You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" Microsoft Azure AZ-304 Practice Test 4 "
0 of 75 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
Microsoft Azure AZ-304 Practice Tests
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking view questions. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
Answered
Review
Question 1 of 75
1. Question
An organization named ACME has an on-premises data center environment from which they host several applications. ACME is in the process of adopting Azure services for the benefit of resiliency and availability. Below are the 3 applications and their requirements:
· ACME1: this is a critical client-facing application that runs on-premises, however, this app must be able to failover to the Azure environment should something happen to the on-premises data center with an RPO of less than 20 minutes.
· ACME2: this application has a Recovery Point Objective of 25 minutes and Recovery Time Objective should be less than 20 minutes.
· ACME3: the requirement is to store data for 2 years.
Which of the following solutions would you use for ACME1?
Correct
Azure Site Recovery is correct as this solution allows organizations to adopt a business continuity and disaster recovery (BCDR) strategy that keeps your data safe and your apps/workloads up and running when planned and unplanned outages occur. Azure Backup is incorrect as this usually has an RPO of 1 day (24 hours). GPv2 storage account is incorrect as this is used to store data and not meant to be used as a business continuity strategy for applications for failover events. Azure SQL Database and Cosmos DB are incorrect as Azure Site Recovery should be used. https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
Incorrect
Azure Site Recovery is correct as this solution allows organizations to adopt a business continuity and disaster recovery (BCDR) strategy that keeps your data safe and your apps/workloads up and running when planned and unplanned outages occur. Azure Backup is incorrect as this usually has an RPO of 1 day (24 hours). GPv2 storage account is incorrect as this is used to store data and not meant to be used as a business continuity strategy for applications for failover events. Azure SQL Database and Cosmos DB are incorrect as Azure Site Recovery should be used. https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
Unattempted
Azure Site Recovery is correct as this solution allows organizations to adopt a business continuity and disaster recovery (BCDR) strategy that keeps your data safe and your apps/workloads up and running when planned and unplanned outages occur. Azure Backup is incorrect as this usually has an RPO of 1 day (24 hours). GPv2 storage account is incorrect as this is used to store data and not meant to be used as a business continuity strategy for applications for failover events. Azure SQL Database and Cosmos DB are incorrect as Azure Site Recovery should be used. https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
Question 2 of 75
2. Question
An organization named ACME has an on-premises data center environment from which they host several applications. ACME is in the process of adopting Azure services for the benefit of resiliency and availability. Below are the 3 applications and their requirements:
· ACME1: this is a critical client-facing application that runs on-premises, however, this app must be able to failover to the Azure environment should something happen to the on-premises data center with an RPO of less than 20 minutes.
· ACME2: this application has a Recovery Point Objective of 25 minutes and Recovery Time Objective should be less than 20 minutes.
· ACME3: the requirement is to store application data for 2 years and has a Recovery Point Objective of 1 day.
Which of the following solutions would you use for ACME3?
Correct
Azure Backup is correct as this solution has the capability for data to be stored for days/months/years and has an RPO of 1 day, it also handles data at a more granular level than Site Recovery. Azure Site Recovery is incorrect as this is not a long-term storage solution and also does not support the restoration of data at the granular level as Azure Backup. GPv2 storage account is incorrect as this is not a backup solution with different recovery points. Cosmos DB and SQL Database are incorrect as the solution is running on-premises and specific storage is not mentioned, however, this question is testing your ability to understand when to use Azure Backup. https://docs.microsoft.com/en-us/azure/backup/backup-overview
Incorrect
Azure Backup is correct as this solution has the capability for data to be stored for days/months/years and has an RPO of 1 day, it also handles data at a more granular level than Site Recovery. Azure Site Recovery is incorrect as this is not a long-term storage solution and also does not support the restoration of data at the granular level as Azure Backup. GPv2 storage account is incorrect as this is not a backup solution with different recovery points. Cosmos DB and SQL Database are incorrect as the solution is running on-premises and specific storage is not mentioned, however, this question is testing your ability to understand when to use Azure Backup. https://docs.microsoft.com/en-us/azure/backup/backup-overview
Unattempted
Azure Backup is correct as this solution has the capability for data to be stored for days/months/years and has an RPO of 1 day, it also handles data at a more granular level than Site Recovery. Azure Site Recovery is incorrect as this is not a long-term storage solution and also does not support the restoration of data at the granular level as Azure Backup. GPv2 storage account is incorrect as this is not a backup solution with different recovery points. Cosmos DB and SQL Database are incorrect as the solution is running on-premises and specific storage is not mentioned, however, this question is testing your ability to understand when to use Azure Backup. https://docs.microsoft.com/en-us/azure/backup/backup-overview
Question 3 of 75
3. Question
An organization named ACME has an on-premises data center environment from which they host several applications. ACME is in the process of adopting Azure services for the benefit of resiliency and availability. Below are the 3 applications and their requirements:
· ACME1: this is a critical client-facing application that runs on-premises, however, this app must be able to failover to the Azure environment should something happen to the on-premises data center with a Recovery Point Objective (RPO) of less than 20 minutes.
· ACME2: this application has a Recovery Point Objective (RPO) of 25 minutes and Recovery Time Objective (RTO) should be less than 20 minutes.
· ACME3: the requirement is to store application data for 2 years and has a Recovery Point Objective (RPO) of 1 day.
Which of the following solutions would you use for ACME2?
Correct
Azure Site Recovery is correct as this solution allows organizations to adopt a business continuity and disaster recovery (BCDR) strategy that keeps your data safe and your apps/workloads up and running when planned and unplanned outages occur with very low RPO/RTO. Azure Backup is incorrect as this usually has an RPO of 1 day (24 hours). GPv2 storage account is incorrect as this is used to store data and not meant to be used as a business continuity strategy for applications for failover events. Azure SQL Database and Cosmos DB are incorrect as Azure Site Recovery should be used for failover in this scenario. https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
Incorrect
Azure Site Recovery is correct as this solution allows organizations to adopt a business continuity and disaster recovery (BCDR) strategy that keeps your data safe and your apps/workloads up and running when planned and unplanned outages occur with very low RPO/RTO. Azure Backup is incorrect as this usually has an RPO of 1 day (24 hours). GPv2 storage account is incorrect as this is used to store data and not meant to be used as a business continuity strategy for applications for failover events. Azure SQL Database and Cosmos DB are incorrect as Azure Site Recovery should be used for failover in this scenario. https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
Unattempted
Azure Site Recovery is correct as this solution allows organizations to adopt a business continuity and disaster recovery (BCDR) strategy that keeps your data safe and your apps/workloads up and running when planned and unplanned outages occur with very low RPO/RTO. Azure Backup is incorrect as this usually has an RPO of 1 day (24 hours). GPv2 storage account is incorrect as this is used to store data and not meant to be used as a business continuity strategy for applications for failover events. Azure SQL Database and Cosmos DB are incorrect as Azure Site Recovery should be used for failover in this scenario. https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
Question 4 of 75
4. Question
An organization named Fabrikam has an on-premises data center environment from which they host several applications. Fabrikam makes use of SQL server 2014 which is installed on a VM which runs on the Hyper-V platform and leverages the Software Assurance contract they have in place with Microsoft. They need to migrate the on-premises SQL instance to Azure and leverage their existing investment.
Fabrikam decides to deploy a SQL VM in Azure. Does this meet the requirement?
An organization named Fabrikam has an on-premises data center environment from which they host several applications. Fabrikam makes use of SQL server 2014 which is installed on a VM which runs on the Hyper-V platform and leverages the Software Assurance contract they have in place with Microsoft. They need to migrate the on-premises SQL instance to Azure and leverage their existing investment.
Fabrikam decides to migrate to Azure SQL on the DTU model. Does this meet the requirement?
Correct
False is correct. Only Azure SQL vCore model supports making use of the hybrid benefit (Software Assurance). The Azure SQL DTU model does not support the hybrid benefit model. More info on Azure SQL DTU: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-dtu
Incorrect
False is correct. Only Azure SQL vCore model supports making use of the hybrid benefit (Software Assurance). The Azure SQL DTU model does not support the hybrid benefit model. More info on Azure SQL DTU: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-dtu
Unattempted
False is correct. Only Azure SQL vCore model supports making use of the hybrid benefit (Software Assurance). The Azure SQL DTU model does not support the hybrid benefit model. More info on Azure SQL DTU: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-dtu
Question 6 of 75
6. Question
An organization named Fabrikam has an on-premises data center environment from which they host several applications. Fabrikam makes use of SQL server 2014 which is installed on a VM which runs on the Hyper-V platform and leverages the Software Assurance contract they have in place with Microsoft. They need to migrate the on-premises SQL instance to Azure and leverage their existing investment.
Fabrikam decides to migrate to Azure SQL on the vCore model. Does this meet the requirement?
Correct
True is correct. Unlike Azure SQL DTU model, the vCore model supports hybrid benefit. More info on Azure hybrid benefit for SQL server vCore: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-azure-hybrid-benefit
Incorrect
True is correct. Unlike Azure SQL DTU model, the vCore model supports hybrid benefit. More info on Azure hybrid benefit for SQL server vCore: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-azure-hybrid-benefit
Unattempted
True is correct. Unlike Azure SQL DTU model, the vCore model supports hybrid benefit. More info on Azure hybrid benefit for SQL server vCore: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-azure-hybrid-benefit
Question 7 of 75
7. Question
An organization named Fabrikam has an on-premises data center environment from which they host several applications. Fabrikam makes use of SQL server 2014 which is installed on a VM which runs on the Hyper-V platform and leverages the Software Assurance contract they have in place with Microsoft. They need to migrate the on-premises SQL instance to Azure and leverage their existing investment.
Fabrikam decides to migrate to an Azure SQL Managed Instance (MI). Does this meet the requirement?
An organization named Fabrikam has an on-premises data center environment from which they host several applications. Fabrikam makes use of SQL server 2014 which is installed on a VM which runs on the Hyper-V platform and leverages the Software Assurance contract they have in place with Microsoft. They need to migrate the on-premises SQL instance to Azure and ensure encryption is applied where possible. Fabrikam decides to migrate to an IaaS SQL VM in Azure.
Which of the following encryption technologies are supported in this scenario? Choose all that apply.
Correct
Bit Locker is correct as this is used to encrypt the VM disks. Always Encrypted is correct as this is used to protect sensitive data stored in SQL. DM Crypt is incorrect as this encryption technology is used for Linux VMs, not Windows VMs. Azure Key Vault is incorrect as this is used to integrate the encryption keys and store and access them safely and securely, Key Vault is not an encryption technology by itself. https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15
Incorrect
Bit Locker is correct as this is used to encrypt the VM disks. Always Encrypted is correct as this is used to protect sensitive data stored in SQL. DM Crypt is incorrect as this encryption technology is used for Linux VMs, not Windows VMs. Azure Key Vault is incorrect as this is used to integrate the encryption keys and store and access them safely and securely, Key Vault is not an encryption technology by itself. https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15
Unattempted
Bit Locker is correct as this is used to encrypt the VM disks. Always Encrypted is correct as this is used to protect sensitive data stored in SQL. DM Crypt is incorrect as this encryption technology is used for Linux VMs, not Windows VMs. Azure Key Vault is incorrect as this is used to integrate the encryption keys and store and access them safely and securely, Key Vault is not an encryption technology by itself. https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15
Question 9 of 75
9. Question
As an architect, you have been tasked to identify the different key/value stores available in Azure. Choose all that apply:
Correct
Azure Cache for Redis and Cosmos DB are examples of key/value stores. Azure SQL DB, MySQL, and MariaDB are all examples of relational databases. https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/data-store-overview
Incorrect
Azure Cache for Redis and Cosmos DB are examples of key/value stores. Azure SQL DB, MySQL, and MariaDB are all examples of relational databases. https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/data-store-overview
Unattempted
Azure Cache for Redis and Cosmos DB are examples of key/value stores. Azure SQL DB, MySQL, and MariaDB are all examples of relational databases. https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/data-store-overview
Question 10 of 75
10. Question
As an architect, you have been tasked to identify the different relational database management systems available in Azure. Choose all that apply:
Contoso inc. is a financial company that recently migrated some of their infrastructure from on-premises to Azure. Contoso inc. has a resource group labeled “Production” which has 2 virtual networks; “Front End VNet” which has an address space of 10.20.0.0/16. The “Front End VNet” has a Virtual Machine Scale Set (VMSS) which runs the web application. The “Back End VNet” has an address space of 10.30.0.0/16, this VNet has a SQL database which is used to store data. Refer to Figure 1 for an overview diagram.
Contoso inc. has a head office in London with an employee headcount of 500, a branch office in South Africa with a headcount of 50 employees and 4 remote engineers from different geographic regions. All users have an Azure AD P2 license assigned and MFA enforced.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You need to configure the “Front End VNet” to communicate with the “Back End VNet” via a dedicated firewall.
Solution: You make use of custom route tables
Does this solution meet the goal?
Contoso inc. is a financial company that recently migrated some of their infrastructure from on-premises to Azure. Contoso inc. has a resource group labeled “Production” which has 2 virtual networks; “Front End VNet” which has an address space of 10.20.0.0/16. The “Front End VNet” has a Virtual Machine Scale Set (VMSS) which runs the web application. The “Back End VNet” has an address space of 10.30.0.0/16, this VNet has a SQL database which is used to store data. Refer to Figure 1 for an overview diagram.
Contoso inc. has a head office in London with an employee headcount of 500, a branch office in South Africa with a headcount of 50 employees and 4 remote engineers from different geographic regions. All users have an Azure AD P2 license assigned and MFA enforced.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You need to configure the “Front End VNet” to communicate with the “Back End VNet” without having to create additional resources.
Solution: Configure Virtual Network Peering.
Does this solution meet the goal?
Contoso inc. is a financial company that recently migrated some of their infrastructure from on-premises to Azure. Contoso inc. has a resource group labeled “Production” which has 2 virtual networks; “Front End VNet” which has an address space of 10.20.0.0/16. The “Front End VNet” has a Virtual Machine Scale Set (VMSS) which runs the web application. The “Back End VNet” has an address space of 10.30.0.0/16, this VNet has a SQL database which is used to store data. Refer to Figure 1 for an overview diagram.
Contoso inc. has a head office in London with an employee headcount of 500, a branch office in South Africa with a headcount of 50 employees and 4 remote engineers from different geographic regions. All users have an Azure AD P2 license assigned and MFA enforced.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You need to configure access for the remote engineers to connect securely to the “Front End VNet”.
Solution: Deploy a Virtual Network Gateway and configure Site-to-Site access.
