information in Blob storage as long as the storage account is in the same location as the Azure SQL Server. Here the Azure SQL Server and the storage account are in different locations For more information on auditing for Azure SQL Databases , you can visit the below link https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview
Question 14 of 65
14. Question
Your company currently uses Microsoft System Center Service Manager on its on-premises network. The company needs a solution to push Azure service health alerts to Service Manager. Which of the following would you recommend in the solution?
Correct
Answer A If you want to have bi-directional support between Microsoft System Center Service Manager and Azure , you need to install the IT Service Management Connector. This is also mentioned in the Microsoft documentation
Answer A If you want to have bi-directional support between Microsoft System Center Service Manager and Azure , you need to install the IT Service Management Connector. This is also mentioned in the Microsoft documentation
Answer A If you want to have bi-directional support between Microsoft System Center Service Manager and Azure , you need to install the IT Service Management Connector. This is also mentioned in the Microsoft documentation
Your company currently has an Azure subscription. They also have third-party hosting providers. They need to have a centralized monitoring solution in place. Below are the key requirements for the monitoring solution
*)Collect all of the log and diagnostic data from all of the third-party providers.
*)Ensure that all data is collected in a centralized repository
*)Be able to analyse the log data and detect threats
*)Enable the automated response to all known events
Which of the following is an Azure service you would use for these requirements?
Correct
Answer A Azure Sentinel has built in threat intelligence. You can also collect data from a variety of data sources. The Microsoft documentation mentions the following
All of the other options are incorrect because they dont provide support for automatic detection of threats For more information on Azure Sentinel , you can visit the below link https://docs.microsoft.com/en-us/azure/sentinel/overview
Incorrect
Answer A Azure Sentinel has built in threat intelligence. You can also collect data from a variety of data sources. The Microsoft documentation mentions the following
All of the other options are incorrect because they dont provide support for automatic detection of threats For more information on Azure Sentinel , you can visit the below link https://docs.microsoft.com/en-us/azure/sentinel/overview
Unattempted
Answer A Azure Sentinel has built in threat intelligence. You can also collect data from a variety of data sources. The Microsoft documentation mentions the following
All of the other options are incorrect because they dont provide support for automatic detection of threats For more information on Azure Sentinel , you can visit the below link https://docs.microsoft.com/en-us/azure/sentinel/overview
Question 16 of 65
16. Question
A company has an on-premises directory that is synced onto Azure AD. The following users are defined
For which of the following users would XYZusr4 be able to change the Job info attribute?
Correct
Answer B You cannot change the details for a user that is synced onto Azure AD This is also given in the Microsoft documentation
Your company has an on-premises network. They also have a virtual appliance deployed onto the on-premises network. The company wants to deploy several Azure virtual machines and then connect them to their on-premises network by using a Site-to-Site connection. They also want to ensure that all traffic from the Azure virtual machines will be directed to the on-premises virtual appliance. Which of the following would you implement for this requirement? Choose two answers from the options given below
Correct
Answer B and D You can deploy the Azure virtual machines onto a virtual network You can then implement a route table that would direct all traffic to the virtual appliance This is also given in the Microsoft documentation
Answer B and D You can deploy the Azure virtual machines onto a virtual network You can then implement a route table that would direct all traffic to the virtual appliance This is also given in the Microsoft documentation
Answer B and D You can deploy the Azure virtual machines onto a virtual network You can then implement a route table that would direct all traffic to the virtual appliance This is also given in the Microsoft documentation
Your company currently has an Azure subscription. They are planning on deploying an application that will be hosted in the East US, Central Europe and East Asia regions. You have to recommend a data storage solution that would fulfil the following requirements
*) The data store must be able to store at least 1 TB of data
*)The data store must be able to support multiple consistency levels
*)It must be able to perform read and write operations in the Azure region that is local to the application instance
Which of the following can you use for the above requirement?
Correct
Answer D Azure Cosmos DB fulfils all of the requirements The Microsoft documentation mentions the following
A company currently has an Azure AD tenant. They want to use Azure Monitor to monitor all of the user sign-ins and then generate alerts based on specific user sign-in events. Which of the following would you use for the storage of Azure AD logs?
Correct
Answer B You can use Azure Log Analytics to store the data. You can then create an alert based on a query that would look at specific conditions on the Sign-in activity The Microsoft documentation mentions the following
Answer B You can use Azure Log Analytics to store the data. You can then create an alert based on a query that would look at specific conditions on the Sign-in activity The Microsoft documentation mentions the following
Answer B You can use Azure Log Analytics to store the data. You can then create an alert based on a query that would look at specific conditions on the Sign-in activity The Microsoft documentation mentions the following
A company currently has an Azure AD tenant. They want to use Azure Monitor to monitor all of the user sign-ins and then generate alerts based on specific user sign-in events. Which of the following would you use as the Signal type for triggering the alerts?
