You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" Microsoft Azure AZ-304 Practice Test 15 "
0 of 42 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
Microsoft Azure AZ-304
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking view questions. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Answered
Review
Question 1 of 42
1. Question
A company has an Azure subscription. The company has launched virtual machines that uses unmanaged standard hard disk drives. You need to develop a strategy for the virtual machines that would ensure that the virtual machines would be made available in the event of a region failure. The recovery time objective can be up to 5 days. Costs need to be minimized in the implementation. Which of the following would you use to recreate the virtual machine in case of a machine failure?
Correct
Answer C Since we need to minimize costs and the RTO is quite long, we can just use Resource Manager to recreate the virtual machine. Option A is incorrect because this is a costly option for such a requirement. Option B is incorrect because this is used as a hybrid cloud storage option Option D is incorrect because this is used for implementing governance For more information on resource manager templates, please visit the below URL https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates
Incorrect
Answer C Since we need to minimize costs and the RTO is quite long, we can just use Resource Manager to recreate the virtual machine. Option A is incorrect because this is a costly option for such a requirement. Option B is incorrect because this is used as a hybrid cloud storage option Option D is incorrect because this is used for implementing governance For more information on resource manager templates, please visit the below URL https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates
Unattempted
Answer C Since we need to minimize costs and the RTO is quite long, we can just use Resource Manager to recreate the virtual machine. Option A is incorrect because this is a costly option for such a requirement. Option B is incorrect because this is used as a hybrid cloud storage option Option D is incorrect because this is used for implementing governance For more information on resource manager templates, please visit the below URL https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates
Question 2 of 42
2. Question
A company has setup an Azure subscription and an Azure tenant. They have purchased Premium P2 licences. There are different departments that have different requirements for managing identities.
Which of the following would you suggest for the Procurement department?
Correct
Answer C This is clearly given in the Microsoft documentation wherein the Privileged Identity Management feature would fulfil these requirements
A company has setup an Azure subscription and an Azure tenant. They have purchased Premium P2 licences. There are different departments that have different requirements for managing identities.
Which of the following would you suggest for the Human Resources department?
Correct
Answer – C This is clearly given in the Microsoft documentation wherein the Privileged Identity Management feature would fulfil this requirement
A company has setup an Azure subscription and an Azure tenant. They have purchased Premium P2 licences. There are different departments that have different requirements for managing identities.
Which of the following would you suggest for the Logistics department?
Correct
Answer – A This is clearly given in the Microsoft documentation.
A company needs to design an architecture that would meet the below requirements
*) Capture data with regards to creation of users and assignment of roles in their Azure account
*)All captured data must be sent to a CosmosDB account
You have to complete the below architecture diagram to fulfil the above requirements.
Which of the following would you suggest for Azure Service 1?
Correct
Answer A The Event Grid service is ideal for capturing different sort of events in Azure. So, since you need to capture events pertaining to the creation of users and assignment of roles, you can use the Event Grid service. The diagram representation of the Azure Event Grid service is given below.
So, on the left-hand side, you have different Azure resources for which you can receive events. And on the right-hand side, you have consumers. The event grid service can send data about the event onto the consumers. Option B is incorrect since this is a Big data ingestion service Option C is incorrect since this is a serverless compute service Option D is incorrect since this is used for analysis of data sent to the log service in Azure Option E is incorrect since this is a purely notification-based service For more information on Azure Event Grids, please visit the below URL https://docs.microsoft.com/en-us/azure/event-grid/overview
Incorrect
Answer A The Event Grid service is ideal for capturing different sort of events in Azure. So, since you need to capture events pertaining to the creation of users and assignment of roles, you can use the Event Grid service. The diagram representation of the Azure Event Grid service is given below.
So, on the left-hand side, you have different Azure resources for which you can receive events. And on the right-hand side, you have consumers. The event grid service can send data about the event onto the consumers. Option B is incorrect since this is a Big data ingestion service Option C is incorrect since this is a serverless compute service Option D is incorrect since this is used for analysis of data sent to the log service in Azure Option E is incorrect since this is a purely notification-based service For more information on Azure Event Grids, please visit the below URL https://docs.microsoft.com/en-us/azure/event-grid/overview
Unattempted
Answer A The Event Grid service is ideal for capturing different sort of events in Azure. So, since you need to capture events pertaining to the creation of users and assignment of roles, you can use the Event Grid service. The diagram representation of the Azure Event Grid service is given below.
So, on the left-hand side, you have different Azure resources for which you can receive events. And on the right-hand side, you have consumers. The event grid service can send data about the event onto the consumers. Option B is incorrect since this is a Big data ingestion service Option C is incorrect since this is a serverless compute service Option D is incorrect since this is used for analysis of data sent to the log service in Azure Option E is incorrect since this is a purely notification-based service For more information on Azure Event Grids, please visit the below URL https://docs.microsoft.com/en-us/azure/event-grid/overview
Question 6 of 42
6. Question
A company needs to design an architecture that would meet the below requirements
*) Capture data with regards to creation of users and assignment of roles in their Azure account
*)All captured data must be sent to a CosmosDB account
You have to complete the below architecture diagram to fulfil the above requirements.
Which of the following would you suggest for Azure Service 2?
Correct
Answer C Azure Functions is an ideal consumer for this requirement. The Azure Function can be programmed to receive the event data and then send it across to CosmosDB. Option A is incorrect since this is the service to receive the data Option B is incorrect since this is a Big data ingestion service Option D is incorrect since this is used for analysis of data sent to the log service in Azure Option E is incorrect since this is a purely notification-based service For more information on Azure Event Grid bindings for Azure Functions, please visit the below URL https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-event-grid
Incorrect
Answer C Azure Functions is an ideal consumer for this requirement. The Azure Function can be programmed to receive the event data and then send it across to CosmosDB. Option A is incorrect since this is the service to receive the data Option B is incorrect since this is a Big data ingestion service Option D is incorrect since this is used for analysis of data sent to the log service in Azure Option E is incorrect since this is a purely notification-based service For more information on Azure Event Grid bindings for Azure Functions, please visit the below URL https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-event-grid
Unattempted
Answer C Azure Functions is an ideal consumer for this requirement. The Azure Function can be programmed to receive the event data and then send it across to CosmosDB. Option A is incorrect since this is the service to receive the data Option B is incorrect since this is a Big data ingestion service Option D is incorrect since this is used for analysis of data sent to the log service in Azure Option E is incorrect since this is a purely notification-based service For more information on Azure Event Grid bindings for Azure Functions, please visit the below URL https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-event-grid
Question 7 of 42
7. Question
A company named XYZ has just setup an Azure AD tenant. They need to deploy 2 applications to Azure, OnlineQuiz and OnlineForum. Below are the key authentication requirements for the applications
*)OnlineQuiz Application – Users should be able to authenticate using a personal Microsoft account and multi-factor authentication or using other providers such as facebook.
*)OnlineForum Application – Users should be able to authenticate using either a personal Microsoft account or using the credentials of XYZ. The accounts should be managed via Azure AD
Which authentication mechanism would you recommend for the OnlineQuiz application?
Correct
Answer A If you look at the authentication providers possible with Azure B2C, you can see that you can use a Microsoft account. This is provided in the Microsoft documentation.
If also supports Multi-factor authentication as shown below
Option B is incorrect since this is normally used when you want to allow authentication of users from other companies. Options C and D are incorrect since this is normally only used for Microsoft based accounts For more information on Azure B2C, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview
Incorrect
Answer A If you look at the authentication providers possible with Azure B2C, you can see that you can use a Microsoft account. This is provided in the Microsoft documentation.
If also supports Multi-factor authentication as shown below
Option B is incorrect since this is normally used when you want to allow authentication of users from other companies. Options C and D are incorrect since this is normally only used for Microsoft based accounts For more information on Azure B2C, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview
Unattempted
Answer A If you look at the authentication providers possible with Azure B2C, you can see that you can use a Microsoft account. This is provided in the Microsoft documentation.
If also supports Multi-factor authentication as shown below
Option B is incorrect since this is normally used when you want to allow authentication of users from other companies. Options C and D are incorrect since this is normally only used for Microsoft based accounts For more information on Azure B2C, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview
Question 8 of 42
8. Question
A company named XYZ has just setup an Azure AD tenant. They need to deploy 2 applications to Azure, OnlineQuiz and OnlineForum. Below are the key authentication requirements for the applications
*) OnlineQuiz Application – Users should be able to authenticate using a personal Microsoft account and multi-factor authentication or using other providers such as facebook.
