Azure AZ-300: Microsoft Azure Architect Technologies @ 4 Passing Exams -- Accurate & Up to date exam questions of popular IT exams.

NO.1 You need to recommend a solution that will monitor Azure subscription activity and send alerts to a non-Azure system for processing.Notification of alerts sent to the external system must be automated.Which mechanism should you recommend?

(A) Azure Stream Analytics

(B) Azure Event Hubs

(C) Power BI

(D) Webhook

Answer : D

NO.2 You are taking over as the IT administrator for an Azure subscription. You want a simple, efficient, and free way to view and manage all the blobs in the subscription.You need to download the most appropriate tool.Which tool should you use?

(A) Visual Studio Ultimate

(B) Visual Studio Code

(C) Storage Explorer

(D) Storage Emulator

Answer : C

NO.3 A blob associated with an Azure Blob storage account contains data that is accessed several times per day.You plan to add a new blob to the Blob storage account. The data in the new blob will be viewed infrequently but must be available immediately when accessed.You must configure the storage tier for the new blob. The solution must minimize storage costs.What should you do?

(A) Set the storage tier for the new blob to Cool.

(B) Set the storage tier for the new blob to Archive.

(C) Set the default storage tier for the account to Cool.

(D) Set the default storage tier for the account to Hot.

Answer : A

NO.4 You are planning to deploy 15 identical virtual machines (VMs) to Azure. All 15 VMs must be based on the settings of a local on-premises computer.You need to choose the best strategy for deploying the VMs.What should you do?

(A) Create an Extensible Markup Language (XML) file that describes a single VM. Use Azure CLI to deploy a template to Azure.

(B) Create a VM in Azure. Use PowerShell to copy that VM 14 times.

(C) Create a JavaScript Object Notation (JSON) file that describes a single VM. Use PowerShell to deploy a template to Azure.

(D) Create a VM in Azure. Use Azure CLI to copy that VM 14 times.

Answer : C

NO.5 You need to deploy a virtual machine (VM) to Azure from a third-party online template.Which PowerShell cmdlet should you use?

(A) New-AzureRmResourceGroupDeployment

(B) New-AzureVM

(C) New-AzureQuickVM

(D) New-AzureRmVMConfig

Answer : A

NO.6 You manage two on-premises networks, each located in a separate branch office. You must connect both networks to Azure while controlling costs.Which type of connection should you choose?

(A) Point-to-site VPN

(B) Multi-protocol label switching (MPLS) network

(C) Multi-site VPN

(D) ExpressRoute connection

Answer : C

NO.7 You are the Azure administrator for a web API that uses the Free plan.You need to monitor the web API to determine whether or not you should change the plan to Basic.Which metric should you monitor?

(A) Average Response Time

(B) Thread Count

(C) Requests

(D) CPU Time

Answer : D

NO.8 Your company has on-premises Domain Name System (DNS) servers that are authoritative for its domain. You create a directory in Azure Active Directory (Azure AD). You want to create a custom domain for this directory that matches your company's domain.You need to configure the environment so that you can have Azure verify the custom domain.What should you do?

(A) Add a CNAME record at your company's domain registrar.

(B) Add a CNAME record to your company's DNS servers.

(C) Add a TXT record at your company's domain registrar.

(D) Add a TXT record to your company's DNS servers.

Answer : D

NO.9 You plan to use Azure AD join in a federated environment. You need to ensure that the identity provider supports WS-* protocols to ensure that Azure AD join works natively.Which two protocols must be supported? Each correct answer presents part of the solution.

(A) WS-Fed

(B) WS-Policy

(C) WS-Reliability

(D) WS-Trust

Answer : A;D

NO.10 Your company uses Azure Active Directory (AD). You find that the service account defined on the Azure AD Connector cannot contact Azure AD because the password has expired.You need to provide Azure AD Global admin credentials.Which cmdlet should you use?

(A) Get-PasswordSyncLogStatus

(B) Set-ADSyncAADPasswordResetConfiguration

(C) Set-FullPasswordSync

(D) Add-ADSyncAADServiceAccount

Answer : D

NO.11 You are the IT administrator for your company. Your company hosts Active Directory (AD). You want to also use Azure AD.You need to configure your environment so that password hash synchronization can be used for authentication.What should you do?

(A) Create a site link on an Azure virtual machine (VM).

(B) Create a site link bridge on an on-premises server.

(C) Install Azure AD Connect on an on-premises server.

(D) Install AD Domain Services on an Azure virtual machine (VM).

Answer : C

NO.12 You implement Azure Active Directory (Azure AD) Connect so you can synchronize accounts in your on-premises AD with those in Azure AD. You decide to synchronize only a specific organizational unit.You receive the following error during the first synchronization:"Number of deletions exceeds the default threshold of 500 objects".You need to successfully synchronize the accounts.Which cmdlet should you use?

(A) Disable-ADSyncExportDeletionThreshold

(B) Enable-ADSyncExportDeletionThreshold -ThresholdPercentage 10

(C) Enable-ADSyncExportDeletionThreshold -DeletionThreshold 1000

(D) Get-ADSyncExportDeletionThreshold

Answer : A

NO.13 You need to enable encryption for a running Windows Infrastructure-as-a-Service (IaaS) virtual machine (VM).Which PowerShell cmdlet should you use?

(A) ConvertTo-AzVMManagedDisk

(B) Set-AzDiskDiskEncryptionKey

(C) Set-AzVMDataDisk

(D) Set-AzVMDiskEncryptionExtension

Answer : D

NO.14 An Azure resource group was initially deployed from an Azure Resource Manager (ARM) template. Resources have since been added and modified manually through Azure portal.You need to create a new template based on the current state of the resource group.Which PowerShell cmdlet should you use?

(A) Save-AzureRmResourceGroupDeploymentTemplate

(B) Export-AzureRmResourceGroup

(C) Save-AzureRmDeploymentTemplate

(D) New-AzureRmResourceGroupDeployment

Answer : B

NO.15 You are the IT administrator for an automobile dealership on the west coast of the United States. The dealership wants to take advantage of Microsoft Azure by first moving its website to the cloud. The dealership wants to use the lowest cost solution possible.Business RequirementsOne of the problems the dealership has been facing is website downtime. The dealership typically provides maintenance every Sunday and Wednesday at 2:00 A.M. Eastern Time. However, because the dealership wants to attract customers all over the world, it wants to ensure that the website is always available. During peak seasons, the dealership notices that the website responds slower. The dealership wants this bottleneck eliminated.Technical RequirementsThe website is currently hosted at the dealership's domain registrar. The dealership wants move the site to Azure on Windows Server virtual machines (VMs). Users must be able to use the same domain name to reach the website. The website must be hosted in only one Azure region. The VMs must use a four-gigabyte (GB) solid state drive (SSD). The dealership expects there be less hands-on maintenance and administration once the infrastructure is moved to Azure.You need to create the VM and assign it to the availability set named WebSiteAvailabilitySet.Which commands should you use? Select correct placeholder values.$set = Get-AzureRmAvailabilitySet -ResourceGroupName WebSiteResoureGroup -Name WebSiteAvailabilitySet $vm = PLACEHOLDER 1-VMName "DealershipWebServer" -VMSize "PLACEHOLDER 2" -AvailabilitySetId "PLACEHOLDER 3""PLACEHOLDER 4" -ResourceGroupName WebSiteResourceGroup "PLACEHOLDER 5"

(A) PLACEHOLDER 1: New-AzureRmVM

(B) PLACEHOLDER 1: New-AzureRmVMConfig

(C) PLACEHOLDER 2: 4 GiB

(D) PLACEHOLDER 2: Standard_B1s

(E) PLACEHOLDER 3: $set

(F) PLACEHOLDER 3: $set.id

Answer : B;D;F

NO.16 You are the IT administrator for an automobile dealership on the west coast of the United States. The dealership wants to take advantage of Microsoft Azure by first moving its website to the cloud. The dealership wants to use the lowest cost solution possible.Business RequirementsOne of the problems the dealership has been facing is website downtime. The dealership typically provides maintenance every Sunday and Wednesday at 2:00 A.M. Eastern Time. However, because the dealership wants to attract customers all over the world, it wants to ensure that the website is always available. During peak seasons, the dealership notices that the website responds slower. The dealership wants this bottleneck eliminated.Technical RequirementsThe website is currently hosted at the dealership's domain registrar. The dealership wants move the site to Azure on Windows Server virtual machines (VMs). Users must be able to use the same domain name to reach the website. The website must be hosted in only one Azure region. The VMs must use a four-gigabyte (GB) solid state drive (SSD). The dealership expects there be less hands-on maintenance and administration once the infrastructure is moved to Azure.You need to eliminate the bottleneck during peak seasons.Which two Azure resources should you create? Each correct answer presents part of the solution.

(A) Service Fabric cluster

(B) Load balancer

(C) Scale set

(D) API Management gateway

(E) Traffic Manager profile

Answer : A;B;C

NO.17 You are the IT administrator for an automobile dealership on the west coast of the United States. The dealership wants to take advantage of Microsoft Azure by first moving its website to the cloud. The dealership wants to use the lowest cost solution possible.Business RequirementsOne of the problems the dealership has been facing is website downtime. The dealership typically provides maintenance every Sunday and Wednesday at 2:00 A.M. Eastern Time. However, because the dealership wants to attract customers all over the world, it wants to ensure that the website is always available. During peak seasons, the dealership notices that the website responds slower. The dealership wants this bottleneck eliminated.Technical RequirementsThe website is currently hosted at the dealership's domain registrar. The dealership wants move the site to Azure on Windows Server virtual machines (VMs). Users must be able to use the same domain name to reach the website. The website must be hosted in only one Azure region. The VMs must use a four-gigabyte (GB) solid state drive (SSD). The dealership expects there be less hands-on maintenance and administration once the infrastructure is moved to Azure.You need configure Azure to automatically notify the owner of the dealership when peak season appears to have started. The solution must minimize expense and difficulty to implement.What should you do?

(A) Use Machine Learning to create a model that examines historical memory usage and send an email when consumption is high.

(B) Use Monitor to capture the average CPU percentage over time and create an alert when a CPU threshold is exceeded.

(C) Create a Function that uses a timed trigger to monitor CPU usage and send a text message when a CPU threshold is exceeded.

(D) Create a WebJob that uses a timed trigger to monitor memory usage and invoke WebHook when consumption is high.

Answer : B

NO.18 You are the IT administrator for an automobile dealership on the west coast of the United States. The dealership wants to take advantage of Microsoft Azure by first moving its website to the cloud. The dealership wants to use the lowest cost solution possible.Business RequirementsOne of the problems the dealership has been facing is website downtime. The dealership typically provides maintenance every Sunday and Wednesday at 2:00 A.M. Eastern Time. However, because the dealership wants to attract customers all over the world, it wants to ensure that the website is always available. During peak seasons, the dealership notices that the website responds slower. The dealership wants this bottleneck eliminated.Technical RequirementsThe website is currently hosted at the dealership's domain registrar. The dealership wants move the site to Azure on Windows Server virtual machines (VMs). Users must be able to use the same domain name to reach the website. The website must be hosted in only one Azure region. The VMs must use a four-gigabyte (GB) solid state drive (SSD). The dealership expects there be less hands-on maintenance and administration once the infrastructure is moved to Azure.

(A) Assign a DNS name label.

(B) Assign a public static IP address.

(C) Add an inbound port rule.

(D) Add an extension.

(E) Add an outbound port rule.

Answer : A;C

NO.19 You are the IT administrator for a small law firm. The company has one lawyer and one legal assistant. The company has two Windows 10 Professional desktop computers and a Linux server that hosts a web-based case management system.Existing InfrastructureThe two desktop computers and the Linux server are connected by a network hub. The hub itself is connected to a router, which connects directly to the Internet via cable. No inbound ports are open on the router. The desktop computers host client applications that connect to the case management system at IP address 10.10.10.10 over TCP port 24000.Business RequirementsThe owner of the firm wants it to transition to a virtual firm. The lawyer and the assistant must be able to work from home by connecting to the Windows 10 desktop computers from any device. The owner wants you to move the existing infrastructure to Azure and make the system work as if it were in the physical office. However, the owner wants to use the minimum amount of resources and the least expensive options.Technical RequirementsThe two computers and server should be imported into Azure as virtual machines (VMs). The VMs for the lawyer and assistant should be always available, even during periods of upgrades or maintenance. As more cases are imported into the case management system, the disk attached to the Linux VM should automatically resize to ensure that it always has 20 percent of free space.You create two Windows 10 virtual machines for the lawyer and legal assistant. You must ensure that the lawyer and legal assistant can connect to their desktop computers from any location and from any device.What should you do?

(A) Move each VM into its own subnet.

(B) Place the two VMs in the same availability set.

(C) Add an inbound port rule to each VM.

(D) Assign a static public IP address to each VM.

Answer : C

NO.20 You are the IT administrator for a small law firm. The company has one lawyer and one legal assistant. The company has two Windows 10 Professional desktop computers and a Linux server that hosts a web-based case management system.Existing InfrastructureThe two desktop computers and the Linux server are connected by a network hub. The hub itself is connected to a router, which connects directly to the Internet via cable. No inbound ports are open on the router. The desktop computers host client applications that connect to the case management system at IP address 10.10.10.10 over TCP port 24000.Business RequirementsThe owner of the firm wants it to transition to a virtual firm. The lawyer and the assistant must be able to work from home by connecting to the Windows 10 desktop computers from any device. The owner wants you to move the existing infrastructure to Azure and make the system work as if it were in the physical office. However, the owner wants to use the minimum amount of resources and the least expensive options.Technical RequirementsThe two computers and server should be imported into Azure as virtual machines (VMs). The VMs for the lawyer and assistant should be always available, even during periods of upgrades or maintenance. As more cases are imported into the case management system, the disk attached to the Linux VM should automatically resize to ensure that it always has 20 percent of free space.You need to meet the availability demands for Windows computers.What should you do?

(A) Implement vertical auto-scaling.

(B) Create one availability set for each VM.

(C) Implement horizontal auto-scaling.

(D) Create one availability set for both VMs.

Answer : B

NO.21 You are the IT administrator for a small law firm. The company has one lawyer and one legal assistant. The company has two Windows 10 Professional desktop computers and a Linux server that hosts a web-based case management system.Existing InfrastructureThe two desktop computers and the Linux server are connected by a network hub. The hub itself is connected to a router, which connects directly to the Internet via cable. No inbound ports are open on the router. The desktop computers host client applications that connect to the case management system at IP address 10.10.10.10 over TCP port 24000.Business RequirementsThe owner of the firm wants it to transition to a virtual firm. The lawyer and the assistant must be able to work from home by connecting to the Windows 10 desktop computers from any device. The owner wants you to move the existing infrastructure to Azure and make the system work as if it were in the physical office. However, the owner wants to use the minimum amount of resources and the least expensive options.Technical RequirementsThe two computers and server should be imported into Azure as virtual machines (VMs). The VMs for the lawyer and assistant should be always available, even during periods of upgrades or maintenance. As more cases are imported into the case management system, the disk attached to the Linux VM should automatically resize to ensure that it always has 20 percent of free space.You need to ensure that the Linux virtual machine (VM) automatically expands its disk size when it is running low on space.What two actions should you perform? Each correct answer presents part of the solution.