Correct
Answer B You can create alerts rules based on Log Analytic queries The Microsoft documentation mentions the following
A company is planning on deploying two Azure Kubernetes clusters to different Azure regions. Different applications will be hosted on these clusters. The application deployment must meet the following requirements
*) It has to be ensured that an application remains available even if a single Kubernetes cluster fails
*)It must be ensured that the connection traffic over the Internet is encrypted by using SSL
*)You should also not need to configure SSL on each container instance
Which of the following would you use as an Azure service for these requirements?
Correct
Answer A Azure Front Door supports SSL termination and can be used to route traffic to the different clusters. The Microsoft documentation mentions the following
Answer A Azure Front Door supports SSL termination and can be used to route traffic to the different clusters. The Microsoft documentation mentions the following
Answer A Azure Front Door supports SSL termination and can be used to route traffic to the different clusters. The Microsoft documentation mentions the following
A company currently used Azure Application Insights. They want to use the continuous export feature and be able to store the Application Insights data for five years. Which of the following should they use for the storage of data?
Correct
Answer B With the continuous export feature of Application Insights, you need to store the data in an Azure storage account. The Microsoft documentation mentions the following
Answer B With the continuous export feature of Application Insights, you need to store the data in an Azure storage account. The Microsoft documentation mentions the following
Answer B With the continuous export feature of Application Insights, you need to store the data in an Azure storage account. The Microsoft documentation mentions the following
Your company has an Azure SQL database. You have to monitor the number of times the below query is fired against the database select * from XYZapp where appId=100 Which of the following can be used for this requirememt?
Correct
Answer C You can achieve this with Query Performance Insights The Microsoft documentation mentions the following
A company has deployed web applications onto Virtual Machines in 2 separate regions. They want to load balance traffic at Layer 7. They also want to protect the web application from SQL injection attacks. Which of the following service would you use for this requirement?
Correct
Answer C The ideal solution for this is the Azure Application Gateway. This can be used to route traffic at Layer 7. This is also mentioned in the Microsoft documentation as mentioned below
Option A is incorrect since this can only load balance traffic at Layer 4. Option B is incorrect since this is used to direct traffic as a DNS level. Option D is incorrect since this is used to monitor, diagnose, and gain insights to your network performance and health For more information on the Application gateway, please visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/overview
Incorrect
Answer C The ideal solution for this is the Azure Application Gateway. This can be used to route traffic at Layer 7. This is also mentioned in the Microsoft documentation as mentioned below
Option A is incorrect since this can only load balance traffic at Layer 4. Option B is incorrect since this is used to direct traffic as a DNS level. Option D is incorrect since this is used to monitor, diagnose, and gain insights to your network performance and health For more information on the Application gateway, please visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/overview
Unattempted
Answer C The ideal solution for this is the Azure Application Gateway. This can be used to route traffic at Layer 7. This is also mentioned in the Microsoft documentation as mentioned below
Option A is incorrect since this can only load balance traffic at Layer 4. Option B is incorrect since this is used to direct traffic as a DNS level. Option D is incorrect since this is used to monitor, diagnose, and gain insights to your network performance and health For more information on the Application gateway, please visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/overview
Question 26 of 65
26. Question
A company has deployed web applications onto Virtual Machines in 2 separate regions. They want to load balance traffic at Layer 7. They also want to protect the web application from SQL injection attacks. Which of the following feature would you use for this requirement?