*)OnlineForum Application – Users should be able to authenticate using either a personal Microsoft account or using the credentials of XYZ. The accounts should be managed via Azure AD
Which authentication mechanism would you recommend for the OnlineForum application?
Correct
Answer D Azure AD v2.0 endpoint is best suited for this, since it supports both Work and personal accounts as shown below
Option A is incorrect since this is normally used for user authentication with other identity providers besides Microsoft. Option B is incorrect since this is normally used when you want to allow authentication of users from other companies. Option C is incorrect since it does not support Personal accounts For more information on the Microsoft identity platform, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/develop/about-microsoft-identity-platform
Incorrect
Answer D Azure AD v2.0 endpoint is best suited for this, since it supports both Work and personal accounts as shown below
Option A is incorrect since this is normally used for user authentication with other identity providers besides Microsoft. Option B is incorrect since this is normally used when you want to allow authentication of users from other companies. Option C is incorrect since it does not support Personal accounts For more information on the Microsoft identity platform, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/develop/about-microsoft-identity-platform
Unattempted
Answer D Azure AD v2.0 endpoint is best suited for this, since it supports both Work and personal accounts as shown below
Option A is incorrect since this is normally used for user authentication with other identity providers besides Microsoft. Option B is incorrect since this is normally used when you want to allow authentication of users from other companies. Option C is incorrect since it does not support Personal accounts For more information on the Microsoft identity platform, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/develop/about-microsoft-identity-platform
Question 9 of 42
9. Question
A company has the requirement to have an automated process in place which would upload logs to an Azure SQL database every week. Reports would then be generated from the SQL database. Which of the following would you use for this requirement?
Correct
Answer B You can use the Azure Data Factory to create a pipeline that can be used to copy data. Below is an excerpt from the Microsoft documentation on the connector for SQL server.
Option A is incorrect since this is used for copying data from Azure storage accounts to on-premise and vice versa Option C is incorrect since this is used to run Big data open source frameworks Option D is incorrect since this is used to migrate data between SQL servers. For more information on Azure Data Factory connector for SQL, please visit the below URL https://docs.microsoft.com/en-us/azure/data-factory/connector-sql-server
Incorrect
Answer B You can use the Azure Data Factory to create a pipeline that can be used to copy data. Below is an excerpt from the Microsoft documentation on the connector for SQL server.
Option A is incorrect since this is used for copying data from Azure storage accounts to on-premise and vice versa Option C is incorrect since this is used to run Big data open source frameworks Option D is incorrect since this is used to migrate data between SQL servers. For more information on Azure Data Factory connector for SQL, please visit the below URL https://docs.microsoft.com/en-us/azure/data-factory/connector-sql-server
Unattempted
Answer B You can use the Azure Data Factory to create a pipeline that can be used to copy data. Below is an excerpt from the Microsoft documentation on the connector for SQL server.
Option A is incorrect since this is used for copying data from Azure storage accounts to on-premise and vice versa Option C is incorrect since this is used to run Big data open source frameworks Option D is incorrect since this is used to migrate data between SQL servers. For more information on Azure Data Factory connector for SQL, please visit the below URL https://docs.microsoft.com/en-us/azure/data-factory/connector-sql-server
Question 10 of 42
10. Question
A company has deployed an API management instance. They need a solution to protect the API from a DDoS (Distributed denial of service) attack. Which of the following could be recommended for this requirement?
Correct
Answer B You can protect the number of calls to the API by using rate limiting. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used for protecting traffic flowing into Virtual Machines Option C is incorrect since this is used to limit the calls based on the subscription Option D is incorrect since this is used for authentication for API’s For more information on transforming and protecting an API, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/transform-api
Incorrect
Answer B You can protect the number of calls to the API by using rate limiting. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used for protecting traffic flowing into Virtual Machines Option C is incorrect since this is used to limit the calls based on the subscription Option D is incorrect since this is used for authentication for API’s For more information on transforming and protecting an API, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/transform-api
Unattempted
Answer B You can protect the number of calls to the API by using rate limiting. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used for protecting traffic flowing into Virtual Machines Option C is incorrect since this is used to limit the calls based on the subscription Option D is incorrect since this is used for authentication for API’s For more information on transforming and protecting an API, please visit the below URL https://docs.microsoft.com/en-us/azure/api-management/transform-api
Question 11 of 42
11. Question
A company has created 2 virtual networks, one in the Central US and the other in the East US region. There is a requirement to ensure that Virtual Machines on the Virtual Networks are able to communicate with each other using their private IP addresses. You also need to ensure low latency access between the Virtual machines. You also need to ensure that the solution is cost effective. You decide to implement Virtual Network Peering. Does this fulfil the requirement?
Correct
Answer A You can implement Virtual Network Peering for this requirement. Below is what the is mentioned in the Microsoft documentation.
A company has created 2 virtual networks, one in the Central US and the other in the East US region. There is a requirement to ensure that Virtual Machines on the Virtual Networks are able to communicate with each other using their private IP addresses. You also need to ensure low latency access between the Virtual machines. You also need to ensure that the solution is cost effective. You decide to implement an Express Route connection Does this fulfil the requirement?
Correct
Answer B This type of connection is generally used to extend on-premise infrastructure to Azure. Below is what is mentioned in the Microsoft documentation
Answer B This type of connection is generally used to extend on-premise infrastructure to Azure. Below is what is mentioned in the Microsoft documentation
Answer B This type of connection is generally used to extend on-premise infrastructure to Azure. Below is what is mentioned in the Microsoft documentation
A company has created 2 virtual networks, one in the Central US and the other in the East US region. There is a requirement to ensure that Virtual Machines on the Virtual Networks are able to communicate with each other using their private IP addresses. You also need to ensure low latency access between the Virtual machines. You also need to ensure that the solution is cost effective. You decide to implement custom route tables. Does this fulfil the requirement?
A company currently has around 100 Virtual Machines running on their on-premise infrastructure. There is a plan to move the Virtual machines to Azure. The Virtual machines are running on a VMWare environment. The Virtual machines run different types of workloads. You need to prepare a report on the capacity requirement for the Virtual Machines that need to be created in Azure for the migration. Which of the following would you use for this purpose?
Correct
Answer C The Azure Migrate tool is the perfect tool for this scenario. The Microsoft documentation mentions the following
Options A and B are incorrect since these are normally used for cost management once you are already using resources in Azure Option D is incorrect since this is used for backup and recovery purposes For more information on Azure Migrate, please visit the below URL https://docs.microsoft.com/en-us/azure/migrate/migrate-overview
Incorrect
Answer C The Azure Migrate tool is the perfect tool for this scenario. The Microsoft documentation mentions the following
Options A and B are incorrect since these are normally used for cost management once you are already using resources in Azure Option D is incorrect since this is used for backup and recovery purposes For more information on Azure Migrate, please visit the below URL https://docs.microsoft.com/en-us/azure/migrate/migrate-overview
Unattempted
Answer C The Azure Migrate tool is the perfect tool for this scenario. The Microsoft documentation mentions the following
Options A and B are incorrect since these are normally used for cost management once you are already using resources in Azure Option D is incorrect since this is used for backup and recovery purposes For more information on Azure Migrate, please visit the below URL https://docs.microsoft.com/en-us/azure/migrate/migrate-overview
Question 15 of 42
15. Question
A company has multiple offices and an Azure subscription. The company wants to implement a data storage solution for their on-premise servers hosted in the various offices. The servers are hosted on Hyper-V.
*) The servers must be able to connect to a central storage device by using iSCSI connections
*)Data that is stored in the central device needs to be uploaded to Azure automatically
*)Minimize the maintenance of the solution
Which of the following would you look to implement for the offices?