Does this solution meet the goal?
Correct
False is correct, you need to deploy a Virtual Network Gateway and configure Point-to-Site VPN as this will enable the remote engineers to connect securely from their laptop/PCs. Point-to-Site (P2S) VPN is preferred when specific users need access to Azure resources and there are no VPN devices on-premises. P2S connections make use of the software-based client to connect.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
Question 45: Skipped
Contoso inc. is a financial company that recently migrated some of their infrastructure from on-premises to Azure. Contoso inc. has a resource group labeled “Production” which has 2 virtual networks; “Front End VNet” which has an address space of 10.20.0.0/16. The “Front End VNet” has a Virtual Machine Scale Set (VMSS) which runs the web application. The “Back End VNet” has an address space of 10.30.0.0/16, this VNet has a SQL database which is used to store data. Refer to Figure 1 for an overview diagram.
Contoso inc. has a head office in London with an employee headcount of 500, a branch office in South Africa with a headcount of 50 employees and 4 remote engineers from different geographic regions. All users have an Azure AD P2 license assigned and MFA enforced.
Larger image
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You need to create a new storage account labeled “Network-Storage” in the “Production” Resource Group. This storage account must support SMB 3.0 as this will be mounted to all virtual machines as central storage for quick access.
Which storage service should you configure?
Incorrect
False is correct, you need to deploy a Virtual Network Gateway and configure Point-to-Site VPN as this will enable the remote engineers to connect securely from their laptop/PCs. Point-to-Site (P2S) VPN is preferred when specific users need access to Azure resources and there are no VPN devices on-premises. P2S connections make use of the software-based client to connect.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
Question 45: Skipped
Contoso inc. is a financial company that recently migrated some of their infrastructure from on-premises to Azure. Contoso inc. has a resource group labeled “Production” which has 2 virtual networks; “Front End VNet” which has an address space of 10.20.0.0/16. The “Front End VNet” has a Virtual Machine Scale Set (VMSS) which runs the web application. The “Back End VNet” has an address space of 10.30.0.0/16, this VNet has a SQL database which is used to store data. Refer to Figure 1 for an overview diagram.
Contoso inc. has a head office in London with an employee headcount of 500, a branch office in South Africa with a headcount of 50 employees and 4 remote engineers from different geographic regions. All users have an Azure AD P2 license assigned and MFA enforced.
Larger image
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You need to create a new storage account labeled “Network-Storage” in the “Production” Resource Group. This storage account must support SMB 3.0 as this will be mounted to all virtual machines as central storage for quick access.
Which storage service should you configure?
Unattempted
False is correct, you need to deploy a Virtual Network Gateway and configure Point-to-Site VPN as this will enable the remote engineers to connect securely from their laptop/PCs. Point-to-Site (P2S) VPN is preferred when specific users need access to Azure resources and there are no VPN devices on-premises. P2S connections make use of the software-based client to connect.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
Question 45: Skipped
Contoso inc. is a financial company that recently migrated some of their infrastructure from on-premises to Azure. Contoso inc. has a resource group labeled “Production” which has 2 virtual networks; “Front End VNet” which has an address space of 10.20.0.0/16. The “Front End VNet” has a Virtual Machine Scale Set (VMSS) which runs the web application. The “Back End VNet” has an address space of 10.30.0.0/16, this VNet has a SQL database which is used to store data. Refer to Figure 1 for an overview diagram.
Contoso inc. has a head office in London with an employee headcount of 500, a branch office in South Africa with a headcount of 50 employees and 4 remote engineers from different geographic regions. All users have an Azure AD P2 license assigned and MFA enforced.
Larger image
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You need to create a new storage account labeled “Network-Storage” in the “Production” Resource Group. This storage account must support SMB 3.0 as this will be mounted to all virtual machines as central storage for quick access.
Which storage service should you configure?
Question 14 of 75
14. Question
Contoso inc. is a financial company that recently migrated some of their infrastructure from on-premises to Azure. Contoso inc. has a resource group labeled “Production” which has 2 virtual networks; “Front End VNet” which has an address space of 10.20.0.0/16. The “Front End VNet” has a Virtual Machine Scale Set (VMSS) which runs the web application. The “Back End VNet” has an address space of 10.30.0.0/16, this VNet has a SQL database which is used to store data. Refer to Figure 1 for an overview diagram.
Contoso inc. has a head office in London with an employee headcount of 500, a branch office in South Africa with a headcount of 50 employees and 4 remote engineers from different geographic regions. All users have an Azure AD P2 license assigned and MFA enforced.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You need to create a new storage account labeled “Network-Storage” in the “Production” Resource Group. This storage account must support SMB 3.0 as this will be mounted to all virtual machines as central storage for quick access.
Which storage service should you configure?
Correct
File Storage is correct as this is used for file shares and supports SMB 3.0. Table storage will not work as this is used to store structured data like storing data which can be searched i.e. name/surname/address etc. Queue storage is incorrect as this is used for storing message queues. Blob storage is incorrect as this is used to store blob objects like pictures, videos, music, etc. and Azure disks which can be mounted to VMs, however, you can only link one VM to a virtual disk. https://azure.microsoft.com/en-us/services/storage/files/
Incorrect
File Storage is correct as this is used for file shares and supports SMB 3.0. Table storage will not work as this is used to store structured data like storing data which can be searched i.e. name/surname/address etc. Queue storage is incorrect as this is used for storing message queues. Blob storage is incorrect as this is used to store blob objects like pictures, videos, music, etc. and Azure disks which can be mounted to VMs, however, you can only link one VM to a virtual disk. https://azure.microsoft.com/en-us/services/storage/files/
Unattempted
File Storage is correct as this is used for file shares and supports SMB 3.0. Table storage will not work as this is used to store structured data like storing data which can be searched i.e. name/surname/address etc. Queue storage is incorrect as this is used for storing message queues. Blob storage is incorrect as this is used to store blob objects like pictures, videos, music, etc. and Azure disks which can be mounted to VMs, however, you can only link one VM to a virtual disk. https://azure.microsoft.com/en-us/services/storage/files/
Question 15 of 75
15. Question
Contoso inc. is a financial company that recently migrated some of their infrastructure from on-premises to Azure. Contoso inc. has a resource group labeled “Production” which has 2 virtual networks; “Front End VNet” which has an address space of 10.20.0.0/16. The “Front End VNet” has a Virtual Machine Scale Set (VMSS) which runs the web application. The “Back End VNet” has an address space of 10.30.0.0/16, this VNet has a SQL database which is used to store data. Refer to Figure 1 for an overview diagram.
Contoso inc. has a head office in London with an employee headcount of 500, a branch office in South Africa with a headcount of 50 employees and 4 remote engineers from different geographic regions. All users have an Azure AD P2 license assigned and MFA enforced.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
You need to share access to the “Network-Storage” account with a third party for integration purposes. You plan on creating a shared access signature.
True or False: You can only make use of the HTTPS protocol when creating a SAS key.
Contoso inc. is a financial company that recently migrated some of their infrastructures from on-premises to Azure. Contoso inc. has a resource group labeled “Production” which has 2 virtual networks; “Front End VNet” which has an address space of 10.20.0.0/16. The “Front End VNet” has a Virtual Machine Scale Set (VMSS) which runs the web application. The “Back End VNet” has an address space of 10.30.0.0/16, this VNet has a SQL database which is used to store data. Refer to Figure 1 for an overview diagram.
Contoso inc. has a head office in London with an employee headcount of 500, a branch office in South Africa with a headcount of 50 employees and 4 remote engineers from different geographic regions. All users have an Azure AD P2 license assigned and MFA enforced.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one the correct solution, while others might not have a correct solution.
You need to configure the “Front End VNet” to communicate with the “Back End VNet”.
Solution: You configure a Virtual Network Gateway.
Does this solution meet the goal?
Fabrikam has 3 branches in the following locations: New York, London, and Tokyo, each office has its on-premises environment and is making use of a single Azure AD tenant on the Fabrikam.com domain. All users have Office E3 and EMS E3 licenses assigned. Users authenticate to Microsoft cloud services like exchange online, however lately the security administrators have noticed that there are a lot of sign-in attempts from other regions that Fabrikam does not operate in. You have been tasked to recommend a solution that will provide an additional layer of security for authentication when users sign in but should not affect users at the 3 legitimate branches.
You recommend making use of Azure policies. Does this meet the requirement?
Correct
Azure policy is incorrect. Azure policy is used to enforce different rules and effects our resources, for example only allowing specific SKU virtual machines to be deployed in your Azure tenant. https://docs.microsoft.com/en-us/azure/governance/policy/overview
Incorrect
Azure policy is incorrect. Azure policy is used to enforce different rules and effects our resources, for example only allowing specific SKU virtual machines to be deployed in your Azure tenant. https://docs.microsoft.com/en-us/azure/governance/policy/overview
Unattempted
Azure policy is incorrect. Azure policy is used to enforce different rules and effects our resources, for example only allowing specific SKU virtual machines to be deployed in your Azure tenant. https://docs.microsoft.com/en-us/azure/governance/policy/overview
Question 18 of 75
18. Question
Fabrikam has 3 branches in the following locations: New York, London, and Tokyo, each office has its on-premises environment and is making use of a single Azure AD tenant on the Fabrikam.com domain. All users have Office E3 and EMS E3 licenses assigned. Users authenticate to Microsoft cloud services like exchange online, however lately the security administrators have noticed that there are a lot of sign-in attempts from other regions that Fabrikam does not operate in. You have been tasked to recommend a solution that will provide an additional layer of security for authentication when users try and sign in from locations that are not originating from the 3 legitimate branches.
You recommend making use of Privileged Identity Management (Azure PIM). Does this meet the requirement?
Correct
Azure Privileged Identity Management is incorrect, PIM is used to manage, control and monitor access to important resources or roles within Azure which is time-bound and approval based. This solution will not fit into the scenario due to the fact that Multi-Factor Authentication is required with conditional access policies to white-list the 3 branches which are legitimate user sign-in requests but should prompt for MFA when authentication requests are not originating from those branches. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Incorrect
Azure Privileged Identity Management is incorrect, PIM is used to manage, control and monitor access to important resources or roles within Azure which is time-bound and approval based. This solution will not fit into the scenario due to the fact that Multi-Factor Authentication is required with conditional access policies to white-list the 3 branches which are legitimate user sign-in requests but should prompt for MFA when authentication requests are not originating from those branches. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Unattempted
Azure Privileged Identity Management is incorrect, PIM is used to manage, control and monitor access to important resources or roles within Azure which is time-bound and approval based. This solution will not fit into the scenario due to the fact that Multi-Factor Authentication is required with conditional access policies to white-list the 3 branches which are legitimate user sign-in requests but should prompt for MFA when authentication requests are not originating from those branches. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Question 19 of 75
19. Question
Fabrikam has 3 branches in the following locations: New York, London, and Tokyo, each office has its on-premises environment and is making use of a single Azure AD tenant on the Fabrikam.com domain. All users have Office E3 and EMS E3 licenses assigned. Users authenticate to Microsoft cloud services like exchange online, however lately the security administrators have noticed that there are a lot of sign-in attempts from other regions that Fabrikam does not operate in. You have been tasked to recommend a solution that will provide an additional layer of security for authentication when users try and sign in from locations that are not originating from the 3 legitimate branches.
You recommend making use of Conditional Access Policies. Does this meet the requirement?
Correct
Conditional Access Policies are correct, you can configure who requires MFA authentication based on the location of the request. In this scenario you will whitelist the 3 branch locations so that MFA is not prompted, however outside these locations MFA will be applied automatically. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Incorrect
Conditional Access Policies are correct, you can configure who requires MFA authentication based on the location of the request. In this scenario you will whitelist the 3 branch locations so that MFA is not prompted, however outside these locations MFA will be applied automatically. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Unattempted
Conditional Access Policies are correct, you can configure who requires MFA authentication based on the location of the request. In this scenario you will whitelist the 3 branch locations so that MFA is not prompted, however outside these locations MFA will be applied automatically. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Question 20 of 75
20. Question
Fabrikam is a cloud-only organization with 500 users all working remotely with 15 global administrators assigned to the tenant. They have 3 subscriptions which are managed by three different departments:
· App1_Production which is managed by the development team
· App2_Test which is managed by the administrator team
· App3_B2B which is managed by a 3rd party
Fabrikam needs to assign role-based access control to these subscriptions based on the following requirements:
Requirement 1: App2_Test users should only be able to fully manage the solution including the permission to add additional users to the subscription with the permissions required
Requirement 2: App3_B2B users should only be able to view resources in the subscription
Requirement 3: App1_Production users should be able to fully manage the solution but should not be able to add additional users to the subscription
Requirement 4: Decrease the amount of statically assigned Global Administrators by means of access control management
Requirement 5: Ensure users assigned RBAC permission to resources are reviewed on a regular basis to minimize stale role assignments
Requirement 6: Decrease the amount of statically assigned RBAC users by means of access control management
Requirement 7: Allow only a specific 3rd party user to start and reboot virtual machines, but not shutdown VMs.
Which of the following RBAC roles should you assign for requirement 1?
Correct
The Owner role is correct, this allows full administrator permissions and also grants permission to add additional users to this subscription. Global administrator is incorrect as this is a tenant wide permission and cannot be used at the subscription level. Contributor role is incorrect as this permission will grant full administrator permission, however it will not allow you to grant access to resources for other users. Reader role is incorrect as this is exactly what the permission is, read-only. https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Incorrect
The Owner role is correct, this allows full administrator permissions and also grants permission to add additional users to this subscription. Global administrator is incorrect as this is a tenant wide permission and cannot be used at the subscription level. Contributor role is incorrect as this permission will grant full administrator permission, however it will not allow you to grant access to resources for other users. Reader role is incorrect as this is exactly what the permission is, read-only. https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Unattempted
The Owner role is correct, this allows full administrator permissions and also grants permission to add additional users to this subscription. Global administrator is incorrect as this is a tenant wide permission and cannot be used at the subscription level. Contributor role is incorrect as this permission will grant full administrator permission, however it will not allow you to grant access to resources for other users. Reader role is incorrect as this is exactly what the permission is, read-only. https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Question 21 of 75
21. Question
Fabrikam is a cloud-only organization with 500 users all working remotely with 15 global administrators assigned to the tenant. They have 3 subscriptions which are managed by three different departments:
· App1_Production which is managed by the development team
· App2_Test which is managed by the administrator team
· App3_B2B which is managed by a 3rd party
Fabrikam needs to assign role-based access control to these subscriptions based on the following requirements:
Requirement 1: App2_Test users should only be able to fully manage the solution including the permission to add additional users to the subscription with the permissions required
Requirement 2: App3_B2B users should only be able to view resources in the subscription
Requirement 3: App1_Production users should be able to fully manage the solution but should not be able to add additional users to the subscription
Requirement 4: Decrease the amount of statically assigned Global Administrators by means of access control management
Requirement 5: Ensure users assigned RBAC permission to resources are reviewed on a regular basis to minimize stale role assignments
Requirement 6: Decrease the amount of statically assigned RBAC users by means of access control management
Requirement 7: Allow only a specific 3rd party user to start and reboot virtual machines, but not shutdown VMs.