Correct
Answer D This is clearly mentioned in the Microsoft documentation
A company is planning on deploying an application onto Azure. The application will be based on the .Net core programming language. The application would be hosted using Azure Web apps. Below is part of the various requirements for the application
*)Gives the ability for the testing team to view the different components of an application and see the calls being made between the different application components
*)Helps business analyse how many users actually return to the application
*)Ensuring IT administrators get alerts based on critical conditions being met in the application
Which of the following service would be best suited for fulfilling the requirement of
Gives the ability for the testing team to view the different components of an application and see the calls being made between the different application components
Correct
Answer A This feature is part of the Application Insights tool. An example of this is given in the Microsoft documentation
A company is planning on deploying an application onto Azure. The application will be based on the .Net core programming language. The application would be hosted using Azure Web apps. Below is part of the various requirements for the application
*)Gives the ability for the testing team to view the different components of an application and see the calls being made between the different application components
*)Helps business analyse how many users actually return to the application
*)Ensuring IT administrators get alerts based on critical conditions being met in the application
Which of the following service would be best suited for fulfilling the requirement of Helps business analyse how many users actually return to the application
Correct
Answer A This feature is part of the Application Insights tool. An example of this is given in the Microsoft documentation
A company is planning on deploying an application onto Azure. The application will be based on the .Net core programming language. The application would be hosted using Azure Web apps. Below is part of the various requirements for the application
*)Gives the ability for the testing team to view the different components of an application and see the calls being made between the different application components
*)Helps business analyse how many users actually return to the application
*)Ensuring IT administrators get alerts based on critical conditions being met in the application
Which of the following service would be best suited for fulfilling the requirement of Ensuring IT administrators get alerts based on critical conditions being met in the application
Correct
Answer B This is a feature of Azure Monitor wherein you can use the Alerts feature. This is also mentioned in the Microsoft documentation
A company is planning on moving their on-premise resources to Azure. They have 3 different applications that belong to different departments. Each application has a different requirement for business continuity as given below HR Department – The application data needs to be retained for 3 years. From a disaster recovery perspective, the application needs to run from a different Azure region. The Recovery time objective would be 15 minutes
Logistics Department – Here the Service Management team wants to ensure that the application must be able to recover point in time data at a daily granularity level. The Recovery time objective would be 6 hours.
Procurement Department – Here the application must be able to failover to a secondary on-premise data center.
You have to recommend which service should be used by each department. You have to also ensure that costs are minimized. Which of the following would you use for the HR Department?
Correct
Answer C You will need the Azure backup service for long term retention of data. The below except is from the Microsoft documentation on the retention of data in the Azure backup service
Answer C You will need the Azure backup service for long term retention of data. The below except is from the Microsoft documentation on the retention of data in the Azure backup service
Answer C You will need the Azure backup service for long term retention of data. The below except is from the Microsoft documentation on the retention of data in the Azure backup service
A company is planning on moving their on-premise resources to Azure. They have 3 different applications that belong to different departments. Each application has a different requirement for business continuity as given below HR Department – The application data needs to be retained for 3 years. From a disaster recovery perspective, the application needs to run from a different Azure region. The Recovery time objective would be 15 minutes Logistics Department – Here the Service Management team wants to ensure that the application must be able to recover point in time data at a daily granularity level. The Recovery time objective would be 6 hours. Procurement Department – Here the application must be able to failover to a secondary on-premise data center.
You have to recommend which service should be used by each department. You have to also ensure that costs are minimized. Which of the following would you use for the Logistics Department?
Correct
Answer B Use Azure Backup when you want to have backup data at a granular level. This is also mentioned as a different Azure Backup and Azure Site recovery in the Microsoft documentation
Answer B Use Azure Backup when you want to have backup data at a granular level. This is also mentioned as a different Azure Backup and Azure Site recovery in the Microsoft documentation
Answer B Use Azure Backup when you want to have backup data at a granular level. This is also mentioned as a different Azure Backup and Azure Site recovery in the Microsoft documentation
A company is planning on moving their on-premise resources to Azure. They have 3 different applications that belong to different departments. Each application has a different requirement for business continuity as given below HR Department – The application data needs to be retained for 3 years. From a disaster recovery perspective, the application needs to run from a different Azure region. The Recovery time objective would be 15 minutes Logistics Department – Here the Service Management team wants to ensure that the application must be able to recover point in time data at a daily granularity level. The Recovery time objective would be 6 hours. Procurement Department – Here the application must be able to failover to a secondary on-premise data center. You have to recommend which service should be used by each department. You have to also ensure that costs are minimized. Which of the following would you use for the Procurement Department?
Correct
Answer A You can use the Azure Site Recovery service to ensure that you can failover your application to a secondary site. The below except is from the Microsoft documentation for Azure Site Recovery
Answer A You can use the Azure Site Recovery service to ensure that you can failover your application to a secondary site. The below except is from the Microsoft documentation for Azure Site Recovery
Answer A You can use the Azure Site Recovery service to ensure that you can failover your application to a secondary site. The below except is from the Microsoft documentation for Azure Site Recovery
A company has setup an Azure subscription and an Azure tenant. They have purchased Premium P2 licences. There are different departments that have different requirements for managing identities.
Ensure Applications hosted on the virtual machines can safely access the Azure Key vault service Which of the following would you suggest for the Procurement department?
Correct
Answer C This is clearly given in the Microsoft documentation wherein the Privileged Identity Management feature would fulfil these requirements
A company has setup an Azure subscription and an Azure tenant. They have purchased Premium P2 licences. There are different departments that have different requirements for managing identities.
