HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
An Azure service in private preview is released to all Azure customers.
An Azure service in public preview is released to all Azure customers.
An Azure service in general availability is released to a subset of Azure customers.
Section: Understand Azure Pricing and Support
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
Solution: You modify an Azure firewall.
Does this meet the goal?
- A . Yes
- B . No
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Data that is copied to an Azure Storage account is maintained automatically in at least three copies.
All data that is copied to an Azure Storage account is backed up automatically to another Azure data center.
An Azure Storage account can contain up to 2 TB of data and up to one million files.
HOTSPOT
You have an Azure environment that contains 10 web apps.
To which URL should you connect to manage all the Azure resources? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
This question requires that you evaluate the bold text to determine if it is correct.
All Azure services that are in public preview are provided without any documentation.
Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . only configurable from Azure CLI
- C . excluded from the Service Level Agreements
- D . only configurable from the Azure portal
C
Explanation:
Preview features are made available to you on the condition that you accept additional terms which supplement the regular Azure terms.
The supplemental terms state:
“PREVIEWS ARE PROVIDED "AS-IS,"WITH ALL FAULTS," AND "AS AVAILABLE," AND ARE EXCLUDED FROM THE SERVICE LEVEL AGREEMENTS AND LIMITED WARRANTY.”
References: https://azure.microsoft.com/en-gb/support/legal/preview-supplemental-terms/
Your company has 10 offices. You plan to generate several billing reports from the Azure portal. Each report will contain the Azure resource utilization of each office.
Which Azure Resource Manager feature should you use before you generate the reports?
- A . tags
- B . templates
- C . locks
- D . policies
Your company has 10 departments.
The company plans to implement an Azure environment.
You need to ensure that each department can use a different payment option for the Azure services it consumes.
What should you create for each department?
- A . a reservation
- B . a subscription
- C . a resource group
- D . a container instance
B
Explanation:
There are different payment options in Azure including pay-as-you-go (PAYG), Enterprise Agreement (EA), and Microsoft Customer Agreement (MCA) accounts.
Your Azure costs are ‘per subscription’. You are charged monthly for all resources in a subscription. Therefore, to use different payment options per department, you will need to create a separate subscription per department. You can create multiple subscriptions in a single Azure Active Directory tenant.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
An Azure administrator plans to run a PowerShell script that creates Azure resources.
You need to recommend which computer configuration to use to run the script.
Solution: Run the script from a computer that runs Chrome OS and uses Azure Cloud Shell.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Section: Understand Core Azure Services
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
To achieve a hybrid cloud model, a company must always migrate from a private cloud model.
A company can extend the capacity of its internal network by using the public cloud.
In a public cloud model, only guest users at your company can access the resources in the cloud.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. You sign in to the Azure portal and create a resource group named RG1.
From Azure documentation, you have the following command that creates a virtual machine named VM1.
az vm create –resource-group RG1 –name VM1 — image
UbuntuLTS –generate-ssh-keys
You need to create VM1 in Subscription1 by using the command.
Solution: From a computer that runs Windows 10, install Azure CLI. From a command prompt, sign in to Azure and then run the command.
Does this meet the goal?
- A . Yes
- B . No
This question requires that you evaluate the underlined text to determine if it is correct.
You can create an Azure support request from support.microsoft.com.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed.” If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . the Azure portal
- C . the Knowledge Center
- D . the Security & Compliance admin center
B
Explanation:
You can create an Azure support request from the Help and Support blade in the Azure portal or from the context menu of an Azure resource in the Support + Troubleshooting section.
References: https://docs.microsoft.com/en-us/azure/azure-supportability/how-to-create-azure-support-request
This question requires that you evaluate the underlined text to determine if it is correct.
You have several virtual machines in an Azure subscription. You create a new subscription.
The virtual machines cannot be moved to the new subscription.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . The virtual machines can be moved to the new subscription
- C . The virtual machines can be moved to the new subscription only if they are all in the same resource group
- D . The virtual machines can be moved to the new subscription only if they run Windows Server 2016.
B
Explanation:
You can move a VM and its associated resources to a different subscription by using the Azure portal.
Moving between subscriptions can be handy if you originally created a VM in a personal subscription and now want to move it to your company’s subscription to continue your work. You do not need to start the VM in order to move it and it should continue to run during the move.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/move-vm
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an Azure subscription that contains the following unused resources:
* 20 user accounts in Azure Active Directory (Azure AD)
* Five groups in Azure AD
* 10 public [P addresses
* 10 network interfaces
You need to reduce the Azure costs for the company.
Solution: You remove the unused groups.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
You are not charged for Azure Active Directory Groups. Therefore, deleting unused groups will not reduce your Azure costs.
References: https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations#reduce-costs-by-deleting-or-reconfiguring-idle-virtual-network-gateways
This question requires that you evaluate the underlined text to determine if it is correct.
After you create a virtual machine, you need to modify the network security group (NSG) to allow connections from TCP port 8080.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . virtual network gateway
- C . virtual network
- D . route table
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Data that is copied to an Azure Storage account is maintained automatically in at least three copies.