Which of the following RBAC roles should you assign for requirement 2?
Correct
Reader role is correct as this is exactly what the permission is, read-only across the subscription. The owner role is incorrect, this allows full administrator permissions and also grants permission to add additional users to this subscription or resources. Global administrator is incorrect as this is a tenant wide permission and cannot be used at the subscription level. Contributor role is incorrect as this permission will grant full administrator permission, however it will not allow you to grant access to resources for other users. https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Incorrect
Reader role is correct as this is exactly what the permission is, read-only across the subscription. The owner role is incorrect, this allows full administrator permissions and also grants permission to add additional users to this subscription or resources. Global administrator is incorrect as this is a tenant wide permission and cannot be used at the subscription level. Contributor role is incorrect as this permission will grant full administrator permission, however it will not allow you to grant access to resources for other users. https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Unattempted
Reader role is correct as this is exactly what the permission is, read-only across the subscription. The owner role is incorrect, this allows full administrator permissions and also grants permission to add additional users to this subscription or resources. Global administrator is incorrect as this is a tenant wide permission and cannot be used at the subscription level. Contributor role is incorrect as this permission will grant full administrator permission, however it will not allow you to grant access to resources for other users. https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Question 22 of 75
22. Question
Fabrikam is a cloud-only organization with 500 users all working remotely with 15 global administrators assigned to the tenant. They have 3 subscriptions which are managed by three different departments:
· App1_Production which is managed by the development team
· App2_Test which is managed by the administrator team
· App3_B2B which is managed by a 3rd party
Fabrikam needs to assign role-based access control to these subscriptions based on the following requirements:
Requirement 1: App2_Test users should only be able to fully manage the solution including the permission to add additional users to the subscription with the permissions required
Requirement 2: App3_B2B users should only be able to view resources in the subscription
Requirement 3: App1_Production users should be able to fully manage the solution but should not be able to add additional users to the subscription
Requirement 4: Decrease the amount of statically assigned Global Administrators by means of access control management
Requirement 5: Ensure users assigned RBAC permission to resources are reviewed on a regular basis to minimize stale role assignments
Requirement 6: Decrease the amount of statically assigned RBAC users by means of access control management
Requirement 7: Allow only a specific 3rd party user to start and reboot virtual machines, but not shutdown VMs.
Which of the following RBAC roles should you assign for requirement 3?
Correct
Contributor role is correct as this permission will grant full administrator permission, however, it will not allow you to grant access to resources for other users. Reader role is incorrect as this is exactly what the permission is, read-only across the subscription. Owner role is incorrect, this allows full administrator permissions and also grants permission to add additional users to this subscription or resources. Global administrator is incorrect as this is a tenant wide permission and cannot be used at the subscription level. https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Incorrect
Contributor role is correct as this permission will grant full administrator permission, however, it will not allow you to grant access to resources for other users. Reader role is incorrect as this is exactly what the permission is, read-only across the subscription. Owner role is incorrect, this allows full administrator permissions and also grants permission to add additional users to this subscription or resources. Global administrator is incorrect as this is a tenant wide permission and cannot be used at the subscription level. https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Unattempted
Contributor role is correct as this permission will grant full administrator permission, however, it will not allow you to grant access to resources for other users. Reader role is incorrect as this is exactly what the permission is, read-only across the subscription. Owner role is incorrect, this allows full administrator permissions and also grants permission to add additional users to this subscription or resources. Global administrator is incorrect as this is a tenant wide permission and cannot be used at the subscription level. https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Question 23 of 75
23. Question
Fabrikam is a cloud-only organization with 500 users all working remotely with 15 global administrators assigned to the tenant. They have 3 subscriptions which are managed by three different departments:
· App1_Production which is managed by the development team
· App2_Test which is managed by the administrator team
· App3_B2B which is managed by a 3rd party
Fabrikam needs to assign role-based access control to these subscriptions based on the following requirements:
Requirement 1: App2_Test users should only be able to fully manage the solution including the permission to add additional users to the subscription with the permissions required
Requirement 2: App3_B2B users should only be able to view resources in the subscription
Requirement 3: App1_Production users should be able to fully manage the solution but should not be able to add additional users to the subscription
Requirement 4: Decrease the amount of statically assigned Global Administrators by means of access control management
Requirement 5: Ensure users assigned RBAC permission to resources are reviewed on a regular basis to minimize stale role assignments
Requirement 6: Decrease the amount of statically assigned RBAC users by means of access control management
Requirement 7: Allow only a specific 3rd party user to start and reboot virtual machines, but not shutdown VMs.
Which of the following solutions should be used for requirement 4?
Correct
Azure PIM is correct, this is a privileged access management solution that works at the Azure AD identity level as well as the resources level. Identity is incorrect as this tool is used to show risky users and risky sign-ins. AADDS is incorrect as this is a managed active directory in Azure which enables you to make use of Kerberos and LDAP. RBAC at the subscription level is incorrect as global admin permissions live within the Azure AD identity portion and are not used for permission assignment to resources within a subscription. Creating a custom RBAC role is incorrect as this is used to create specific permissions based on requirements in the event that the built-in RBAC roles are not sufficient. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Incorrect
Azure PIM is correct, this is a privileged access management solution that works at the Azure AD identity level as well as the resources level. Identity is incorrect as this tool is used to show risky users and risky sign-ins. AADDS is incorrect as this is a managed active directory in Azure which enables you to make use of Kerberos and LDAP. RBAC at the subscription level is incorrect as global admin permissions live within the Azure AD identity portion and are not used for permission assignment to resources within a subscription. Creating a custom RBAC role is incorrect as this is used to create specific permissions based on requirements in the event that the built-in RBAC roles are not sufficient. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Unattempted
Azure PIM is correct, this is a privileged access management solution that works at the Azure AD identity level as well as the resources level. Identity is incorrect as this tool is used to show risky users and risky sign-ins. AADDS is incorrect as this is a managed active directory in Azure which enables you to make use of Kerberos and LDAP. RBAC at the subscription level is incorrect as global admin permissions live within the Azure AD identity portion and are not used for permission assignment to resources within a subscription. Creating a custom RBAC role is incorrect as this is used to create specific permissions based on requirements in the event that the built-in RBAC roles are not sufficient. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Question 24 of 75
24. Question
Fabrikam is a cloud-only organization with 500 users all working remotely with 15 global administrators assigned to the tenant. They have 3 subscriptions which are managed by three different departments:
· App1_Production which is managed by the development team
· App2_Test which is managed by the administrator team
· App3_B2B which is managed by a 3rd party
Fabrikam needs to assign role-based access control to these subscriptions based on the following requirements:
Requirement 1: App2_Test users should only be able to fully manage the solution including the permission to add additional users to the subscription with the permissions required
Requirement 2: App3_B2B users should only be able to view resources in the subscription
Requirement 3: App1_Production users should be able to fully manage the solution but should not be able to add additional users to the subscription
Requirement 4: Decrease the amount of statically assigned Global Administrators by means of access control management
Requirement 5: Ensure users assigned RBAC permission to resources are reviewed on a regular basis to minimize stale role assignments
Requirement 6: Decrease the amount of statically assigned RBAC users by means of access control management
Requirement 7: Allow only a specific 3rd party user to start and reboot virtual machines, but not shutdown VMs.
Which of the following solutions should be used for requirement 5?
Correct
Answer: Azure PIM is correct, this is a privileged access management solution that works at the Azure AD identity level as well as the resources level and has the ability to schedule access reviews. Identity is incorrect as this tool is used to show risky users and risky sign-ins. AADDS is incorrect as this is a managed active directory in Azure which enables you to make use of Kerberos and LDAP. RBAC at the subscription level is incorrect as resource permissions will still be statically assigned and do not have the ability to do access reviews. Creating a custom RBAC role is incorrect as this is used to create specific permissions based on requirements in the event that the built-in RBAC roles are not sufficient. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-start-access-review
Incorrect
Answer: Azure PIM is correct, this is a privileged access management solution that works at the Azure AD identity level as well as the resources level and has the ability to schedule access reviews. Identity is incorrect as this tool is used to show risky users and risky sign-ins. AADDS is incorrect as this is a managed active directory in Azure which enables you to make use of Kerberos and LDAP. RBAC at the subscription level is incorrect as resource permissions will still be statically assigned and do not have the ability to do access reviews. Creating a custom RBAC role is incorrect as this is used to create specific permissions based on requirements in the event that the built-in RBAC roles are not sufficient. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-start-access-review
Unattempted
Answer: Azure PIM is correct, this is a privileged access management solution that works at the Azure AD identity level as well as the resources level and has the ability to schedule access reviews. Identity is incorrect as this tool is used to show risky users and risky sign-ins. AADDS is incorrect as this is a managed active directory in Azure which enables you to make use of Kerberos and LDAP. RBAC at the subscription level is incorrect as resource permissions will still be statically assigned and do not have the ability to do access reviews. Creating a custom RBAC role is incorrect as this is used to create specific permissions based on requirements in the event that the built-in RBAC roles are not sufficient. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-start-access-review
Question 25 of 75
25. Question
Fabrikam is a cloud-only organization with 500 users all working remotely with 15 global administrators assigned to the tenant. They have 3 subscriptions which are managed by three different departments:
· App1_Production which is managed by the development team
· App2_Test which is managed by the administrator team
· App3_B2B which is managed by a 3rd party
Fabrikam needs to assign role-based access control to these subscriptions based on the following requirements:
Requirement 1: App2_Test users should only be able to fully manage the solution including the permission to add additional users to the subscription with the permissions required
Requirement 2: App3_B2B users should only be able to view resources in the subscription
Requirement 3: App1_Production users should be able to fully manage the solution but should not be able to add additional users to the subscription
Requirement 4: Decrease the amount of statically assigned Global Administrators by means of access control management
Requirement 5: Ensure users assigned RBAC permission to resources are reviewed on a regular basis to minimize stale role assignments
Requirement 6: Decrease the amount of statically assigned RBAC users by means of access control management
Requirement 7: Allow only a specific 3rd party user to start and reboot virtual machines, but not shutdown VMs.
Which of the following solutions should be used for requirement 6?
Correct
Azure PIM is correct, this is a privileged access management solution that works at the Azure AD identity level as well as the resources level. Identity is incorrect as this tool is used to show risky users and risky sign-ins. AADDS is incorrect as this is a managed active directory in Azure which enables you to make use of Kerberos and LDAP. RBAC at the subscription level is incorrect as resource permissions will still be statically assigned. Creating a custom RBAC role is incorrect as this is used to create specific permissions based on requirements in the event that the built-in RBAC roles are not sufficient. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Incorrect
Azure PIM is correct, this is a privileged access management solution that works at the Azure AD identity level as well as the resources level. Identity is incorrect as this tool is used to show risky users and risky sign-ins. AADDS is incorrect as this is a managed active directory in Azure which enables you to make use of Kerberos and LDAP. RBAC at the subscription level is incorrect as resource permissions will still be statically assigned. Creating a custom RBAC role is incorrect as this is used to create specific permissions based on requirements in the event that the built-in RBAC roles are not sufficient. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Unattempted
Azure PIM is correct, this is a privileged access management solution that works at the Azure AD identity level as well as the resources level. Identity is incorrect as this tool is used to show risky users and risky sign-ins. AADDS is incorrect as this is a managed active directory in Azure which enables you to make use of Kerberos and LDAP. RBAC at the subscription level is incorrect as resource permissions will still be statically assigned. Creating a custom RBAC role is incorrect as this is used to create specific permissions based on requirements in the event that the built-in RBAC roles are not sufficient. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Question 26 of 75
26. Question
Fabrikam is a cloud-only organization with 500 users all working remotely with 15 global administrators assigned to the tenant. They have 3 subscriptions which are managed by three different departments:
· App1_Production which is managed by the development team
· App2_Test which is managed by the administrator team
· App3_B2B which is managed by a 3rd party
Fabrikam needs to assign role-based access control to these subscriptions based on the following requirements:
Requirement 1: App2_Test users should only be able to fully manage the solution including the permission to add additional users to the subscription with the permissions required
Requirement 2: App3_B2B users should only be able to view resources in the subscription
Requirement 3: App1_Production users should be able to fully manage the solution but should not be able to add additional users to the subscription
Requirement 4: Decrease the amount of statically assigned Global Administrators by means of access control management
Requirement 5: Ensure users assigned RBAC permission to resources are reviewed on a regular basis to minimize stale role assignments
Requirement 6: Decrease the amount of statically assigned RBAC users by means of access control management
Requirement 7: Allow only a specific 3rd party user to start and reboot virtual machines, but not shutdown VMs.
Which of the following solutions should be used for requirement 7?
Correct
Creating a custom RBAC role is correct as this is used to create specific permissions based on requirements in the event that the built-in RBAC roles are not sufficient. Azure PIM is incorrect, this is a privileged access management solution that works at the Azure AD identity level as well as the resources level. Identity Protection is incorrect as this tool is used to show risky users and risky sign-ins. AADDS is incorrect as this is a managed active directory in Azure which enables you to make use of Kerberos and LDAP. RBAC at the subscription level is incorrect as this will still make use of the built-in RBAC roles and a custom RBAC role is required in this scenario. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Incorrect
Creating a custom RBAC role is correct as this is used to create specific permissions based on requirements in the event that the built-in RBAC roles are not sufficient. Azure PIM is incorrect, this is a privileged access management solution that works at the Azure AD identity level as well as the resources level. Identity Protection is incorrect as this tool is used to show risky users and risky sign-ins. AADDS is incorrect as this is a managed active directory in Azure which enables you to make use of Kerberos and LDAP. RBAC at the subscription level is incorrect as this will still make use of the built-in RBAC roles and a custom RBAC role is required in this scenario. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Unattempted
Creating a custom RBAC role is correct as this is used to create specific permissions based on requirements in the event that the built-in RBAC roles are not sufficient. Azure PIM is incorrect, this is a privileged access management solution that works at the Azure AD identity level as well as the resources level. Identity Protection is incorrect as this tool is used to show risky users and risky sign-ins. AADDS is incorrect as this is a managed active directory in Azure which enables you to make use of Kerberos and LDAP. RBAC at the subscription level is incorrect as this will still make use of the built-in RBAC roles and a custom RBAC role is required in this scenario. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Question 27 of 75
27. Question
Fabrikam is a cloud-only organization with 500 users all working remotely with 15 global administrators assigned to the tenant. They have 3 subscriptions which are used to deploy services in 3 different regions:
· APAC subscription
· West Europe subscription
· US Subscription
You need to control where resources can be deployed to with regards to a specific region. Which of the following can be used to achieve this?