(A) Install a script on the VM that monitors the disk space and sends a notification to Azure.

(B) Create an Azure Function that uses an HTTP trigger.

(C) Configure Azure Monitor with an alert rule.

(D) Run an Azure PowerShell command from the VM.

(E) Run an Azure CLI command from the VM.

Answer : A;B

NO.22 You need to create an alert for a virtual machine named VM1 that will be fired when the VM's CPU utilization is greater than 95 percent for at least 10 minutes. You also need to add an action group named AG1 to this alert.What should you do? Select correct placeholder values.az monitor metrics alert PLACEHOLDER 1 -n A1 -g RG1 -- PLACEHOLDER 2 "avg Percentage CPU > 95"-- PLACEHOLDER 3 10m -- PLACEHOLDER 4 AG1

(A) PLACEHOLDER 1: create

(B) PLACEHOLDER 1: list

(C) PLACEHOLDER 1: show

(D) PLACEHOLDER 2: condition

(E) PLACEHOLDER 2: condition description

(F) PLACEHOLDER 2: scopes

Answer : A;D

NO.23 You need to provide information from Azure Log Analytics for the following sources:* Windows event log and Syslog* Application insights about traces, requests, and page views* Performance metricsYou need to deliver all data from the event log and Syslog. You must deliver only matched data for application insights and performance metrics.Which operators are required in the Log Analytics query for the data that you need to deliver?Select correct placeholder values.Windows event log PLACEHOLDER 1Syslog PLACEHOLDER 2Application insights PLACEHOLDER 3Performance metrics PLACEHOLDER 4

(A) PLACEHOLDER 1: union

(B) PLACEHOLDER 1: inner join

(C) PLACEHOLDER 1: inner unique join

(D) PLACEHOLDER 2: union

(E) PLACEHOLDER 2: inner join

(F) PLACEHOLDER 2: inner unique join

Answer : A;D

NO.24 You need to retrieve data from Log Analytics on virtual machines (VMs) hosted on Azure. You must write a Log Analytics query that meets the following requirements:* Find VMs that have failed to send a heartbeat signal within the previous hour* Summarize the data by operating system typeHow should you complete the query? Select correct placeholder values.Heartbeat| where PLACEHOLDER 1| summarize distinct_computers= PLACEHOLDER 2 (Computer) by OSType

(A) PLACEHOLDER 1: now() - TimeGenerated > 1h

(B) PLACEHOLDER 1: TimeGenerated > ago(1h)

(C) PLACEHOLDER 1: TimeGenerated > now(1h)

(D) PLACEHOLDER 2: Count

(E) PLACEHOLDER 2: Dcount

(F) PLACEHOLDER 2: Dcountif

Answer : A;B;E

NO.25 You monitor security events collected from virtual machines (VMs) hosted on Azure.You prepare a static table that consists of the security event codes. You need to show the description of the event and how many times it occurred on the VM. If an event code is not present, zero should be displayed.Select correct placeholder values.Recuirement: Join to use to match data from the events with static table: Query option: PLACEHOLDER 1Recuirement: Function to use to count the number of events: Query option: PLACEHOLDER 2

(A) PLACEHOLDER 1: Innerunique

(B) PLACEHOLDER 1: Leftanti

(C) PLACEHOLDER 1: Leftouter

(D) PLACEHOLDER 2: Count

(E) PLACEHOLDER 2: DCount

(F) PLACEHOLDER 2: DCountIf

Answer : C;D

NO.26 You are the IT administrator for an Azure subscription. You create a Log Analytics workspace that you want to use to monitor all the virtual machines (VMs) in the subscription that have not been responsive today.You need to create the query.How should you create the query? To answer, select the appropriate code segments from the drop down menus.PLACEHOLDER 1| where TimeGenerated > ago(7d)| summarize PLACEHOLDER 2 by Computer

(A) PLACEHOLDER 1: Heartbeat

(B) PLACEHOLDER 1: max(TimeGenerated)

(C) PLACEHOLDER 1: TimeGenerated

(D) PLACEHOLDER 2: Heartbeat

(E) PLACEHOLDER 2: max(TimeGenerated)

(F) PLACEHOLDER 2: max_TimeGenerated

Answer : A;E

NO.27 You are the Azure administrator for an online personal training company. You create a blob storage account to store training videos. Only you should be able to manage the storage account.The storage account has a container that personal trainers use to upload their videos. Only personal trainers that your company approves should be able to upload video files.Choose all that apply:

(A) You should create a shared access signature.

(B) You should set the access level of the blob container to Public.

(C) You should share the storage account key with the personal trainers.&#x9

Answer : A

NO.28 You are a Cloud Solutions Architect for a mobile application development company. The company has worldwide users that require consistently high performance.You now want to drop the dependency on physical datacenter storage. You plan to create a new storage solution for the enterprise that uses Azure Storage for disaster recovery, high availability, and performance.Choose all that apply:

(A) You should use Premium Storage for global replication.

(B) If your app needs a lower recovery time objective (RTO), you should use a second regional deployment.

(C) You can use HTTP and HTTPS to authorize blob and queue operations with an OAuth token.&#x9

Answer : B

NO.29 You are determining which type of Azure storage replication is appropriate for your storage account.You must consider the features of each replication option and choose the most appropriate one: locally-redundant storage (LRS), zone-redundant storage (ZRS), geo-redundant storage (GRS), or read-access geo-redundant storage (RA-GRS).Which replication options should you use to provide the features listed in the answer area? Choose all that apply:

(A) Projects against hardware failures, but not region-wide unavailability: LRS

(B) Projects against hardware failures, but not region-wide unavailability: GRS

(C) Projects against hardware failures, but not region-wide unavailability: RA-GRS

(D) Projects against hardware failures, but not region-wide unavailability: ZRS

(E) Can be used with premium performance storage accounts: LRS

(F) Can be used with premium performance storage accounts: GRS

Answer : A;E

NO.30 You create an Azure storage account that is used to store financial records. These records are accessed frequently. In the event of a data center outage, you want to ensure that the records can still be retrieved, even if they cannot be modified. All applications use REST APIs to access the financial records.You need to choose the most appropriate, least expensive configuration.How should you configure the storage account? Choose all that apply:

(A) Which access tier should you use? - Cool

(B) Which access tier should you use? - Hot

(C) Which replication strategy should you use? - LRS

(D) Which replication strategy should you use? - GRS

(E) Which replication strategy should you use? - RS - GRS

(F) Which performance tier should you use? - Standard

Answer : A;B;E;F

NO.31 You are the IT administrator for an Azure subscription that contains 20 virtual machines (VMs).You need to write a Log Analytics query to determine which VMs have not been responsive within the past hour.How should you complete the query?

(A) Heartbeat | where TimeGenerated > ago(1h)

(B) Heartbeat | where TimeGenerated < ago(1h)

(C) Perf | where Heartbeat > ago(1h)

(D) Perf | where Heartbeat < ago(1h)

Answer : A

NO.32 You are the IT administrator for your company. Your company has a main office in California and a branch office in Amsterdam. Only employees work at the main and branch offices. Contractors can work remotely from anywhere in the world.An Azure subscription contains a virtual network (VNet) that contains resources to which all employees and contractors must access. Only the main office has a VPN server.You need to choose a connection type to ensure that each group of workers can access the full network.Which connection types should you use? Choose all that apply:

(A) Use site-to-site for contractors.

(B) Use point-to-site for employees in California.&#x9

(C) Use ExpressRoute for employees in Amsterdam.

Answer : C

NO.33 You create a VPN gateway using the Resource Manager deployment model and want to verify the connection.How can you verify the connection?

(A) You can use the az network vpn-connection show Azure CLI command to verify connectivity.

(B) You can use the Get-AzureVNetConnection PowerShell cmdlet to verify connectivity.&#x9

(C) In the Azure portal, you can navigate to the gateway and click Connection to verify connectivity.

Answer : A;C

NO.34 You have three virtual networks (VNets) named VNET1, VNET2 and VNET3. The VNets have the following subnets:*VNET1: Subnet11, Subnet12*VNET2: Subnet21*VNET3: Subnet31, Subnet32You perform the following actions:*Add peering from VNET1 to VNET2*Add peering from VNET2 to VNET3*Add peering from VNET3 to VNET2You need to identify network connectivity between subnets.Which network connectivity should you identify for each subnet? Choose all that apply:

(A) Subnet11 has connectivity with: Subnet12 only

(B) Subnet11 has connectivity with: Subnet12 and Subnet21 only

(C) Subnet11 has connectivity with: Subnet12, Subnet21 and Subnet31 only

(D) Subnet11 has connectivity with: Subnet12, Subnet21, Subnet31 and Subnet32

(E) Subnet21 has connectivity with: Subnet11 only

(F) Subnet21 has connectivity with: Subnet11 and Subnet12 only

Answer : A

NO.35 You create two Azure virtual machines (VMs) named vm1 and vm2, and then you add them to a virtual network. The private IP addresses for vm1 and vm2 are 10.1.0.10 and 10.1.0.11, respectively. You connect to vm1 by using Remote Desktop from your laptop computer.You run the following PowerShell cmdlet on vm1:ping 10.1.0.11You receive an error message that the request timed out.You must ensure that the ping command is successful.You need to run a PowerShell cmdlet on vm2.How should you complete the cmdlet?

(A) New-NetFirewallRule -DisplayName "Ping" -Protocol ICMPv4

(B) New-NetFirewallRule -DisplayName "Ping" -Protocol TCP -LocalPort 3389

(C) New-NetIPsecRule -InboundSecurity Require -RemoteAddress 10.1.0.10

(D) New-NetIPsecRule -InboundSecurity Require -RemoteAddress 127.0.0.1

Answer : A

NO.36 You need to change the public IP address for an Azure virtual machine (VM) named sn2-prod-091 to 13.65.243.111.How should you complete the command? Choose all that apply:

(A) Get-AzureVM

(B) Set-AzureStaticVNetIP

(C) Update-AzureVM

(D) Add-AzureRmVMNetworkInterface

(E) New-AzureRmVMConfig

Answer : A;B;C

NO.37 You plan to perform an Azure Active Directory (Azure AD) Access Review because you have found a higher number of users than you expected in certain groups and roles.You need to review the security group members, Azure AD roles, and Azure resource roles.Where will you create reviews for the different groups? Choose all that apply:

(A) Security group members: Azure AD Access reviews

(B) Security group members: Azure AD enterprise apps

(C) Security group members: Azure AD PIM

(D) Azure AD roles: Azure AD Access reviews

(E) Azure AD roles: Azure AD enterprise apps

(F) Azure AD roles: Azure AD PIM

Answer : A;F

NO.38 You have an Azure Active Directory (Azure AD) tenant named Adatum.com that includes the following users:? User1, who is a member of a group named Group1.? User2, who is a member of a group named Group2.The following Windows 10 computers are joined to Adatum.com:? Computer1, which is a member of a group named GroupA.? Computer2, which is a member of a group named GroupA.? Computer3, which is a member of a group named GroupB.Enterprise State Roaming in Adatum.com is enabled for Group1 and GroupA only. Choose all that apply:

(A) If User1 modifies the desktop background on Computer1, User1 will have the modified background when he is signed in to Computer2.

(B) If User1 modifies the desktop background on Computer1, User1 will have the modified background when he is signed in to Computer3.

(C) If User2 modifies the desktop background on Computer1, User2 will have the modified background when he is signed in to Computer2.&#x9

(D) If User2 modifies the desktop background on Computer1, User2 will have the modified background when he is signed in to Computer3.&#x9

Answer : A;B

NO.39 You plan to enable Azure Active Directory (AD) Identity Protection for your company. The configuration must include the following:* A role that allows full access to Identity Protection but without resetting passwords for users* A policy that will analyze user sign-in and learn typical user behaviorWhich role and policy will meet these requirements? Choose all that apply:

(A) Role: Global Administrator

(B) Role: Security Administrator

(C) Role: Security Reader

(D) Policy: MFA registration policy

(E) Policy: Sign-in risk policy

(F) Policy: User risk policy

Answer : B;F

NO.40 Your company has a hybrid solution that uses an on-premises Active Directory (AD) infrastructure and Azure AD. You want to enable password writeback so that whenever users change their passwords in Azure, the change is reflected on-premises.You need to perform the required tasks to support password writeback.Which tasks do you need to perform? For each of the following tasks, select Yes if the task should be performed. Choose all that apply:

(A) Assign the Azure AD Premium 1 license to your AD tenant.

(B) Install Azure AD Connect on an on-premises server.

(C) Deploy Azure AD Passthrough Authentication.

Answer : A;B

NO.41 You plan to use Azure Active Directory (AD) Connect as a solution that spans from your on-premises directory to cloud servers.The on-premises Active Directory contains approximately 200,000 objects. The solution must meet the following requirements:* Use Azure Multi-Factor Authentication (MFA)* Ensure that no password hashes are stored in the cloud* Support smartcard authenticationYou need to choose the installation type, version, and hybrid identity option. Choose all that apply:

(A) You should use password hash synchronization from on-premises to Azure AD for single sign-on.

(B) You should choose the custom installation type.

(C) You should install the full version of SQL Server for the AD Connect database.

Answer : B;C

NO.42 Your company plans to use a custom image based on an existing Azure Windows virtual machine (VM) to provision new VMs in multiple regions.You need to prepare the VM so it can be used to create a custom image.Which three commands should you run first in sequence?

(A) 1. New-AzImageConfig 2. New-AzImage 3. New-AzVm

(B) 1. Sysprep 2. Set-AzVm 3. Stop-AzVm

(C) 1. Sysprep 2. Stop-AzVm 3. Set-AzVm

(D) 1. New-AzVm 2. Stop-AzVm 3. Set-Az-Vm

Answer : C

NO.43 A company is using a template to provision a new virtual machine (VM) in the RG03 resource group using PowerShell.You need to ensure the following:* The new VM is deployed.* Resources already in the resource group are not affected.How should you complete the PowerShell script? Select correct placeholder values.PLACEHOLDER 1 -Mode PLACEHOLDER 2-Name NewVMDeployment -ResourceGroupName RG03-TemplateFile c:\MyTemplates\newvm.json

(A) PLACEHOLDER 1: New-AzResourceGroup

(B) PLACEHOLDER 1: New-AzResourceGroupDeployment

(C) PLACEHOLDER 1: Set-AzResourceGroup

(D) PLACEHOLDER 2: Complete

(E) PLACEHOLDER 2: Incremental

Answer : B;E

NO.44 Your company is researching ways to improve data security for Windows and Linux Infrastructure-as-a-Service (IaaS) virtual machines (VM)s. You need to determine if Azure Disk Encryption (ADE) can meet the company's requirements. Choose all that apply:

(A) ADE is supported for Basic, Standard, and Premium tier VMs.	&#x9

(B) You must encrypt the OS volume before you can encrypt any data volumes on a Windows VM.