All data that is copied to an Azure Storage account is backed up automatically to another Azure data center.
An Azure Storage account can contain up to 2 TB of data and up to one million files.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
An Azure administrator plans to run a PowerShell script that creates Azure resources.
You need to recommend which computer configuration to use to run the script.
Solution: Run the script from a computer that runs Linux and has the Azure CLI tools installed.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Section: Understand Core Azure Services
HOTSPOT
Which cloud deployment is used for Azure virtual machines and Azure SQL database? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Azure virtual machine = Infrastructure as a service (IaaS)
Azure SQL databases = Platform as a service (PaaS)
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Graphical user interface, text, application
Description automatically generated
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, white others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure environment.
You need to create a new Azure virtual machine from an Android laptop.
Solution: You use the PowerApps portal.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
PowerApps lets you quickly build business applications with little or no code. It is not used to create Azure virtual machines. Therefore, this solution does not meet the goal.
PowerApps Portals allow organizations to create websites which can be shared with users external to their organization either anonymously or through the login provider of their choice like LinkedIn, Microsoft Account, other commercial login providers.
References: https://powerapps.microsoft.com/en-us/blog/introducing-powerapps-portals-powerful-low-
code-websites-for-external-users/
This question requires that you evaluate the underlined text to determine if it is correct.
When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines to the same Azure region
Instructions: Review the underlined text If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . by using the same Azure Resource Manager template
- C . to the same resource group
- D . to the same availability zone
This question requires that you evaluate the underlined text to determine if it is correct.
Azure Germany can be used by legal residents of Germany only.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . no change is needed
- B . only enterprises that are registered in Germany
- C . only enterprises that purchase their azure licenses from a partner based in Germany
- D . any user or enterprise that requires its data to reside in Germany
HOTSPOT
You create a resource group named RG1 in Azure Resource Manager.
You need to prevent the deletion of the resources in RG1.
Which setting should you use? To answer, select the appropriate setting in the answer area.
Explanation:
You can configure a lock on a resource group to prevent the accidental deletion.
As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly.
In the portal, the locks are called Delete and Read-only respectively.
✑ CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
✑ ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Azure Active Directory (Azure AD) requires the implementation of domain controllers on Azure virtual machines.
Azure Active Directory (Azure AD) provides authentication services for resources hosted in Azure and Microsoft 365.
Each user account in Azure Active Directory (Azure AD) can be assigned only one license.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
An Azure service in private preview is released to all Azure customers.
An Azure service in public preview is released to all Azure customers.
An Azure service in general availability is released to a subset of Azure customers.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
In Azure Active Directory Premium, at least 99.9 percent availability is guaranteed.
The Service Level Agreement (SLA) for Azure Active Directory Basic is the same as the SLA for Azure Active Directory Free.
All paying Azure customers can claim a credit if their monthly uptime percentage is below the guaranteed amount in the Service Level Agreement (SLA).
HOTSPOT
You need to identify which blades in the Azure portal must be used to perform the following tasks:
✑ View security recommendations.
✑ Monitor the health of Azure services.
✑ Browse available virtual machine images.
Which blade should you identify for each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You need to view a list of planned maintenance events that can affect the availability of an Azure subscription.
Which blade should you use from the Azure portal? To answer, select the appropriate blade in the answer
area.
HOTSPOT
You plan to extend your company’s network to Azure. The network contains a VPN appliance that uses an IP address of 131.107.200.1.
You need to create an Azure resource that identifies the VPN appliance.
Which Azure resource should you create? To answer, select the appropriate resource in the answer area.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure environment.
You need to create a new Azure virtual machine from an Android laptop.
Solution: You use Bash in Azure Cloud Shell.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Reference:
https://www.thomasmaurer.ch/2019/01/azure-cloud-shell/
https://www.pcmag.com/encyclopedia/term/66542/android-laptop
Your company plans to move several servers to Azure.
The company’s compliance policy states that a server named FinServer must be on a separate network segment
You are evaluating which Azure services can be used to meet the compliance policy requirements.
Which Azure solution should you recommend?
- A . a resource group for FinServer and another resource group for all the other servers
- B . a virtual network for FinServer and another virtual network for all the other servers
- C . a VPN for FinServer and a virtual network gateway for each other server
- D . one resource group for all the servers and a resource lock for FinServer
B
Explanation:
Networks in Azure are known as virtual networks. A virtual network can have multiple IP address spaces and multiple subnets. Azure automatically routes traffic between different subnets within a virtual network.
The question states that FinServer must be on a separate network segment. The only way to separate FinServer from the other servers in networking terms is to place the server in a different virtual network to the other servers.
References: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-
arm
Your company plans to request an architectural review of an Azure environment from Microsoft.
The company currently has a Basic support plan.
You need to recommend a new support plan for the company. The solution must minimize costs.
Which support plan should you recommend?
- A . Premier
- B . Developer
- C . Professional Direct
- D . Standard
A
Explanation:
The Premier support plan provides customer specific architectural support such as design reviews, performance tuning, configuration and implementation assistance delivered by Microsoft Azure technical specialists.