Correct
Azure policy is correct, this can be used to create restrictions for deployments to limit the creation of resources to a specific region. Azure RBAC is incorrect as this is used to control access permissions to already deployed resources, this can be done on the resource, resource group, and subscription level. Usage and quotas are incorrect as this is used to view the deployment limits for specific resource types in your region, this is a “soft-cap” and can be requested to be increased if needed by logging a call with MS support. Azure Monitor is incorrect as this tool is used to maximize availability and performance of services and applications in your subscription with the ability to monitor and create alerts. Azure Privileged Identity Management is incorrect as this is used to manage, control and monitor access to important roles and resources within your Azure tenant. https://docs.microsoft.com/en-us/azure/governance/policy/samples/allowed-locations
Incorrect
Azure policy is correct, this can be used to create restrictions for deployments to limit the creation of resources to a specific region. Azure RBAC is incorrect as this is used to control access permissions to already deployed resources, this can be done on the resource, resource group, and subscription level. Usage and quotas are incorrect as this is used to view the deployment limits for specific resource types in your region, this is a “soft-cap” and can be requested to be increased if needed by logging a call with MS support. Azure Monitor is incorrect as this tool is used to maximize availability and performance of services and applications in your subscription with the ability to monitor and create alerts. Azure Privileged Identity Management is incorrect as this is used to manage, control and monitor access to important roles and resources within your Azure tenant. https://docs.microsoft.com/en-us/azure/governance/policy/samples/allowed-locations
Unattempted
Azure policy is correct, this can be used to create restrictions for deployments to limit the creation of resources to a specific region. Azure RBAC is incorrect as this is used to control access permissions to already deployed resources, this can be done on the resource, resource group, and subscription level. Usage and quotas are incorrect as this is used to view the deployment limits for specific resource types in your region, this is a “soft-cap” and can be requested to be increased if needed by logging a call with MS support. Azure Monitor is incorrect as this tool is used to maximize availability and performance of services and applications in your subscription with the ability to monitor and create alerts. Azure Privileged Identity Management is incorrect as this is used to manage, control and monitor access to important roles and resources within your Azure tenant. https://docs.microsoft.com/en-us/azure/governance/policy/samples/allowed-locations
Question 28 of 75
28. Question
Fabrikam is a cloud-only organization with 500 users all working remotely with 15 global administrators assigned to the tenant. They have 3 subscriptions which are used to deploy services in 3 different regions:
· APAC subscription
· West Europe subscription
· US Subscription
You have been tasked to reduce the number of permanently assigned global administrators and also implement a solution that will provide justification and notifications when users need to activate the global administrator roles. Which of the following solutions can be used to achieve this?
Correct
Azure Privileged Identity Management is correct as this is used to manage, control and monitor access to important roles and resource within your Azure tenant. Azure RBAC is incorrect as this is used to control access permissions to already deployed resources, this can be done on the resource, resource group, and subscription level. Usage and quotas are incorrect as this is used to view the deployment limits for specific resource types in your region, this is a “soft-cap” and can be requested to be increased if needed by logging a call with MS support. Azure Monitor is incorrect as this tool is used to maximize the availability and performance of services and applications in your subscription with the ability to monitor and create alerts. Azure policy is incorrect as this is used to create restrictions for deployments i.e. to limit the creation of resources to a specific region or resource size. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Incorrect
Azure Privileged Identity Management is correct as this is used to manage, control and monitor access to important roles and resource within your Azure tenant. Azure RBAC is incorrect as this is used to control access permissions to already deployed resources, this can be done on the resource, resource group, and subscription level. Usage and quotas are incorrect as this is used to view the deployment limits for specific resource types in your region, this is a “soft-cap” and can be requested to be increased if needed by logging a call with MS support. Azure Monitor is incorrect as this tool is used to maximize the availability and performance of services and applications in your subscription with the ability to monitor and create alerts. Azure policy is incorrect as this is used to create restrictions for deployments i.e. to limit the creation of resources to a specific region or resource size. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Unattempted
Azure Privileged Identity Management is correct as this is used to manage, control and monitor access to important roles and resource within your Azure tenant. Azure RBAC is incorrect as this is used to control access permissions to already deployed resources, this can be done on the resource, resource group, and subscription level. Usage and quotas are incorrect as this is used to view the deployment limits for specific resource types in your region, this is a “soft-cap” and can be requested to be increased if needed by logging a call with MS support. Azure Monitor is incorrect as this tool is used to maximize the availability and performance of services and applications in your subscription with the ability to monitor and create alerts. Azure policy is incorrect as this is used to create restrictions for deployments i.e. to limit the creation of resources to a specific region or resource size. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Question 29 of 75
29. Question
Fabrikam is a cloud-only organization with 500 users all working remotely with 15 global administrators assigned to the tenant. They have 3 subscriptions which are used to deploy services in 3 different regions:
· APAC subscription
· West Europe subscription
· US Subscription
Within the APAC subscription, there are several resources. You have been tasked to deploy a solution to create alerts based on specific criteria. Which of the following solutions can be used to achieve this?
Correct
Azure Monitor is correct as this tool is used to maximize availability and performance of services and applications in your subscription with the ability to monitor and create alerts. Azure Privileged Identity Management is incorrect as this is used to manage, control and monitor access to important roles and resource within your Azure tenant. Azure RBAC is incorrect as this is used to control access permissions to already deployed resources, this can be done on the resource, resource group, and subscription level. Usage and quotas are incorrect as this is used to view the deployment limits for specific resource types in your region, this is a “soft-cap” and can be requested to be increased if needed by logging a call with MS support. Azure policy is incorrect as this is used to create restrictions for deployments i.e. to limit the creation of resources to a specific region or resource size. https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Incorrect
Azure Monitor is correct as this tool is used to maximize availability and performance of services and applications in your subscription with the ability to monitor and create alerts. Azure Privileged Identity Management is incorrect as this is used to manage, control and monitor access to important roles and resource within your Azure tenant. Azure RBAC is incorrect as this is used to control access permissions to already deployed resources, this can be done on the resource, resource group, and subscription level. Usage and quotas are incorrect as this is used to view the deployment limits for specific resource types in your region, this is a “soft-cap” and can be requested to be increased if needed by logging a call with MS support. Azure policy is incorrect as this is used to create restrictions for deployments i.e. to limit the creation of resources to a specific region or resource size. https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Unattempted
Azure Monitor is correct as this tool is used to maximize availability and performance of services and applications in your subscription with the ability to monitor and create alerts. Azure Privileged Identity Management is incorrect as this is used to manage, control and monitor access to important roles and resource within your Azure tenant. Azure RBAC is incorrect as this is used to control access permissions to already deployed resources, this can be done on the resource, resource group, and subscription level. Usage and quotas are incorrect as this is used to view the deployment limits for specific resource types in your region, this is a “soft-cap” and can be requested to be increased if needed by logging a call with MS support. Azure policy is incorrect as this is used to create restrictions for deployments i.e. to limit the creation of resources to a specific region or resource size. https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Question 30 of 75
30. Question
The ACME Corporation is looking to deploy the following components in their Azure subscription.
· Azure Application Gateway
· Azure Virtual Machine Scale Set
· Single instance Virtual Machine
They have an SLA availability requirement of 99.95% for each component.
Based on the information provided for the application gateway, will this component meet the SLA requirements?
Correct
No is correct, if you want to have a 99.95% SLA for Application Gateways, you need a minimum of 2 instances. https://azure.microsoft.com/en-in/support/legal/sla/summary/
Incorrect
No is correct, if you want to have a 99.95% SLA for Application Gateways, you need a minimum of 2 instances. https://azure.microsoft.com/en-in/support/legal/sla/summary/
Unattempted
No is correct, if you want to have a 99.95% SLA for Application Gateways, you need a minimum of 2 instances. https://azure.microsoft.com/en-in/support/legal/sla/summary/
Question 31 of 75
31. Question
The ACME Corporation is looking to deploy the following components in their Azure subscription.
· Azure Application Gateway
· Azure Virtual Machine Scale Set
· Single instance Virtual Machine
They have an SLA availability requirement of 99.95% for each component.
Based on the information provided for the virtual machine instance, will this component meet the SLA requirements?
Correct
No is correct. Single instance VMs in Azure with premium disks have an SLA of 99.9% and not 99.95%. https://azure.microsoft.com/en-in/support/legal/sla/summary/
Incorrect
No is correct. Single instance VMs in Azure with premium disks have an SLA of 99.9% and not 99.95%. https://azure.microsoft.com/en-in/support/legal/sla/summary/
Unattempted
No is correct. Single instance VMs in Azure with premium disks have an SLA of 99.9% and not 99.95%. https://azure.microsoft.com/en-in/support/legal/sla/summary/
Question 32 of 75
32. Question
The ACME Corporation is looking to deploy the following components in their Azure subscription.
· Azure Application Gateway
· Azure Virtual Machine Scale Set
· Single instance Virtual Machine
They have an SLA availability requirement of 99.95% for each component.
Based on the information provided for the virtual machine scale set, will this component meet the SLA requirements?
Correct
Yes is correct. Even though the virtual machine scale set service itself is not bound to an official SLA, the virtual machine scale set has a minimum of 2 instances and they are deployed in different fault domains which makes this solution eligible for a 99.95% SLA. https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_8/
Incorrect
Yes is correct. Even though the virtual machine scale set service itself is not bound to an official SLA, the virtual machine scale set has a minimum of 2 instances and they are deployed in different fault domains which makes this solution eligible for a 99.95% SLA. https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_8/
Unattempted
Yes is correct. Even though the virtual machine scale set service itself is not bound to an official SLA, the virtual machine scale set has a minimum of 2 instances and they are deployed in different fault domains which makes this solution eligible for a 99.95% SLA. https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_8/
Question 33 of 75
33. Question
The ACME Group has approached you as an architect to design a modern data warehouse solution. You have created the below flowchart; however, you need to fill in the components that are missing.
Which of the following components can be used for the preparing and training data component?
Correct
Azure Databricks is correct as this grants the ability to provide on-click streamlined workflows to prepare and train data. Azure Key Vault is incorrect as this is used to store secrets and certificates securely. Azure Data Lake Storage is incorrect as this is used as a highly scalable and cost-effective data lake (storage) solution for big data analytics. Azure Data Factory is incorrect as this is used for data integration that allows you to create, schedule and orchestrate extract, transform and load (ELT) workloads. Analysis services are incorrect as this is an enterprise-grade analytics as a service that lets you govern, deploy, test and deliver your business intelligence (Power BI) solution with confidence, basically a PaaS solution that provides enterprise-grade data models in the cloud. https://azure.microsoft.com/en-in/solutions/architecture/modern-data-warehouse/
Incorrect
Azure Databricks is correct as this grants the ability to provide on-click streamlined workflows to prepare and train data. Azure Key Vault is incorrect as this is used to store secrets and certificates securely. Azure Data Lake Storage is incorrect as this is used as a highly scalable and cost-effective data lake (storage) solution for big data analytics. Azure Data Factory is incorrect as this is used for data integration that allows you to create, schedule and orchestrate extract, transform and load (ELT) workloads. Analysis services are incorrect as this is an enterprise-grade analytics as a service that lets you govern, deploy, test and deliver your business intelligence (Power BI) solution with confidence, basically a PaaS solution that provides enterprise-grade data models in the cloud. https://azure.microsoft.com/en-in/solutions/architecture/modern-data-warehouse/
Unattempted
Azure Databricks is correct as this grants the ability to provide on-click streamlined workflows to prepare and train data. Azure Key Vault is incorrect as this is used to store secrets and certificates securely. Azure Data Lake Storage is incorrect as this is used as a highly scalable and cost-effective data lake (storage) solution for big data analytics. Azure Data Factory is incorrect as this is used for data integration that allows you to create, schedule and orchestrate extract, transform and load (ELT) workloads. Analysis services are incorrect as this is an enterprise-grade analytics as a service that lets you govern, deploy, test and deliver your business intelligence (Power BI) solution with confidence, basically a PaaS solution that provides enterprise-grade data models in the cloud. https://azure.microsoft.com/en-in/solutions/architecture/modern-data-warehouse/
Question 34 of 75
34. Question
The ACME Group has approached you as an architect to design a modern data warehouse solution. You have created the below flowchart; however, you need to fill in the components that are missing.
Which of the following components can be used for the ingestion component?
Correct
Azure Data Factory is correct as this is used for data integration that allows you to create, schedule and orchestrate extract, transform and load (ELT) workloads. Azure Databricks is incorrect as this grants the ability to provide on-click streamlined workflows to prepare and train data. Azure Key Vault is incorrect as this is used to store secrets and certificates securely. Azure Data Lake Storage is incorrect as this is used as a highly scalable and cost-effective data lake (storage) solution for big data analytics. Analysis services are incorrect as this is an enterprise-grade analytics as a service that lets you govern, deploy, test and deliver your business intelligence (Power BI) solution with confidence, basically a PaaS solution that provides enterprise-grade data models in the cloud. https://azure.microsoft.com/en-in/solutions/architecture/modern-data-warehouse/
Incorrect
Azure Data Factory is correct as this is used for data integration that allows you to create, schedule and orchestrate extract, transform and load (ELT) workloads. Azure Databricks is incorrect as this grants the ability to provide on-click streamlined workflows to prepare and train data. Azure Key Vault is incorrect as this is used to store secrets and certificates securely. Azure Data Lake Storage is incorrect as this is used as a highly scalable and cost-effective data lake (storage) solution for big data analytics. Analysis services are incorrect as this is an enterprise-grade analytics as a service that lets you govern, deploy, test and deliver your business intelligence (Power BI) solution with confidence, basically a PaaS solution that provides enterprise-grade data models in the cloud. https://azure.microsoft.com/en-in/solutions/architecture/modern-data-warehouse/
Unattempted
Azure Data Factory is correct as this is used for data integration that allows you to create, schedule and orchestrate extract, transform and load (ELT) workloads. Azure Databricks is incorrect as this grants the ability to provide on-click streamlined workflows to prepare and train data. Azure Key Vault is incorrect as this is used to store secrets and certificates securely. Azure Data Lake Storage is incorrect as this is used as a highly scalable and cost-effective data lake (storage) solution for big data analytics. Analysis services are incorrect as this is an enterprise-grade analytics as a service that lets you govern, deploy, test and deliver your business intelligence (Power BI) solution with confidence, basically a PaaS solution that provides enterprise-grade data models in the cloud. https://azure.microsoft.com/en-in/solutions/architecture/modern-data-warehouse/
Question 35 of 75
35. Question
The ACME Group has approached you as an architect to design a modern data warehouse solution. You have created the below flowchart; however, you need to fill in the components that are missing.