Correct
Answer C The StorSimple Virtual Array is a good solution for having hybrid cloud storage. Here on-premise devices can connect using iSCSI. And then data gets retained to Azure. The Microsoft documentation mentions the following
Option A is incorrect since Azure files shares are useful when devices need to connect using the SMB protocol. Option B is incorrect since this is used for backup and recovery services along with Azure Site Recovery Option D is incorrect since this would only be part of a solution. And it would also lead to high maintenance of the overall solution For more information on Azure StorSimple Virtual Array, please visit the below URL https://docs.microsoft.com/en-us/azure/storsimple/storsimple-ova-overview
Incorrect
Answer C The StorSimple Virtual Array is a good solution for having hybrid cloud storage. Here on-premise devices can connect using iSCSI. And then data gets retained to Azure. The Microsoft documentation mentions the following
Option A is incorrect since Azure files shares are useful when devices need to connect using the SMB protocol. Option B is incorrect since this is used for backup and recovery services along with Azure Site Recovery Option D is incorrect since this would only be part of a solution. And it would also lead to high maintenance of the overall solution For more information on Azure StorSimple Virtual Array, please visit the below URL https://docs.microsoft.com/en-us/azure/storsimple/storsimple-ova-overview
Unattempted
Answer C The StorSimple Virtual Array is a good solution for having hybrid cloud storage. Here on-premise devices can connect using iSCSI. And then data gets retained to Azure. The Microsoft documentation mentions the following
Option A is incorrect since Azure files shares are useful when devices need to connect using the SMB protocol. Option B is incorrect since this is used for backup and recovery services along with Azure Site Recovery Option D is incorrect since this would only be part of a solution. And it would also lead to high maintenance of the overall solution For more information on Azure StorSimple Virtual Array, please visit the below URL https://docs.microsoft.com/en-us/azure/storsimple/storsimple-ova-overview
Question 16 of 42
16. Question
A company has multiple offices and an Azure subscription. The company wants to implement a data storage solution for their on-premise servers hosted in the various offices. The servers are hosted on Hyper-V.
*) The servers must be able to connect to a central storage device by using iSCSI connections
*)Data that is stored in the central device needs to be uploaded to Azure automatically
*)Minimize the maintenance of the solution
Based on the tool being used, which of the following would you plan to setup in Azure?
Correct
Answer D When you look at the pre-requisites for the setup of StorSimple Virtual Array, you can see that you need to also have a storage account in place. This is also given in the Microsoft documentation
Answer D When you look at the pre-requisites for the setup of StorSimple Virtual Array, you can see that you need to also have a storage account in place. This is also given in the Microsoft documentation
Answer D When you look at the pre-requisites for the setup of StorSimple Virtual Array, you can see that you need to also have a storage account in place. This is also given in the Microsoft documentation
A company has just setup an Azure subscription. They have offices located in Mumbai and Hyderabad. They are now planning their network connectivity strategy. They have the following networks defined in Azure.
The company has the following requirements when it comes to connectivity
*)The Virtual Machines hosted in SubnetA must only be accessible to clients located in the Mumbai office
*)IT administrators working on dedicated workstations must have access to the Virtual Machines in SubnetA over the Internet on a specific TCP/IP management port
*)The Azure Virtual Machines hosted in the XYZ-network1 must be able to communicate on all ports to Azure Virtual Machines hosted in XYZ-network2
Which of the following architecture would you recommend to ensure VM in SubnetA can be accessible to client located at Mumbai Office?
Correct
Answer B A site-to-site VPN connection can be used to connect on-premise infrastructure onto Azure. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used to connect 2 Virtual Networks in Azure together. Option C is incorrect since this is used to control traffic flowing into and out of Azure Virtual Machines Option D is incorrect since this is not required For more information on deploying a site-to-site VPN connection, please visit the below URL https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Incorrect
Answer B A site-to-site VPN connection can be used to connect on-premise infrastructure onto Azure. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used to connect 2 Virtual Networks in Azure together. Option C is incorrect since this is used to control traffic flowing into and out of Azure Virtual Machines Option D is incorrect since this is not required For more information on deploying a site-to-site VPN connection, please visit the below URL https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Unattempted
Answer B A site-to-site VPN connection can be used to connect on-premise infrastructure onto Azure. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used to connect 2 Virtual Networks in Azure together. Option C is incorrect since this is used to control traffic flowing into and out of Azure Virtual Machines Option D is incorrect since this is not required For more information on deploying a site-to-site VPN connection, please visit the below URL https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Question 18 of 42
18. Question
A company has just setup an Azure subscription. They have offices located in Mumbai and Hyderabad. They are now planning their network connectivity strategy. They have the following networks defined in Azure.
The company has the following requirements when it comes to connectivity
*)The Virtual Machines hosted in SubnetA must only be accessible to clients located in the Mumbai office
*)IT administrators working on dedicated workstations must have access to the Virtual Machines in SubnetA over the Internet on a specific TCP/IP management port
*)The Azure Virtual Machines hosted in the XYZ-network1 must be able to communicate on all ports to Azure Virtual Machines hosted in XYZ-network2 Which of the following would you use to fulfill the requirement of Point No. 2 aforementioned?
Correct
Answer C You can use Network Security Groups to define the traffic flow rules into and out of Virtual Machines. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used to connect 2 Virtual Networks in Azure together. Option B is incorrect since this is used to on-premise infrastructure to Azure Virtual Networks Option D is incorrect since this is not required For more information on network security , please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Incorrect
Answer C You can use Network Security Groups to define the traffic flow rules into and out of Virtual Machines. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used to connect 2 Virtual Networks in Azure together. Option B is incorrect since this is used to on-premise infrastructure to Azure Virtual Networks Option D is incorrect since this is not required For more information on network security , please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Unattempted
Answer C You can use Network Security Groups to define the traffic flow rules into and out of Virtual Machines. Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used to connect 2 Virtual Networks in Azure together. Option B is incorrect since this is used to on-premise infrastructure to Azure Virtual Networks Option D is incorrect since this is not required For more information on network security , please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Question 19 of 42
19. Question
A company has just setup an Azure subscription. They have offices located in Mumbai and Hyderabad. They are now planning their network connectivity strategy. They have the following networks defined in Azure.
The company has the following requirements when it comes to connectivity
*)The Virtual Machines hosted in SubnetA must only be accessible to clients located in the Mumbai office
*)IT administrators working on dedicated workstations must have access to the Virtual Machines in SubnetA over the Internet on a specific TCP/IP management port
*)The Azure Virtual Machines hosted in the XYZ-network1 must be able to communicate on all ports to Azure Virtual Machines hosted in XYZ-network2 Which of the following would you use for this purpose? The Azure Virtual Machines hosted in the XYZ-network2 must be able to communicate on all ports to Azure Virtual Machines hosted in XYZ-network1.
Correct
Answer A Option B is incorrect since this is used to on-premise infrastructure to Azure Virtual Networks Option C is incorrect since this is used to control traffic flowing into and out of Azure Virtual Machines Option D is incorrect since this is not required You can connect Virtual Networks together using Virtual Network Peering across regions. Below is what is mentioned in the Microsoft documentation
Answer A Option B is incorrect since this is used to on-premise infrastructure to Azure Virtual Networks Option C is incorrect since this is used to control traffic flowing into and out of Azure Virtual Machines Option D is incorrect since this is not required You can connect Virtual Networks together using Virtual Network Peering across regions. Below is what is mentioned in the Microsoft documentation
Answer A Option B is incorrect since this is used to on-premise infrastructure to Azure Virtual Networks Option C is incorrect since this is used to control traffic flowing into and out of Azure Virtual Machines Option D is incorrect since this is not required You can connect Virtual Networks together using Virtual Network Peering across regions. Below is what is mentioned in the Microsoft documentation
XYZ is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment
The company currently has the following Active Directory Environment in place
· Two Active Directory forests – One is quiz.XYZ.com and the other is research. XYZ.com
· Currently there is no trust relationship between the forests
· The quiz.XYZ.com is the production forest that hosts all the identities required for internal user and computer authentication.
· The research.XYZ.com forest is only used by the research department
The company currently has the following Networking Environment in place
· The offices currently contain at least one domain controller from the quiz. XYZ.com forest.
· The main head office contains the domain controller of the research. XYZ.com forest
· All of the offices have high speed internet connections
Application
The company has a web application running on-premise named XYZ -app
· The application is running on Microsoft Internet Information Services
· The application stores its data on Microsoft SQL Server 2016
· The servers are all running on Hyper-V
· The same Hyper-V environment also hosts a staging environment to test all updates to the web application
· All Microsoft based licenses have been purchased via a Microsoft Enterprise Agreement that includes Software Assurance
Planned Changes
· The company wants to migrate its workloads to Azure.
· They also want to create a hybrid identity model along with a Microsoft Office 365 deployment
· The research department will continue to use the infrastructure in the on-premise environment.