Ensure Applications hosted on the virtual machines can safely access the Azure Key vault service Which of the following would you suggest for the Human Resources department?
Correct
Answer – C This is clearly given in the Microsoft documentation wherein the Privileged Identity Management feature would fulfil this requirement
A company has setup an Azure subscription and an Azure tenant. They have purchased Premium P2 licences. There are different departments that have different requirements for managing identities.
Ensure Applications hosted on the virtual machines can safely access the Azure Key vault service Which of the following would you suggest for the Logistics department?
Correct
Answer – A This is clearly given in the Microsoft documentation wherein the Privileged Identity Management feature would fulfil this requirement
A company has deployed an API management instance. They need a solution to protect the API from a DDoS (Distributed denial of service) attack. Which of the following could be recommended for this requirement?
Correct
Answer B You can protect the number of calls to the API by using rate limiting. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used for protecting traffic flowing into Virtual Machines Option C is incorrect since this is used to limit the calls based on the subscription Option D is incorrect since this is used for authentication for API’s For more information on transforming and protecting an API, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/transform-api
Incorrect
Answer B You can protect the number of calls to the API by using rate limiting. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used for protecting traffic flowing into Virtual Machines Option C is incorrect since this is used to limit the calls based on the subscription Option D is incorrect since this is used for authentication for API’s For more information on transforming and protecting an API, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/transform-api
Unattempted
Answer B You can protect the number of calls to the API by using rate limiting. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used for protecting traffic flowing into Virtual Machines Option C is incorrect since this is used to limit the calls based on the subscription Option D is incorrect since this is used for authentication for API’s For more information on transforming and protecting an API, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/transform-api
Question 37 of 65
37. Question
A company has created 2 virtual networks, one in the Central US and the other in the East US region. There is a requirement to ensure that Virtual Machines on the Virtual Networks are able to communicate with each other using their private IP addresses. You also need to ensure low latency access between the Virtual machines. You also need to ensure that the solution is cost effective. You decide to implement Virtual Network Peering. Does this fulfil the requirement?
Correct
Answer A You can implement Virtual Network Peering for this requirement. Below is what the is mentioned in the Microsoft documentation.
A company has created 2 virtual networks, one in the Central US and the other in the East US region. There is a requirement to ensure that Virtual Machines on the Virtual Networks are able to communicate with each other using their private IP addresses. You also need to ensure low latency access between the Virtual machines. You also need to ensure that the solution is cost effective. You decide to implement an Express Route connection Does this fulfil the requirement?
Correct
Answer B This type of connection is generally used to extend on-premise infrastructure to Azure. Below is what is mentioned in the Microsoft documentation
Answer B This type of connection is generally used to extend on-premise infrastructure to Azure. Below is what is mentioned in the Microsoft documentation
Answer B This type of connection is generally used to extend on-premise infrastructure to Azure. Below is what is mentioned in the Microsoft documentation
A company has created 2 virtual networks, one in the Central US and the other in the East US region. There is a requirement to ensure that Virtual Machines on the Virtual Networks are able to communicate with each other using their private IP addresses. You also need to ensure low latency access between the Virtual machines. You also need to ensure that the solution is cost effective. You decide to implement custom route tables. Does this fulfil the requirement?
A company has just setup an Azure subscription. They have offices located in Mumbai and Hyderabad. They are now planning their network connectivity strategy. They have the following networks defined in Azure.
The company has the following requirements when it comes to connectivity
*)The Virtual Machines hosted in SubnetA must only be accessible to clients located in the Mumbai office
*)IT administrators working on dedicated workstations must have access to the Virtual Machines in SubnetA over the Internet on a specific TCP/IP management port
*)The Azure Virtual Machines hosted in the XYZ-network1 must be able to communicate on all ports to Azure Virtual Machines hosted in XYZ-network2
The Virtual Machines hosted in SubnetA must only be accessible to clients located in the Mumbai office. Which of the following would you use for this purpose?
Correct
Answer B A site-to-site VPN connection can be used to connect on-premise infrastructure onto Azure. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used to connect 2 Virtual Networks in Azure together. Option C is incorrect since this is used to control traffic flowing into and out of Azure Virtual Machines Option D is incorrect since this is not required For more information on deploying a site-to-site VPN connection, please visit the below URL https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Incorrect
Answer B A site-to-site VPN connection can be used to connect on-premise infrastructure onto Azure. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used to connect 2 Virtual Networks in Azure together. Option C is incorrect since this is used to control traffic flowing into and out of Azure Virtual Machines Option D is incorrect since this is not required For more information on deploying a site-to-site VPN connection, please visit the below URL https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Unattempted
Answer B A site-to-site VPN connection can be used to connect on-premise infrastructure onto Azure. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used to connect 2 Virtual Networks in Azure together. Option C is incorrect since this is used to control traffic flowing into and out of Azure Virtual Machines Option D is incorrect since this is not required For more information on deploying a site-to-site VPN connection, please visit the below URL https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Question 41 of 65
41. Question
A company has just setup an Azure subscription. They have offices located in Mumbai and Hyderabad. They are now planning their network connectivity strategy. They have the following networks defined in Azure.