References: https://azure.microsoft.com/en-gb/support/plans/
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
The Service Level Agreement (SLA) guaranteed uptime for paid Azure services is at least 99.9 percent.
Companies can increase the Service Level Agreement (SLA) guaranteed uptime by adding Azure resources to multiple regions.
Companies can increase the Service Level Agreement (SLA) guaranteed uptime by purchasing multiple subscriptions.
This question requires that you evaluate the Bold text to determine if it is correct.
Azure policies provide a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . Resource groups provide
- C . Azure Resource Manager provides
- D . Management groups provide
C
Explanation:
Section: Understand Core Azure Services
You need to identify the type of failure for which an Azure availability zone can be used to protect access to Azure services.
What should you identify?
- A . a physical server failure
- B . an Azure region failure
- C . a storage failure
- D . an Azure data center failure
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
A platform as a service (PaaS) solution that hosts web apps in Azure provides full control of the operating systems that host applications.
A platform as a service (PaaS) solution that hosts web apps in Azure provides the ability to scale the platform automatically.
A platform as a service (PaaS) solution that hosts web apps in Azure provides professional development services to continuously add features to custom applications.
DRAG DROP
Match the Azure service to the correct description.
Instructions: To answer, drag the appropriate Azure service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.
Explanation:
Section: Understand Core Azure Services
Your network contains an Active Directory forest. The forest contains 5,000 user accounts.
Your company plans to migrate all network resources to Azure and to decommission the on-premises data center.
You need to recommend a solution to minimize the impact on users after the planned migration.
What should you recommend?
- A . Implement Azure Multi-Factor Authentication (MFA)
- B . Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
- C . Instruct all users to change their password
- D . Create a guest user account in Azure Active Directory (Azure AD) for each user
B
Explanation:
To migrate to Azure and decommission the on-premises data center, you would need to create the 5,000 user accounts in Azure Active Directory. The easy way to do this is to sync all the Active Directory user accounts to Azure Active Directory (Azure AD). You can even sync their passwords to further minimize the impact on users.
The tool you would use to sync the accounts is Azure AD Connect. The Azure Active Directory Connect synchronization services (Azure AD Connect sync) is a main component of Azure AD Connect. It takes care of all the operations that are related to synchronize identity data between your on-premises environment and Azure AD. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis
This question requires that you evaluate the underlined text to determine if it is correct.
One of the benefits of Azure SQL Data Warehouse is that high availability is built into the platform.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . automatic scaling
- C . data compression
- D . versioning
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
A Standard support plan is included in an Azure free account.
A Premier support plan can only be purchased by companies that have an Enterprise Agreement (EA)
Support from MSDN forms is only provided to companies that have a pay-as-you-go subscription.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Each Azure subscription can contain multiple account administrators.
Each Azure subscription can be managed by using a Microsoft account only.
An Azure resource group contains multiple Azure subscriptions.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Azure Advisor provides recommendations on how to improve the security of an Azure Active Directory (Azure AD) environment.
Azure Advisor provides recommendations on how to reduce the cost of running Azure virtual machines.
Azure Advisor provides recommendations on how to configure the network settings on Azure virtual machines.
This question requires that you evaluate the underlined text to determine if it is correct.
When you are implementing a software as a service (SaaS) solution, you are responsible for configuring high availability.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . defining scalability rules
- C . installing the SaaS solution
- D . configuring the SaaS solution
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You plan to deploy several Azure virtual machines.
You need to ensure that the services running on the virtual machines are available if a single data center fails.
Solution: You deploy the virtual machines to two or more availability zones.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
Availability zones expand the level of control you have to maintain the availability of the applications and data on your VMs. An Availability Zone is a physically separate zone, within an Azure region. There are three Availability Zones per supported Azure region.
Each Availability Zone has a distinct power source, network, and cooling. By architecting your solutions to use replicated VMs in zones, you can protect your apps and data from the loss of a datacenter. If one zone is compromised, then replicated apps and data are instantly available in another zone.
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/availability
This question requires that you evaluate the underlined text to determine if it is correct.
If a resource group named RG1 has a delete lock, only a member of the global administrators group can delete RG1.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . the delete lock must be removed before an administrator can delete RG1.
- C . an Azure policy must be modified before an administrator can delete RG1.
- D . an Azure tag must be added before an administrator can delete RG1.
You have a resource group named RG1.
You plan to create virtual networks and app services in RG1.
You need to prevent the creation of virtual machines only in RG1.
What should you use?
- A . a lock
- B . an Azure role
- C . a tag
- D . an Azure policy
D
Explanation:
Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.
In this question, we would create a Azure policy assigned to the resource group that denies the creation of virtual machines in the resource group.
You could place a read-only lock on the resource group. However, that would prevent the creation of any resources in the resource group, not virtual machines only. Therefore, an Azure Policy is a better solution.
References: https://docs.microsoft.com/en-us/azure/governance/policy/overview
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Most Azure services are introduced in private preview before being introduced in public preview, and then in general availability.
Azure services in public preview can be managed only by using the Azure CLI.