(C) You can use the an on-premises key management service to safeguard encryption keys.

Answer : B

NO.45 Your company is deploying new virtual machines (VMs) and associated resources using Azure Resource Manager templates. The company wants to use PowerShell cmdlets to provision the resources from a template deployed to your local computer.You need to complete the PowerShell script to accomplish this.How should you complete the PowerShell script? Select correct placeholder values.PLACEHOLDER 1 PLACEHOLDER 2 RG02 -Location "North Central US"PLACEHOLDER 3 PLACEHOLDER 4 RG02-TemplateFile c:\\MyTemplates\\newazure.json

(A) PLACEHOLDER 1: New-AzResourceGroup

(B) PLACEHOLDER 1: New-AzResourceGroupDeployment

(C) PLACEHOLDER 2: -Name

(D) PLACEHOLDER 2: -ResourceGroupName

(E) PLACEHOLDER 3: New-AzResourceGroup

(F) PLACEHOLDER 3: New-AzResourceGroupDeployment

Answer : A;C;F

NO.46 You have two storage account keys: key1 and key2. Your apps and services use key1, and you maintain key2 as a backup key.You are concerned that both keys may have been compromised. You want to use the Azure portal to regenerate them without interrupting access to the storage account.Which four actions should you perform in sequence?

(A) 1. Regenerate key2 using the Azure portal. 2. Update connection strings in all relevant apps and services to use key2. 3. Verify that all apps and services are running correctly using the new key. 4. Regenerate key1 using the Azure portal.

(B) 1. Update connection strings in all relevant apps and services to use key2. 2. Verify that all apps and services are running correctly using the new key. 3. Regenerate key1 using the Azure portal. 4. Regenerate key2 using the Azure portal.

(C) 1. Verify that all apps and services are running correctly using the new key. 2. Regenerate key1 using the Azure portal. 3. Regenerate key2 using the Azure portal. 4. Update connection strings in all relevant apps and services to use key2.

(D) 1. Regenerate key1 using the Azure portal. 2. Regenerate key2 using the Azure portal. 3. Update connection strings in all relevant apps and services to use key2. 4. Verify that all apps and services are running correctly using the new key

Answer : A

NO.47 You need to give a user temporary read and write permissions to a blob by using an ad hoc shared access signature (SAS).Which six actions should you perform in sequence?

(A) 1. Open Azure Storage Explorer. 2. Connect to your Azure Storage account. 3. Create a blob container. 4. Upload the blob to the blob container. 5. Get an SAS for the blob and specify start/expiry time and permissions. 6. Use HTTPS to distribute the URL to the user.

(B) 1. Connect to your Azure Storage account. 2. Create a blob container. 3. Upload the blob to the blob container. 4. Get an SAS for the blob and specify start/expiry time and permissions. 5. Use HTTPS to distribute the URL to the user. 6. Open Azure Storage Explorer.

(C) 1. Create a blob container. 2. Upload the blob to the blob container. 3. Get an SAS for the blob and specify start/expiry time and permissions. 4. Use HTTPS to distribute the URL to the user. 5. Open Azure Storage Explorer. 6. Connect to your Azure Storage account.

(D) 1. Upload the blob to the blob container. 2. Get an SAS for the blob and specify start/expiry time and permissions. 3. Use HTTPS to distribute the URL to the user. 4. Open Azure Storage Explorer. 5. Connect to your Azure Storage account. 6. Create a blob container.

Answer : A

NO.48 You have three application virtual machines (VMs) hosted in one region in Azure. You plan to prepare a strategy that will create backups for all data from the VMs. The backup will occur every day at 1 A.M. on each VM. You must ensure that the data is protected upon configuring the solution. In addition, the solution must minimize administrative effort.Which three actions should you perform in sequence?

(A) 1. Create a Recovery Services vault. 2. Define a backup policy to protect the VMs. 3. Perform the initial backup.

(B) 1. Create a storage account for files. 2. Define a backup policy to protect the VMs. 3. Perform the initial backup.

(C) 1. Create a Recovery Services vault. 2. Define a separate backup policy on each VM. 3. Perform the initial backup.

(D) 1. Create a storage account for files. 2. Define a separate backup policy on each VM. 3. Perform the initial backup.

Answer : A

NO.49 You plan to migrate the virtual machine (VM) running Windows Server 2012 from Amazon Web Services (AWS) to Azure.You decide to perform the migration by using Azure Site Recovery (ASR).You need to prepare the migration.Which three steps should you perform first? Each correct answer presents part of the solution.

(A) Set up an Azure network.

(B) Prepare a vault.

(C) Turn on replication.

(D) Create a storage account.

(E) Set the recovery point to latest processed.

Answer : A;B;D

NO.50 Your office has an on-premises Hyper-V host computer. It contains a virtual machine (VM) named VM1 that is used as a file server.You need to replicate VM1 to Azure.What should you do?

(A) Install the Site Recovery Provider on the Hyper-V host computer.

(B) Install the Recovery Services agent on VM1.

(C) Install the Site Recovery Provider on VM1.

(D) Install the Recovery Services agent on the Hyper-V host computer.

Answer : A

NO.51 You are the cloud administrator for an Azure subscription. Your on-premises network includes a Hyper-V virtual machine (VM) that hosts a SQL Server.You need to configure Azure Site Recovery to migrate the VM to Azure.Which five actions should you perform in sequence?

(A) 1. Create a Recovery Services vault. 2. Set the Protection goal to migrate from on-premises to Azure. 3. Create a Hyper-V. 4. Install the Site Recovery Provider on the Hyper-V host. 5. Register the Hyper-V host in the vault.

(B) 1. Set the Protection goal to migrate from on-premises to Azure. 2. Install the Site Recovery Provider on the Hyper-V host. 3. Create a Hyper-V site. 4. Create a Recovery Services vault. 5. Install the Site Recovery Provider on the Azure VM.

(C) 1.Install the Site Recovery Provider on the Hyper-V host. 2. Create a Hyper-V site. 3. Create a Recovery Services vault. 4. Install the Site Recovery Provider on the Azure VM. 5. Create an Azure VM with the same operating system as the local VM.

(D) 1. Create a Hyper-V site. 2. Create a Recovery Services vault. 3. Install the Site Recovery Provider on the Azure VM. 4. Create an Azure VM with the same operating system as the local VM. 5. Register the Hyper-V host in the vault.

Answer : A

NO.52 You plan to move an Azure virtual machine (VM) to another region by using Azure Site Recovery (ASR). You are not a subscription administrator.You need permissions to do the following:* Create a VM in an Azure resource group.* Perform ASR operations.Which roles provide the required permissions? Select two.

(A) Task: Create a VM in an Azure resource group. Permission: Virtual Machine Contributor

(B) Task: Create a VM in an Azure resource group. Permission: Virtual Machine Administrator Login

(C) Task: Perform ASR operations. Permission: Site Recovery Contributor

(D) Task: Perform ASR operations. Permission: Sire Recovery Operator

Answer : A;C

NO.53 An Azure Logic app accesses data from an on-premises SQL Server database. The database administrator recently changed the password that is used to connect to the database.You need to update your Logic app so that it can connect to the database with the new password.Which Azure option should you modify?

(A) Workflow settings

(B) API connections

(C) Access keys

(D) Properties

Answer : B

NO.54 An Azure function responds to GET requests at the URL http://shipping.azurewebsites.net/api/HttpTriggerJS1.You need to modify the setting so that the function responds to requests at http://shipping/azurewebsites.net/RateChoose all that apply:

(A) Change the routePrefix value to a slash (/) in the host.json file. *&#x9

(B) Change the route template to /Rate.

(C) Change the Request parameter name to Rate.

Answer : B

NO.55 You are the cloud administrator for your organization. The development department wants to use Azure Service Bus to send messages whenever an order is placed. Two client applications are responsible for receiving those messages after they are sent.You need to create the minimum number of Azure resources required to meet the development department's needs.How should you allocate resources? Choose three:

(A) Question: How many namespaces should you create? Answer: 0

(B) Question: How many namespaces should you create? Answer: 1

(C) Question: How many namespaces should you create? Answer: 2

(D) Question: How many topics should you create? Answer: 0

(E) Question: How many topics should you create? Answer: 1

(F) Question: How many topics should you create? Answer: 2

Answer : B;E

NO.56 You plan to deploy an application that will be analyzing financial transactions.You need to recommend a messaging service that will allow you to find duplicate transactions while processing the data.Which messaging service should you create?

(A) Event Hub

(B) Service Bus

(C) Azure Queue

(D) Event Grid

Answer : A;B

NO.57 You have an Azure service bus named ServiceBus1 in a resource group named RG1.You create a queue named queue1 in ServiceBus1.You find that a client application is reading and removing messages from queue1, but is failing to process them.You need to prevent messages from being removed from queue1. Queue1 should still be able to receive messages.What should you do? Select correct placeholder values.$q = Get-AzureRmServiceBusQueue -ResourceGroup RG1 `-NamespaceName ServiceBus1 -QueueName queue1$q.Status = PLACEHOLDER 1PLACEHOLDER 2 -ResourceGroup RG1 `-NamespaceName ServiceBus1 -QueueName queue1 -QueueObj $q

(A) PLACEHOLDER 1: "SendDisabled&quot

(B) PLACEHOLDER 1: "Disabled&quot

(C) PLACEHOLDER 1: "Active&quot

(D) PLACEHOLDER 1: "ReceiveDisabled&quot

(E) PLACEHOLDER 2: Set-AzureRmServiceBusQueue

(F) PLACEHOLDER 2: Set-AzureRmServiceBusSubscription

Answer : A;E

NO.58 You are running SQL Server on a virtual machine (VM) in Azure.You need to create an outbound load balancing rule.Which command should you use?

(A) az network private-endpoint

(B) az network nic

(C) az network local-gateway

(D) az network lb

Answer : D

NO.59 The DevOps team deploys five virtual machines (VMs) to Azure that host a web application in Internet Information Services (IIS). The team wants you to create a load balancer that routes traffic to the VMs that are available.The development team creates a web page named HealthCheck.aspx that, when responding with a 200 request, indicates that the VM is available for servicing web requests. If a VM fails to respond after four consecutive checks, the VM should be considered unavailable.You need to use PowerShell to create a Load Balancer configuration that checks the health of the VMs.How should you complete the cmdlet?PLACEHOLDER 1-Name "checkVmHealth"-PLACEHOLDER 2 healthcheck.aspx-Protocol http-Port 80-IntervalInSeconds 15-PLACEHOLDER 3 4

(A) PLACEHOLDER 1: New-AzureRmLoadBalancerProbeConfig

(B) PLACEHOLDER 1: New-AzureRmLoadBalancerFrontendIpConfig

(C) PLACEHOLDER 2: RequestPath

(D) PLACEHOLDER 2: WhatIf

(E) PLACEHOLDER 3: ProbeCount

(F) PLACEHOLDER 3: Confirm

Answer : A;C;E

NO.60 You are starting a new job as an Azure cloud administrator. The previous administrator leaves you a note with the following PowerShell cmdlets:$publicIP = New-AzureRmPublicIpAddress-ResourceGroupName "resourceGroup11"-Location "EastUS"-AllocationMethod "Static"-Name "myPublicIP"New-AzureRmLoadBalancerFrontendIpConfig-Name "nat"-PublicIpAddress $publicIPYou need to determine what these cmdlets do.What should you conclude?

(A) They create a firewall configuration that uses round robin to send inbound traffic to an Azure Load Balancer.

(B) They create a load balancer configuration that uses Network Address Translation (NAT) to send inbound traffic to a set of virtual machines (VMs).

(C) They create a firewall configuration that uses round robin to send outbound traffic to an Azure Load Balancer.

(D) They create a load balancer configuration that uses Network Address Translation (NAT) to send outbound traffic to a set of Service Bus endpoints.

Answer : B

NO.61 You create an Azure Application Gateway that represents the front-end for a pool of two Azure backend virtual machines (VMs). One VM hosts images for a web application, while the other VM hosts videos. You create a path map and a backend listener.You need to associate the path map with the backend listener.How should you create the PowerShell cmdlet? Select correct placeholder values.$gateway = Get-AzureRmApplicationGateway -ResourceGroupName myResourceGroupAG-Name myAppGateway$backendlistener = Get-AzureRmApplicationGatewayHttplistener-ApplicationGateway $gateway-Name backenclastener$config = Get-AzureRmApplicationGatewayUrlPathMapConfig-PLACEHOLDER 1-Name urlpathmapPLACEHOLDER 2-ApplicationGateway $gateway-Name rule2-RuleType PathBasedRoutingPLACEHOLDER 3-UrlPathMap $config

(A) PLACEHOLDER 1: ApplicationGateway $gateway

(B) PLACEHOLDER 1: HttpListener $backendListener

(C) PLACEHOLDER 2: Add-AzureRmApplicationGatewayRequestRoutingRule

(D) PLACEHOLDER 2: New-AzureRmApplicationGatewayPathRuleConfig

(E) PLACEHOLDER 3: Set-AzureRmApplicationGateway

(F) PLACEHOLDER 3: Get-AzureRmApplicationGatewayUrlPathMapConfig

Answer : A;C;E

NO.62 You need to configure an application gateway for your company websites.Two web applications must be hosted on the same application gateway instance. Each website has the following requirements:* Must be directed to its own backend pool.* Must have its own domain.* Must be hosted on its own virtual machine (VM).Choose all that apply:

(A) You must create a virtual network for each application.	&#x9

(B) The application gateway must have two request routing rules.

(C) Each web application must have its own HTTP listener.

Answer : B;C

NO.63 You are an Azure architect at an oil and gas company. The company's field engineers must often work at remote locations.You must design a solution that allows the engineers to connect securely to a virtual network without using a VPN device.Which type of connectivity should you recommend?

(A) Multisite

(B) VNet-to-VNet

(C) Site-to-Site

(D) Point-to-Site

Answer : D

NO.64 Your company has an Azure virtual network (VNet) and an on-premises network. Your Internet Service Provider offers Multiprotocol Label Switching (MPLS). You create an ExpressRoute circuit.You need to determine the next step you should perform to connect the Azure VNet to your on-premises network.What should you do next?

(A) Create a link between the circuit and the VNet.

(B) Create a VNet gateway.

(C) Create a peering.

(D) Create a static public IP address in Azure.

Answer : B

NO.65 Your company has an Azure virtual network (VNet) and an on-premises network. Your Internet Service Provider (ISP) only offers Layer 2 connectivity services.You need to connect the Azure VNet to your on-premises network by using a private connection.Which four actions should you perform in sequence?