The company has the following requirements when it comes to connectivity
*) The Virtual Machines hosted in SubnetA must only be accessible to clients located in the Mumbai office
*)IT administrators working on dedicated workstations must have access to the Virtual Machines in SubnetA over the Internet on a specific TCP/IP management port
*)The Azure Virtual Machines hosted in the XYZ-network1 must be able to communicate on all ports to Azure Virtual Machines hosted in XYZ-network2
IT administrators working on dedicated workstations must have access to the Virtual Machines in SubnetA over the Internet on a specific TCP/IP management port. Which of the following would you use for this purpose?
Correct
Answer C You can use Network Security Groups to define the traffic flow rules into and out of Virtual Machines. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used to connect 2 Virtual Networks in Azure together. Option B is incorrect since this is used to on-premise infrastructure to Azure Virtual Networks Option D is incorrect since this is not required For more information on network security , please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Incorrect
Answer C You can use Network Security Groups to define the traffic flow rules into and out of Virtual Machines. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used to connect 2 Virtual Networks in Azure together. Option B is incorrect since this is used to on-premise infrastructure to Azure Virtual Networks Option D is incorrect since this is not required For more information on network security , please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Unattempted
Answer C You can use Network Security Groups to define the traffic flow rules into and out of Virtual Machines. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used to connect 2 Virtual Networks in Azure together. Option B is incorrect since this is used to on-premise infrastructure to Azure Virtual Networks Option D is incorrect since this is not required For more information on network security , please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Question 42 of 65
42. Question
A company has just setup an Azure subscription. They have offices located in Mumbai and Hyderabad. They are now planning their network connectivity strategy. They have the following networks defined in Azure.
The company has the following requirements when it comes to connectivity
*)The Virtual Machines hosted in SubnetA must only be accessible to clients located in the Mumbai office
*)IT administrators working on dedicated workstations must have access to the Virtual Machines in SubnetA over the Internet on a specific TCP/IP management port
*)The Azure Virtual Machines hosted in the XYZ-network1 must be able to communicate on all ports to Azure Virtual Machines hosted in XYZ-network2
The Azure Virtual Machines hosted in the XYZ-network1 must be able to communicate on all ports to Azure Virtual Machines hosted in XYZ-network2. Which of the following would you use for this purpose?
Correct
Answer A Option B is incorrect since this is used to on-premise infrastructure to Azure Virtual Networks Option C is incorrect since this is used to control traffic flowing into and out of Azure Virtual Machines Option D is incorrect since this is not required You can connect Virtual Networks together using Virtual Network Peering across regions. Below is what is mentioned in the Microsoft documentation
Answer A Option B is incorrect since this is used to on-premise infrastructure to Azure Virtual Networks Option C is incorrect since this is used to control traffic flowing into and out of Azure Virtual Machines Option D is incorrect since this is not required You can connect Virtual Networks together using Virtual Network Peering across regions. Below is what is mentioned in the Microsoft documentation
Answer A Option B is incorrect since this is used to on-premise infrastructure to Azure Virtual Networks Option C is incorrect since this is used to control traffic flowing into and out of Azure Virtual Machines Option D is incorrect since this is not required You can connect Virtual Networks together using Virtual Network Peering across regions. Below is what is mentioned in the Microsoft documentation
What is the minimum number of Azure tenants that need to be setup?
Correct
Answer B Since there is only one forest that needs to be synced with Azure AD, one can opt for having one Azure AD tenant. This is the simplest form of connectivity as shown below
Answer B Since there is only one forest that needs to be synced with Azure AD, one can opt for having one Azure AD tenant. This is the simplest form of connectivity as shown below
Answer B Since there is only one forest that needs to be synced with Azure AD, one can opt for having one Azure AD tenant. This is the simplest form of connectivity as shown below
What is the minimum number of custom domains to add to Azure AD?