The cost of an Azure service in private preview decreases when the service becomes generally available.
Section: Understand Azure Pricing and Support
Your company plans to deploy an Artificial Intelligence (AI) solution in Azure.
What should the company use to build, test, and deploy predictive analytics solutions?
- A . Azure Logic Apps
- B . Azure Machine Learning designer
- C . Azure Batch
- D . Azure Cosmos DB
B
Explanation:
Section: Understand Core Azure Services
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to purchase Azure.
The company’s support policy states that the Azure environment must provide an option to access support engineers by phone or email. You need to recommend which support plan meets the support policy requirement.
Solution: Recommend a Standard support plan.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
The Standard, Professional Direct, and Premier support plans have technical support for engineers via email and phone.
References: https://azure.microsoft.com/en-gb/support/plans/
HOTSPOT
Which cloud deployment solution is used for Azure virtual machines and Azure SQL databases? To answer, select the appropriate options in the answer area.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
The Service Level Agreement (SLA) guaranteed uptime for paid Azure services is at least 99.9 percent.
Companies can increase the Service Level Agreement (SLA) guaranteed uptime by adding Azure resources to multiple regions.
Companies can increase the Service Level Agreement (SLA) guaranteed uptime by purchasing multiple subscriptions.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to purchase Azure.
The company’s support policy states that the Azure environment must provide an option to access support engineers by phone or email. You need to recommend which support plan meets the support policy requirement.
Solution: Recommend a Premier support plan.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
The Standard, Professional Direct, and Premier support plans have technical support for engineers via email and phone.
References: https://azure.microsoft.com/en-gb/support/plans/
HOTSPOT
You plan to deploy a critical line-of-business application to Azure.
The application will run on an Azure virtual machine.
You need to recommend a deployment solution for the application. The solution must provide a guaranteed availability of 99.99 percent.
What is the minimum number of virtual machines and the minimum number of availability zones you should recommend for the deployment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
You need a minimum of two virtual machines with each one located in a different availability zone.
Availability Zones is a high-availability offering that protects your applications and data from datacenter failures. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there’s a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures. Zone-redundant services replicate your applications and data across Availability Zones to protect from single-points-of-failure. With Availability Zones, Azure offers industry best 99.99% VM uptime SLA.
References: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
References:
https://docs.microsoft.com/en-us/azure/advisor/advisor-overview
https://microsoft.github.io/AzureTipsAndTricks/blog/tip173.html
Your company has several business units.
Each business unit requires 20 different Azure resources for daily operation. All the business units require the same type of Azure resources.
You need to recommend a solution to automate the creation of the Azure resources.
What should you include in the recommendations?
- A . Azure Resource Manager templates
- B . virtual machine scale sets
- C . the Azure API Management service
- D . management groups
A
Explanation:
You can use Azure Resource Manager templates to automate the creation of the Azure resources. Deploying resource through templates is known as ‘Infrastructure as code’.
To implement infrastructure as code for your Azure solutions, use Azure Resource Manager templates. The template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax, which lets you state what you intend to deploy without having to write the sequence of programming commands to create it. In the template, you specify the resources to deploy and the properties for those resources.
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview
HOTSPOT
You plan to create an Azure virtual machine.
You need to identify which storage service must be used to store the data disks of the virtual machine.
What should you identify? To answer, select the appropriate service in the answer area.
Explanation:
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to migrate all its data and resources to Azure.
The company’s migration plan states that only platform as a service (PaaS) solutions must be used in Azure.
You need to deploy an Azure environment that supports the planned migration.
Solution: You create an Azure App Service and Azure Storage accounts.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Azure Storage Accounts are IaaS, PaaS as Microsoft says is "a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications". So the answer is No because Storage is IaaS.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
All Azure services in private preview must be accessed by using a separate Azure portal.
Azure services in public preview can be used in production environments.
Azure services in public preview are subject to a Service Level Agreement (SLA).
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
All the Azure resources deployed to a single resource group must share the same Azure region.
If you assign a tag to a resource group, all the Azure resources in that resource group are assigned to the same tag.
If you set permissions to a resource group, all the Azure resources in that resource group inherit the permissions.
Section: Understand Core Azure Services
This question requires that you evaluate the underlined text to determine if it is correct.
An Azure region contains one or more data centers that are connected by using a low-latency network.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . Is found in each country where Microsoft has a subsidiary office
- C . Can be found in every country in Europe and the Americas only
- D . Contains one or more data centers that are connect by using a high-latency network
You plan to migrate a web application to Azure. The web application is accessed by external users.
You need to recommend a cloud deployment solution to minimize the amount of administrative effort used to manage the web application.
What should you include in the recommendation?
- A . software as a service (SaaS)
- B . platform as a service (PaaS)
- C . infrastructure as a service (IaaS)
- D . database as a service (DaaS)
C
Explanation:
Azure App Service is a platform-as-a-service (PaaS) offering that lets you create web and mobile apps for any platform or device and connect to data anywhere, in the cloud or on-premises. App Service includes the web and mobile capabilities that were previously delivered separately as Azure Websites and Azure Mobile Services. https://docs.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-app-services
What is guaranteed in an Azure Service Level Agreement (SLA) for virtual machines?