Following are the key requirements for the migration to Azure
· The Web application ” XYZ -app” needs to be migrated to Azure
· Existing licenses should be used wherever possible to minimize on costs
· Users need to always authenticate using their quiz. XYZ.com UPN identity
· All new deployments to Azure must be redundant in the case of an Azure region failure
· PaaS deployments are preferred wherever possible
· Directory Synchronization must be established between Azure AD and the quiz. XYZ.com forest. This synchronization must not be affected by a link failure between Azure and the on-premise network.
The following requirements need to be met in terms of the database
· When the database is migrated to Azure, it needs to be ensured that metrics are recorded for the database. The database administrators should be able to analyse the metrics for suggesting any further improvements to the database environment
· Database downtime must be minimized when the database is being migrated onto Azure
· Database backup’s must be maintained for a period of 5 years
The following requirements need to be met in terms of Security
· Administrators should be able to authenticate to Azure by using the quiz. XYZ.com credentials
Any administrative access to Azure must be complemented by multi-factor authentication
What is the minimum number of Azure tenants that need to be setup?
Correct
Answer B Since there is only one forest that needs to be synced with Azure AD, one can opt for having one Azure AD tenant. This is the simplest form of connectivity as shown below
Answer B Since there is only one forest that needs to be synced with Azure AD, one can opt for having one Azure AD tenant. This is the simplest form of connectivity as shown below
Answer B Since there is only one forest that needs to be synced with Azure AD, one can opt for having one Azure AD tenant. This is the simplest form of connectivity as shown below
XYZ is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment
The company currently has the following Active Directory Environment in place
· Two Active Directory forests – One is quiz.XYZ.com and the other is research. XYZ.com
· Currently there is no trust relationship between the forests
· The quiz.XYZ.com is the production forest that hosts all the identities required for internal user and computer authentication.
· The research.XYZ.com forest is only used by the research department
The company currently has the following Networking Environment in place
· The offices currently contain at least one domain controller from the quiz. XYZ.com forest.
· The main head office contains the domain controller of the research. XYZ.com forest
· All of the offices have high speed internet connections
Application
The company has a web application running on-premise named XYZ -app
· The application is running on Microsoft Internet Information Services
· The application stores its data on Microsoft SQL Server 2016
· The servers are all running on Hyper-V
· The same Hyper-V environment also hosts a staging environment to test all updates to the web application
· All Microsoft based licenses have been purchased via a Microsoft Enterprise Agreement that includes Software Assurance
Planned Changes
· The company wants to migrate its workloads to Azure.
· They also want to create a hybrid identity model along with a Microsoft Office 365 deployment
· The research department will continue to use the infrastructure in the on-premise environment.
Following are the key requirements for the migration to Azure
· The Web application ” XYZ -app” needs to be migrated to Azure
· Existing licenses should be used wherever possible to minimize on costs
· Users need to always authenticate using their quiz. XYZ.com UPN identity
· All new deployments to Azure must be redundant in the case of an Azure region failure
· PaaS deployments are preferred wherever possible
· Directory Synchronization must be established between Azure AD and the quiz. XYZ.com forest. This synchronization must not be affected by a link failure between Azure and the on-premise network.
The following requirements need to be met in terms of the database
· When the database is migrated to Azure, it needs to be ensured that metrics are recorded for the database. The database administrators should be able to analyse the metrics for suggesting any further improvements to the database environment
· Database downtime must be minimized when the database is being migrated onto Azure
· Database backup’s must be maintained for a period of 5 years
The following requirements need to be met in terms of Security
· Administrators should be able to authenticate to Azure by using the quiz. XYZ.com credentials
Any administrative access to Azure must be complemented by multi-factor authentication
What is the minimum number of custom domains to add to Azure AD?
Correct
Answer B Since users need to authenticate via the UPNs associated with the quiz.XYZ.com forest, you just need to create one custom domain in Azure AD. That custom domain will be quiz.XYZ.com. The Microsoft documentation mentions the following
Answer B Since users need to authenticate via the UPNs associated with the quiz.XYZ.com forest, you just need to create one custom domain in Azure AD. That custom domain will be quiz.XYZ.com. The Microsoft documentation mentions the following
Answer B Since users need to authenticate via the UPNs associated with the quiz.XYZ.com forest, you just need to create one custom domain in Azure AD. That custom domain will be quiz.XYZ.com. The Microsoft documentation mentions the following
XYZ is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment
The company currently has the following Active Directory Environment in place
· Two Active Directory forests – One is quiz.XYZ.com and the other is research. XYZ.com
· Currently there is no trust relationship between the forests
· The quiz.XYZ.com is the production forest that hosts all the identities required for internal user and computer authentication.
· The research.XYZ.com forest is only used by the research department
The company currently has the following Networking Environment in place
· The offices currently contain at least one domain controller from the quiz. XYZ.com forest.
· The main head office contains the domain controller of the research. XYZ.com forest
· All of the offices have high speed internet connections
Application
The company has a web application running on-premise named XYZ -app
· The application is running on Microsoft Internet Information Services
· The application stores its data on Microsoft SQL Server 2016
· The servers are all running on Hyper-V
· The same Hyper-V environment also hosts a staging environment to test all updates to the web application
· All Microsoft based licenses have been purchased via a Microsoft Enterprise Agreement that includes Software Assurance
Planned Changes
· The company wants to migrate its workloads to Azure.
· They also want to create a hybrid identity model along with a Microsoft Office 365 deployment
· The research department will continue to use the infrastructure in the on-premise environment.
Following are the key requirements for the migration to Azure
· The Web application ” XYZ -app” needs to be migrated to Azure
· Existing licenses should be used wherever possible to minimize on costs
· Users need to always authenticate using their quiz. XYZ.com UPN identity
· All new deployments to Azure must be redundant in the case of an Azure region failure
· PaaS deployments are preferred wherever possible
· Directory Synchronization must be established between Azure AD and the quiz. XYZ.com forest. This synchronization must not be affected by a link failure between Azure and the on-premise network.
The following requirements need to be met in terms of the database
· When the database is migrated to Azure, it needs to be ensured that metrics are recorded for the database. The database administrators should be able to analyse the metrics for suggesting any further improvements to the database environment
· Database downtime must be minimized when the database is being migrated onto Azure
· Database backup’s must be maintained for a period of 5 years
The following requirements need to be met in terms of Security
· Administrators should be able to authenticate to Azure by using the quiz. XYZ.com credentials
Any administrative access to Azure must be complemented by multi-factor authentication
What is the minimum number of conditional access policies that need to be created?
Correct
Answer A There is a baseline policy that ensures that Multi-factor authentication is present for administrative accounts as shown below
XYZ is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment
The company currently has the following Active Directory Environment in place
· Two Active Directory forests – One is quiz.XYZ.com and the other is research. XYZ.com
· Currently there is no trust relationship between the forests
· The quiz.XYZ.com is the production forest that hosts all the identities required for internal user and computer authentication.
· The research.XYZ.com forest is only used by the research department
The company currently has the following Networking Environment in place
· The offices currently contain at least one domain controller from the quiz. XYZ.com forest.
· The main head office contains the domain controller of the research. XYZ.com forest
· All of the offices have high speed internet connections
Application
The company has a web application running on-premise named XYZ -app
· The application is running on Microsoft Internet Information Services
· The application stores its data on Microsoft SQL Server 2016
· The servers are all running on Hyper-V
· The same Hyper-V environment also hosts a staging environment to test all updates to the web application
· All Microsoft based licenses have been purchased via a Microsoft Enterprise Agreement that includes Software Assurance
Planned Changes
· The company wants to migrate its workloads to Azure.
· They also want to create a hybrid identity model along with a Microsoft Office 365 deployment
· The research department will continue to use the infrastructure in the on-premise environment.
Following are the key requirements for the migration to Azure
· The Web application ” XYZ -app” needs to be migrated to Azure
· Existing licenses should be used wherever possible to minimize on costs
· Users need to always authenticate using their quiz. XYZ.com UPN identity
· All new deployments to Azure must be redundant in the case of an Azure region failure
· PaaS deployments are preferred wherever possible
· Directory Synchronization must be established between Azure AD and the quiz. XYZ.com forest. This synchronization must not be affected by a link failure between Azure and the on-premise network.
The following requirements need to be met in terms of the database
· When the database is migrated to Azure, it needs to be ensured that metrics are recorded for the database. The database administrators should be able to analyse the metrics for suggesting any further improvements to the database environment
· Database downtime must be minimized when the database is being migrated onto Azure
· Database backup’s must be maintained for a period of 5 years
The following requirements need to be met in terms of Security
· Administrators should be able to authenticate to Azure by using the quiz. XYZ.com credentials
Any administrative access to Azure must be complemented by multi-factor authentication
You need to recommend how to setup the data store for hosting the SQL database in Azure. Which of the following would you recommend?