Correct
Answer B Since users need to authenticate via the UPNs associated with the quiz.XYZ.com forest, you just need to create one custom domain in Azure AD. That custom domain will be quiz.XYZ.com. The Microsoft documentation mentions the following
Answer B Since users need to authenticate via the UPNs associated with the quiz.XYZ.com forest, you just need to create one custom domain in Azure AD. That custom domain will be quiz.XYZ.com. The Microsoft documentation mentions the following
Answer B Since users need to authenticate via the UPNs associated with the quiz.XYZ.com forest, you just need to create one custom domain in Azure AD. That custom domain will be quiz.XYZ.com. The Microsoft documentation mentions the following
You need to recommend how to setup the data store for hosting the SQL database in Azure. Which of the following would you recommend?
Correct
Answer D Since the company already has existing Microsoft licences with software assurance, they can opt for a hybrid model in which they can benefit from huge discounts. This is also given in the Microsoft documentation.
Options A and C are incorrect since here you cannot use the Hybrid benefit from a licensing perspective. Option B is incorrect since you would need to invest extra on the Virtual machine itself For more information on vCore based licensing, please visit the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-vcore
Incorrect
Answer D Since the company already has existing Microsoft licences with software assurance, they can opt for a hybrid model in which they can benefit from huge discounts. This is also given in the Microsoft documentation.
Options A and C are incorrect since here you cannot use the Hybrid benefit from a licensing perspective. Option B is incorrect since you would need to invest extra on the Virtual machine itself For more information on vCore based licensing, please visit the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-vcore
Unattempted
Answer D Since the company already has existing Microsoft licences with software assurance, they can opt for a hybrid model in which they can benefit from huge discounts. This is also given in the Microsoft documentation.
Options A and C are incorrect since here you cannot use the Hybrid benefit from a licensing perspective. Option B is incorrect since you would need to invest extra on the Virtual machine itself For more information on vCore based licensing, please visit the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-vcore
Question 47 of 65
47. Question
CASE STUDY
You need to recommend the approach to transferring the data from the on-premise SQL server to the SQL server on Azure. Which of the following would you recommend?
Correct
Answer B The ideal approach is to use a BACPAC file. This is also given in the Microsoft documentation.
A strategy needs to be recommended for the Web application XYZ-app. The loads on the application would be unpredictable. It needs to be ensured that the application can sustain itself at high workloads. Also, it needs to be ensured that costs are being minimized at lower workloads. Which of the following would you recommend?
Correct
Answer B Since the case study does mention that PaaS solutions should be used, hence we need to use Azure Web apps for this solution and not Virtual Machine Scale Sets. Hence option C and D are eliminated. To ensure that the web app can scale based on demand, we need to use the Scale Out settings as shown below
1) First go to the Scale out settings for the Web App 2) Then click on Enable autoscale Then add the required conditions for the scaling process
Answer B Since the case study does mention that PaaS solutions should be used, hence we need to use Azure Web apps for this solution and not Virtual Machine Scale Sets. Hence option C and D are eliminated. To ensure that the web app can scale based on demand, we need to use the Scale Out settings as shown below
1) First go to the Scale out settings for the Web App 2) Then click on Enable autoscale Then add the required conditions for the scaling process
Answer B Since the case study does mention that PaaS solutions should be used, hence we need to use Azure Web apps for this solution and not Virtual Machine Scale Sets. Hence option C and D are eliminated. To ensure that the web app can scale based on demand, we need to use the Scale Out settings as shown below
1) First go to the Scale out settings for the Web App 2) Then click on Enable autoscale Then add the required conditions for the scaling process
The following architecture is being recommended for the Web application
Would this architecture support redundancy for the web application?
Correct
Answer A Here you can use the priority traffic routing method which would automatically failover the Web application if it detects a failure in the primary region. The Microsoft documentation mentions the following
Answer A Here you can use the priority traffic routing method which would automatically failover the Web application if it detects a failure in the primary region. The Microsoft documentation mentions the following
Answer A Here you can use the priority traffic routing method which would automatically failover the Web application if it detects a failure in the primary region. The Microsoft documentation mentions the following
The following architecture is being recommended for the Web application
Would this architecture support autoscaling for the web application?
Correct
Answer B The Traffic Manager service is a load distribution service and not an autoscaling service. The Microsoft documentation mentions the following
Answer B The Traffic Manager service is a load distribution service and not an autoscaling service. The Microsoft documentation mentions the following
Answer B The Traffic Manager service is a load distribution service and not an autoscaling service. The Microsoft documentation mentions the following
The following architecture is being recommended for the Web application
Would this architecture require a manual configuration if an Azure region fails?