- A . uptime
- B . feature availability
- C . bandwidth
- D . performance
A
Explanation:
The SLA for virtual machines guarantees ‘uptime’. The amount of uptime guaranteed depends on factors such as whether the VMs are in an availability set or availability zone if there is more than one VM, the distribution of the VMs if there is more than one or the disk type if it is a single VM.
The SLA for Virtual Machines states:
✑ For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.99% of the time.
✑ For all Virtual Machines that have two or more instances deployed in the same Availability Set or in the same Dedicated Host Group, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.95% of the time.
✑ For any Single Instance Virtual Machine using Premium SSD or Ultra Disk for all Operating System Disks and Data Disks, we guarantee you will have Virtual Machine Connectivity of at least 99.9%.
References:
https://azure.microsoft.com/en-us/support/legal/sla/summary/
https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/
This question requires that you evaluate the underlined text to determine if it is correct.
When planning to migrate a public website to Azure, you must plan to pay monthly usage costs.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . Deploy a VPN
- C . pay to transfer all the website data to Azure
- D . reduce the number of connections to the website
A
Explanation:
In Azure you only pay for outbound traffic which is charged in GB as you are entitled to 5GB in a month but afterwards you pay for data being transferred out. However, with inbound data traffic into your environment, this is free.
Your company plans to automate the deployment of servers to Azure.
Your manager is concerned that you may expose administrative credentials during the deployment.
You need to recommend an Azure solution that encrypts the administrative credentials during the deployment.
What should you include in the recommendation?
- A . Azure Key Vault
- B . Azure Multi-Factor Authentication (MFA)
- C . Azure Security Center
- D . Azure Information Protection
This question requires that you evaluate the underlined text to determine if it is correct.
Your Azure trial account expired last week. You are now unable to create additional Azure Active Directory (Azure AD) user accounts.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . start an existing Azure virtual machine
- C . access your data stored in Azure
- D . access the Azure portal
B
Explanation:
A stopped (deallocated) VM is offline and not mounted on an Azure host server. Starting a VM mounts the VM on a host server before the VM starts. As soon as the VM is mounted, it becomes chargeable. For this reason, you are unable to start a VM after a trial has expired.
You have an on-premises application that sends email notifications automatically based on a rule.
You plan to migrate the application to Azure.
You need to recommend a serverless computing solution for the application.
What should you include in the recommendation?
- A . a logic app
- B . a server image in Azure Marketplace
- C . an API app
- D . a web app
A
Explanation:
https://docs.microsoft.com/en-us/azure/logic-apps/tutorial-process-email-attachments-workflow
You plan to migrate several servers from an on-premises network to Azure.
You need to identify the primary benefit of using a public cloud service for the servers.
What should you identify?
- A . The public cloud is owned by the public, NOT a private corporation.
- B . All public cloud resources can be freely accessed by every member of the public.
- C . The public cloud is a crowd-sourcing solution that provides corporations with the ability to enhance the cloud.
- D . The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud.
D
Explanation:
The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud. The hardware resources (servers, infrastructure etc.) are managed by the cloud provider. Multiple companies create resources such as virtual machines and virtual networks on the hardware resources.
This question requires that you evaluate the underlined text to determine if it is correct.
You deploy an Azure resource. The resource becomes unavailable for an extended period due to a service outage. Microsoft will automatically refund your bank account.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . automatically migrate the resource to another subscription
- C . automatically credit your account
- D . send you a coupon code that you can redeem for Azure credits
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Azure Advisor provides recommendations on how to improve the security of an Azure Active Directory (Azure AD) environment.
Azure Advisor provides recommendations on how to reduce the cost of running Azure virtual machines.
Azure Advisor provides recommendations on how to configure the network settings on Azure virtual machines.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to purchase Azure.
The company’s support policy states that the Azure environment must provide an option to access support engineers by phone or email.
You need to recommend which support plan meets the support policy requirement.
Solution: Recommend a Basic support plan.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
The Basic support plan does not have any technical support for engineers.
Access to Support Engineers via email or phone is available in the following support plans:
Premier, Professional Direct and standard.
References: https://azure.microsoft.com/en-gb/support/plans/
You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft Power BI.
You need to recommend a storage solution for the data.
Which two solutions should you recommend? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Azure SQL Database
- B . Azure Cosmos DB
- C . Azure SQL Data Warehouse
- D . Azure Database for PostgreSQL
- E . Azure Data Lake
Your company has an on-premises network that contains multiple servers.
The company plans to reduce the following administrative responsibilities of network administrators:
• Backing up application data
• Replacing failed server hardware
• Managing physical server security
• Updating server operating systems
• Managing permissions to shared documents
The company plans to migrate several servers to Azure virtual machines.
You need to identify which administrative responsibilities will be reduced after the planned migration.