Correct
Answer D Since the company already has existing Microsoft licences with software assurance, they can opt for a hybrid model in which they can benefit from huge discounts. This is also given in the Microsoft documentation.
Options A and C are incorrect since here you cannot use the Hybrid benefit from a licensing perspective. Option B is incorrect since you would need to invest extra on the Virtual machine itself For more information on vCore based licensing, please visit the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-vcore
Incorrect
Answer D Since the company already has existing Microsoft licences with software assurance, they can opt for a hybrid model in which they can benefit from huge discounts. This is also given in the Microsoft documentation.
Options A and C are incorrect since here you cannot use the Hybrid benefit from a licensing perspective. Option B is incorrect since you would need to invest extra on the Virtual machine itself For more information on vCore based licensing, please visit the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-vcore
Unattempted
Answer D Since the company already has existing Microsoft licences with software assurance, they can opt for a hybrid model in which they can benefit from huge discounts. This is also given in the Microsoft documentation.
Options A and C are incorrect since here you cannot use the Hybrid benefit from a licensing perspective. Option B is incorrect since you would need to invest extra on the Virtual machine itself For more information on vCore based licensing, please visit the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-vcore
Question 24 of 42
24. Question
CASE STUDY
Overview
XYZ is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment
The company currently has the following Active Directory Environment in place
· Two Active Directory forests – One is quiz.XYZ.com and the other is research. XYZ.com
· Currently there is no trust relationship between the forests
· The quiz.XYZ.com is the production forest that hosts all the identities required for internal user and computer authentication.
· The research.XYZ.com forest is only used by the research department
The company currently has the following Networking Environment in place
· The offices currently contain at least one domain controller from the quiz. XYZ.com forest.
· The main head office contains the domain controller of the research. XYZ.com forest
· All of the offices have high speed internet connections
Application
The company has a web application running on-premise named XYZ -app
· The application is running on Microsoft Internet Information Services
· The application stores its data on Microsoft SQL Server 2016
· The servers are all running on Hyper-V
· The same Hyper-V environment also hosts a staging environment to test all updates to the web application
· All Microsoft based licenses have been purchased via a Microsoft Enterprise Agreement that includes Software Assurance
Planned Changes
· The company wants to migrate its workloads to Azure.
· They also want to create a hybrid identity model along with a Microsoft Office 365 deployment
· The research department will continue to use the infrastructure in the on-premise environment.
Following are the key requirements for the migration to Azure
· The Web application ” XYZ -app” needs to be migrated to Azure
· Existing licenses should be used wherever possible to minimize on costs
· Users need to always authenticate using their quiz. XYZ.com UPN identity
· All new deployments to Azure must be redundant in the case of an Azure region failure
· PaaS deployments are preferred wherever possible
· Directory Synchronization must be established between Azure AD and the quiz. XYZ.com forest. This synchronization must not be affected by a link failure between Azure and the on-premise network.
The following requirements need to be met in terms of the database
· When the database is migrated to Azure, it needs to be ensured that metrics are recorded for the database. The database administrators should be able to analyse the metrics for suggesting any further improvements to the database environment
· Database downtime must be minimized when the database is being migrated onto Azure
· Database backup’s must be maintained for a period of 5 years
The following requirements need to be met in terms of Security
· Administrators should be able to authenticate to Azure by using the quiz. XYZ.com credentials
Any administrative access to Azure must be complemented by multi-factor authentication
You need to recommend the approach to transferring the data from the on-premise SQL server to the SQL server on Azure. Which of the following would you recommend?
Correct
Answer B The ideal approach is to use a BACPAC file. This is also given in the Microsoft documentation.
XYZ is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment
The company currently has the following Active Directory Environment in place
· Two Active Directory forests – One is quiz.XYZ.com and the other is research. XYZ.com
· Currently there is no trust relationship between the forests
· The quiz.XYZ.com is the production forest that hosts all the identities required for internal user and computer authentication.
· The research.XYZ.com forest is only used by the research department
The company currently has the following Networking Environment in place
· The offices currently contain at least one domain controller from the quiz. XYZ.com forest.
· The main head office contains the domain controller of the research. XYZ.com forest
· All of the offices have high speed internet connections
Application
The company has a web application running on-premise named XYZ -app
· The application is running on Microsoft Internet Information Services
· The application stores its data on Microsoft SQL Server 2016
· The servers are all running on Hyper-V
· The same Hyper-V environment also hosts a staging environment to test all updates to the web application
· All Microsoft based licenses have been purchased via a Microsoft Enterprise Agreement that includes Software Assurance
Planned Changes
· The company wants to migrate its workloads to Azure.
· They also want to create a hybrid identity model along with a Microsoft Office 365 deployment
· The research department will continue to use the infrastructure in the on-premise environment.
Following are the key requirements for the migration to Azure
· The Web application ” XYZ -app” needs to be migrated to Azure
· Existing licenses should be used wherever possible to minimize on costs
· Users need to always authenticate using their quiz. XYZ.com UPN identity
· All new deployments to Azure must be redundant in the case of an Azure region failure
· PaaS deployments are preferred wherever possible
· Directory Synchronization must be established between Azure AD and the quiz. XYZ.com forest. This synchronization must not be affected by a link failure between Azure and the on-premise network.
The following requirements need to be met in terms of the database
· When the database is migrated to Azure, it needs to be ensured that metrics are recorded for the database. The database administrators should be able to analyse the metrics for suggesting any further improvements to the database environment
· Database downtime must be minimized when the database is being migrated onto Azure
· Database backup’s must be maintained for a period of 5 years
The following requirements need to be met in terms of Security
· Administrators should be able to authenticate to Azure by using the quiz. XYZ.com credentials
Any administrative access to Azure must be complemented by multi-factor authentication
A strategy needs to be recommended for the Web application XYZ-app. The loads on the application would be unpredictable. It needs to be ensured that the application can sustain itself at high workloads. Also, it needs to be ensured that costs are being minimized at lower workloads. Which of the following would you recommend?
Correct
Answer B Since the case study does mention that PaaS solutions should be used, hence we need to use Azure Web apps for this solution and not Virtual Machine Scale Sets. Hence option C and D are eliminated. Option A is wrong: Scale Up – is an operation that’s Azure Web Sites cloud equivalent of moving your non-cloud web site to a bigger physical server. It’s useful to consider when your site is hitting a quota, signaling that you are outgrowing your existing mode or options. In addition, it can be done on virtually any site without worrying about the implications of multi-instances data consistency. To ensure that the web app can scale based on demand, we need to use the Scale Out settings as shown below
1) First go to the Scale out settings for the Web App 2) Then click on Enable autoscale Then add the required conditions for the scaling process
Answer B Since the case study does mention that PaaS solutions should be used, hence we need to use Azure Web apps for this solution and not Virtual Machine Scale Sets. Hence option C and D are eliminated. Option A is wrong: Scale Up – is an operation that’s Azure Web Sites cloud equivalent of moving your non-cloud web site to a bigger physical server. It’s useful to consider when your site is hitting a quota, signaling that you are outgrowing your existing mode or options. In addition, it can be done on virtually any site without worrying about the implications of multi-instances data consistency. To ensure that the web app can scale based on demand, we need to use the Scale Out settings as shown below
1) First go to the Scale out settings for the Web App 2) Then click on Enable autoscale Then add the required conditions for the scaling process
Answer B Since the case study does mention that PaaS solutions should be used, hence we need to use Azure Web apps for this solution and not Virtual Machine Scale Sets. Hence option C and D are eliminated. Option A is wrong: Scale Up – is an operation that’s Azure Web Sites cloud equivalent of moving your non-cloud web site to a bigger physical server. It’s useful to consider when your site is hitting a quota, signaling that you are outgrowing your existing mode or options. In addition, it can be done on virtually any site without worrying about the implications of multi-instances data consistency. To ensure that the web app can scale based on demand, we need to use the Scale Out settings as shown below
1) First go to the Scale out settings for the Web App 2) Then click on Enable autoscale Then add the required conditions for the scaling process
XYZ is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment
The company currently has the following Active Directory Environment in place
· Two Active Directory forests – One is quiz.XYZ.com and the other is research. XYZ.com
· Currently there is no trust relationship between the forests
· The quiz.XYZ.com is the production forest that hosts all the identities required for internal user and computer authentication.