Which of the following components can be used for the Storage component?
Correct
Azure Data lake storage is correct as this is a highly scalable and cost-effective data lake (storage) solution for big data analytics. Azure Databricks is incorrect as this grants the ability to provide on-click streamlined workflows to prepare and train data. Azure Key Vault is incorrect as this is used to store secrets and certificates securely. Azure Data Factory is incorrect as this is used for data integration that allows you to create, schedule and orchestrate extract, transform and load (ELT) workloads. Analysis services are incorrect as this is an enterprise-grade analytics as a service that lets you govern, deploy, test and deliver your business intelligence (Power BI) solution with confidence, basically a PaaS solution that provides enterprise-grade data models in the cloud. https://azure.microsoft.com/en-us/services/storage/data-lake-storage/
Incorrect
Azure Data lake storage is correct as this is a highly scalable and cost-effective data lake (storage) solution for big data analytics. Azure Databricks is incorrect as this grants the ability to provide on-click streamlined workflows to prepare and train data. Azure Key Vault is incorrect as this is used to store secrets and certificates securely. Azure Data Factory is incorrect as this is used for data integration that allows you to create, schedule and orchestrate extract, transform and load (ELT) workloads. Analysis services are incorrect as this is an enterprise-grade analytics as a service that lets you govern, deploy, test and deliver your business intelligence (Power BI) solution with confidence, basically a PaaS solution that provides enterprise-grade data models in the cloud. https://azure.microsoft.com/en-us/services/storage/data-lake-storage/
Unattempted
Azure Data lake storage is correct as this is a highly scalable and cost-effective data lake (storage) solution for big data analytics. Azure Databricks is incorrect as this grants the ability to provide on-click streamlined workflows to prepare and train data. Azure Key Vault is incorrect as this is used to store secrets and certificates securely. Azure Data Factory is incorrect as this is used for data integration that allows you to create, schedule and orchestrate extract, transform and load (ELT) workloads. Analysis services are incorrect as this is an enterprise-grade analytics as a service that lets you govern, deploy, test and deliver your business intelligence (Power BI) solution with confidence, basically a PaaS solution that provides enterprise-grade data models in the cloud. https://azure.microsoft.com/en-us/services/storage/data-lake-storage/
Question 36 of 75
36. Question
The ACME Group has approached you as an architect to design a modern data warehouse solution. You have created the below flowchart; however, you need to fill in the components that are missing.
Which of the following components can be used for the advanced data modeling features component?
Correct
Analysis services is correct as this is an enterprise-grade analytics as a service that lets you govern, deploy, test and deliver your business intelligence (Power BI) solution with confidence, basically a PaaS solution that provides enterprise-grade data models in the cloud. Azure Databricks is incorrect as this grants the ability to provide on-click streamlined workflows to prepare and train data. Azure Key Vault is incorrect as this is used to store secrets and certificates securely. Azure Data Lake Storage is incorrect as this is used as a highly scalable and cost-effective data lake (storage) solution for big data analytics. Azure Data Factory is incorrect as this is used for data integration that allows you to create, schedule and orchestrate extract, transform and load (ELT) workloads. https://azure.microsoft.com/en-in/solutions/architecture/modern-data-warehouse/
Incorrect
Analysis services is correct as this is an enterprise-grade analytics as a service that lets you govern, deploy, test and deliver your business intelligence (Power BI) solution with confidence, basically a PaaS solution that provides enterprise-grade data models in the cloud. Azure Databricks is incorrect as this grants the ability to provide on-click streamlined workflows to prepare and train data. Azure Key Vault is incorrect as this is used to store secrets and certificates securely. Azure Data Lake Storage is incorrect as this is used as a highly scalable and cost-effective data lake (storage) solution for big data analytics. Azure Data Factory is incorrect as this is used for data integration that allows you to create, schedule and orchestrate extract, transform and load (ELT) workloads. https://azure.microsoft.com/en-in/solutions/architecture/modern-data-warehouse/
Unattempted
Analysis services is correct as this is an enterprise-grade analytics as a service that lets you govern, deploy, test and deliver your business intelligence (Power BI) solution with confidence, basically a PaaS solution that provides enterprise-grade data models in the cloud. Azure Databricks is incorrect as this grants the ability to provide on-click streamlined workflows to prepare and train data. Azure Key Vault is incorrect as this is used to store secrets and certificates securely. Azure Data Lake Storage is incorrect as this is used as a highly scalable and cost-effective data lake (storage) solution for big data analytics. Azure Data Factory is incorrect as this is used for data integration that allows you to create, schedule and orchestrate extract, transform and load (ELT) workloads. https://azure.microsoft.com/en-in/solutions/architecture/modern-data-warehouse/
Question 37 of 75
37. Question
The ACME group has started to adopt Azure as their cloud platform of choice. ACME is a fashion retailer with a global presence. ACME has an application that is running in their South African data center and they are looking to deploy another instance of this application to Azure as a Web App. ACME has chosen to make use of Azure Traffic Manager to route DNS traffic between the two regions.
ACME has a requirement that all traffic should be directed to the Azure Web App first and route to the South African data center as a failover option in the event that the Azure region is unavailable without manual intervention.
TRUE or FALSE: The Web App will be available without manual intervention if the Azure region fails.
Correct
True is correct as you can configure a prioritized list of endpoints which in this case would be the Azure region and the South African data center as a failover region. https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods#priority
Incorrect
True is correct as you can configure a prioritized list of endpoints which in this case would be the Azure region and the South African data center as a failover region. https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods#priority
Unattempted
True is correct as you can configure a prioritized list of endpoints which in this case would be the Azure region and the South African data center as a failover region. https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods#priority
Question 38 of 75
38. Question
The ACME group has started to adopt Azure as their cloud platform of choice. ACME is a fashion retailer with a global presence. ACME has an application that is running in their South African data center and they are looking to deploy another instance of this application to Azure as a Web App. ACME has chosen to make use of Azure Traffic Manager to route DNS traffic between the two regions.
ACME has a requirement that all traffic should be directed to the Azure Web App first and route to the South African data center as a failover option in the event that the Azure region is unavailable without manual intervention.
TRUE or FALSE: This design caters for dynamic scaling of the web app in Azure?
Correct
True is correct as Azure App Service supports automatic scaling, both vertical and horizontal scaling. https://azure.microsoft.com/en-in/services/app-service/web/
Incorrect
True is correct as Azure App Service supports automatic scaling, both vertical and horizontal scaling. https://azure.microsoft.com/en-in/services/app-service/web/
Unattempted
True is correct as Azure App Service supports automatic scaling, both vertical and horizontal scaling. https://azure.microsoft.com/en-in/services/app-service/web/
Question 39 of 75
39. Question
The ACME group has started to adopt Azure as their cloud platform of choice. ACME is a fashion retailer with a global presence. ACME has an application that is running in their South African data center and they are looking to deploy another instance of this application to Azure as a Web App. ACME has chosen to make use of Azure Traffic Manager to route DNS traffic between the two regions.
ACME has a requirement that all traffic should be directed to the Azure Web App first and route to the South African data center as a failover option in the event that the Azure region is unavailable without manual intervention.
TRUE or FALSE: This design caters to dynamic scaling of the South African data center application?
Correct
False is correct, the current design cannot autoscale based on the Azure components, this is an on-premises scaling discussion and cannot be controlled via Azure components.
Incorrect
False is correct, the current design cannot autoscale based on the Azure components, this is an on-premises scaling discussion and cannot be controlled via Azure components.
Unattempted
False is correct, the current design cannot autoscale based on the Azure components, this is an on-premises scaling discussion and cannot be controlled via Azure components.
Question 40 of 75
40. Question
The ACME Group is in the process of moving some of its on-premises resources to Azure. They are planning to move the following resources:
· 3 virtual machines which host 3 production applications, these hosts run on Windows server 2016 datacenter
· IIS webserver to Azure web app
Below are the requirements:
Requirement 1: Build monitoring dashboards with relevant metrics for VMs
Requirement 2: Create relevant alerts for VMs as well as Azure web app
Requirement 3: Have insights to performance issues for Azure web apps
Requirement 4: Configure alerts for current and upcoming issues such as planned maintenance of the Azure platform or changes that might affect availability.
Which of the following solutions would be best suited to address requirement 1?
Correct
Azure Monitor is correct as this is tool has the capability to create dashboards for resources based on metrics. Azure App Insights is incorrect as this focuses only on Azure apps and not infrastructure. Azure service health is incorrect as this is used to alert relevant system owners about service degradation for Azure services. Azure Network watcher is incorrect as this tool is used to troubleshoot connectivity on a routing level, some of these services include IP flow verify and VPN troubleshooting. https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Incorrect
Azure Monitor is correct as this is tool has the capability to create dashboards for resources based on metrics. Azure App Insights is incorrect as this focuses only on Azure apps and not infrastructure. Azure service health is incorrect as this is used to alert relevant system owners about service degradation for Azure services. Azure Network watcher is incorrect as this tool is used to troubleshoot connectivity on a routing level, some of these services include IP flow verify and VPN troubleshooting. https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Unattempted
Azure Monitor is correct as this is tool has the capability to create dashboards for resources based on metrics. Azure App Insights is incorrect as this focuses only on Azure apps and not infrastructure. Azure service health is incorrect as this is used to alert relevant system owners about service degradation for Azure services. Azure Network watcher is incorrect as this tool is used to troubleshoot connectivity on a routing level, some of these services include IP flow verify and VPN troubleshooting. https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Question 41 of 75
41. Question
The ACME Group is in the process of moving some of its on-premises resources to Azure. They are planning to move the following resources:
· 3 virtual machines which host 3 production applications, these hosts run on Windows server 2016 datacenter
· IIS webserver to Azure web app
Below are the requirements:
Requirement 1: Build monitoring dashboards with relevant metrics for VMs
Requirement 2: Create relevant alerts for VMs as well as Azure web app
Requirement 3: Have insights to performance issues for Azure web apps
Requirement 4: Configure alerts for current and upcoming issues such as planned maintenance of the Azure platform or changes that might affect availability.
Which of the following solutions would be best suited to address requirement 2?
Correct
Azure Monitor is correct as this is tool has the capability to create alerts for resources based on the specified metrics. Azure App Insights is incorrect as this focuses only on Azure apps and not infrastructure. Azure service health is incorrect as this is used to alert relevant system owners about service degradation for Azure services. Azure Network watcher is incorrect as this tool is used to troubleshoot connectivity on a routing level, some of these services include IP flow verify and VPN troubleshooting. https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Incorrect
Azure Monitor is correct as this is tool has the capability to create alerts for resources based on the specified metrics. Azure App Insights is incorrect as this focuses only on Azure apps and not infrastructure. Azure service health is incorrect as this is used to alert relevant system owners about service degradation for Azure services. Azure Network watcher is incorrect as this tool is used to troubleshoot connectivity on a routing level, some of these services include IP flow verify and VPN troubleshooting. https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Unattempted
Azure Monitor is correct as this is tool has the capability to create alerts for resources based on the specified metrics. Azure App Insights is incorrect as this focuses only on Azure apps and not infrastructure. Azure service health is incorrect as this is used to alert relevant system owners about service degradation for Azure services. Azure Network watcher is incorrect as this tool is used to troubleshoot connectivity on a routing level, some of these services include IP flow verify and VPN troubleshooting. https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Question 42 of 75
42. Question
The ACME Group is in the process of moving some of its on-premises resources to Azure. They are planning to move the following resources:
· 3 virtual machines which host 3 production applications, these hosts run on Windows server 2016 datacenter
· IIS webserver to Azure web app
Below are the requirements:
Requirement 1: Build monitoring dashboards with relevant metrics for VMs
Requirement 2: Create relevant alerts for VMs as well as Azure web app
Requirement 3: Have insights to performance issues for Azure web apps
Requirement 4: Configure alerts for current and upcoming issues such as planned maintenance of the Azure platform or changes that might affect availability.
Which of the following solutions would be best suited to address requirement 3?
Correct
Azure App Insights is correct as this can be used to easily monitor your web application for availability, performance, and usage. Azure Monitor is incorrect as this is tool has the capability to create alerts for resources based on the specified metrics. Azure service health is incorrect as this is used to alert relevant system owners about service degradation for Azure services. Azure Network watcher is incorrect as this tool is used to troubleshoot connectivity on a routing level, some of these services include IP flow verify and VPN troubleshooting. https://docs.microsoft.com/en-us/azure/azure-monitor/learn/dotnetcore-quick-start
Incorrect
Azure App Insights is correct as this can be used to easily monitor your web application for availability, performance, and usage. Azure Monitor is incorrect as this is tool has the capability to create alerts for resources based on the specified metrics. Azure service health is incorrect as this is used to alert relevant system owners about service degradation for Azure services. Azure Network watcher is incorrect as this tool is used to troubleshoot connectivity on a routing level, some of these services include IP flow verify and VPN troubleshooting. https://docs.microsoft.com/en-us/azure/azure-monitor/learn/dotnetcore-quick-start
Unattempted
Azure App Insights is correct as this can be used to easily monitor your web application for availability, performance, and usage. Azure Monitor is incorrect as this is tool has the capability to create alerts for resources based on the specified metrics. Azure service health is incorrect as this is used to alert relevant system owners about service degradation for Azure services. Azure Network watcher is incorrect as this tool is used to troubleshoot connectivity on a routing level, some of these services include IP flow verify and VPN troubleshooting. https://docs.microsoft.com/en-us/azure/azure-monitor/learn/dotnetcore-quick-start
Question 43 of 75
43. Question
The ACME Group is in the process of moving some of its on-premises resources to Azure. They are planning to move the following resources:
· 3 virtual machines which host 3 production applications, these hosts run on Windows server 2016 datacenter
· IIS webserver to Azure web app
Below are the requirements:
Requirement 1: Build monitoring dashboards with relevant metrics for VMs
Requirement 2: Create relevant alerts for VMs as well as Azure web app
Requirement 3: Have insights to performance issues for Azure web apps
Requirement 4: Configure alerts for current and upcoming issues such as planned maintenance of the Azure platform or changes that might affect availability.