Which two responsibilities should you identify? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Replacing failed server hardware
- B . Backing up application data
- C . Managing physical server security
- D . Updating server operating systems
- E . Managing permissions to shared documents
A,E
Explanation:
Azure virtual machines run on Hyper-V physical servers. The physical servers are owned and managed by Microsoft. As an Azure customer, you have no access to the physical servers. Microsoft manage the replacement of failed server hardware and the security of the physical servers so you don’t need to.
HOTSPOT
Several support engineers plan to manage Azure by using the computers shown in the following table:
You need to identify which Azure management tools can be used from each computer.
What should you identify for each computer? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Section: Understand Core Azure Services
References: https://buildazure.com/2016/08/18/powershell-now-open-source-and-cross-platform-linux-macos-windows/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, white others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an Azure subscription that contains the following unused resources:
* 20 user accounts in Azure Active Directory (Azure AD)
* Five groups in Azure AD
* 10 public [P addresses
* 10 network interfaces
* You need to reduce the Azure costs for the company.
Solution: You remove the unused user accounts.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
You are not charged for user accounts. Therefore, deleting unused user accounts will not reduce the Azure costs for the company.
References: https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations#reduce-costs-by-deleting-or-reconfiguring-idle-virtual-network-gateways
This question requires that you evaluate the underlined text to determine if it is correct.
Authorization is the process of verifying a user’s credentials.
Instructions: Review the underlined text If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . Authentication
- C . Federation
- D . Ticketing
B
Explanation:
Authentication, not authorization is the process of verifying a user’s credentials.
The difference between authentication and authorization is:
✑ Authentication is proving your identity, proving that you are who you say you are. The most common example of this is logging in to a system by providing credentials such as a username and password.
✑ Authorization is what you’re allowed to do once you’ve been authenticated. For example, what resources you’re allowed to access and what you can do with those resources.
Your company plans to deploy several web servers and several database servers to Azure.
You need to recommend an Azure solution to limit the types of connections from the web servers to the database servers.
What should you include in the recommendation?
- A . network security groups (NSGs)
- B . Azure Service Bus
- C . a local network gateway
- D . a route filter
A
Explanation:
A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets. You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
To implement a hybrid cloud model, a company must always migrate from a private cloud model.
A company can extend the computing resources of its internal network by using the public cloud.
In a public cloud model, only guest users at your company can access the resources in the cloud.
You have 1,000 virtual machines hosted on the Hyper-V hosts in a data center.
You plan to migrate all the virtual machines to an Azure pay-as-you-go subscription.
You need to identify which expenditure model to use for the planned Azure solution.
Which expenditure model should you identify?
- A . operational
- B . elastic
- C . capital
- D . scalable
A
Explanation:
One of the major changes that you will face when you move from on-premises cloud to the public cloud is the switch from capital expenditure (buying hardware) to operating expenditure (paying for service as you use it). This switch also requires more careful management of your costs. The benefit of the cloud is that you can fundamentally and positively affect the cost of a service you use by merely shutting down or resizing it when it’s not needed.
https://docs.microsoft.com/en-us/azure/architecture/cloud-adoption/appendix/azure-scaffold
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
Your company plans to migrate all its data and resources to Azure.
The company’s migration plan states that only platform as a service (PaaS) solutions must be used in Azure.
You need to deploy an Azure environment that supports the planned migration.
Solution: You create an Azure App Service and Azure virtual machines that have Microsoft SQL Server.
installed.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Azure App Service is a PaaS (Platform as a Service) service. However, Azure virtual machines are an IaaS (Infrastructure as a Service) service. Therefore, this solution does not meet the goal.
Your company plans to migrate to Azure. The company has several departments. All the Azure resources used by each department will be managed by a department administrator.
You need to recommend an Azure deployment that provides the ability to segment Azure for the departments.
What are two possible techniques to segment Azure for the departments? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . multiple subscriptions
- B . multiple Azure Active Directory (Azure AD) directories
- C . multiple regions
- D . multiple resource groups
What are two characteristics of the public cloud? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . dedicated hardware
- B . unsecured connections
- C . limited storage
- D . metered pricing
- E . self-service management
D,E
Explanation:
With the public cloud, you get pay-as-you-go pricing C you pay only for what you use, no CapEx costs. With the public cloud, you have self-service management. You are responsible for the deployment and configuration of the cloud resources such as virtual machines or web sites. The underlying hardware that hosts the cloud resources is managed by the cloud provider.
https://docs.microsoft.com/en-gb/learn/modules/principles-cloud-computing/4-cloud-deployment-models
This question requires that you evaluate the underlined BOLD text to determine if it is correct.
Your company implements Azure policies to automatically add a watermark to Microsoft Word documents that contain credit card information.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . DDoS protection
- C . Azure Information Protection
- D . Azure Active Directory (Azure AD) Identity Protection
C
Explanation:
Azure Information Protection is used to automatically add a watermark to Microsoft Word documents that contain credit card information.
You use Azure Information Protection labels to apply classification to documents and emails. When you do this, the classification is identifiable regardless of where the data is stored or with whom it’s shared. The labels can include visual markings such as a header, footer, or watermark.
Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations. In this question, we would configure a label to be automatically applied to Microsoft Word documents that contain credit card information. The label would then add the watermark to the documents.