(A) 1. Create an ExpressRoute circuit. 2. Create a peering. 3. Create an ExpressRoute VNet gateway. 4. Create a link between the circuit and the VNet.

(B) 1. Create a link between the circuit and the VNet. 2. Create an Application Gateway. 3. Create a static public IP address in Azure. 4.Create a peering.

(C) 1. Create an Application Gateway. 2. Create a static public IP address in Azure. 3. Create a peering. 4. Create an ExpressRoute circuit.

(D) 1. Create a static public IP address in Azure. 2. Create a peering. 3. Create an ExpressRoute circuit. 4. Create an ExpressRoute VNet gateway.

Answer : A

NO.66 You are an Azure Solution Architect at a large energy company. You are configuring a point-to-site VPN.You create an Azure VpnGw2 gateway and need to configure it to support specific cryptographic algorithms for a mixed environment consisting of Windows and Mac devices.Choose all that apply:

(A) You can use the Azure portal to enable IKEv2.

(B) Your IPSec/IKE policy must include all IPSec and IKE algorithms.

(C) You can apply both a custom and a default policy to a connection to add specific algorithms.	&#x9

(D) MacOSX can connect only via Secure Socket Tunneling Protocol (SSTP).	&#x9

(E) You can use internal private key infrastructure (PKI) (self-signed) root certificates.

Answer : A;B;E

NO.67 Your company has only one location, but it will soon open a second facility.You need to create a site-to-site VPN to establish a secure connection with the new facility.Which five actions should you perform in sequence?

(A) 1. Create the virtual network. 2. Create the gateway subnet. 3. Create the virtual network gateway. 4. Configure the on-premises VPN device. 5. Connect the virtual network gateway and on-premises VPN device.

(B) 1. Create the virtual network gateway. 2. Create the gateway subnet. 3. Connect the virtual network gateway and on-premises VPN device. 4. Configure the on-premises VPN device. 5. Create the virtual network.

(C) 1. Create the gateway subnet. 2. Connect the virtual network gateway and on-premises VPN device. 3. Configure the on-premises VPN device. 4. Create the virtual network. 5. Generate the certificates.

(D) 1. Connect the virtual network gateway and on-premises VPN device. 2. Configure the on-premises VPN device. 3. Create the virtual network. 4. Generate the certificates. 5. Specify the tunnel type: SSTP or IKEv2.

Answer : A

NO.68 Your company has an Azure virtual network (VNet) and an on-premises network. You want to connect the Azure VNet to the on-premises network by using a private connection through your company's Internet Service Provider (ISP). All the servers and virtual machines (VMs) on both networks are used as application servers.You need to create the most appropriate gateway in Azure.Which type of gateway should you create?

(A) Policy-based VPN gateway

(B) Application gateway

(C) Route-based VPN gateway

(D) ExpressRoute gateway

Answer : D

NO.69 Your team is using role-based access control (RBAC) to manage access to Azure resources.You need to programmatically retrieve the team's most recent 100 events.Which cmdlet should you use?

(A) Get-AzureRmDiagnosticSetting

(B) Get-AzureRmLog

(C) Get-AzureRmLogProfile

(D) Get-AzureRmMetric

Answer : B

NO.70 You must create a custom role that allows these operations:* Read data from a blob but not write data to the blob* Display a list of containersTo define the role, you must assign permissions to these operations.What permissions should you use? PLACEHOLDER 1: Read data from a blobPLACEHOLDER 2: Exclude write data to a blobPLACEHOLDER 3: Display a list of containersSelect correct placeholder values.

(A) PLACEHOLDER 1: NotDataActions

(B) PLACEHOLDER 1: DataActions

(C) PLACEHOLDER 1: Actions

(D) PLACEHOLDER 1: NotActions

(E) PLACEHOLDER 2: NotDataActions

(F) PLACEHOLDER 2: DataActions

Answer : B;E

NO.71 A member of the development team needs to have the ability to create Azure resources. However, the developer should not be allowed to grant resource access to other users.You need to assign the appropriate role to the developer.Which role should you assign?

(A) Contributor

(B) Owner

(C) Reader

(D) User Access Administrator

Answer : A

NO.72 You have a custom role in a file named CustomRole.json.You need to add this role to Azure by using Azure CLI.Which command should you use?

(A) az role definition create --role-definition CustomRole.json

(B) az role create --role-definition CustomRole.json

(C) az role create CustomRole.json

(D) az role definition create CustomRole.json

Answer : A

NO.73 You want to add a security group named Development to the Website Contributor built-in role.You need to use Azure CLI.Which command should you use?

(A) az role definition create --resource-group "Development" --role "Website Contributor"

(B) az role definition create --assignee "Development" --role "Website Contributor"

(C) az role assignment create --assignee "Development" --role "Website Contributor"

(D) az role assignment create --resource-group "Development" --role "Website Contributor"

Answer : C

NO.74 Your company requires only single sign-on when employees access resources from the corporate network. Approximately 12 third-party contractors work remotely in various groups throughout the company and access the corporate network by using a virtual private network (VPN).You want to require multi-factor authentication (MFA) policies for those users by defining a conditional access policy.What three actions should you perform? Each correct answer presents part of the solution.

(A) For Access Controls, click Block and select Require multi-factor authentication.

(B) For Locations, include All trusted locations.

(C) For Access Controls, click Grant and select Require multi-factor authentication.

(D) For Users and Groups, include each individual user.

(E) For Cloud Apps, include All Cloud Apps.

Answer : C;D;E

NO.75 Your company uses Azure Multi-Factor Authentication (MFA) in the cloud to safeguard its assets.A member of your development team at a remote location normally uses her cell phone to authenticate. She calls you from her land line to inform you that her mobile phone has been lost or stolen, and she cannot log in to her corporate account. She does not have an alternate verification method set up for her account.Because the developer is working on a critical assignment, you must enable her to gain access to corporate resources as soon as possible.Choose all that apply:

(A) You can create a one-time bypass that temporarily grants a user access without two-step authentication.	&#x9

(B) You can clear the user's MFA settings and have her specify her land line as a new contact method.

(C) You can tell the user to click Use a different verification option and use that method

Answer : B

NO.76 Your company has an Azure Active Directory (AD) tenant.You need to ensure that users receive a verification text message on their phones before they can log in to Azure.What should you do?

(A) Enable Multifactor Authentication (MFA).

(B) Install Microsoft Authenticator on an Azure virtual machine (VM).

(C) Install Active Directory Federation Services (AD FS).

(D) Enable Self-Service Password Reset (SSPR).

Answer : A

NO.77 You are configuring Multi-Factor Authentication (MFA) for your company's Azure Active Directory (AD) tenant.You need to allow users to receive a verification notification on their phones when they attempt to log in to Azure.What should you do?

(A) Create a Notification Hub.

(B) Create a Service Bus Relay.

(C) Have the users download the Azure app on their phones.

(D) Have the users download the Microsoft Authenticator app on their phones.

Answer : D

NO.78 You are configuring Multi-Factor Authentication (MFA) for your company's Azure Active Directory (AD) tenant.You need to restrict the devices from which users can log in to Azure.What should you do?

(A) Create a virtual network (VNet) with all private IP addresses.

(B) Create a virtual network (VNet) with all public IP addresses.

(C) Configure Trusted IP settings.

(D) Install the Microsoft Authenticator app on each user's device.

Answer : C

NO.79 You create a custom role named App Service Contributor in your Azure subscription. All company developers are members of the Developers Azure Active Directory (AD) group, which is shown in the answer area.You need to use Azure CLI to assign the App Service Contributor role to the developers.Which command should you run? az PLACEHOLDER 1 assignment create \--role "App Service Contributor" \--PLACEHOLDER 2 "5da75e7e-8d19-4f68-8ff1-c9f14298cb5d"Select correct placeholder values.

(A) PLACEHOLDER 1: account

(B) PLACEHOLDER 1: configure

(C) PLACEHOLDER 1: group

(D) PLACEHOLDER 1: role

(E) PLACEHOLDER 2: assignee

(F) PLACEHOLDER 2: assignee-object-id

Answer : D;F

NO.80 You are developing a web application that will serve as a search engine for the science department at your school. You plan to host the application in Azure. A console application acts as a web crawler. It crawls the web servers on the school's network every 12 hours to build a local table of keywords and links. This table is used by the web application. You plan to host the web application in an Azure App Service.You need to ensure that the web crawler continues to work while the web application is in Azure without increasing costs.What should you do?

(A) Deploy it as a Docker Container instance.

(B) Convert it to a web application.

(C) Deploy it as a WebJob.

(D) Convert it to an Azure Function.

Answer : C

NO.81 You are developing a web application that will serve as a search engine for the science department at a school. You plan to host the application in Azure.A console application acts as a web crawler. It browses the web servers on the school's network every 12 hours to build a local table of keywords and links. This table is used by the web application. You plan to host the web application in Azure App Service.You need to make sure that the web crawler continues to work while the web application is in Azure without increasing costs.What should you do?

(A) Convert it to an Azure Function.

(B) Convert it to a web application.

(C) Deploy it as a WebJob.

(D) Deploy it as a Docker container instance.

Answer : C

NO.82 You are using the WebJobs SDK to create an Azure WebJob. You write the following code (line numbers are included for reference only):01 static void Main(string[] args)02 {03 var config = new JobHostConfiguration();04 var host = new JobHost(config);05 06 }You need to complete the code at line 05 so that the WebJob can be manually triggered.Which code should you add at line 05?

(A) host.Call(typeof(ServicePoint).GetMethod("SetTcpKeepAlive"))

(B) host.RunAndBlock()

(C) host.Start()

(D) host.Call(typeof(ServicePointManager).GetMethod("FindServicePoint"))

Answer : B

NO.83 You create an Azure web app.You need to view HTML documents that provide information about HTTP errors associated with the app.Which logs should you view?

(A) Web server logs

(B) Failed trace requests

(C) Detailed error logs

(D) Application diagnostics logs

Answer : C

NO.84 You are creating an ASP.NET Core web API that you want to host in Azure.You need to have the API automatically generate JavaScript Object Notation (JSON) and user-friendly documentation.Which technology should you use?

(A) Docker

(B) Swagger

(C) Gulp

(D) AngularJS

Answer : B

NO.85 You use Visual Studio to create an ASP.NET web app named billing and enable Docker Compose support. You publish the app to Docker Hub. You then sign into Azure and create a Windows container app for the web app.You need to view the progress of the app as it is starting up.What should you do?

(A) Visit http://billing.azurewebsites.net/api/logstream.

(B) Run the following Azure CLI command: az container show --name billing

(C) Visit http://billing.scm.azurewebsites.net/api/deployments.

(D) Run the following PowerShell cmdlet: Get-AzureRmContainerGroup -Name billing

Answer : A

NO.86 You recently created a Web App for Containers instance named prodWeb that uses a Docker image. The name of the resource group is Production.You need to change the instance to use the new image company1/testapp.Which command should you use?

(A) az webapp config container set -n prodWeb -g Production -c company1/testapp

(B) az webapp create -n prodWeb -g Production -c company1/testapp

(C) az webapp deployment source config -n prodWeb -g Production c company1/testapp

(D) az webapp deployment container config -n prodWeb -g Production c company1/testapp

Answer : A

NO.87 You pull a Dockerfile from an online repository. You build a container image from this file, and you want to add it to an Azure Container Registry named mytestreg. The name of image is my-test-app.You need to deploy the image to the registry.Which command should you run from your developer computer?

(A) docker run -p mytestreg my-test-app

(B) az container create --name mytestreg --image my-test-app

(C) docker push mytestreg.azurecr.io/my-test-app

(D) az acr create --name mytestreg\my-test-app

Answer : C

NO.88 You want to create a simple container image that runs on Windows with Internet Information Services (IIS). The base image is named windows/iis.The image should install Internet Information Services (IIS) and all the Node modules present in the packages.json file. Once installed, the image should load the Index.js file. Both files are in a subdirectory named app on your development computer. The files should be deployed to C:\app on the container.You need to create the Dockerfile.How should you complete the commands? Select correct placeholder values.PLACEHOLDER 1 windows/iisPLACEHOLDER 2 mkdir -p C:\appPLACEHOLDER 3 app C:/appPLACEHOLDER 4 C:/appPLACEHOLDER 5 npm installPLACEHOLDER 6 node index.js

(A) PLACEHOLDER 1 : CMD

(B) PLACEHOLDER 1 : COPY

(C) PLACEHOLDER 1 : FROM

(D) PLACEHOLDER 1 : RUN

(E) PLACEHOLDER 1 : WORKDIR

(F) PLACEHOLDER 2 : CMD

Answer : C

NO.89 You obtain a Docker container image from a third-party source.You need to push the image to an Azure Container Registry that you created.What should you do first?

(A) Create a load balancer.

(B) Deploy an Azure virtual machine (VM).

(C) Assign the Owner role to the Owner security group.

(D) Tag the image with the login server.

Answer : A;D

NO.90 You recently moved a critical production workload to Azure Kubernetes Service (AKS). A second AKS cluster is used for other application workloads.You want to collect performance metrics directly from the AKS cluster that is used for the critical workloads.Which four actions should you perform in sequence?

(A) 1. From the Azure portal, enable monitoring for the cluster. 2. Create a Log Analytics workspace. 3. Add Azure Monitor for Containers to the workspace. 4. View charts on the Insights page of the AKS cluster.

(B) 1. Create a Log Analytics workspace. 2. From the Azure portal, enable monitoring for the cluster. 3. Retrieve entries from the activity log. 4. Run a query on the cluster in Log Analytics.

(C) 1. From the Azure portal, enable monitoring for the cluster. 2. Retrieve entries from the activity log. 3. Run a query on the cluster in Log Analytics. 4. View charts on the Insights page of the AKS cluster.

(D) 1. Retrieve entries from the activity log. 2. Run a query on the cluster in Log Analytics. 3. View charts on the Insights page of the AKS cluster. 4. Add Azure Monitor for Containers to the workspace.

Answer : A

NO.91 You use the following commands to create a container in Azure:az group create --name sampleResourceGroup --location eastusaz container create --resource-group sampleResourceGroup --name sampleContainer --image microsoft/aci-helloworld --dns-name-label aci-demo --ports 80You need to navigate to the application hosted in the container.Which URL should you use?

(A) eastus.aci-demo-azurecontainer.io

(B) aci-demo.azurecontainer.eastus.io

(C) eastus.azurecontainer.aci-demo.io

(D) aci-demo.eastus.azurecontainer.io

Answer : D

NO.92 You use the following Azure CLI command to create an Azure container instance:az container create --resource-group testgroup --name testcontainer --image microsoft/aci-helloworldYou need to be able to browse to the container's URL.Which two parameters must you set?