· The research.XYZ.com forest is only used by the research department
The company currently has the following Networking Environment in place
· The offices currently contain at least one domain controller from the quiz. XYZ.com forest.
· The main head office contains the domain controller of the research. XYZ.com forest
· All of the offices have high speed internet connections
Application
The company has a web application running on-premise named XYZ -app
· The application is running on Microsoft Internet Information Services
· The application stores its data on Microsoft SQL Server 2016
· The servers are all running on Hyper-V
· The same Hyper-V environment also hosts a staging environment to test all updates to the web application
· All Microsoft based licenses have been purchased via a Microsoft Enterprise Agreement that includes Software Assurance
Planned Changes
· The company wants to migrate its workloads to Azure.
· They also want to create a hybrid identity model along with a Microsoft Office 365 deployment
· The research department will continue to use the infrastructure in the on-premise environment.
Following are the key requirements for the migration to Azure
· The Web application ” XYZ -app” needs to be migrated to Azure
· Existing licenses should be used wherever possible to minimize on costs
· Users need to always authenticate using their quiz. XYZ.com UPN identity
· All new deployments to Azure must be redundant in the case of an Azure region failure
· PaaS deployments are preferred wherever possible
· Directory Synchronization must be established between Azure AD and the quiz. XYZ.com forest. This synchronization must not be affected by a link failure between Azure and the on-premise network.
The following requirements need to be met in terms of the database
· When the database is migrated to Azure, it needs to be ensured that metrics are recorded for the database. The database administrators should be able to analyse the metrics for suggesting any further improvements to the database environment
· Database downtime must be minimized when the database is being migrated onto Azure
· Database backup’s must be maintained for a period of 5 years
The following requirements need to be met in terms of Security
· Administrators should be able to authenticate to Azure by using the quiz. XYZ.com credentials
Any administrative access to Azure must be complemented by multi-factor authentication
The following architecture is being recommended for the Web application
Would this architecture support redundancy for the web application?
Correct
Answer A Here you can use the priority traffic routing method which would automatically failover the Web application if it detects a failure in the primary region. The Microsoft documentation mentions the following
Answer A Here you can use the priority traffic routing method which would automatically failover the Web application if it detects a failure in the primary region. The Microsoft documentation mentions the following
Answer A Here you can use the priority traffic routing method which would automatically failover the Web application if it detects a failure in the primary region. The Microsoft documentation mentions the following
XYZ is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment
The company currently has the following Active Directory Environment in place
· Two Active Directory forests – One is quiz.XYZ.com and the other is research. XYZ.com
· Currently there is no trust relationship between the forests
· The quiz.XYZ.com is the production forest that hosts all the identities required for internal user and computer authentication.
· The research.XYZ.com forest is only used by the research department
The company currently has the following Networking Environment in place
· The offices currently contain at least one domain controller from the quiz. XYZ.com forest.
· The main head office contains the domain controller of the research. XYZ.com forest
· All of the offices have high speed internet connections
Application
The company has a web application running on-premise named XYZ -app
· The application is running on Microsoft Internet Information Services
· The application stores its data on Microsoft SQL Server 2016
· The servers are all running on Hyper-V
· The same Hyper-V environment also hosts a staging environment to test all updates to the web application
· All Microsoft based licenses have been purchased via a Microsoft Enterprise Agreement that includes Software Assurance
Planned Changes
· The company wants to migrate its workloads to Azure.
· They also want to create a hybrid identity model along with a Microsoft Office 365 deployment
· The research department will continue to use the infrastructure in the on-premise environment.
Following are the key requirements for the migration to Azure
· The Web application ” XYZ -app” needs to be migrated to Azure
· Existing licenses should be used wherever possible to minimize on costs
· Users need to always authenticate using their quiz. XYZ.com UPN identity
· All new deployments to Azure must be redundant in the case of an Azure region failure
· PaaS deployments are preferred wherever possible
· Directory Synchronization must be established between Azure AD and the quiz. XYZ.com forest. This synchronization must not be affected by a link failure between Azure and the on-premise network.
The following requirements need to be met in terms of the database
· When the database is migrated to Azure, it needs to be ensured that metrics are recorded for the database. The database administrators should be able to analyse the metrics for suggesting any further improvements to the database environment
· Database downtime must be minimized when the database is being migrated onto Azure
· Database backup’s must be maintained for a period of 5 years
The following requirements need to be met in terms of Security
· Administrators should be able to authenticate to Azure by using the quiz. XYZ.com credentials
Any administrative access to Azure must be complemented by multi-factor authentication
The following architecture is being recommended for the Web application
Would this architecture require a manual configuration if an Azure region fails?
Correct
Answer B Here you can use the priority traffic routing method which would automatically failover the Web application if it detects a failure in the primary region. The Microsoft documentation mentions the following
Answer B Here you can use the priority traffic routing method which would automatically failover the Web application if it detects a failure in the primary region. The Microsoft documentation mentions the following
Answer B Here you can use the priority traffic routing method which would automatically failover the Web application if it detects a failure in the primary region. The Microsoft documentation mentions the following
XYZ is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment
The company currently has the following Active Directory Environment in place
· Two Active Directory forests – One is quiz.XYZ.com and the other is research. XYZ.com
· Currently there is no trust relationship between the forests
· The quiz.XYZ.com is the production forest that hosts all the identities required for internal user and computer authentication.
· The research.XYZ.com forest is only used by the research department
The company currently has the following Networking Environment in place
· The offices currently contain at least one domain controller from the quiz. XYZ.com forest.
· The main head office contains the domain controller of the research. XYZ.com forest
· All of the offices have high speed internet connections
Application
The company has a web application running on-premise named XYZ -app
· The application is running on Microsoft Internet Information Services
· The application stores its data on Microsoft SQL Server 2016
· The servers are all running on Hyper-V
· The same Hyper-V environment also hosts a staging environment to test all updates to the web application
· All Microsoft based licenses have been purchased via a Microsoft Enterprise Agreement that includes Software Assurance
Planned Changes
· The company wants to migrate its workloads to Azure.
· They also want to create a hybrid identity model along with a Microsoft Office 365 deployment
· The research department will continue to use the infrastructure in the on-premise environment.
Following are the key requirements for the migration to Azure
· The Web application ” XYZ -app” needs to be migrated to Azure
· Existing licenses should be used wherever possible to minimize on costs
· Users need to always authenticate using their quiz. XYZ.com UPN identity
· All new deployments to Azure must be redundant in the case of an Azure region failure
· PaaS deployments are preferred wherever possible
· Directory Synchronization must be established between Azure AD and the quiz. XYZ.com forest. This synchronization must not be affected by a link failure between Azure and the on-premise network.
The following requirements need to be met in terms of the database
· When the database is migrated to Azure, it needs to be ensured that metrics are recorded for the database. The database administrators should be able to analyse the metrics for suggesting any further improvements to the database environment
· Database downtime must be minimized when the database is being migrated onto Azure
· Database backup’s must be maintained for a period of 5 years
The following requirements need to be met in terms of Security
· Administrators should be able to authenticate to Azure by using the quiz. XYZ.com credentials
Any administrative access to Azure must be complemented by multi-factor authentication
Which of the following should be recommended for the database retention period?
Correct
Answer A You can use the long-term retention feature as mentioned in the Microsoft documentation below
XYZ is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment
The company currently has the following Active Directory Environment in place
· Two Active Directory forests – One is quiz.XYZ.com and the other is research. XYZ.com
· Currently there is no trust relationship between the forests
· The quiz.XYZ.com is the production forest that hosts all the identities required for internal user and computer authentication.
· The research.XYZ.com forest is only used by the research department
The company currently has the following Networking Environment in place
· The offices currently contain at least one domain controller from the quiz. XYZ.com forest.
· The main head office contains the domain controller of the research. XYZ.com forest
· All of the offices have high speed internet connections
Application
The company has a web application running on-premise named XYZ -app
· The application is running on Microsoft Internet Information Services
· The application stores its data on Microsoft SQL Server 2016
· The servers are all running on Hyper-V
· The same Hyper-V environment also hosts a staging environment to test all updates to the web application
· All Microsoft based licenses have been purchased via a Microsoft Enterprise Agreement that includes Software Assurance
Planned Changes
· The company wants to migrate its workloads to Azure.