Which of the following solutions would be best suited to address requirement 4?
Correct
Azure Service Health is correct as this is used to alert relevant system owners about service degradation for Azure services and also view root cause analysis for impacted regions. Azure App Insights is correct as this can be used to monitor your web application for availability, performance, and usage. Azure Monitor is incorrect as this is tool has the capability to create alerts for resources based on the specified metrics and not Azure service degradation. Azure Network watcher is incorrect as this tool is used to troubleshoot connectivity on a routing level, some of these services include IP flow verify and VPN troubleshooting. https://docs.microsoft.com/en-us/azure/service-health/overview
Incorrect
Azure Service Health is correct as this is used to alert relevant system owners about service degradation for Azure services and also view root cause analysis for impacted regions. Azure App Insights is correct as this can be used to monitor your web application for availability, performance, and usage. Azure Monitor is incorrect as this is tool has the capability to create alerts for resources based on the specified metrics and not Azure service degradation. Azure Network watcher is incorrect as this tool is used to troubleshoot connectivity on a routing level, some of these services include IP flow verify and VPN troubleshooting. https://docs.microsoft.com/en-us/azure/service-health/overview
Unattempted
Azure Service Health is correct as this is used to alert relevant system owners about service degradation for Azure services and also view root cause analysis for impacted regions. Azure App Insights is correct as this can be used to monitor your web application for availability, performance, and usage. Azure Monitor is incorrect as this is tool has the capability to create alerts for resources based on the specified metrics and not Azure service degradation. Azure Network watcher is incorrect as this tool is used to troubleshoot connectivity on a routing level, some of these services include IP flow verify and VPN troubleshooting. https://docs.microsoft.com/en-us/azure/service-health/overview
Question 44 of 75
44. Question
The Contoso airline group has a web application that has been deployed across 2 virtual machines in two different regions. The web application traffic should be split between the two virtual machines for video and images respectively for load-balancing purposes at the application layer. Which of the following solutions will suffice?
Correct
Azure Application Gateway is correct as this solution allows routing of traffic based on incoming URLs (i.e. you can route video traffic to a specific pool and the images traffic to another pool that is optimized for image traffic. Traffic Manager is incorrect as this is used to redirect DNS-based traffic. Both Internal and external load balancer is incorrect as this operates at layer 4 of the OSI model whereas the requirement is to split traffic/load balance traffic at layer 7 which is the application layer. https://docs.microsoft.com/en-us/azure/application-gateway/overview
Incorrect
Azure Application Gateway is correct as this solution allows routing of traffic based on incoming URLs (i.e. you can route video traffic to a specific pool and the images traffic to another pool that is optimized for image traffic. Traffic Manager is incorrect as this is used to redirect DNS-based traffic. Both Internal and external load balancer is incorrect as this operates at layer 4 of the OSI model whereas the requirement is to split traffic/load balance traffic at layer 7 which is the application layer. https://docs.microsoft.com/en-us/azure/application-gateway/overview
Unattempted
Azure Application Gateway is correct as this solution allows routing of traffic based on incoming URLs (i.e. you can route video traffic to a specific pool and the images traffic to another pool that is optimized for image traffic. Traffic Manager is incorrect as this is used to redirect DNS-based traffic. Both Internal and external load balancer is incorrect as this operates at layer 4 of the OSI model whereas the requirement is to split traffic/load balance traffic at layer 7 which is the application layer. https://docs.microsoft.com/en-us/azure/application-gateway/overview
Question 45 of 75
45. Question
The Contoso airline group has a web application that has been deployed across 2 virtual machines in two different regions. The web application traffic should be split between the two virtual machines for video and images respectively for load-balancing purposes at the application layer. You need to protect the web app from cross-site scripting and SQL injection attacks. Which of the following solutions should you implement?
Correct
Azure Application Gateway is correct as this solution allows routing of traffic based on incoming URLs and also has a Web Application Firewall feature which should be used to protect web apps. Traffic Manager is incorrect as this is used to redirect DNS-based traffic. Internal and external load balancer is incorrect as this operates at layer 4 of the OSI model whereas the requirement is to split traffic/load balance traffic at layer 7 which is the application layer and also protect from SQL attack and cross-site scripting attacks which Azure load balancer does not support at layer 7. https://docs.microsoft.com/en-us/azure/application-gateway/overview
Incorrect
Azure Application Gateway is correct as this solution allows routing of traffic based on incoming URLs and also has a Web Application Firewall feature which should be used to protect web apps. Traffic Manager is incorrect as this is used to redirect DNS-based traffic. Internal and external load balancer is incorrect as this operates at layer 4 of the OSI model whereas the requirement is to split traffic/load balance traffic at layer 7 which is the application layer and also protect from SQL attack and cross-site scripting attacks which Azure load balancer does not support at layer 7. https://docs.microsoft.com/en-us/azure/application-gateway/overview
Unattempted
Azure Application Gateway is correct as this solution allows routing of traffic based on incoming URLs and also has a Web Application Firewall feature which should be used to protect web apps. Traffic Manager is incorrect as this is used to redirect DNS-based traffic. Internal and external load balancer is incorrect as this operates at layer 4 of the OSI model whereas the requirement is to split traffic/load balance traffic at layer 7 which is the application layer and also protect from SQL attack and cross-site scripting attacks which Azure load balancer does not support at layer 7. https://docs.microsoft.com/en-us/azure/application-gateway/overview
Question 46 of 75
46. Question
The Contoso company has a requirement for VM backup retention as per regulatory compliance. Regulatory compliance requires a VM backup to be stored for a minimum of 5 years. The engineers configure the following backup policy.
What is the minimum recovery point objective (RPO) for VMs making use of this backup policy?
Correct
1 Day is correct, this is the minimum recovery point objective (RPO) as the daily backup policy is enabled and scheduled for 9 PM every day GMT +2 time. https://docs.microsoft.com/en-us/azure/backup/backup-azure-manage-vms
Incorrect
1 Day is correct, this is the minimum recovery point objective (RPO) as the daily backup policy is enabled and scheduled for 9 PM every day GMT +2 time. https://docs.microsoft.com/en-us/azure/backup/backup-azure-manage-vms
Unattempted
1 Day is correct, this is the minimum recovery point objective (RPO) as the daily backup policy is enabled and scheduled for 9 PM every day GMT +2 time. https://docs.microsoft.com/en-us/azure/backup/backup-azure-manage-vms
Question 47 of 75
47. Question
The Contoso company has a requirement for VM backup retention as per regulatory compliance. Regulatory compliance requires a VM backup to be stored for a minimum of 5 years. The engineers configure the following backup policy.
Will the above policy comply with the regulatory compliance request?
Correct
Yes is correct, the yearly retention period is configured for 5 years which meets the minimum requirement. https://docs.microsoft.com/en-us/azure/backup/backup-azure-manage-vms
Incorrect
Yes is correct, the yearly retention period is configured for 5 years which meets the minimum requirement. https://docs.microsoft.com/en-us/azure/backup/backup-azure-manage-vms
Unattempted
Yes is correct, the yearly retention period is configured for 5 years which meets the minimum requirement. https://docs.microsoft.com/en-us/azure/backup/backup-azure-manage-vms
Question 48 of 75
48. Question
The Contoso organization has a web application that has been deployed by using a virtual machine scale set (VMSS) which is running Windows Server 2019 Datacenter. This application is built to be highly scalable and should be accessed via VPN from on-premises to Azure. The requirement is to allow users working remotely to access the workload securely via Point-to-Site VPN. You decide to generate certificates via the on-premises certificate authority. Which of the following would you need to upload to the virtual network gateway?
Correct
Root certificate including public key is correct as this is used to authenticate the client certificate to establish the VPN connection trust. Client certificate is incorrect as this is used on the client-side machine/laptop to authenticate. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Incorrect
Root certificate including public key is correct as this is used to authenticate the client certificate to establish the VPN connection trust. Client certificate is incorrect as this is used on the client-side machine/laptop to authenticate. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Unattempted
Root certificate including public key is correct as this is used to authenticate the client certificate to establish the VPN connection trust. Client certificate is incorrect as this is used on the client-side machine/laptop to authenticate. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Question 49 of 75
49. Question
The Contoso organization has a web application that has been deployed by using a virtual machine scale set (VMSS) which is running Windows Server 2019 Datacenter. This application is built to be highly scalable and should be accessed via VPN from on-premises to Azure. The requirement is to allow users working remotely to access the workload securely via Point-to-Site VPN. You decide to generate certificates via the on-premises certificate authority. Which of the following would you need to upload and install on the remote machines?
Correct
Client certificate including the private key is correct as you need to password protect this certificate, anyone with this certificate installed and VPN configured will be able to authenticate to your virtual network via the VPN gateway. Root certificate is incorrect as this is used on the VPN gateway to authenticate the client certificate with the root certificate. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Incorrect
Client certificate including the private key is correct as you need to password protect this certificate, anyone with this certificate installed and VPN configured will be able to authenticate to your virtual network via the VPN gateway. Root certificate is incorrect as this is used on the VPN gateway to authenticate the client certificate with the root certificate. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Unattempted
Client certificate including the private key is correct as you need to password protect this certificate, anyone with this certificate installed and VPN configured will be able to authenticate to your virtual network via the VPN gateway. Root certificate is incorrect as this is used on the VPN gateway to authenticate the client certificate with the root certificate. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Question 50 of 75
50. Question
The Fabrikam organization has a web application that has been deployed by using a virtual machine scale set (VMSS) which is running Ubuntu Linux. This application is built to be highly scalable and should only be accessed via the Site-to-Site VPN from on-premises to Azure. The requirement is to allow users working remotely to access the workload securely via Point-to-Site VPN. You decide to generate self-signed certificates. Which of the following would you need to upload to the virtual network gateway?
Correct
Root certificate including public key is correct as this is used to authenticate the client certificate to establish the VPN connection trust. Client certificate is incorrect as this is used on the client-side machine/laptop to authenticate. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Incorrect
Root certificate including public key is correct as this is used to authenticate the client certificate to establish the VPN connection trust. Client certificate is incorrect as this is used on the client-side machine/laptop to authenticate. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Unattempted
Root certificate including public key is correct as this is used to authenticate the client certificate to establish the VPN connection trust. Client certificate is incorrect as this is used on the client-side machine/laptop to authenticate. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Question 51 of 75
51. Question
The Fabrikam organization has a web application that has been deployed by using a virtual machine scale set (VMSS) which is running Ubuntu Linux. This application is built to be highly scalable and should only be accessed via the Site-to-Site VPN from on-premises to Azure. The requirement is to allow users working remotely to access the workload securely via Point-to-Site VPN. You decide to generate self-signed certificates. Which of the following would you need to upload and install on the remote machines?
Correct
Client certificate including the private key is correct as you need to password protect this certificate, anyone with this certificate installed and VPN configured will be able to authenticate to your virtual network via the VPN gateway. The root certificate is incorrect as this is used on the VPN gateway to authenticate the client certificate with the root certificate. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Incorrect
Client certificate including the private key is correct as you need to password protect this certificate, anyone with this certificate installed and VPN configured will be able to authenticate to your virtual network via the VPN gateway. The root certificate is incorrect as this is used on the VPN gateway to authenticate the client certificate with the root certificate. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Unattempted
Client certificate including the private key is correct as you need to password protect this certificate, anyone with this certificate installed and VPN configured will be able to authenticate to your virtual network via the VPN gateway. The root certificate is incorrect as this is used on the VPN gateway to authenticate the client certificate with the root certificate. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Question 52 of 75
52. Question
The Fabrikam organization has a web application that has been deployed by using a virtual machine scale set (VMSS) which is running Ubuntu Linux. This application is built to be highly scalable and should only be accessed via the Site-to-Site VPN from on-premises to Azure. The requirement is to access the scale set on only 1 private IP address via SSH which should be allowed on the Network Security Group inbound rules. Which of the following solutions should you implement?
Correct
Azure Internal Load Balancer is correct as this operates at layer 4 of the OSI model (SSH) and can be deployed as the front-end of the VMSS to an internal IP address as per the requirement. The public load balancer is incorrect as this solution should not be public-facing, all SSH traffic should come through the VPN. Traffic Manager is incorrect as this is used to redirect DNS-based traffic. Azure Application Gateway is incorrect as this is operating at layer 7 of the OSI model (Application layer) and not layer 4 which is the requirement for SSH traffic. https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview#concepts
Incorrect
Azure Internal Load Balancer is correct as this operates at layer 4 of the OSI model (SSH) and can be deployed as the front-end of the VMSS to an internal IP address as per the requirement. The public load balancer is incorrect as this solution should not be public-facing, all SSH traffic should come through the VPN. Traffic Manager is incorrect as this is used to redirect DNS-based traffic. Azure Application Gateway is incorrect as this is operating at layer 7 of the OSI model (Application layer) and not layer 4 which is the requirement for SSH traffic. https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview#concepts
Unattempted
Azure Internal Load Balancer is correct as this operates at layer 4 of the OSI model (SSH) and can be deployed as the front-end of the VMSS to an internal IP address as per the requirement. The public load balancer is incorrect as this solution should not be public-facing, all SSH traffic should come through the VPN. Traffic Manager is incorrect as this is used to redirect DNS-based traffic. Azure Application Gateway is incorrect as this is operating at layer 7 of the OSI model (Application layer) and not layer 4 which is the requirement for SSH traffic. https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview#concepts
Question 53 of 75
53. Question
The Fabrikam organization has developed a web service that is running on a VM on the Azure-VNet on the default subnet. The Azure API Management service has been deployed to provide access to the API service on the VM. A sister company named Contoso needs to be able to connect to the API.
The screenshot below shows the virtual network configuration for the API Management service.
TRUE or FALSE: Based on the below configuration the Contoso developers will be able to access the API management service gateway via the internet.
Correct
False is correct, based on the screenshot the virtual network is set to internal which will result in the API Management gateway and the developer portal can only be accessed from within the virtual network via an internal load balancer. https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
Incorrect
False is correct, based on the screenshot the virtual network is set to internal which will result in the API Management gateway and the developer portal can only be accessed from within the virtual network via an internal load balancer. https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
Unattempted
False is correct, based on the screenshot the virtual network is set to internal which will result in the API Management gateway and the developer portal can only be accessed from within the virtual network via an internal load balancer. https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
Question 54 of 75
54. Question
The Fabrikam organization has developed a web service that is running on a VM on the Azure-VNet on the default subnet. The Azure API Management service has been deployed to provide access to the API service on the VM. A sister company named Contoso needs to be able to connect to the API.