(A) --environment-variables

(B) --protocol

(C) --dns-name-label

(D) --ports

(E) --os-type

Answer : C;D

NO.93 You create a web API that will be accessed by a web application and two different mobile applications. You want to secure the web API by using OAuth 2.0.You need to determine which applications to register in Azure Active Directory (Azure AD).Choose all that apply:

(A) Web API

(B) Mobile applications

(C) Web application

Answer : A;B;C

NO.94 You deploy an application to an Azure virtual machine (VM). You use Secure Shell (SSH) to connect to the VM.You need to get an access token using the assigned VM's managed identity.To which IP address should you issue a web request?

(A) 169.254.169.254

(B) 10.10.10.10.

(C) 192.168.0.1

(D) 127.0.0.1

Answer : A

NO.95 You have an Azure API Management gateway named mycompany. You are adding OAuth 2.0 authentication to secure the gateway's APIs.The client ID for the application is 49aef0d1-502a-4f31-9cde-616fa2ccffb6. The tenant ID for your Azure Active Directory (AD) tenant is aa9463cb-b2f1-45be-adcd-ee892279b196.You need to specify the URL endpoint so that developers can authenticate with your company's AD tenant.Which URL should you specify?

(A) https://login.microsoftonline.com/aa9463cb-b2f1-45be-adcd-ee892279b196/oauth2/authorize

(B) https://49aef0d1-502a-4f31-9cde-616fa2ccffb6.azure-api.net

(C) https://mycompany.azurewebsites.net/aa9463cb-b2f1-45be-adcd-ee892279b196/oauth2/authorize

(D) https://mycompany.azure-api.net/authenticate/49aef0d1-502a-4f31-9cde-616fa2ccffb6

Answer : A

NO.96 You create a Linux Azure virtual machine (VM) and enable the system-assigned identity. You want to use Managed Service Identity to allow the VM to access the Azure Resource Manager application programming interface (API).Which three actions should you perform in sequence?

(A) 1. Grant to the VM the Reader role for all resource groups. 2. Run the Invoke-WebRequest PowerShell cmdlet to retrieve an access token. 3. Call Azure Resource Manager using the access token.

(B) 1. Call Azure Resource Manager using the access token. 2. Grant to the VM the Reader role for all resource groups. 3. Grant to your account the Virtual Machine Contributor role.

(C) 1. Grant to the VM the Reader role for all resource groups. 2. Grant to your account the Virtual Machine Contributor role. 3. Run the az identity create CLI command to specify the name of the identity.

(D) 1. Grant to your account the Virtual Machine Contributor role. 2. Run the az identity create CLI command to specify the name of the identity. 3. Run the Invoke-WebRequest PowerShell cmdlet to retrieve an access token.

Answer : A

NO.97 You create a web API that is hosted in Azure.You need to protect the API by using OAuth 2.0 authentication with your company's Azure Active Directory (AD) tenant.Which additional Azure resource should you create?

(A) Key vault

(B) Network Security Group (NSG)

(C) Application Gateway

(D) API Management instance

Answer : D

NO.98 An Azure key vault named exam-answer exists in your company's cloud subscription. You want to store a password in the key vault. The password is S3449PT!@90Q. The name of the entry should be ApplicationPassword. The password should not be stored as plain text.You need to use PowerShell to store the password in the key vault.How should you complete the cmdlets? Select correct placeholder values.$value = PLACEHOLDER 1 'S3449PT!@90Q' -PLACEHOLDER 2 -ForcePLACEHOLDER 3 -VaultName 'exam-answer' -Name 'ApplicationPassword' -PLACEHOLDER 4 $value

(A) PLACEHOLDER 1: ConvertTo-SecureString

(B) PLACEHOLDER 1: AsPlainText

(C) PLACEHOLDER 1: Set-AzureKeyVaultSecret

(D) PLACEHOLDER 1: SecretValue

(E) PLACEHOLDER 1: Add-AzureKeyVaultKey

(F) PLACEHOLDER 2: ConvertTo-SecureString

Answer : A

NO.99 The following secret identifier exists in an Azure key vault: https://exam-answer.vault.azure.net/secrets/billingApiKey/a23df1a2eb5cb4a3696348504f74704c8You need to use Azure CLI to retrieve the value for the secret.Which command should you use? Select correct placeholder values.az keyvault secret show --name PLACEHOLDER 1 --vault-name PLACEHOLDER 2

(A) PLACEHOLDER 1: a23df1a2eb5cb4a3696348504f74704c8

(B) PLACEHOLDER 1: billingApiKey

(C) PLACEHOLDER 1: exam-answer

(D) PLACEHOLDER 2: a23df1a2eb5cb4a3696348504f74704c8

(E) PLACEHOLDER 2: billingApiKey

(F) PLACEHOLDER 2: exam-answer

Answer : A;B;F

NO.100 You use the following command to store a connection string in Azure Key Vault:az keyvault secret set --vault-name "exam-answer" --name "connectionString" --value " server=10.10.10.100;database=prodSql;user id=webapp;password=4$gg65"Developers need to retrieve the connection string.Which URL should they use?

(A) https://exam-answer.vault.azure.net/value/connectionString

(B) https://exam-answer.vault.azure.net/keys/connectionString

(C) https://exam-answer.vault.azure.net/secrets/connectionString

(D) https://exam-answer.vault.azure.net/connectionStrings/prodSql

Answer : C

NO.101 Your company has an on-premises infrastructure and an Azure cloud infrastructure. Data in Azure resides in Azure blob storage.You need to access this data so that it cannot be compromised while in transit.Which two actions should you perform? Each correct answer presents part of the solution.

(A) Create a Service Bus relay.

(B) Access the REST endpoint using HTTPS/TLS.

(C) Create an Application Gateway instance.

(D) Deploy a VPN Gateway.

Answer : B;D

NO.102 You plan to create a Windows Server 2019 Azure virtual machine (VM) for processing sensitive data. Other applications and operating systems should not be able to access or view the sensitive data.You need to decide which security feature to use and which type of Azure VM to create.What should you use? Select correct placeholder values.Feature to use: PLACEHOLDER 1Azure virtual machine type to use PLACEHOLDER 2

(A) PLACEHOLDER 1: Secure Enclave

(B) PLACEHOLDER 1: Windows Defender Application Guard (WDAG)

(C) PLACEHOLDER 1: Windows Defender Application Control (WDAC)

(D) PLACEHOLDER 2: DC-series

(E) PLACEHOLDER 2: E-series

(F) PLACEHOLDER 2: F-series

Answer : A;D

NO.103 An Azure Cosmos DB database is used to track inventory for a company. Queries are most often based on date received, serial number, or both.You need to horizontally partition data to optimize both read and write operations.What should you do?

(A) Use a partition key based on serial number.

(B) Use a synthetic partition key based on the date and a random suffix.

(C) Use a synthetic partition key based on the date and a precalculated suffix based on serial number.

(D) Use a partition key based on date.

Answer : C

NO.104 Your company plans to use an Azure Cosmos SQL DB for data storage. The company plans to use partitioning to meet application performance goals.You need to verify Cosmos DB partitioning features to ensure that it will meet the company's requirements.Choose all that apply:

(A) A single logical partition can contain no more than 10 GB of data.

(B) Microsoft guarantees a throughput of 1000 request units per second (RU/s) for a partitioned container.	&#x9

(B) C. Partitioning is automatic and managed transparently by Azure Cosmos DB.

(D) Transactions using stored procedures or triggers can be performed against a single partition only.

Answer : A;B;D

NO.105 Your company creates an Azure Cosmos DB in Azure Portal. The database must be a graph database with the ability to model and traverse relationships between entities in the database.You need to recommend the appropriate Cosmos DB API to use.Which API should you use?

(A) API for MongoDB

(B) Casandra API

(C) SQL API

(D) Table API

(E) Gremlin API

Answer : E

NO.106 You need to determine the results of a query against an Azure Cosmos DB that uses the SQL data model. You execute the following query:SELECT *FROM Invoices iWHERE i.id =1What should you expect the query to produce?

(A) A table structured as rows and columns

(B) JSON-formatted data

(C) XML-formatted data

(D) A syntax error

Answer : B

NO.107 A static resource database for a public multiplayer game site is hosted in a Cosmos DB that uses the SQL data model.You need to guarantee the highest possible availability and lowest latency for data reads.Which consistency level should you use?

(A) Consistent prefix

(B) Strong

(C) Bounded staleness

(D) Eventual

(E) Session

Answer : D

NO.108 You need to ensure client consistency with read-your-writes and write-follows-reads guarantees. The solution should maximize read throughput while minimizing latency for read and write operations.Which Azure Cosmos DB consistency should you choose?

(A) Bounded staleness

(B) Strong

(C) Consistent prefix

(D) Eventual

(E) Session

Answer : E

NO.109 A company's operations are supported by an Azure Cosmos DB. The database is configured for single master replication across the North Central US and South Central US regions. The database is configured with Staleness bound consistency as its default consistency.You need to determine how this impacts your company's recovery objectives in case of a catastrophic regional failure.What is the guaranteed recovery time objective (RTO) for this configuration?

(A) 0 minutes

(B) < 1 day

(C) < 15 minutes

(D) < 1 week

Answer : C

NO.110 A company wants to set up an elastic pool to support 20 single SQL databases that are managed as part of the same SQL database server. Database Transaction Unit (DTU) utilization is as follows:* Average DTU utilization per database - 18* Peak DTU utilization per database - 47* Number of concurrently peaking databases - 2You need to determine the size of the elastic DTU (eDTU) pool you need to configure.Which pool size should you configure?

(A) 360

(B) 400

(C) 300

(D) 100

Answer : B

NO.111 You add a new Azure SQL Database single database to an existing database server.You need to add the database to an existing elastic pool.Which PowerShell cmdlet should you use?

(A) Set-AzureRmSqlDatabase

(B) Set-AzureRmSqlElasticPool

(C) Set-AzureRmSqlDatabaseSecondary

(D) Set-AzureRmSqlInstance

Answer : A

NO.112 You are creating an elastic pool for databases on SQL Database server DBServ01. The pool must meet the following requirements:* Ensure pool support for two databases peaking concurrently at 70 Database Transaction Units (DTUs).* Ensure that a maximum of as near to 75 DTUs as possible can be consumed by a database.* Minimize the DTUs that are guaranteed to all databases in the pool.* Minimize pool costs and configuration.You need to create the pool. Select correct placeholder values.New-AzureRmSqlElasticPool -ResourceGroupName "RGDB01" -ServerName "DBServ01"-ElasticPoolName "MyPool01" -Edition "Premium" -Dtu PLACEHOLDER 1-DatabaseDtuMin PLACEHOLDER 2 -DatabaseDtuMax PLACEHOLDER 3

(A) PLACEHOLDER 1: 75

(B) PLACEHOLDER 1: 125

(C) PLACEHOLDER 1: 250

(D) PLACEHOLDER 1: 500

(E) PLACEHOLDER 2: 0

(F) PLACEHOLDER 2: 10

Answer : C;E

NO.113 A company is migrating its on-premises datacenter to Azure. The solution should:* Support migration without database changes* Provide for company control over maintenance and update schedules* Provide for control over the recovery modelYou need to identify the appropriate database solution.What solution should you choose?

(A) Azure SQL Database Managed Instance

(B) Azure SQL Database Elastic Pool

(C) Azure SQL Database Single Database

(D) SQL Server on Azure Virtual Machine (VM)

Answer : A;D

NO.114 A company is migrating its on-premises database to Azure. You use the following commands to create the database:New-AzureRmSqlInstanceNew-AzureRmSqlInstanceDatabaseYou need to determine the features of this deployment. Choose all that apply:

(A) This deployment is limited to using the vCore purchasing model only.

(B) The database can be moved to an existing elastic pool.	&#x9

(C) Migration can be completed with little or no changes to the on-premises database.

(D) Microsoft is responsible for database engine updates and maintenance.

Answer : A;C;D

NO.115 A company is moving the database that is used to support an important application to an Azure SQL Database Managed Instance.You need to review the source code of the application to identify potential incompatibilities.Choose all that apply:

(A) Filestream data types are supported for temporary tables.	&#x9

(B) Bulk insert operations are limited to importing from Azure Blob storage only.

(C) Standard query operations, including SELECT, UPDATE, and DELETE, are supported. *	&#x9

(D) Commands that are executed using xp_cmdshell return JSON-formatted data instead of nvarchar(255) type data.

Answer : B

NO.116 You create and save a text file that contains Transact-SQL (T-SQL) statements to create a new table.You need to execute the script.Which PowerShell cmdlet should you use?

(A) Write-SqlTableData

(B) Invoke-Sqlcmd

(C) Invoke-ASCmd

(D) Invoke-ProcessTable

Answer : B

NO.117 You create a Windows Communication Foundation (WCF) service that allows internal applications to calculate shipping rates from three shipping providers. The service is hosted on the corporate network, and it is accessible over TCP port 4800. Your company's firewall only allows inbound traffic over TCP port 8080.You need to expose this service to applications outside the corporate network.What two actions should you perform? Each correct answer presents part of the solution.

(A) Create an API Management gateway in Azure.

(B) Create an Application Gateway in Azure.

(C) Create a relay binding to the WCF service endpoint configuration.

(D) Create a Service Bus namespace in Azure.

Answer : C;D

NO.118 You create an Azure web API that must send push notifications to Internet-of-Things (IoT) devices in the East United States region. You deploy both a production web API and a test web API. You want to be able to test push notifications through both web APIs. You plan to use Azure Notification Hubs to implement push notifications.You need to determine the minimum number of namespaces and hubs to create.How many namespaces and hubs should you create?

(A) One namespace and one hub

(B) Two namespaces and two hubs

(C) Two namespaces and one hub

(D) One namespace and two hubs

Answer : D

NO.119 Your office uses Azure for cloud computing. Your team consists of over 40 IT administrators across the country. Each IT administrator has permission to create virtual machines (VMs) in Azure.You need to receive an e-mail whenever a VM is added or changed. The solution must be the most cost-effective and easy to implement.What should you do?

(A) Create a Logic app that uses the Event Grid connector.

(B) Create a Service Bus namespace and implement a relay binding.

(C) Create a Function app that uses the HTTP trigger.

(D) Create a Notification Hub namespace and implement a push notification.

Answer : A

NO.120 You manage an ecommerce site that is hosted in Azure App Service. You need to use Azure to allow multiple applications to be notified whenever a new order is placed.How should you complete the code? Select correct placeholder values.static async Task SendMessage(string connectionString, string entityPath, byte[] message){var client = new PLACEHOLDER 1(connectionString, entityPath);await client.SendAsync(PLACEHOLDER 2);}

(A) PLACEHOLDER 1: QueueClient

(B) PLACEHOLDER 1: TopicClient

(C) PLACEHOLDER 2: message

(D) PLACEHOLDER 2: new Message(message)

Answer : B;D

NO.121 You create a Service Bus namespace named company1 with a topic named orders. The topic contains subscriptions that are shown in the exhibit.You need to determine what happens when the code in the exhibit is run.Exhibit:Service bus Topic Overview Page:Name: orderEmailer, Status Active, Message count: 10Name: orderProcessor, Status Active, Message count: 10Code:static void RetrieveMessage(string connectionString, string entityPath) { var client = new SubscriptionClient(connectionString, entityPath, "orderEmailer"); client. RegisterMessageHandler(async (msg, token) => { await client.CompleteAsync(msg.SystemProperties.LockToken); }, new MessageHandlerOptions((args) => { return Task.CompletedTask; }));} Choose all that apply:

(A) SubscriptionClient.CompleteAsync is called 10 times.