· They also want to create a hybrid identity model along with a Microsoft Office 365 deployment
· The research department will continue to use the infrastructure in the on-premise environment.
Following are the key requirements for the migration to Azure
· The Web application ” XYZ -app” needs to be migrated to Azure
· Existing licenses should be used wherever possible to minimize on costs
· Users need to always authenticate using their quiz. XYZ.com UPN identity
· All new deployments to Azure must be redundant in the case of an Azure region failure
· PaaS deployments are preferred wherever possible
· Directory Synchronization must be established between Azure AD and the quiz. XYZ.com forest. This synchronization must not be affected by a link failure between Azure and the on-premise network.
The following requirements need to be met in terms of the database
· When the database is migrated to Azure, it needs to be ensured that metrics are recorded for the database. The database administrators should be able to analyse the metrics for suggesting any further improvements to the database environment
· Database downtime must be minimized when the database is being migrated onto Azure
· Database backup’s must be maintained for a period of 5 years
The following requirements need to be met in terms of Security
· Administrators should be able to authenticate to Azure by using the quiz. XYZ.com credentials
Any administrative access to Azure must be complemented by multi-factor authentication
You need to decide on whether Azure storage is required for the various requirements of the case study
Would you need to provision an Azure storage account for the SQL Server database migration?
Correct
Answer A You would need a storage account to store the BACPAC file which will be needed for the SQL database import. The BACPAC file will need to be stored in Azure BLOB storage
Answer A You would need a storage account to store the BACPAC file which will be needed for the SQL database import. The BACPAC file will need to be stored in Azure BLOB storage
Answer A You would need a storage account to store the BACPAC file which will be needed for the SQL database import. The BACPAC file will need to be stored in Azure BLOB storage
XYZ is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment
The company currently has the following Active Directory Environment in place
· Two Active Directory forests – One is quiz.XYZ.com and the other is research. XYZ.com
· Currently there is no trust relationship between the forests
· The quiz.XYZ.com is the production forest that hosts all the identities required for internal user and computer authentication.
· The research.XYZ.com forest is only used by the research department
The company currently has the following Networking Environment in place
· The offices currently contain at least one domain controller from the quiz. XYZ.com forest.
· The main head office contains the domain controller of the research. XYZ.com forest
· All of the offices have high speed internet connections
Application
The company has a web application running on-premise named XYZ -app
· The application is running on Microsoft Internet Information Services
· The application stores its data on Microsoft SQL Server 2016
· The servers are all running on Hyper-V
· The same Hyper-V environment also hosts a staging environment to test all updates to the web application
· All Microsoft based licenses have been purchased via a Microsoft Enterprise Agreement that includes Software Assurance
Planned Changes
· The company wants to migrate its workloads to Azure.
· They also want to create a hybrid identity model along with a Microsoft Office 365 deployment
· The research department will continue to use the infrastructure in the on-premise environment.
Following are the key requirements for the migration to Azure
· The Web application ” XYZ -app” needs to be migrated to Azure
· Existing licenses should be used wherever possible to minimize on costs
· Users need to always authenticate using their quiz. XYZ.com UPN identity
· All new deployments to Azure must be redundant in the case of an Azure region failure
· PaaS deployments are preferred wherever possible
· Directory Synchronization must be established between Azure AD and the quiz. XYZ.com forest. This synchronization must not be affected by a link failure between Azure and the on-premise network.
The following requirements need to be met in terms of the database
· When the database is migrated to Azure, it needs to be ensured that metrics are recorded for the database. The database administrators should be able to analyse the metrics for suggesting any further improvements to the database environment
· Database downtime must be minimized when the database is being migrated onto Azure
· Database backup’s must be maintained for a period of 5 years
The following requirements need to be met in terms of Security
· Administrators should be able to authenticate to Azure by using the quiz. XYZ.com credentials
Any administrative access to Azure must be complemented by multi-factor authentication
You need to decide on whether Azure storage is required for the various requirements of the case study Would you need to provision an Azure storage account for Web site content?
Correct
Answer – B When you choose an App Service plan for an Azure Web app, it normally comes along with storage. An example is given below
XYZ is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment
The company currently has the following Active Directory Environment in place
· Two Active Directory forests – One is quiz.XYZ.com and the other is research. XYZ.com
· Currently there is no trust relationship between the forests
· The quiz.XYZ.com is the production forest that hosts all the identities required for internal user and computer authentication.
· The research.XYZ.com forest is only used by the research department
The company currently has the following Networking Environment in place
· The offices currently contain at least one domain controller from the quiz. XYZ.com forest.
· The main head office contains the domain controller of the research. XYZ.com forest
· All of the offices have high speed internet connections
Application
The company has a web application running on-premise named XYZ -app
· The application is running on Microsoft Internet Information Services
· The application stores its data on Microsoft SQL Server 2016
· The servers are all running on Hyper-V
· The same Hyper-V environment also hosts a staging environment to test all updates to the web application
· All Microsoft based licenses have been purchased via a Microsoft Enterprise Agreement that includes Software Assurance
Planned Changes
· The company wants to migrate its workloads to Azure.
· They also want to create a hybrid identity model along with a Microsoft Office 365 deployment
· The research department will continue to use the infrastructure in the on-premise environment.
Following are the key requirements for the migration to Azure
· The Web application ” XYZ -app” needs to be migrated to Azure
· Existing licenses should be used wherever possible to minimize on costs
· Users need to always authenticate using their quiz. XYZ.com UPN identity
· All new deployments to Azure must be redundant in the case of an Azure region failure
· PaaS deployments are preferred wherever possible
· Directory Synchronization must be established between Azure AD and the quiz. XYZ.com forest. This synchronization must not be affected by a link failure between Azure and the on-premise network.
The following requirements need to be met in terms of the database
· When the database is migrated to Azure, it needs to be ensured that metrics are recorded for the database. The database administrators should be able to analyse the metrics for suggesting any further improvements to the database environment
· Database downtime must be minimized when the database is being migrated onto Azure
· Database backup’s must be maintained for a period of 5 years
The following requirements need to be met in terms of Security
· Administrators should be able to authenticate to Azure by using the quiz. XYZ.com credentials
Any administrative access to Azure must be complemented by multi-factor authentication
You need to decide on whether Azure storage is required for the various requirements of the case study Would you need to provision an Azure storage account for database metric monitoring?
Correct
Answer A The case study mentions that we need to have the database metrics in place for further analysis. So, we need to persists the logs and metrics for the database. One way as mentioned below is to use Azure Storage accounts.
Incorrect
Answer A The case study mentions that we need to have the database metrics in place for further analysis. So, we need to persists the logs and metrics for the database. One way as mentioned below is to use Azure Storage accounts.
Unattempted
Answer A The case study mentions that we need to have the database metrics in place for further analysis. So, we need to persists the logs and metrics for the database. One way as mentioned below is to use Azure Storage accounts.
Question 32 of 42
32. Question
An application needs to be deployed onto Azure. This application will be hosted on a set of Virtual Machines. The below set of rules need to apply when it comes to diverting traffic for users
*) Users navigating to http://XYZ.com/video/* need to be directed to one set of Virtual Machines
*)Users navigating to http://XYZ.com/images/* need to be directed to another set of Virtual Machines
You need to setup the correct appliance which could be used to fulfil these requirements. Which of the following would you implement?
Correct
Answer C You can use the URL routing feature of the application gateway as shown below
Option A is incorrect since this is used to divert traffic based on DNS to multiple regions Option B is incorrect since this cant be used to divert traffic Option D is incorrect since this is used to divert traffic from a Virtual Network over a VPN connection For more information on the application gateway, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/overview
Incorrect
Answer C You can use the URL routing feature of the application gateway as shown below
Option A is incorrect since this is used to divert traffic based on DNS to multiple regions Option B is incorrect since this cant be used to divert traffic Option D is incorrect since this is used to divert traffic from a Virtual Network over a VPN connection For more information on the application gateway, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/overview
Unattempted
Answer C You can use the URL routing feature of the application gateway as shown below
Option A is incorrect since this is used to divert traffic based on DNS to multiple regions Option B is incorrect since this cant be used to divert traffic Option D is incorrect since this is used to divert traffic from a Virtual Network over a VPN connection For more information on the application gateway, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/application-gateway/overview
Question 33 of 42
33. Question
A company needs to run an application that would be processing thousands of images at the same time. They need to have an ideal compute solution designed in Azure to handle the high scale processing of the images. You decide to implement Azure Web Apps as part of the solution Does this meet the requirement?