References:
https://docs.microsoft.com/en-us/azure/information-protection/what-is-information-protection
https://docs.microsoft.com/en-us/azure/information-protection/infoprotect-quick-start-tutorial
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, white others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an Azure subscription that contains the following unused resources:
* 20 user accounts in Azure Active Directory (Azure AD)
* Five groups in Azure AD
* 10 public !P addresses
* 10 network interfaces
You need to reduce the Azure costs for the company.
Solution: You remove the unused public IP addresses.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
You are charged for public IP addresses. Therefore, deleting unused public IP addresses will reduce the Azure costs.
References: https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations#reduce-costs-by-deleting-or-reconfiguring-idle-virtual-network-gateways
To what should an application connect to retrieve security tokens?
- A . an Azure Storage account
- B . Azure Active Directory (Azure AD)
- C . a certificate store
- D . an Azure key vault
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
By creating additional resource groups in an Azure subscription, additional costs are incurred.
By copying several gigabits of data to Azure from an on-premises network over a VPN, additional data transfer costs are incurred.
By copying several GB of data from Azure to an on-premises network over a VPN, additional data transfer costs are incurred.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/manage-resource-groups-portal
https://azure.microsoft.com/en-us/pricing/details/bandwidth/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. You sign in to the Azure portal and create a resource group named RG1.
From Azure documentation, you have the following command that creates a virtual machine named VM1.
az vm create –resource-group RG1 –name VM1 — image
UbuntuLTS –generate-ssh-keys
You need to create VM1 in Subscription1 by using the command.
Solution: From the Azure portal, launch Azure Cloud Shell and select PowerShell. Run the command in Cloud Shell.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-cli
What is required to use Azure Cost Management?
- A . a Dev/Test subscription
- B . Software Assurance
- C . an Enterprise Agreement (EA)
- D . a pay-as-you-go subscription
C
Explanation:
Azure customers with an Azure Enterprise Agreement (EA), Microsoft Customer Agreement (MCA), or Microsoft Partner Agreement (MPA) can use Azure Cost Management.
Cost management is the process of effectively planning and controlling costs involved in your business. Cost management tasks are normally performed by finance, management, and app teams. Azure Cost Management + Billing helps organizations plan with cost in mind. It also helps to analyze costs effectively and take action to optimize cloud spending.
References: https://docs.microsoft.com/en-gb/azure/cost-management/overview-cost-mgt
This question requires that you evaluate the underlined text to determine if it is correct.
If a resource group named RG1 has a delete lock, only a member of the global administrators group can delete RG1.
Instructions: Review the underlined text If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . the delete lock must be removed before an administrator
- C . an Azure policy must be modified before an administrator
- D . an Azure tag must be added before an administrator
What should you use to evaluate whether your company’s Azure environment meets regulatory requirements?
- A . Compliance Manager from the Security Trust Portal
- B . the Advisor blade from the Azure policy
- C . the Knowledge Center website
- D . the Security Center blade from the Azure portal
D
Explanation:
The Security Center blade from the Azure portal includes the ‘regulatory compliance dashboard’.
The regulatory compliance dashboard provides insight into your compliance posture for a set of supported standards and regulations, based on continuous assessments of your Azure environment.
In the Azure Security Center regulatory compliance blade, you can get an overview of key portions of your compliance posture with respect to a set of supported standards. Currently supported standards are Azure CIS, PCI DSS 3.2, ISO 27001, and SOC TSP.
In the dashboard, you will find your overall compliance score, and the number of passing versus failing assessments with each standard. You can now focus your attention on the gaps in compliance for a standard or regulation that is important to you.
References: https://azure.microsoft.com/en-us/blog/regulatory-compliance-dashboard-in-azure-security-
center-now-available/
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Storing 1 TB of data in Azure Blob storage will always cost the same, regardless of the Azure region in which the data is located.
When you use a general-purpose v2 Azure Storage account, you are only charged for the amount of data that is stored. All read and write operations are free.
Transferring data between Azure Storage accounts in different Azure regions is free.
Which Azure service should you use to store certificates?
- A . Azure Security Center
- B . an Azure Storage account
- C . Azure Key Vault
- D . Azure Information Protection
C
Explanation:
Azure Key Vault is a secure store for storage various types of sensitive information including passwords and certificates.
Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.
Secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and hardware security modules (HSMs). The HSMs used are Federal Information Processing Standards (FIPS) 140-2 Level 2 validated.
Access to a key vault requires proper authentication and authorization before a caller (user or application) can get access. Authentication establishes the identity of the caller, while authorization determines the operations that they are allowed to perform.
References: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure environment. You need to create a new Azure virtual machine from an Android laptop.
Solution: You use PowerShell in Azure Cloud Shell.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
Azure Cloud Shell is a browser-based shell experience to manage and develop Azure resources.
Cloud Shell offers a browser-accessible, pre-configured shell experience for managing Azure resources without the overhead of installing, versioning, and maintaining a machine yourself.
Being browser-based, Azure Cloud Shell can be run on a browser from a tablet that runs the Android operating system.