The screenshot below shows the virtual network configuration for the API Management service.
TRUE or FALSE: Based on the below configuration the gateway will be able to access data from the virtual machine (VM).
The Fabrikam organization has developed a web service that is running on a VM on the Azure-VNet on the default subnet. The Azure API Management service has been deployed to provide access to the API service on the VM. A sister company named Contoso needs to be able to connect to the API.
The screenshot below shows the virtual network configuration for the API Management service.
TRUE or FALSE: Based on the below configuration a virtual network gateway is required for the Contoso developers for access
The Fabrikam organization has developed a web service that is running on a VM on the Azure-VNet on the default subnet. The Azure API Management service has been deployed to provide access to the API service on the VM. A sister company named Contoso needs to be able to connect to the API.
The screenshot below shows the virtual network configuration for the API Management service.
TRUE or FALSE: Based on the below configuration a virtual network gateway is required for the Contoso developers for access.
Correct
False is correct, the API management gateway and developer portal are accessible from the public internet via an external load balancer and the gateway can also access resources within the virtual network. https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
Incorrect
False is correct, the API management gateway and developer portal are accessible from the public internet via an external load balancer and the gateway can also access resources within the virtual network. https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
Unattempted
False is correct, the API management gateway and developer portal are accessible from the public internet via an external load balancer and the gateway can also access resources within the virtual network. https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
Question 57 of 75
57. Question
The Fabrikam organization has developed a web service that is running on a VM on the Azure-VNet on the default subnet. The Azure API Management service has been deployed to provide access to the API service on the VM. A sister company named Contoso needs to be able to connect to the API.
The screenshot below shows the virtual network configuration for the API Management service.
TRUE or FALSE: Based on the below configuration the gateway will be able to access data from the virtual machine (VM).
The Fabrikam organization has the following SQL servers on-premises:
· Microsoft SQL Server 2014 which has the finance DB attached
· Microsoft SQL Server 2016 which has the sales DB attached
Fabrikam needs to migrate these DB’s to Azure and are looking at PaaS options with the following requirements:
Requirement 1: The data in the finance DB needs to be assessed and migrated to an Azure SQL database (DB)
Requirement 2: The data in the sales DB needs to be assessed and migrated to an Azure SQL Managed Instance.
Which of the following tools should you use for the assessment part for requirement 1?
Correct
Data Migration Assistant is correct; this tool can be used to assess the on-premises SQL environment and report on viability. Azure storage explorer is incorrect as this tool is used to copy data to Azure storage accounts and does not support SQL assessments. Azure CosmosDB Data migration tool is incorrect as this tool is used to migrate to CosmosDB and not SQL. Data Migration service is incorrect as this leverages the Data Migration Assistant for the assessment part and then performs the migration to Azure SQL. https://docs.microsoft.com/en-us/sql/dma/dma-overview?view=sql-server-ver15
Incorrect
Data Migration Assistant is correct; this tool can be used to assess the on-premises SQL environment and report on viability. Azure storage explorer is incorrect as this tool is used to copy data to Azure storage accounts and does not support SQL assessments. Azure CosmosDB Data migration tool is incorrect as this tool is used to migrate to CosmosDB and not SQL. Data Migration service is incorrect as this leverages the Data Migration Assistant for the assessment part and then performs the migration to Azure SQL. https://docs.microsoft.com/en-us/sql/dma/dma-overview?view=sql-server-ver15
Unattempted
Data Migration Assistant is correct; this tool can be used to assess the on-premises SQL environment and report on viability. Azure storage explorer is incorrect as this tool is used to copy data to Azure storage accounts and does not support SQL assessments. Azure CosmosDB Data migration tool is incorrect as this tool is used to migrate to CosmosDB and not SQL. Data Migration service is incorrect as this leverages the Data Migration Assistant for the assessment part and then performs the migration to Azure SQL. https://docs.microsoft.com/en-us/sql/dma/dma-overview?view=sql-server-ver15
Question 59 of 75
59. Question
The Fabrikam organization has the following SQL servers on-premises:
· Microsoft SQL Server 2014 which has the finance DB attached
· Microsoft SQL Server 2016 which has the sales DB attached
Fabrikam needs to migrate these DB’s to Azure and are looking at PaaS options with the following requirements:
Requirement 1: The data in the finance DB needs to be assessed and migrated to an Azure SQL database (DB)
Requirement 2: The data in the sales DB needs to be assessed and migrated to an Azure SQL Managed Instance.
Which of the following tools should you use for the assessment part for requirement 2?
Correct
Data Migration Assistant is correct; this tool can be used to assess the on-premises SQL environment and report on viability. Azure storage explorer is incorrect as this tool is used to copy data to Azure storage accounts and does not support SQL assessments. Azure CosmosDB Data migration tool is incorrect as this tool is used to migrate to CosmosDB and not SQL. Data Migration service is incorrect as this leverages the Data Migration Assistant for the assessment part and then performs the migration to Azure SQL. https://docs.microsoft.com/en-us/sql/dma/dma-overview?view=sql-server-ver15
Incorrect
Data Migration Assistant is correct; this tool can be used to assess the on-premises SQL environment and report on viability. Azure storage explorer is incorrect as this tool is used to copy data to Azure storage accounts and does not support SQL assessments. Azure CosmosDB Data migration tool is incorrect as this tool is used to migrate to CosmosDB and not SQL. Data Migration service is incorrect as this leverages the Data Migration Assistant for the assessment part and then performs the migration to Azure SQL. https://docs.microsoft.com/en-us/sql/dma/dma-overview?view=sql-server-ver15
Unattempted
Data Migration Assistant is correct; this tool can be used to assess the on-premises SQL environment and report on viability. Azure storage explorer is incorrect as this tool is used to copy data to Azure storage accounts and does not support SQL assessments. Azure CosmosDB Data migration tool is incorrect as this tool is used to migrate to CosmosDB and not SQL. Data Migration service is incorrect as this leverages the Data Migration Assistant for the assessment part and then performs the migration to Azure SQL. https://docs.microsoft.com/en-us/sql/dma/dma-overview?view=sql-server-ver15
Question 60 of 75
60. Question
TRUE or FALSE: Application insights can monitor the user and session count for a specific application.
Correct
True is correct as you can monitor user and session count with Application insights. https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview#:~:targetText=Application%20Insights%2C%20a%20feature%20of,monitor%20your%20live%20web%20application.&targetText=It%20can%20monitor%20and%20analyze,with%20Visual%20Studio%20App%20Center.
Incorrect
True is correct as you can monitor user and session count with Application insights. https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview#:~:targetText=Application%20Insights%2C%20a%20feature%20of,monitor%20your%20live%20web%20application.&targetText=It%20can%20monitor%20and%20analyze,with%20Visual%20Studio%20App%20Center.
Unattempted
True is correct as you can monitor user and session count with Application insights. https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview#:~:targetText=Application%20Insights%2C%20a%20feature%20of,monitor%20your%20live%20web%20application.&targetText=It%20can%20monitor%20and%20analyze,with%20Visual%20Studio%20App%20Center.
Question 61 of 75
61. Question
TRUE or FALSE: Azure Application Gateway operates at layer 7 of the OSI model.
TRUE or FALSE: You can set your default General Purpose v1 (GPv1) storage account access tier to archive.
Correct
False is correct; This type of storage account does not have the ability to apply object storage data tiering, this is only supported by Blob storage and General Purpose V2 accounts. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
Incorrect
False is correct; This type of storage account does not have the ability to apply object storage data tiering, this is only supported by Blob storage and General Purpose V2 accounts. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
Unattempted
False is correct; This type of storage account does not have the ability to apply object storage data tiering, this is only supported by Blob storage and General Purpose V2 accounts. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
Question 65 of 75
65. Question
TRUE or FALSE: You can set your default General Purpose v2 (GPv2) storage account access tier to archive.
TRUE or FALSE: You can upload self-signed certificates to virtual network gateways for Point-to-Site communication.
Correct
True is correct, self-signed certificates are accepted by the virtual network gateway for P2S communication. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Incorrect
True is correct, self-signed certificates are accepted by the virtual network gateway for P2S communication. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Unattempted
True is correct, self-signed certificates are accepted by the virtual network gateway for P2S communication. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
Question 67 of 75
67. Question
TRUE or FALSE: You need to use the Database Migration Service (DMS) to migrate an on-premises SQL DB to an Azure SQL Managed Instance online.
skillcertlabs is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment:
Their existing environment consists of an Active Directory domain named skillcertlabs.com. This is being hosted on a Windows Server.
A set of web servers hosted on a VMWare environment.
A set of Microsoft SQL server database servers hosted on physical servers.
The company has also setup an Azure AD tenant
Their subscription currently consists of Azure AD basic licences.
Network Infrastructure:
Each of the main offices has a data center in place.
Each office also has a dedicated Internet connection
Requirements:
Planned Changes:
The company wants to setup a new office in Mumbai
All resources for the Mumbai office will be hosted in Azure
The On-premise Active Directory will be synchronized to Azure AD.
All client computers in the Mumbai office will joined to the Azure AD domain
Planned Azure Networking Infrastructure:
The following Virtual networks will be setup in Azure:
Name
skillcertlab-mumbai
skillcertlab-office
skillcertlab-client
The following subnets will be in place
Virtual Network Name – Subnet
skillcertlab-mumbai – SubnetA
skillcertlab-mumbai – SubnetB
skillcertlab-client – SubnetC
skillcertlab-office – SubnetD
skillcertlab-office – SubnetE
The following additional settings will be in place:
Default routes in Azure will be used to route traffic
A peering connection will be established between the virtual networks skillcertlab-mumbai and skillcertlab-office
The peering connection for skillcertlab-mumbai will have Remote gateways enabled.
A private DNS zone will be created named skillcertlabs.local. The registration network will be set to the skillcertlab-client virtual network
The company has the following additional requirements:
A number of web apps will be deployed. The initial settings of the web apps will be the same.
The senior management needs to have the ability to view the costs for Azure resources from the prior week.
A development team wants to use a serverless compute service that could be used in conjunction with the web applications when they are migrated to Azure.
They decide to use the Azure Function App service.
Would this fulfil the requirement?
Correct
This is a serverless compute service that is available on the Azure platform
The Microsoft documentation mentions the following
skillcertlabs is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment:
Their existing environment consists of an Active Directory domain named skillcertlabs.com. This is being hosted on a Windows Server.
A set of web servers hosted on a VMWare environment.
A set of Microsoft SQL server database servers hosted on physical servers.
The company has also setup an Azure AD tenant
Their subscription currently consists of Azure AD basic licences.
Network Infrastructure:
Each of the main offices has a data center in place.
Each office also has a dedicated Internet connection
Requirements:
Planned Changes:
The company wants to setup a new office in Mumbai
All resources for the Mumbai office will be hosted in Azure
The On-premise Active Directory will be synchronized to Azure AD.
All client computers in the Mumbai office will joined to the Azure AD domain
Planned Azure Networking Infrastructure:
The following Virtual networks will be setup in Azure:
Name
skillcertlab-mumbai
skillcertlab-office
skillcertlab-client
The following subnets will be in place
Virtual Network Name – Subnet
skillcertlab-mumbai – SubnetA
skillcertlab-mumbai – SubnetB
skillcertlab-client – SubnetC
skillcertlab-office – SubnetD
skillcertlab-office – SubnetE
The following additional settings will be in place:
Default routes in Azure will be used to route traffic
A peering connection will be established between the virtual networks skillcertlab-mumbai and skillcertlab-office
The peering connection for skillcertlab-mumbai will have Remote gateways enabled.
A private DNS zone will be created named skillcertlabs.local. The registration network will be set to the skillcertlab-client virtual network
The company has the following additional requirements:
A number of web apps will be deployed. The initial settings of the web apps will be the same.
The senior management needs to have the ability to view the costs for Azure resources from the prior week.
A team needs to perform a packet capture for traffic that enters the virtual machines entering the “skillcertlab-mumbai” network. Which of the following could be used for this requirement?
Correct
This can be accomplished with the help of the Azure Network Watcher service
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on Azure Network Watcher, please go to the below URL https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-overview
Incorrect
This can be accomplished with the help of the Azure Network Watcher service
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on Azure Network Watcher, please go to the below URL https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-overview
Unattempted
This can be accomplished with the help of the Azure Network Watcher service
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on Azure Network Watcher, please go to the below URL https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-overview
Question 70 of 75
70. Question
View Case Study:
Overview:
skillcertlabs is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment:
Their existing environment consists of an Active Directory domain named skillcertlabs.com. This is being hosted on a Windows Server.
A set of web servers hosted on a VMWare environment.
A set of Microsoft SQL server database servers hosted on physical servers.
The company has also setup an Azure AD tenant
Their subscription currently consists of Azure AD basic licences.
Network Infrastructure:
Each of the main offices has a data center in place.
Each office also has a dedicated Internet connection
Requirements:
Planned Changes:
The company wants to setup a new office in Mumbai
All resources for the Mumbai office will be hosted in Azure
The On-premise Active Directory will be synchronized to Azure AD.
All client computers in the Mumbai office will joined to the Azure AD domain
Planned Azure Networking Infrastructure:
The following Virtual networks will be setup in Azure:
Name
skillcertlab-mumbai
skillcertlab-office
skillcertlab-client
The following subnets will be in place
Virtual Network Name – Subnet
skillcertlab-mumbai – SubnetA
skillcertlab-mumbai – SubnetB
skillcertlab-client – SubnetC
skillcertlab-office – SubnetD
skillcertlab-office – SubnetE
The following additional settings will be in place:
Default routes in Azure will be used to route traffic
A peering connection will be established between the virtual networks skillcertlab-mumbai and skillcertlab-office
The peering connection for skillcertlab-mumbai will have Remote gateways enabled.
A private DNS zone will be created named skillcertlabs.local. The registration network will be set to the skillcertlab-client virtual network
The company has the following additional requirements:
A number of web apps will be deployed. The initial settings of the web apps will be the same.
The senior management needs to have the ability to view the costs for Azure resources from the prior week.
A development team wants to use a serverless compute service that could be used in conjunction with the web applications when they are migrated to Azure.
They decide to use the Azure CosmosDB service.
Would this fulfil the requirement?
skillcertlabs is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment:
Their existing environment consists of an Active Directory domain named skillcertlabs.com. This is being hosted on a Windows Server.
A set of web servers hosted on a VMWare environment.
A set of Microsoft SQL server database servers hosted on physical servers.