(B) One message is removed from the orderProcessor subscription.	&#x9

(C) Ten messages are removed from the orderEmailer subscription.

Answer : A;C

NO.122 You want to use Azure Notification Hubs to deliver notifications from a cloud web service to a mobile app. You want to be able to send notifications to both the production version of the app and the development version of the app.You need to determine the number of hubs, namespaces, and access policies to create.Select correct placeholder values.How many namespaces should you create? Answer: Placeholder 1How many hubs should you create? Answer: Placeholder 2How many access policies should you create? Answer: Placeholder 3

(A) Placeholder 1: 1

(B) Placeholder 1: 2

(C) Placeholder 1: 3

(D) Placeholder 2: 1

(E) Placeholder 2: 2

(F) Placeholder 2: 3

Answer : A;E

NO.123 Your company is implementing a messaging solution for the cloud. The solution must allow client applications to submit URLs to videos that must be converted from Windows Media Video to MPEG-2.A pool of cloud services is responsible for converting the videos. A video must be converted only once. The URLs must be sent to the cloud at endpoint https://exam-answer.servicebus.windows.net.You need to use Azure CLI to create the appropriate Azure resource.How should you complete the commands? Select correct placeholder values.az PLACEHOLDER 1 PLACEHOLDER 2 create--name exam-answer--resource-group services --location eastusaz PLACEHOLDER 3 PLACEHOLDER 4 create--name converter--resource-group services--namespace-name exam-answer

(A) PLACEHOLDER 1: eventhub

(B) PLACEHOLDER 1: namespace

(C) PLACEHOLDER 1: queue

(D) PLACEHOLDER 1: servicebus

(E) PLACEHOLDER 2: eventhub

(F) PLACEHOLDER 2: namespace

Answer : A;D;F

NO.124 You deploy an e-commerce site as an Azure web app. You notice that every weekend your site has four times as many users and response time slows.You need to implement a horizontal scaling solution at the lowest cost and with the least amount of effort.What should you do?

(A) Enable the Azure Monitor auto-scale feature.

(B) Deploy an Azure Function and take advantage of automatic scaling.

(C) Implement a custom scaling solution with a WebJob.

(D) Migrate the web app to a virtual machine (VM) scale set.

Answer : A

NO.125 Your company has a mobile app that accesses an Azure SQL Database. You want to ensure that the app is developed to handle temporary Azure service interruptions due to connectivity issues. You must ensure that whenever a connection fails, a new attempt is made, up to four times. A variable named connectionString represents the connection string to Azure SQL Database.You need to complete the code.How should you complete the code? Select correct placeholder values.var x = PLACEHOLDER 1;using (var conn = new PLACEHOLDER 2(PLACEHOLDER 3)){conn.Open();}

(A) PLACEHOLDER 1: 4

(B) PLACEHOLDER 1: RetryPolicy<SqlDatabaseTransientErrorDetectionStrategy>(4)

(C) PLACEHOLDER 2: SqlConnection

(D) PLACEHOLDER 2: ReliableSqlConnection

(E) PLACEHOLDER 3: connectionString

(F) PLACEHOLDER 3: connectionString, 4

Answer : B;D;F

NO.126 You create an Azure Function that must connect to a Cosmos DB. Cosmos DB is replicated to the following regions that support read and write:West EuropeNorth EuropeWest USWest US 2You need to use a singleton pattern to create a connection to the Cosmos DB.How many connections to Cosmos DB should the Azure Function establish?

(A) 4

(B) 3

(C) 1

(D) 2

Answer : C

NO.127 You are the administrator of the ACME banking group. You are responsible for adding your company's custom domain to the Azure tenant. Which of the following configuration is supported when creating the records at the registrar level?

(A) TXT Record + Alias + Destination + TTL

(B) TXT Record + Alias + TTL

(C) MX Record + Alias + Destination +TTL

(D) MX Record + Alias + Destination + TTL + Priority

Answer : A;D

NO.128 You are the administrator of the ACME banking group. You are responsible for the daily operations regarding Identities on Azure. You notice that there are several requests daily to reset their passwords. Upon delving deeper, you find that the on-premises passwords and Azure/Office365 passwords are not the same and that is causing the main confusion. You need to ensure that passwords are synced from your local Active Directory to Azure and that users can change passwords in Azure, which should update the local Active Directory password and vice versa. How would you accomplish this goal most cost-effectively?

(A) Implement AD Connect with a P2 license

(B) Configure single sign-on

(C) Implement AD connect with a P1 license

(D) Deploy Self Service Reset Portal

Answer : C

NO.129 You are the administrator of the ACME banking group. You are responsible for billing and administration for all subscriptions in Azure. ACME plans to deploy several Web App for the marketing department. You need to show the cost graph for the past 6 months on the subscription you want to suggest. Which option from the Azure portal should use?

(A) Overview Tab

(B) Payment Methods

(C) Invoices

(D) Partner Information

Answer : C

NO.130 You are the architect of the ACME shipping group. You are responsible for designing a storage solution for a new application that requires storing a list of client details in Azure. The solution needs to enable the administrators to filter the client details. Which Azure storage service should you use?

(A) Blob Storage

(B) File Storage

(C) Table Storage

(D) Queue Storage

Answer : C

NO.131 You are the administrator of the ACME banking group. You are in the process of automating the virtual machine creation process via ARM templates in PowerShell. Which of the following is required to successfully create an ARM template, choose all that applies?

(A) Template

(B) Parameters

(C) CLI

(D) Variables

Answer : A;B

NO.132 You are the administrator of the ACME banking group. You are in the process of automating the virtual machine creation process via ARM templates in JSON format. You need to configure the VM to automatically allow RDP traffic when this template is used. Under which variable can you edit the access rules?

(A) "NetworkInterfaceName"

(B) "NetworkSecurityGroupName"

(C) "NetworkSecurityGroupRules"

(D) "PublicIPAddressType"

Answer : C

NO.133 You are the administrator of the ACME banking group. You have an Azure virtual machine called "Tax_Returns" which has Azure backup enabled. The branch manager has accidentally deleted an important file and request that you recover that file. Which recovery method will be the fastest without disrupting the current VM and does not require additional resources to be created?

(A) Restore VM

(B) File Recovery

(C) Restore VHD

(D) Azure Site Recovery Failover

Answer : B

NO.134 You are the architect of the ACME shipping group. You are tasked to design a failover strategy for your Azure VMs, which reside in West Europe. You decide to use Azure Site Recovery and need to guide the administrator on the high-level configuration. In which region should the recovery services vault be created?

(A) West Europe

(B) North Europe

Answer : A

NO.135 You are the architect of the ACME shipping group. You are responsible for designing remote connectivity for selected users to all virtual machines on the Azure virtual network. The connection needs to be secure and minimal effort on the user?s side to connect each time. The solution should not include any on-premises hardware and be cost-effective. What connectivity solution should be used?

(A) Virtual Network Peering

(B) Point-to-Site VPN

(C) Site-to-site VPN

(D) Express route

Answer : B

NO.136 You are the architect of the ACME shipping group. You are responsible for designing remote connectivity between 4 of your branches and your main virtual network in Azure. The connection needs to be secure and no additional intervention to connect from the remote branches to Azure and vice versa. Additional remote branches are also to be connected to Azure in the future, however, there is no need for the remote branches to communicate with each other directly. What connectivity solution should be used?

(A) Virtual Network Peering

(B) Point-to-Site VPN

(C) Site-to-site VPN

(D) Express route

Answer : C

NO.137 You are the architect of the ACME shipping group. You are responsible for designing remote connectivity between your head office and your virtual network in Azure. The connection needs to be private, high speed and low latency. The bandwidth requirement is also very large, estimated at 25Gbps. What connectivity solution should be used?

(A) Virtual Network Peering

(B) Point-to-Site VPN

(C) Site-to-site VPN

(D) Express route

Answer : D

NO.138 You are the administrator of the ACME banking group. You are responsible for managing identities and their roles within the organization. You need to delegate the minimum access to the new IT support engineer to reset user passwords in AAD. Which RBAC role should you assign to the support engineer?

(A) User Administrator

(B) Password Administrator

(C) Global Administrator

(D) Service Administrator

Answer : B

NO.139 You are the administrator of the ACME banking group. You are responsible for managing identities and their roles within the organization. You have been tasked to supply a specific guest account the minimal rights to the firewall VM in the IT resource group. The guest account should only be able to view and reboot the firewall VM. Which custom Role-Based Access Control (RBAC) permission should the new role have?

(A) Microsoft.Compute/virtualMachines/restart/action

(B) Microsoft.Compute/virtualMachines/start/action

(C) Microsoft.ClassicCompute/virtualMachines/*Reader role

(D) Microsoft.Compute/virtualMachines/deallocate/action

Answer : A

NO.140 You are the administrator of the ACME banking group. Your company makes use of Microsoft Teams as a communication tool. Every time a new user joins the company HR manually creates a new post welcoming the users. You are tasked to automate this process by implementing a low-cost solution without having to write code for the solution to work. What technology should you implement based on the requirements?

(A) Function App

(B) Logic App

(C) Event Grid

(D) Service Bus

Answer : B

NO.141 You are the architect of the ACME shipping group. You are responsible for designing a solution which should automatically monitor events and action-specific events. You are tasked to design a solution that should automatically notify you via email when a new resource is created or deleted in the "Production" resource group. Which technology should you use to create and send events?

(A) Event Hub

(B) Event Grid

(C) Resource Lock

(D) Service Bus

Answer : B

NO.142 You are the administrator of the ACME banking group. You are responsible for managing all virtual machines on Azure. The security team requests that all Linux VMs must use an authentication method other than passwords. Which authentication method should be used?

(A) SSH Public Key Authentication

(B) Use Root Access

(C) Azure Key Vault Secret

Answer : A

NO.143 You are the architect for the ACME shipping group. You are responsible for designing the integration of 2 existing applications at a high level, one app is running on-premises and the other running in Azure. The integration requires a secure connection between the two apps directly, without exposing other resources on-premises or in Azure. Which technology would be the best fit?

(A) Point-to-Site VPN

(B) Site-to-Site VPN

(C) Azure Relay

(D) NSG Rules

Answer : C

NO.144 You are the architect of the ACME shipping group. You are responsible for designing a notification system that will be used to send promotional content via push notifications to millions of devices. The design should cater to all popular platforms like Android, iOS, and Windows. You are also planning to use this solution with shared access secrets. Which of the following technologies would best fit the design?

(A) Event Hub

(B) Service Bus

(C) Event Grid

(D) Notification Hub

Answer : D

NO.145 You are the architect of the ACME shipping group. You are responsible for designing a messaging system that will be used when users purchase goods, as such the messaging system needs to be reliable. Which of the following technologies would be the best for the design?

(A) Event Hub

(B) Service Bus

(C) Event Grid

(D) Notification Hub

Answer : B

NO.146 You are the architect of the ACME shipping group. You are responsible for designing autoscaling solutions. You have a VM whose sole purpose is to run a specific job every 8 hours. Which autoscaling pattern would be the best fit?

(A) Off and On

(B) Adding Resources

(C) Unpredictable by CPU

(D) Predictable

Answer : A

NO.147 You are the architect of the ACME shipping group. You are responsible for designing autoscaling solutions. You have a web server which runs at a load of 70-90% most of the time. Which autoscaling pattern would be the best fit?

(A) Off and On

(B) Unpredictable by CPU

(C) Adding Resources

(D) Predictable

Answer : C

NO.148 You are the architect of the ACME shipping group. You are responsible for designing autoscaling solutions. The marketing team is currently running several small advertisement campaigns and you are unsure how this will affect the traffic to the current webserver, which is running in full production mode 24x7. Which autoscaling pattern would be the best fit?

(A) Unpredictable by CPU

(B) Off and On

(C) Predictable

(D) Adding resources

Answer : A

NO.149 You are the architect of the ACME shipping group. You are responsible for designing autoscaling solutions. You are preparing for Black Friday sale, which in history brings loads of additional traffic to the current webserver, which is running in full production mode 24x7. Which autoscaling pattern would be the best fit?

(A) Off and On

(B) Unpredictable by CPU

(C) Adding resources

(D) Predictable

Answer : D

NO.150 You are the administrator of the ACME banking group. You are responsible for designing a notification system that will send a confirmation email to users when they purchased a new service. The solution also requires to make use of distribution lists as well as collecting real-time metrics of who blocked email engagement. Which of the following technologies would best fit the design?

(A) SendGrid

(B) Notification Hub

(C) Service Bus

(D) Event Grid

Answer : A

NO.151 You are the architect of the ACME shipping group. You are responsible for designing a solution that tracks all IoT data from all shipping containers worldwide. You are concerned about the load the traffic will put on the backend systems. You need to decide which technology will be able to ingest these large amounts of data and temporary store and process them. Which of the following technologies would be the best for the design?

(A) Event Grid

(B) Event Hub

(C) Notification Hub

(D) Service Bus

Answer : B

NO.152 You are the administrator of the ACME banking group. You are responsible for maintaining certificates in Azure Key Vault. Is it possible to do auto-renewal of certificates before they expire?

(A) TRUE

(B) FALSE

Answer : A

NO.153 You are the administrator of the ACME banking group. You are responsible for security on the Azure SQL database called SQL_DB_Main. You have been tasked to ensure that all data in transit should be encrypted as well as that database administrators are not able to view sensitive information in the database. Which encryption technology should be used?

(A) Transparent Data Encryption (TDE)

(B) Always Encrypted

Answer : B

NO.154 You are the administrator of the ACME banking group. You are responsible for security on the Azure SQL database called SQL_DB_Main. The requirement from the auditors is that all data in the database needs to be encrypted as rest. Which encryption technology should be used?

(A) Transparent Data Encryption (TDE)

(B) Always Encrypted

Answer : A

NO.155 You are the architect for the ACME shipping group. You are responsible for designing a secure solution for one of the new applications that have very sensitive intellectual property code and data going to run on it. Which technology would be best suited?

(A) Azure Confidential Compute with the F-Series VMs

(B) Azure Confidential Compute with the L-series VMs

(C) Azure Confidential Compute with the M-Series VMs

(D) Azure Confidential Compute with the DC-series VMs

Answer : D

NO.156 You are the administrator of the ACME banking group. You are responsible for managing the key vault in Azure. You need to create a new certificate in the ACMEvault with a key size of 2018 and that cannot be reused via an API call, which should be called ACMEcertificate. Which statement below is correct?