References: https://docs.microsoft.com/en-us/azure/cloud-shell/features
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Identities stored in an on-premises Active Directory can be synchronized to Azure Active Directory (Azure AD).
Identities stored in Azure Active Directory (Azure AD), third-party cloud services, and on-premises Active Directory can be used to access Azure resources.
Azure has built-in authentication and authorization services that provide secure access to Azure resources.
DRAG DROP
Match the Azure service to the correct definition.
Instructions: To answer, drag the appropriate Azure service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.
Explanation:
Box 1:
Azure Functions provides the platform for serverless code.
Azure Functions is a serverless compute service that lets you run event-triggered code without having to explicitly provision or manage infrastructure.
Box 2:
Azure Databricks is a big analysis service for machine learning.
Azure Databricks is an Apache Spark-based analytics platform. The platform consists of several components including ‘MLib’. Mlib is a Machine Learning library consisting of common learning algorithms and utilities, including classification, regression, clustering, collaborative filtering, dimensionality reduction, as well as underlying optimization primitives.
Box 3:
Azure Application Insights detects and diagnoses anomalies in web apps.
Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.
Box 4:
Azure App Service hosts web apps.
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments.
References:
https://docs.microsoft.com/en-us/azure/azure-functions/
https://docs.microsoft.com/en-us/azure/azure-databricks/what-is-azure-databricks#apache-spark-based-analytics-platform
https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
https://docs.microsoft.com/en-us/azure/app-service/overview
This question requires that you evaluate the underlined text to determine if it is correct.
Resource groups provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . Management groups
- C . Azure policies
- D . Azure App Service plans
You have an on-premises network that contains 100 servers.
You need to recommend a solution that provides additional resources to your users. The solution must minimize capital and operational expenditure costs.
What should you include in the recommendation?
- A . a complete migration to the public cloud
- B . an additional data center
- C . a private cloud
- D . a hybrid cloud
D
Explanation:
A hybrid cloud is a combination of a private cloud and a public cloud.
Capital expenditure is the spending of money up-front for infrastructure such as new servers.
With a hybrid cloud, you can continue to use the on-premises servers while adding new servers in the public cloud (Azure for example). Adding new servers in Azure minimizes the capital expenditure costs as you are not paying for new servers as you would if you deployed new server on-premises.
This question requires that you evaluate the BOLD text to determine if it is correct.
Data that is stored in the Archive access tier of an Azure Storage account can be access at any time by using azcopy.exe
Instructions: Review the bold text. If it makes the statement correct, select "No change is needed.” If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . can only be read by using Azure Backup
- C . must be restored before the data can be accessed
- D . must be rehydrated before the data can be accessed
You plan to map a network drive from several computers that run Windows 10 to Azure Storage. You need to create a storage solution in Azure for the planned mapped drive.
What should you create?
- A . an Azure SQL database
- B . a virtual machine data disk
- C . a Files service in a storage account
- D . a Blobs service in a storage account
C
Explanation:
Azure Files is Microsoft’s easy-to-use cloud file system. Azure file shares can be seamlessly used in Windows and Windows Server.
To use an Azure file share with Windows, you must either mount it, which means assigning it a drive letter or mount point path, or access it via its UNC path.
Unlike other SMB shares you may have interacted with, such as those hosted on a Windows Server, Linux Samba server, or NAS device, Azure file shares do not currently support Kerberos authentication with your Active Directory (AD) or Azure Active Directory (AAD) identity, although this is a feature we are working on. Instead, you must access your Azure file share with the storage account key for the storage account containing your Azure file share. A storage account key is an administrator key for a storage account, including administrator permissions to all files and folders within the file share you’re accessing, and for all file shares and other storage resources (blobs, queues, tables, etc) contained within your storage account.
References: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
To implement an Azure Multi-Factor Authentication (MFA) solution, you must deploy a federation solution or sync on-premises identities to the cloud.
Two valid methods for Azure Multi-Factor Authentication (MFA) are picture identification and a passport number.
Azure Multi-Factor Authentication (MFA) can be required for administrative and non-administrative user accounts.
Your company plans to deploy several million sensors that will upload data to Azure. You need to identify which Azure resources must be created to support the planned solution.
Which two Azure resources should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point
- A . Azure Data Lake
- B . Azure Queue storage
- C . Azure File Storage
- D . Azure IoT Hub
- E . Azure Notification Hubs
A,D
Explanation:
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-messages-d2c
"There are two storage services IoT Hub can route messages to — Azure Blob Storage and Azure Data Lake Storage Gen2 (ADLS Gen2) accounts. "
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to purchase Azure.
The company’s support policy states that the Azure environment must provide an option to access support engineers by phone or email.
You need to recommend which support plan meets the support policy requirement.
Solution: Recommend a Professional Direct support plan.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
The Basic support plan does not have any technical support for engineers.
The Developer support plan has only technical support for engineers via email.
The Standard, Professional Direct, and Premier support plans have technical support for engineers via email and phone.
References: https://azure.microsoft.com/en-gb/support/plans/