The company has also setup an Azure AD tenant
Their subscription currently consists of Azure AD basic licences.
Network Infrastructure:
Each of the main offices has a data center in place.
Each office also has a dedicated Internet connection
Requirements:
Planned Changes:
The company wants to setup a new office in Mumbai
All resources for the Mumbai office will be hosted in Azure
The On-premise Active Directory will be synchronized to Azure AD.
All client computers in the Mumbai office will joined to the Azure AD domain
Planned Azure Networking Infrastructure:
The following Virtual networks will be setup in Azure:
Name
skillcertlab-mumbai
skillcertlab-office
skillcertlab-client
The following subnets will be in place
Virtual Network Name – Subnet
skillcertlab-mumbai – SubnetA
skillcertlab-mumbai – SubnetB
skillcertlab-client – SubnetC
skillcertlab-office – SubnetD
skillcertlab-office – SubnetE
The following additional settings will be in place:
Default routes in Azure will be used to route traffic
A peering connection will be established between the virtual networks skillcertlab-mumbai and skillcertlab-office
The peering connection for skillcertlab-mumbai will have Remote gateways enabled.
A private DNS zone will be created named skillcertlabs.local. The registration network will be set to the skillcertlab-client virtual network
The company has the following additional requirements:
A number of web apps will be deployed. The initial settings of the web apps will be the same.
The senior management needs to have the ability to view the costs for Azure resources from the prior week.
A development team wants to use a serverless compute service that could be used in conjunction with the web applications when they are migrated to Azure.
They decide to use the Azure Logic App service.
Would this fulfil the requirement?
skillcertlabs is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment:
The company currently has the following Active Directory Environment in place:
Two Active Directory forests – One is quiz.skillcertlabs.com and the other is research.skillcertlabs.com
Currently there is no trust relationship between the forests
The quiz.skillcertlabs.com is the production forest that hosts all the identities required for internal user and computer authentication.
The research.skillcertlabs.com forest is only used by the research department
The company currently has the following Networking Environment in place:
The offices currently contain at least one domain controller from the quiz.skillcertlabs.com forest.
The main head office contains the domain controller of the research.skillcertlabs.com forest
All of the offices have high speed internet connections
Applications:
The company has a web application running on-premise named skillcertlab-app
The application is running on Microsoft Internet Information Services
The application stores its data on Microsoft SQL Server 2016
The servers are all running on Hyper-V
The same Hyper-V environment also hosts a staging environment to test all updates to the web application
All Microsoft based licences have been purchased via a Microsoft Enterprise Agreement that includes Software Assurance
Planned Changes:
The company wants to migrate its workloads to Azure.
They also want to create a hybrid identity model along with a Microsoft Office 365 deployment
The research department will continue to use the infrastructure in the on-premise environment.
Following are the key requirements for the migration to Azure:
The Web application “skillcertlab-app” needs to be migrated to Azure
Existing licences should be used wherever possible to minimize on costs
Users need to always authenticate using their quiz.skillcertlabs.com UPN identity
All new deployments to Azure must be redundant in the case of an Azure region failure
PaaS deployments are preferred wherever possible
Directory Synchronization must be established between Azure AD and the quiz.skillcertlabs.com forest. This synchronization must not be affected by a link failure between Azure and the on-premise network.
The following requirements need to be met in terms of the database:
When the database is migrated to Azure, it needs to be ensured that metrics are recorded for the database. The database administrators should be able to analyse the metrics for suggesting any further improvements to the database environment
Database downtime must be minimized when the database is being migrated onto Azure
Database backup’s must be maintained for a period of 5 years
The following requirements need to be met in terms of Security:
Administrators should be able to authenticate to Azure by using the quiz.skillcertlabs.com credentials
Any administrative access to Azure must be complemented by multi-factor authentication
A strategy needs to be recommended for the Web application – “skillcertlab-app”. The loads on the application would be unpredictable. It needs to be ensured that the application can sustain itself at high workloads. Also, it needs to be ensured that costs are being minimized at lower workloads. Which of the following would you recommend?
Correct
Since the case study does mention that PaaS solutions should be used, hence we need to use Azure Web apps for this solution and not Virtual Machine Scale Sets. Hence option C and D are eliminated.
Option A is wrong: Scale Up – is an operation that’s Azure Web Sites cloud equivalent of moving your non-cloud web site to a bigger physical server. It’s useful to consider when your site is hitting a quota, signaling that you are outgrowing your existing mode or options. In addition, it can be done on virtually any site without worrying about the implications of multi-instances data consistency.
To ensure that the web app can scale based on demand, we need to use the Scale Out settings as shown below
1) First go to the Scale out settings for the Web App
2) Then click on Enable autoscale
Then add the required conditions for the scaling process
For more information on scaling web apps, please visit the below URL https://docs.microsoft.com/en-us/azure/app-service/web-sites-scale
Incorrect
Since the case study does mention that PaaS solutions should be used, hence we need to use Azure Web apps for this solution and not Virtual Machine Scale Sets. Hence option C and D are eliminated.
Option A is wrong: Scale Up – is an operation that’s Azure Web Sites cloud equivalent of moving your non-cloud web site to a bigger physical server. It’s useful to consider when your site is hitting a quota, signaling that you are outgrowing your existing mode or options. In addition, it can be done on virtually any site without worrying about the implications of multi-instances data consistency.
To ensure that the web app can scale based on demand, we need to use the Scale Out settings as shown below
1) First go to the Scale out settings for the Web App
2) Then click on Enable autoscale
Then add the required conditions for the scaling process
For more information on scaling web apps, please visit the below URL https://docs.microsoft.com/en-us/azure/app-service/web-sites-scale
Unattempted
Since the case study does mention that PaaS solutions should be used, hence we need to use Azure Web apps for this solution and not Virtual Machine Scale Sets. Hence option C and D are eliminated.
Option A is wrong: Scale Up – is an operation that’s Azure Web Sites cloud equivalent of moving your non-cloud web site to a bigger physical server. It’s useful to consider when your site is hitting a quota, signaling that you are outgrowing your existing mode or options. In addition, it can be done on virtually any site without worrying about the implications of multi-instances data consistency.
To ensure that the web app can scale based on demand, we need to use the Scale Out settings as shown below
1) First go to the Scale out settings for the Web App
2) Then click on Enable autoscale
Then add the required conditions for the scaling process
For more information on scaling web apps, please visit the below URL https://docs.microsoft.com/en-us/azure/app-service/web-sites-scale
Question 73 of 75
73. Question
View Case Study:
Overview:
skillcertlabs is an online training provider.
Current System – Financial Processing:
skillcertlabs currently has a system that consists of 3 tiers:
Front end Web App
Middle tier API
Back end data store
Below is the current set of the system:
The backend is running on Microsoft SQL server 2016
All servers are running on Windows
The Front and Middle tiers are written in C# and hosted on Internet Information Services
The database is currently 1 TB in size. The growth of the database is not expected to grow beyond 3 TB.
The system currently has the following requirements:
All data must be encrypted in rest and in transit
The front and middle tier components currently make use of encryption keys to protect the data store. Only these tiers should have the capability to access the encryption keys.
Database backups need to be maintained in 2 separate locations that are at least 100 miles apart
Database backups need to be stored for up to 7 years
Traffic to the servers needs to be controlled via source IP address and port no
Access to the system should only be via the internal network of skillcertlabs
The Security team needs to be able to inspect all inbound and outbound traffic
Current System – Transactional Query System:
skillcertlabs also has a Transaction Query system built on .Net. The data is stored in Azure Table storage. This .Net service currently runs on a client computer
Planned Changes:
skillcertlabs wants to migrate the Financial Processing system to Azure
Key requirements:
Infrastructure services must remain available if a region or a data center fails.
Failover must occur without any administrative intervention
Wherever possible, Azure managed services must be used to management overhead
Whenever possible, costs must be minimized.
Collect windows security logs from the Middle tier and retain the logs for several year
Generate alerts if any unauthorized access to the backend Virtua machines are detected.
The number of instances assigned to the front and middle tiers should be adjusted automatically based on the CPU utilization
An SLA of 99.95% must be guaranteed on the Infrastructure for the front and middle tier systems
Identity management must be performed via Active directory and all password hashes must be stored on the on-premise environment.
If there are any suspicious attempts for authentication, then that should trigger multi-factor authentication. Access should be allowed if the authentication attempt is successful.
The data store for the transactional query system will be move from Azure Table storage to a CosmosDB account
Question:
Azure AD Connect will be installed to implement the synchronize the identities between Azure AD and the on-premise Active Directory. Which of the following would need to be configured in Azure AD Connect?
Correct
A key requirement for the case study is to ensure that the identities are authenticated via the on-premise AD, and this is done with Pass-through Authentication. The Microsoft documentation mentions the following.
Options A and C are incorrect since you don’t need to do a federation
Option D is incorrect since you need to implement Pass-through Authentication to ensure that identities are authenticated by the on-premise AD
Incorrect
A key requirement for the case study is to ensure that the identities are authenticated via the on-premise AD, and this is done with Pass-through Authentication. The Microsoft documentation mentions the following.
Options A and C are incorrect since you don’t need to do a federation
Option D is incorrect since you need to implement Pass-through Authentication to ensure that identities are authenticated by the on-premise AD
Unattempted
A key requirement for the case study is to ensure that the identities are authenticated via the on-premise AD, and this is done with Pass-through Authentication. The Microsoft documentation mentions the following.
Options A and C are incorrect since you don’t need to do a federation
Option D is incorrect since you need to implement Pass-through Authentication to ensure that identities are authenticated by the on-premise AD
Question 74 of 75
74. Question
View Case Study:
Overview:
skillcertlabs is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment:
Their existing environment consists of an Active Directory domain named skillcertlabs.com. This is being hosted on a Windows Server.
A set of web servers hosted on a VMWare environment.
A set of Microsoft SQL server database servers hosted on physical servers.
The company has also setup an Azure AD tenant
Their subscription currently consists of Azure AD basic licences.
Network Infrastructure:
Each of the main offices has a data center in place.
Each office also has a dedicated Internet connection
Requirements:
Planned Changes:
The company wants to setup a new office in Mumbai
All resources for the Mumbai office will be hosted in Azure
The On-premise Active Directory will be synchronized to Azure AD.
All client computers in the Mumbai office will joined to the Azure AD domain
Planned Azure Networking Infrastructure:
The following Virtual networks will be setup in Azure:
Name
skillcertlab-mumbai
skillcertlab-office
skillcertlab-client
The following subnets will be in place
Virtual Network Name – Subnet
skillcertlab-mumbai – SubnetA
skillcertlab-mumbai – SubnetB
skillcertlab-client – SubnetC
skillcertlab-office – SubnetD
skillcertlab-office – SubnetE
The following additional settings will be in place:
Default routes in Azure will be used to route traffic
A peering connection will be established between the virtual networks skillcertlab-mumbai and skillcertlab-office
The peering connection for skillcertlab-mumbai will have Remote gateways enabled.
A private DNS zone will be created named skillcertlabs.local. The registration network will be set to the skillcertlab-client virtual network
The company has the following additional requirements:
A number of web apps will be deployed. The initial settings of the web apps will be the same.
The senior management needs to have the ability to view the costs for Azure resources from the prior week.
The company wants to lift and shift the on-premise database to Azure with minimal application and database changes. Which of the following could be used in Azure to host the database?
Correct
The ideal approach is to create a managed SQL instance.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on SQL database managed instance, please go to the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance
Incorrect
The ideal approach is to create a managed SQL instance.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on SQL database managed instance, please go to the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance
Unattempted
The ideal approach is to create a managed SQL instance.
The Microsoft documentation mentions the following
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on SQL database managed instance, please go to the below URL https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance
Question 75 of 75
75. Question
View Case Study:
Overview:
skillcertlabs is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment:
Their existing environment consists of an Active Directory domain named skillcertlabs.com. This is being hosted on a Windows Server.
A set of web servers hosted on a VMWare environment.
A set of Microsoft SQL server database servers hosted on physical servers.
The company has also setup an Azure AD tenant
Their subscription currently consists of Azure AD basic licences.
Network Infrastructure:
Each of the main offices has a data center in place.
Each office also has a dedicated Internet connection
Requirements:
Planned Changes:
The company wants to setup a new office in Mumbai
All resources for the Mumbai office will be hosted in Azure
The On-premise Active Directory will be synchronized to Azure AD.
All client computers in the Mumbai office will joined to the Azure AD domain
Planned Azure Networking Infrastructure:
The following Virtual networks will be setup in Azure:
Name
skillcertlab-mumbai
skillcertlab-office
skillcertlab-client
The following subnets will be in place
Virtual Network Name – Subnet
skillcertlab-mumbai – SubnetA
skillcertlab-mumbai – SubnetB
skillcertlab-client – SubnetC
skillcertlab-office – SubnetD
skillcertlab-office – SubnetE
The following additional settings will be in place:
Default routes in Azure will be used to route traffic
A peering connection will be established between the virtual networks skillcertlab-mumbai and skillcertlab-office
The peering connection for skillcertlab-mumbai will have Remote gateways enabled.
A private DNS zone will be created named skillcertlabs.local. The registration network will be set to the skillcertlab-client virtual network
The company has the following additional requirements:
A number of web apps will be deployed. The initial settings of the web apps will be the same.
The senior management needs to have the ability to view the costs for Azure resources from the prior week.
The company wants to setup a disaster recovery solution for the web-based servers. The workloads on these servers need to be available in a secondary data center in the event of a primary data center failure. Which of the following service could they use which would provide them the least RTO?
Correct
For any sort of migration which requires a low RTO, you need to choose Azure Site Recovery.
The Microsoft documentation mentions the following
Option A is incorrect since this is just primarily a backup solution
Option B is incorrect since this is just primarily a data migration tool
Option C is incorrect since this is just to copy data from Azure storage accounts
For more information on Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
Incorrect
For any sort of migration which requires a low RTO, you need to choose Azure Site Recovery.
The Microsoft documentation mentions the following
Option A is incorrect since this is just primarily a backup solution
Option B is incorrect since this is just primarily a data migration tool
Option C is incorrect since this is just to copy data from Azure storage accounts
For more information on Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
Unattempted
For any sort of migration which requires a low RTO, you need to choose Azure Site Recovery.
The Microsoft documentation mentions the following
Option A is incorrect since this is just primarily a backup solution
Option B is incorrect since this is just primarily a data migration tool
Option C is incorrect since this is just to copy data from Azure storage accounts
For more information on Azure Site Recovery, please go to the below URL https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
X
Use Page numbers below to navigate to other practice tests