(A) POST https://ACMEvault.vault.azure.net/certificates/{ACMEcertificate}/create?api-version=7.0

(B) POST http://ACMEvault.vault.azure.net/certificates/{ACMEcertificate}/create?api-version=7.0

(C) GET https://ACMEvault.vault.azure.net/certificates/{ACMEcertificate}/create?api-version=7.0

(D) SET https://ACMEvault.vault.azure.net/certificates/{ACMEcertificate}/create?api-version=7.0

Answer : A

NO.157 You are the administrator of the ACME banking group. You are responsible for managing the key vault in Azure. You need to delete an existing certificate in the ACMEvault called ACMEcertificate via an API call. This certificate must not be recoverable after deletion. Select which 2 API statements below are required?

(A) DELETE https://ACMEvault.vault.azure.net/certificates/ACMEcertificate/create?api-version=7.0

(B) DELETE http://ACMEvault.vault.azure.net/certificates/ACMEcertificate/create?api-version=7.0

(C) DELETE https://ACMEvault.vault.azure.net/deletedcertificates/ACMEcertificate/create?api-version=7.0

(D) DELETE http://ACMEvault.vault.azure.net/deletedcertificates/ACMEcertificate/create?api-version=7.0

Answer : A;C

NO.158 You are the administrator of the ACME banking group. You are responsible for managing the key vault in Azure called ACMEvault. You have decommissioned a production server that has its password stored in the key vault labeled "FinanceAdmin". You need to remove the password from the vault by using an API call. Which API call is correct?

(A) REMOVE https://ACMEvault.vault.azure.net/secrets/FinanceAdmin?api-version=7.0

(B) PURGE https://ACMEvault.vault.azure.net/secrets/FinanceAdmin?api-version=7.0

(C) DELETE https://ACMEvault.vault.azure.net/secrets/FinanceAdmin?api-version=7.0

(D) RECOVER https://ACMEvault.vault.azure.net/secrets/FinanceAdmin?api-version=7.0

Answer : C

NO.159 You are the architect of the ACME shipping group. You are responsible for designing the migration for a production Web app from on-premises to publish code in Azure. The Web App requires to be linked to your company?s domain name as well as have 5 staging slots. The solution needs to be backed up daily as well. Which if of the following App Service Plan tiers will suffice and be the most cost-effective?

(A) Production1 Version 2 (P1V2)

(B) Development 1 (D1)

(C) Standard 1 (S1)

(D) Basic 1 (B1)

Answer : C

NO.160 You are the architect of the ACME shipping group. You are responsible for designing the migration for a production Web app from on-premises to publish code in Azure. The Web App requires to be linked to your company?s domain name and scale manually with a dedicated instance. Daily backups and staging slots are not a requirement. Which if of the following App Service Plan tiers will suffice and be the most cost-effective?

(A) Production1 Version 2 (P1V2)

(B) Development 1 (D1)

(C) Standard 1 (S1)

(D) Basic 1 (B1)

Answer : D

NO.161 You are the administrator of the ACME banking group. You want to deploy an application as code to Azure for testing. The only requirement is that this solution does not incur any costs while in testing mode. Which if of the following App Service Plan tiers will suffice and be the most cost-effective?

(A) Development 1 (D1)

(B) Standard 1 (S1)

(C) Basic 1 (B1)

(D) F1

Answer : D

NO.162 You are the architect of the ACME shipping group. You are responsible for designing the migration for a production Web app from on-premises to publish code in Azure. The Web App handles very sensitive information and therefore needs to run on an isolated network. The App also requires at least 4.5 GB of memory to run and needs to scale when needed. Which if of the following App Service Plan tiers will suffice and be the most cost-effective?

(A) Production 3 Version 2 (P3V2)

(B) Isolated 1 (I1)

(C) Isolated 2 (I2)

(D) Isolated (I3)

Answer : C

NO.163 You are the administrator of the ACME banking group. You want to deploy your Web App code to Azure. Which of the following applications does Azure support with regards to continuous deployment, select all supported solutions.

(A) Bitbucket

(B) GitHub

(C) Azure Repos

(D) OneDrive

(E) DropBox

(F) FTP

Answer : A;B;C

NO.164 You are the administrator of the ACME banking group. You have a multi-container Web App running in production, however, you need to run a continuous job on the Web App to clean up a directory. Which of the following should you configure?

(A) Create a continuous Multi-Instance WebJob

(B) Create a continuous Single-Instance WebJob as a Continuous Type

(C) Create a triggered Single-Instance WebJob as a Continuous Type

(D) Create a triggered Multi-Instance WebJob as a Continuous Type

Answer : B

NO.165 You are the architect of the ACME shipping group. You are responsible for designing a Kubernetes cluster for future workloads and need to provide guidance to the technical team. Which of the following cannot be changed once a Kubernetes cluster is created?

(A) Node Size

(B) Node Count

(C) RBAC Enablement

(D) HTTP Application Routing

Answer : A

NO.166 You are the administrator for the Contoso financial group. You are responsible for managing all identities within Azure. You have deployed MFA to all users in the organization successfully. Recently you have been informed that several users are getting the MFA request without them singing into resources, you think it might be fraud attempts. What action can you take to mitigate this threat? Select all that apply.

(A) Allow users to submit fraud alerts

(B) Automatically block users who report fraud

Answer : A;B

NO.167 You are the administrator of the Contoso financial group. You are responsible for managing notifications for all resources in the "finance_clients" Resource Group. You need to create an action group. Which of the following action types are supported when creating an action group?

(A) Logic App

(B) Webhook

(C) ITSM

(D) Automation Runbook

(E) Azure Function

(F) Email/SMS/Push/Voice

Answer : A;B;C;D;E;F

NO.168 You are the administrator of the Contoso financial group. You are responsible for monitoring all resources within the "Customer Facing" Subscription which consists of 10 Resource Groups. You need to configure diagnostic settings for all possible resources which you are responsible for. Which of the following can be used to display diagnostics status for all resources to ensure you can get an overall view of resources you are responsible for?

(A) Diagnostics settings in the Resource Group tab

(B) Diagnostics settings in the Azure Monitor tab

(C) Diagnostics settings in the Subscriptions tab

(D) Diagnostic settings for each individual resource

Answer : B

NO.169 You are the administrator for the Contoso financial group. You are responsible for managing all costs related to the "Production_Systems" subscription. Recently you have noticed that the cost of the subscription has been increasing steadily and need to investigate what are the top 5 resources by cost monthly. Which of the below will enable you to view these resources by cost? Select all that applies.

(A) Cost Management and Billing > "Production_Systems" > Cost analysis

(B) Cost Management and Billing > "Production_Systems" > Invoices

(C) Cost Management and Billing > "Production_Systems" > Overview

(D) Cost Management and Billing > "Production_Systems" > Payment methods

Answer : A;B

NO.170 You are the administrator of the Contoso financial group. You are responsible for a virtual machine in Azure called "Finance_Recon". This VM has been migrated from on-premises to Azure and since the migration, the application seems to be unstable at times and the process crashes. You need to configure logging to view the memory dump files. Which logging method below should you enable?

(A) Diagnostic Settings > Logs > Application Critical

(B) Diagnostic Settings > Logs > System Verbose

(C) Diagnostic Settings > Logs > Application Verbose

(D) Diagnostic Settings > Crash dumps

Answer : D

NO.171 You are the administrator of the Contoso financial group. You have deployed a WebApp and it is running fine, however, you want to be able to go back in time and redeploy this version of the WebApp in case something goes wrong. Will creating a baseline for this resource suffice? TRUE OR FALSE

(A) TRUE

(B) FALSE

Answer : A

NO.172 You are the architect of Contoso airliners. You have been tasked to design an alerting system for all resources in Resource Group called "Local_flights_RG". The alerting system should notify all users in the "Local_Flight_Admins" action group via email when a resource is created or updated. Which of the following rules are correct?

(A) Resource = All virtual machines, Condition = "Create/Update configuration", Action group = "Local_Flight_Admins", Enable rule upon creation = Yes

(B) Resource = "Local_Flights_RG", Condition = "Create/Update configuration", Action group = "Local_Flight_Admins", Enable rule upon creation = Yes

(C) Resource = "Local_Flights_RG", Condition = "Create/Update configuration", Action group = "Local_Flight_Admins", Enable rule upon creation = No

Answer : B

NO.173 You are the architect of Contoso airliners. You have been tasked to design the storage for a new application. The application requires storage that is going to be accessed infrequently and must be available across several datacenters. Which storage type should be used with optimal cost-benefit in mind?

(A) General purpose V1 with hot tier access

(B) General purpose V2 with hot tier access

(C) General purpose v2 with cool tier access

(D) Premium SSD storage

Answer : C

NO.174 You are the administrator of the Contoso financial group. You are responsible for all storage accounts in Azure. You have been tasked to share limited access to the Blob files in the storage account "Company_function" with another company for a limited time. The other company should only be able to list and read the data in the blob storage. The other company?s administrator is familiar with Azure Storage Explorer and wants you to share secure access with him by using this tool. Which information should you configure and give the administrator?

(A) Create Shared Access Signature for "Company_function" and configure the following: start and expiry time, read and write permissions, service access to Blobs. Send the administrator the SAS URI to be used in Storage Explorer

(B) Create Shared Access Signature for "Company_function" and configure the following: start and expiry time, read and list permissions, service access to Blobs. Send the administrator the SAS URI to be used in Storage Explorer

(C) Create Shared Access Signature for "Company_function" and configure the following: read and list permissions, service access to Blobs. Send the administrator the SAS URI to be used in Storage Explorer

(D) Provide the administrator with the storage name and key

Answer : B

NO.175 You are the administrator of the Contoso financial group. You are responsible for all storage accounts in Azure. You have a storage account called "Production workloads" and is currently making use of Local Redundant Storage. You have been tasked to ensure that the data stored in this storage account should be available when one Data Center goes down with minimal cost involved. What replication setting should you choose in the storage account to make this happen?

(A) Keep the storage as LRS

(B) Upgrade to Zone Redundant Storage (ZRS)

(C) Upgrade to Geo-Redundant storage (GRS)

(D) Upgrade to Read access geo redundant storage (RA-GRS)

Answer : B

NO.176 You are the administrator of the Contoso financial group. You are responsible for managing all virtual machine workloads in the "Production_VMs" Resource Group. You have lately been using ARM templates to deploy VMs and you find it to be much more convenient. You have a basic JSON template which you use to deploy Linux VMs, however, you want to change the JSON script to use a Windows Server 2016 image instead. Under which of the following variables do you need to update the configuration to support the required image?

(A) "properties"

(B) "storageProfile"

(C) "imageReference"

(D) "imageLocater"

Answer : C

NO.177 You are the administrator of the Contoso financial group. You are responsible for all infrastructure in the Resource Group labeled "Production_Systems". You have been tasked to identify workloads that are underutilized or overspecified. Which of the tools below can you use to accomplish this?

(A) Azure Security Center

(B) Monitor

(C) Advisor

Answer : C

NO.178 You are the administrator of the Contoso financial group. You are responsible for all storage accounts in Azure. You have a specific storage account called "Finance_Storage" which is where sensitive documentation is stored. You need to ensure that this storage account is not accessible to everyone on the local networks as well as over the internet. Which of the following should you configure? Select all that apply.

(A) Allow Access option set to selected internal networks

(B) Allow Access option set to all networks

(C) Add IP address ranges to the firewall

(D) Use Shared Access Signatures

Answer : A;C;D

NO.179 You are the administrator of the Contoso financial group. You are in the process of automating the virtual machine creation process via ARM templates in JSON format. You need to configure the VM to automatically allow SSH traffic when this template is used. Under which variable can you edit the access rules?

(A) "NetworkSecurityGroupName"

(B) "PublicIPAddressType"

(C) "NetworkInterfaceName"

(D) "NetworkSecurityGroupRules"

Answer : D

NO.180 You are the architect of Contoso airliners. You have been tasked to design the integration of 2 networks running in Azure. The first network is allocated to the West Europe region and is named "Finance" which has an address space of 10.0.0.0/24. The second network is called "Payments" also located in the West Europe region and has an address space of 10.50.0.0/24 where it also has a VPN gateway (Application Gateway) associated with it which links back to the on-premises environment which has an address space of 192.168.1.0/24. You are required to design a solution that will enable the "Payments" VNet VMs to communicate with the "Finance" VNet. However, the "Finance" VNet should be able to send traffic to the on-premises network as well. Which configuration should you choose?

(A) Peer the "Finance" VNet with the "Payments" VNet and vice versa and configure: "Allow forwarded Traffic", Enable "Allow gateway transit" on the "Payments" VNet, Enable "use remote gateways" on the "Finance" VNet

(B) Peer the "Finance" VNet with the "Payments" VNet and vice versa and configure: "Allow forwarded Traffic", Enable "Allow gateway transit" on the "Finance" VNet, Enable "use remote gateways" on the "Payments" VNet

(C) Peer the "Finance" VNet with the on-premises network

(D) Peer the "Payments" VNet with the on-premises network

Answer : A

NO.181 You are the administrator of the Contoso financial group. You are responsible for networking of all VMs in the "Production" Resource Group. You recently created 2 different subnets, 10.0.2.0/24 and 10.0.1.0/24 on the main network which has an address space of 10.0.0.0/16. You move one VM named "Red" in the 10.0.2.0/24 subnet and the other VM named "blue" to the 10.0.1.0/24 subnet. You notice that the VMs can still communicate with each other even though they are on different subnets, how do you stop the VMs from communicating with minimal costs incurred?

(A) Implement User Defined Routing (UDR)

(B) Implement a Network Security Group and block traffic to and from the VMs

(C) Use static routing tables on the VMs

(D) Implement a Next Generation Firewall

Answer : B

NO.182 You are the administrator of the Contoso financial group. You are responsible for managing all custom domain names on your tenant. Your company has recently bought another company and acquired a new domain name. You need to add this domain name to Azure Active Directory, which of the following record types are supported when adding a new domain in AAD?

(A) CName

(B) TXT

(C) MX

(D) A

(E) AAAA

Answer : B;C

NO.183 You are the administrator of the Contoso financial group. You are responsible for managing the identities in Azure. You have been tasked to block all users from using browsers to sign in to Exchange Online. Select which technologies will be able to accomplish this goal?

(A) Conditional Access

(B) Privilege Identity Management

(C) Multi-Factor Authentication

(D) Identity Protection

Answer : A

NO.184 You are the administrator of the Contoso financial group. You are responsible for managing the identities in Azure. Whilst monitoring login events you notice that some of the traveling sales staff log in to Exchange online from around the world. You need to add a second layer of authentication for the sales staff when they are trying to log in from random countries across the world. Select all the technologies that will be able to accomplish this goal.