Correct
Answer B Here you can use the priority traffic routing method which would automatically failover the Web application if it detects a failure in the primary region. The Microsoft documentation mentions the following
Answer B Here you can use the priority traffic routing method which would automatically failover the Web application if it detects a failure in the primary region. The Microsoft documentation mentions the following
Answer B Here you can use the priority traffic routing method which would automatically failover the Web application if it detects a failure in the primary region. The Microsoft documentation mentions the following
You need to decide on whether Azure storage is required for the various requirements of the case study Would you need to provision an Azure storage account for the SQL Server database migration?
Correct
Answer A You would need a storage account to store the BACPAC file which will be needed for the SQL database import. The BACPAC file will need to be stored in Azure BLOB storage
Answer A You would need a storage account to store the BACPAC file which will be needed for the SQL database import. The BACPAC file will need to be stored in Azure BLOB storage
Answer A You would need a storage account to store the BACPAC file which will be needed for the SQL database import. The BACPAC file will need to be stored in Azure BLOB storage
You need to decide on whether Azure storage is required for the various requirements of the case study Would you need to provision an Azure storage account for Web site content?
Correct
Answer – B When you choose an App Service plan for an Azure Web app, it normally comes along with storage. An example is given below
You need to decide on whether Azure storage is required for the various requirements of the case study Would you need to provision an Azure storage account for database metric monitoring?
Correct
Answer A The case study mentions that we need to have the database metrics in place for further analysis. So, we need to persists the logs and metrics for the database. One way as mentioned below is to use Azure Storage accounts.
Incorrect
Answer A The case study mentions that we need to have the database metrics in place for further analysis. So, we need to persists the logs and metrics for the database. One way as mentioned below is to use Azure Storage accounts.
Unattempted
Answer A The case study mentions that we need to have the database metrics in place for further analysis. So, we need to persists the logs and metrics for the database. One way as mentioned below is to use Azure Storage accounts.
Question 56 of 65
56. Question
An application needs to be deployed onto Azure. This application will be hosted on a set of Virtual Machines. The below set of rules need to apply when it comes to diverting traffic for users
*) Users navigating to http://XYZ.com/video/* need to be directed to one set of Virtual Machines
*)Users navigating to http://XYZ.com/images/* need to be directed to another set of Virtual Machines
You need to setup the correct appliance which could be used to fulfil these requirements. Which of the following would you implement?
Correct
Answer C You can use the URL routing feature of the application gateway as shown below
Option A is incorrect since this is used to divert traffic based on DNS to multiple regions Option B is incorrect since this cant be used to divert traffic Option D is incorrect since this is used to divert traffic from a Virtual Network over a VPN connection For more information on the application gateway, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/overview
Incorrect
Answer C You can use the URL routing feature of the application gateway as shown below
Option A is incorrect since this is used to divert traffic based on DNS to multiple regions Option B is incorrect since this cant be used to divert traffic Option D is incorrect since this is used to divert traffic from a Virtual Network over a VPN connection For more information on the application gateway, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/overview
Unattempted
Answer C You can use the URL routing feature of the application gateway as shown below
Option A is incorrect since this is used to divert traffic based on DNS to multiple regions Option B is incorrect since this cant be used to divert traffic Option D is incorrect since this is used to divert traffic from a Virtual Network over a VPN connection For more information on the application gateway, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/overview
Question 57 of 65
57. Question
A company currently has an on-premise infrastructure that consists of
*)An Active directory domain named XYZ.com
*)Active Directory Federation services
*)Application Proxy servers for external connection
The company has recently setup an Azure AD tenant. They have also setup Azure AD Connect for the synchronization of users from the on-premise AD to Azure AD. They have the following additional requirements
*) Ability to monitor the solutions that integrate with Azure AD
*) Identity any potential issues in AD FS
*)Identify any directory synchronization issues
You need to identify the right monitoring solution for each type of server Which of the following would you use to monitor the AD FS servers?
Correct
Answer B Azure AD Connect Health has the ability to monitor AD FS servers as well. If you see the Microsoft documentation, you can clearly see the option present.
Answer B Azure AD Connect Health has the ability to monitor AD FS servers as well. If you see the Microsoft documentation, you can clearly see the option present.
Answer B Azure AD Connect Health has the ability to monitor AD FS servers as well. If you see the Microsoft documentation, you can clearly see the option present.
A company currently has an on-premise infrastructure that consists of
*) An Active directory domain named XYZ.com
*) Active Directory Federation services
*)Application Proxy servers for external connection
The company has recently setup an Azure AD tenant. They have also setup Azure AD Connect for the synchronization of users from the on-premise AD to Azure AD. They have the following additional requirements
*) Ability to monitor the solutions that integrate with Azure AD
*) Identity any potential issues in AD FS
*) Identify any directory synchronization issues
You need to identify the right monitoring solution for each type of server Which of the following would you use to monitor the AD Connect Servers?