Correct
Answer B The Azure Web App service is used to run primarily web applications and cannot be used for high compute intensive parallel processing jobs. For more information on Azure Web Apps, please go ahead and visit the below URL https://azure.microsoft.com/en-us/services/app-service/web/
Incorrect
Answer B The Azure Web App service is used to run primarily web applications and cannot be used for high compute intensive parallel processing jobs. For more information on Azure Web Apps, please go ahead and visit the below URL https://azure.microsoft.com/en-us/services/app-service/web/
Unattempted
Answer B The Azure Web App service is used to run primarily web applications and cannot be used for high compute intensive parallel processing jobs. For more information on Azure Web Apps, please go ahead and visit the below URL https://azure.microsoft.com/en-us/services/app-service/web/
Question 34 of 42
34. Question
A company has an application running as part of Azure Web Apps. A database is being hosted in a Virtual Network. There is a requirement to ensure that the web app can access a cluster of databases installed on multiple VM in hybrid architect without the need of exposing a public endpoint. You decide to implement Azure Batch jobs as part of the solution Does this meet the requirement?
Correct
Answer: B The requirement is : connectivity between Web App and SQL database server without the need to exposing public end point. The solution should be : Virtual Network Rules or Private IP of the database server
Answer: B The requirement is : connectivity between Web App and SQL database server without the need to exposing public end point. The solution should be : Virtual Network Rules or Private IP of the database server
Answer: B The requirement is : connectivity between Web App and SQL database server without the need to exposing public end point. The solution should be : Virtual Network Rules or Private IP of the database server
A company has an application running as part of Azure Web Apps. A database is being hosted in a Virtual Network. There is a requirement to ensure that the web app can access a cluster of databases installed on multiple VM in hybrid architect without the need of exposing a public endpoint. You decide to deploy an HPC Pack to Azure. Does this meet the requirement?
Correct
Answer A Yes, this can be done with the help of deploying HPC Pack to Azure. The Microsoft documentation mentions the following
A company currently has an on-premise infrastructure that consists of
*) An Active directory domain named XYZ.com
*)Active Directory Federation services
*)Application Proxy servers for external connection
The company has recently setup an Azure AD tenant. They have also setup Azure AD Connect for the synchronization of users from the on-premise AD to Azure AD. They have the following additional requirements
*) Ability to monitor the solutions that integrate with Azure AD
*) Identify any potential issues in AD FS
*)Identify any directory synchronization issues
You need to identify the right monitoring solution for each type of server Which of the following would you use to monitor the AD FS servers?
Correct
Answer B Azure AD Connect Health has the ability to monitor AD FS servers as well. If you see the Microsoft documentation, you can clearly see the option present.
Answer B Azure AD Connect Health has the ability to monitor AD FS servers as well. If you see the Microsoft documentation, you can clearly see the option present.
Answer B Azure AD Connect Health has the ability to monitor AD FS servers as well. If you see the Microsoft documentation, you can clearly see the option present.
A company currently has an on-premise infrastructure that consists of
*) An Active directory domain named XYZ.com
*)Active Directory Federation services
*)Application Proxy servers for external connection
The company has recently setup an Azure AD tenant. They have also setup Azure AD Connect for the synchronization of users from the on-premise AD to Azure AD. They have the following additional requirements
*) Ability to monitor the solutions that integrate with Azure AD
*) Identify any potential issues in AD FS
*)Identify any directory synchronization issues You need to identify the right monitoring solution for each type of server Which of the following would you use to monitor the AD Connect Servers?
Correct
Answer – B Azure AD Connect Health has the ability to monitor all AD Connect Servers and check for any synchronization issues. If you see the Microsoft documentation, you can clearly see the option present.
Answer – B Azure AD Connect Health has the ability to monitor all AD Connect Servers and check for any synchronization issues. If you see the Microsoft documentation, you can clearly see the option present.
Answer – B Azure AD Connect Health has the ability to monitor all AD Connect Servers and check for any synchronization issues. If you see the Microsoft documentation, you can clearly see the option present.
A company currently has an on-premise infrastructure that consists of
*)An Active directory domain named XYZ.com
*)Active Directory Federation services
*)Application Proxy servers for external connection
The company has recently setup an Azure AD tenant. They have also setup Azure AD Connect for the synchronization of users from the on-premise AD to Azure AD. They have the following additional requirements
*) Ability to monitor the solutions that integrate with Azure AD
*)Identity any potential issues in AD FS
*)Identify any directory synchronization issues
You need to identify the right monitoring solution for each type of server Which of the following would you use to monitor the web application proxy servers?
Correct
Answer B Azure AD Connect Health can also be used to monitor web application proxy servers as well. This is given in the Microsoft documentation
A company has an Azure storage account. The storage account needs to be configured in such a way that it is only accessible from one specific Azure Virtual Network. You have to ensure that the storage account is not accessible from the Internet. Which of the following would you use to implement this requirement?
Correct
Answer D The Microsoft documentation mentions the following Virtual Network (VNet) service endpoints extend your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network. Option A is incorrect since this is just used to manage the traffic into a subnet or network interface Option B is incorrect since this is used for content delivery Option C is incorrect since this is used only if you want to have HTTPS data transfer for the storage account For more information on Virtual Networks service endpoint, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
Incorrect
Answer D The Microsoft documentation mentions the following Virtual Network (VNet) service endpoints extend your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network. Option A is incorrect since this is just used to manage the traffic into a subnet or network interface Option B is incorrect since this is used for content delivery Option C is incorrect since this is used only if you want to have HTTPS data transfer for the storage account For more information on Virtual Networks service endpoint, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
Unattempted
Answer D The Microsoft documentation mentions the following Virtual Network (VNet) service endpoints extend your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network. Option A is incorrect since this is just used to manage the traffic into a subnet or network interface Option B is incorrect since this is used for content delivery Option C is incorrect since this is used only if you want to have HTTPS data transfer for the storage account For more information on Virtual Networks service endpoint, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
Question 40 of 42
40. Question
A company has developed a web service that is made available on a virtual machine deployed to a subnet in the Virtual network XYZ-network. An API Management service has been deployed, which will provide access to the API service hosted on the Virtual Machine. Consultant companies must be able to connect to the API over the Internet. Below is the configuration of the API management gateway instance
Based on the configuration, would the API be available to the consultants over the Internet?
Correct
Answer A An example of this configuration is given in the Microsoft documentation. By choosing the External option, the API management gateway instance would also be available over the Internet
Answer A An example of this configuration is given in the Microsoft documentation. By choosing the External option, the API management gateway instance would also be available over the Internet
Answer A An example of this configuration is given in the Microsoft documentation. By choosing the External option, the API management gateway instance would also be available over the Internet
A company has developed a web service that is made available on a virtual machine deployed to a subnet in the Virtual network XYZ-network. An API Management service has been deployed, which will provide access to the API service hosted on the Virtual Machine. Consultant companies must be able to connect to the API over the Internet. Below is the configuration of the API management gateway instance
Based on the configuration, would the gateway be able to access the data from the Virtual Machine?
Correct
Answer – A Yes, since the gateway is attached to the Virtual Network, it would have access to the Virtual Network. An example of this is given in the Microsoft documentation
Answer – A Yes, since the gateway is attached to the Virtual Network, it would have access to the Virtual Network. An example of this is given in the Microsoft documentation
Answer – A Yes, since the gateway is attached to the Virtual Network, it would have access to the Virtual Network. An example of this is given in the Microsoft documentation
A company has developed a web service that is made available on a virtual machine deployed to a subnet in the Virtual network XYZ-network. An API Management service has been deployed, which will provide access to the API service hosted on the Virtual Machine. Consultant companies must be able to connect to the API over the Internet. Below is the configuration of the API management gateway instance
Based on the configuration, would a VPN gateway be required for consultant access?
Correct
Answer B An example of this configuration is given in the Microsoft documentation. By choosing the External option, the API management gateway instance would also be available over the Internet. Hence a VPN gateway would not be required for access for the consultants.
Answer B An example of this configuration is given in the Microsoft documentation. By choosing the External option, the API management gateway instance would also be available over the Internet. Hence a VPN gateway would not be required for access for the consultants.
Answer B An example of this configuration is given in the Microsoft documentation. By choosing the External option, the API management gateway instance would also be available over the Internet. Hence a VPN gateway would not be required for access for the consultants.