Correct
Answer – B Azure AD Connect Health has the ability to monitor all AD Connect Servers and check for any synchronization issues. If you see the Microsoft documentation, you can clearly see the option present.
Answer – B Azure AD Connect Health has the ability to monitor all AD Connect Servers and check for any synchronization issues. If you see the Microsoft documentation, you can clearly see the option present.
Answer – B Azure AD Connect Health has the ability to monitor all AD Connect Servers and check for any synchronization issues. If you see the Microsoft documentation, you can clearly see the option present.
A company has an Azure storage account. The storage account needs to be configured in such a way that it is only accessible from one specific Azure Virtual Network. You have to ensure that the storage account is not accessible from the Internet. Which of the following would you use to implement this requirement?
Correct
Answer D The Microsoft documentation mentions the following Virtual Network (VNet) service endpoints extend your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network. Option A is incorrect since this is just used to manage the traffic into a subnet or network interface Option B is incorrect since this is used for content delivery Option C is incorrect since this is used only if you want to have HTTPS data transfer for the storage account For more information on Virtual Networks service endpoint, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
Incorrect
Answer D The Microsoft documentation mentions the following Virtual Network (VNet) service endpoints extend your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network. Option A is incorrect since this is just used to manage the traffic into a subnet or network interface Option B is incorrect since this is used for content delivery Option C is incorrect since this is used only if you want to have HTTPS data transfer for the storage account For more information on Virtual Networks service endpoint, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
Unattempted
Answer D The Microsoft documentation mentions the following Virtual Network (VNet) service endpoints extend your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network. Option A is incorrect since this is just used to manage the traffic into a subnet or network interface Option B is incorrect since this is used for content delivery Option C is incorrect since this is used only if you want to have HTTPS data transfer for the storage account For more information on Virtual Networks service endpoint, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
Question 60 of 65
60. Question
Your company has an Azure storage account named XYZstore9000. They want to archive data to this storage account. You have to ensure that archived data cant be deleted for five years. Even the administrators must not be able to delete the archived data.
You decide to create a blob container and configure an access policy
Would this fulfil the requirement?
Correct
Answer A Yes, you can configure immutable blob storage via an access policy The Microsoft documentation mentions the following
Your company has an Azure storage account named XYZstore9000. They want to archive data to this storage account. You have to ensure that archived data cant be deleted for five years. Even the administrators must not be able to delete the archived data.
You decide to create a file share and then configure snapshots Would this fulfil the requirement?
Correct
Answer B Archive data is not supported for file shares. It only works for blob data The Microsoft documentation mentions the following
Your company has an on-premises network that contains a file server named XYZ-server. The server contains 500 GB of data. You have to use the Azure Data Factory service to copy the data from the server onto Azure Storage. Which of the following must you implement on the server XYZ-server?
Correct
Answer B You have to install the self-hosted integration runtime on the server so that it can be accepted as a data source in Azure Data Factory. The Microsoft documentation mentions the following
Answer B You have to install the self-hosted integration runtime on the server so that it can be accepted as a data source in Azure Data Factory. The Microsoft documentation mentions the following
Answer B You have to install the self-hosted integration runtime on the server so that it can be accepted as a data source in Azure Data Factory. The Microsoft documentation mentions the following
Your company has an on-premises network that contains a file server named XYZ-server. The server contains 500 GB of data. You have to use the Azure Data Factory service to copy the data from the server onto Azure Storage. Which of the following would you do from the data factory side?
Correct
Answer D In Azure Data Factory you would create a pipeline to copy the data The Microsoft documentation mentions the following
Your company currently has an Azure tenant and subscription in place. They have over 10,000 licenced users and 50 mission critical applications. They want to provide advanced endpoint threat detection and remediation. Which of the following could be recommended for this requirement?
Correct
Answer D Azure Active Directory Protection provides all the security features for your Azure Active Directory entities The Microsoft documentation mentions the following
Answer D Azure Active Directory Protection provides all the security features for your Azure Active Directory entities The Microsoft documentation mentions the following
Answer D Azure Active Directory Protection provides all the security features for your Azure Active Directory entities The Microsoft documentation mentions the following
A company currently has an on-premise network. They have an Active directory domain defined as XYZ.com. They recently purchased an Azure AD tenant and now want to synchronize users from their on-premise Active Directory domain to Azure AD. They also want to enable single-sign on the users. The company decides to setup Active Directory Federation Services and setup a sync with Azure AD. Would this fulfil the requirement?
Correct
Answer A Yes, you can use Active Directory Federation services as well. This is also mentioned in the Microsoft documentation