(A) Privilege Identity Management

(B) Conditional Access

(C) Identity Protection

(D) Multi-Factor Authentication

Answer : B;C

NO.185 Select which programming languages are supported by Web Apps?

(A) ASP.NET

(B) JAVA

(C) PHP

(D) Node.js

Answer : A;B;C;D

NO.186 You are the architect of the Contoso airline group. You are responsible for designing the migration for a production Web app from on-premises to Azure. You decide to publish this as an Azure Web App. The Web App needs to make use of an existing domain that is already linked to your Azure tenant. The Web App name requires 5 staging slots and needs to be backed up 3 times per day. Which if of the following App Service Plan tiers will suffice and be the most cost-effective?

(A) Production1 Version 2 (P2V2)

(B) Isolated 1 (I1)

(C) Standard 1 (S1)

(D) Free 1 (F1)

Answer : C

NO.187 You are the architect for the Contoso airline group. You are responsible for designing the migration for a "Pre-production" Web app from on-premises to Azure. You decide to publish this as an Azure Web App. The only requirement is that the Web App needs to make use of the company?s domain. The Web App will be treated as a LAB test and therefore no backup or scaling is required. Which if of the following App Service Plan tiers will suffice and be the most cost-effective?

(A) Shared (D1)

(B) Basic 1 (B1)

(C) Standard 1 (S1)

(D) F1

Answer : A

NO.188 You are the administrator of the Contoso financial group. You are responsible for managing a Kubernetes Cluster (AKS). You need to define role-based permissions. Is it possible to use RBAC for AKS?

(A) TRUE

(B) FALSE

Answer : A

NO.189 You are the administrator of the Contoso financial group. You have a multi-container Web App running in production, however, you need to run a script on the Web App to clean up a directory every Sunday at 22:00. Which of the following should you configure?

(A) Create a continuous Multi-Instance WebJob

(B) Create a continuous Single-Instance WebJob as a Continuous Type

(C) Create a triggered Single-Instance WebJob

(D) Create a triggered Multi-Instance WebJob

Answer : C

NO.190 You are the architect of the Contoso airline group. You are responsible for designing a Web App for future workloads and need to guide the technical team. You plan to run the Web App on the Standard 1 (S1) Application Service Plan. Which of the following can be changed once a Web App is created? Select all that applies.

(A) Scale Up

(B) Scale out

(C) Custom domains

(D) SSL bindings

Answer : A;B;C;D

NO.191 You are the administrator of the Contoso financial group. You are responsible for security on the Azure SQL database called Finance_DB_Main. You have been tasked to ensure that the database and its data is secure at rest via encryption. However, the solution should be flexible enough to support geo-replication and geo-restore. Which encryption technology method should you use?

(A) Transparent Data Encryption (TDE)

(B) Always Encrypted

(C) Azure Key vault

Answer : A

NO.192 You are the administrator of the Contoso financial group. You are responsible for security and automation within the "Production_Finance" Resource Group. You are required to automate creating a new VM with a username and password. However, it is deemed a security risk to add the credentials in plain text in the ARM template. What options do you have?

(A) Use basic credentials and change manually afterwards

(B) Don?t use credentials when creating the VM

(C) Make use of a secure string in the template

Answer : C

NO.193 You are the architect of the Contoso airline group. You are responsible for designing a secure solution for a new application that requires its secret to be updated monthly for security reasons. Which technology can be integrated with the application as part of the design without having to redeploy the app monthly?

(A) RBAC

(B) Key Vault

(C) Custom deployment templates

(D) Create a service account and change the password monthly

Answer : B

NO.194 You are the administrator of the Contoso financial group. You are responsible for managing the key vault in Azure. You need to recover a certificate that has been deleted in the CONTOSOvault, which is called "FinanceAdmin" via an API call to the Key Vault. Which statement below is correct?

(A) POST https://CONTOSOvault.vault.azure.net/deletedsecrets/FinanceAdmin/recover?api-version=7.0

(B) GET https://CONTOSOvault.vault.azure.net/deletedsecrets/FinanceAdmin/recover?api-version=7.0

(C) GET http://CONTOSOvault.vault.azure.net/deletedsecrets/FinanceAdmin/recover?api-version=7.0

(D) POST http://CONTOSOvault.vault.azure.net/deletedsecrets/FinanceAdmin/recover?api-version=7.0

Answer : A

NO.195 You are the administrator of the Contoso financial group. You are responsible for managing the key vault in Azure. You need to update a certificate that has become stale in the CONTOSOvault, which is called "WebsiteCertificate" via an API call to the Key Vault. Which statement below is correct?

(A) PATCH https://CONTOSOvault.vault.azure.net/certificates/WebsiteCertificate/3d31d7b36c942ad83ef36fc?api-version=7.0

(B) POST https://CONTOSOvault.vault.azure.net/certificates/WebsiteCertificate/3d31d7b36c942ad83ef36fc?api-version=7.0

(C) PATCH http://CONTOSOvault.vault.azure.net/certificates/WebsiteCertificate/3d31d7b36c942ad83ef36fc?api-version=7.0

(D) POST http://CONTOSOvault.vault.azure.net/certificates/WebsiteCertificate/3d31d7b36c942ad83ef36fc?api-version=7.0

Answer : A

NO.196 You are the architect of the Contoso airline group. You are responsible for designing a notification system for a new application. The new application requires to be able to send and receive email messages via a REST API call. This solution also needs to be scalable. Which of the following technologies would best fit the design?

(A) Notification Hub

(B) SendGrid

(C) Service Bus

(D) Event Grid

Answer : B

NO.197 You are the architect for the Contoso airline group. You are responsible for designing an application with event-based architecture in mind. You want to do event routing whenever a new image is uploaded to a blob storage container via the app, you want to send the trigger to a serverless function which will analyze the image uploaded. Which of the following technologies would best fit the design?

(A) Event Hub

(B) Notification Hub

(C) Service Bus

(D) Event Grid

Answer : D

NO.198 You are the architect of the Contoso airline group. You are responsible for designing a big data solution. This design needs to focus on the ingestion portion. You expect millions of events per second to be ingested and processed. You need to decide which technology will be able to ingest these large amounts of data and temporary store and process them. Which of the following technologies would be the best for the design?

(A) Event Grid

(B) Event Hub

(C) Notification Hub

(D) Service Bus

Answer : B

NO.199 You are the architect of the Contoso airline group. You are responsible for designing a notification system that will be used to send promotional content via push notifications to millions of subscribed devices. The design should cater to all popular platforms like Android, iOS, and Windows. Which of the following technologies would best fit the design?

(A) Event Hub

(B) Notification Hub

(C) Service Bus

(D) Event Grid

Answer : B

NO.200 You are the architect of the Contoso airline group. You are responsible for designing a messaging system that will be used when users buy airplane tickets from the mobile application. This messaging system needs to be reliable as this will handle financial transactions, as such the messaging platform needs to check for duplicate transactions. Which of the following technologies would be the best for the design?

(A) Notification Hub

(B) Event Hub

(C) Event Grid

(D) Service Bus

Answer : D

NO.201 You are the architect of the Contoso airline group. You are responsible for designing a solution that will integrate an on-premises application with an Azure-based application. You need to expose the on-premises application to the Azure application securely without having to configure firewall connections, however, the solution also needs to be implemented in the least intrusive manner possible. Which technology would be the best fit?

(A) Point-to-Site VPN

(B) Site-to-Site VPN

(C) Azure relay

(D) NSG rules

Answer : C

NO.202 You are the architect of the Contoso airline group. You are responsible for designing autoscaling solutions. You have a server that runs at a CPU load of 90-95% 7 days a week. Which autoscaling pattern would be the best fit?

(A) Off and On

(B) Unpredictable by CPU

(C) Adding Resources

(D) Predictable

Answer : C

NO.203 You are the architect of the Contoso airline group. You are responsible for designing autoscaling solutions. You have a VM which is used to assist with the payroll. This VM is required to run for 24 hours once a month and utilizes around 60% of its CPU and memory resources at its peak. Which autoscaling pattern would be the best fit?

(A) Off and On

(B) Adding resources

(C) Unpredictable by CPU

(D) Predictable

Answer : A

NO.204 You are the architect of the Contoso airline group. You are responsible for designing autoscaling solutions. You are preparing for a huge sale which in history brings loads of additional traffic to the current webserver which is running in full production mode 24x7 at around 50% load in general. Can the predictable autoscaling pattern work in this scenario? True or False.

(A) TRUE

(B) FALSE

Answer : A

NO.205 You are the administrator of the ACME banking group. You are responsible for monitoring the web application called "MoneyApp" in the Production subscription. You need to configure all notifications for when the web app stops and sends an email to an existing action group called "AdminActionGroup". What will be the name of the Alert target, target hierarchy, and alert criteria?

(A) Alert Target = All App Services, Target Hierarchy = Production > MoneyApp> Alert criteria = "Stop web app"

(B) Alert Target = All App Services, Target Hierarchy = Production > MoneyApp, Alert criteria = "Start web app"

(C) Alert Target = All App Services, Target Hierarchy = Production > MoneyApp, Alert criteria = "Restart web app"

(D) Alert Target = All App Services, Target Hierarchy = Production > MoneyApp, Alert criteria = "All admin operations"

Answer : A

NO.206 You are the administrator of the ACME banking group. You are responsible for reporting on the costs of each subscription every month. You notice that last month you have an unusually high bill for one of the subscriptions called "Production" with tags called "ProdMoney". You need to delve deeper to find a breakdown of costs per tag to see what resource was the most expensive. Under which tab will you find the additional information?

(A) Cost management and billing > Production > Billing > Invoices

(B) Cost management and billing > Production > Cost management > Cost Analysis

(C) Cost management and billing > Production > Overview > Events

Answer : B

NO.207 You are the architect of the ACME shipping group. You are responsible for designing the storage for a new application. The application requires storage that needs to be accessed frequently and must be available across several datacenters. Which storage type should be used?

(A) General purpose V1 with hot tier access

(B) Premium SSD storage

(C) General purpose V2 with hot tier access

(D) General purpose v2 with cool tier access

Answer : C

NO.208 You are the administrator of the ACME shipping group. You are responsible for managing the storage account keys, which is linked to Resource Group "partner keys". Key 1 is in use with applications within your organization, however, you have a suspicion that Key 1 has been leaked and needs to be regenerated without affecting the production applications. What steps should you follow?

(A) Regenerate key 1 and distribute it to the applications

(B) Provide key 2 to the applications which currently used key 1 and regenerate key 1

Answer : B

NO.209 You are the architect of the ACME shipping group. You are responsible for the design of a scalable web application. The application load varies dramatically, especially towards the end of the month where the load usually spikes to 10x the usual load and then goes back to normal. Which of the following Azure availability and/or scalability solutions will meet this requirement and be cost-effective to implement?

(A) Availability set

(B) Internal load balancer

(C) Virtual Machine Scale Set (VMSS)

(D) Public load balancer

Answer : C

NO.210 You are the architect of the ACME shipping group. You are responsible for designing the integration between two internal applications that are running on 2 different virtual networks. The two applications require to send data back and forth regularly. Which connectivity solution should be used?

(A) User Defined Routing (UDR)

(B) Virtual Network Peering (VNet peering)

(C) Network Security Group Rules (NSG rules)

Answer : B

NO.211 You are the architect of the ACME shipping group. You are responsible for improving an existing network design from a security perspective. Currently, there are 3 VMs on a virtual network that is behind a network security group that communicates on several ports including RDP, SSH, HTTPS, and several custom ports. You need to force all traffic to go through a central point to ensure the traffic is valid and secure. Which technology would you recommend implementing?

(A) Next Generation Firewall (NGFW) with user defined routing (UDR)

(B) Web Application Firewall (WAF)

(C) Azure DNS

(D) Implement a second network security group

Answer : A

NO.212 You are the administrator of the ACME banking group. You are responsible for security events regarding identities in Azure. You need to ensure that when users sign into Azure remotely from countries that ACME does not conduct business there are additional security measures taken automatically. For example, they need to use MFA to complete their login. Which technology should you implement to accomplish this goal?

(A) Azure Security Center

(B) Privilege Identity Management

(C) Multi-Factor Authentication

(D) Identity Protection

Answer : D

NO.213 You are the administrator of the ACME banking group. You are responsible for security events regarding identities in Azure. You are tasked to secure all guest user identities by only allowing logging in via Windows and blocking sign-ins from Android and iOS. When logging in the guest users must also use MFA by default. Which technology should you implement to accomplish this goal?

(A) Conditional Access

(B) Privilege Identity Management

(C) Multi-Factor Authentication

(D) Identity Protection

Answer : A

NO.214 You are the administrator of the ACME banking group. You are responsible for all identities on your tenant and there are too many identities to manually review access to enterprise applications and role assignments. You decide to use create Azure AD Access Reviews. When is it applicable to use access reviews? Select the relevant purposes below.

(A) Too many users in privileges roles

(B) Automation is infeasible

(C) When a group is used for a new purpose

(D) Maintaining a policy's exception list

(E) Business critical data access

(F) Reviews recur periodically

Answer :

NO.215 You are the administrator of the Contoso financial group. You have been tasked to move an application to Azure. You choose to make use of a function app. However, this application should not run continually, and therefore requires an application plan accordingly. Which of the below plans will be meet the criteria as well as be the most cost-efficient?

(A) App Service plan

(B) Consumption plan

Answer : A;B

NO.216 Which Azure load-balancing solution can direct traffic to any internal or external endpoint, and is not restricted to Azure hosted applications? Select all that applies.

(A) Virtual Machine Scale Sets

(B) Azure Load Balancer

(C) Azure Traffic Manager

(D) Application Gateway

Answer : C;D

NO.217 You are the administrator of the Contoso financial group. You are responsible for managing all incoming traffic to a load balancer. The load balancer has 3 VMs in the backend pool and listens on port 80 on the front end and port 80 on the back end, there is also a health probe configured for port 80. You have been informed that you need to add an additional application to the load balancer with its custom IP with the same backend pool servers. The new application also makes use of port 80. How should you approach this, select all that applies?

(A) Add an additional front-end public IP

(B) Add a new load balancer rule for port 80 front end and port 8080 backend port

(C) Link the new load balancer rule to the existing backend pool

(D) Create a new health probe for port 8080

(E) Use the existing health probe

(F) Create a new backend pool

Answer : A;B;C;D

NO.218 You are the architect of Contoso airliners. You have been tasked to design an automated alerting system. The system needs to automatically send an email when one of the delivery drivers are starting a route and will not deliver a parcel on time due to traffic congestion. What technology should you implement based on the requirements?

(A) Function App

(B) Logic App

(C) Event Grid

(D) Service Bus

Answer : B

NO.219 You are the administrator of the Contoso financial group. You have an Azure virtual machine called ?Finance? which has Azure backup enabled and running. The virtual machine has crashed the day before the payroll run and needs to be resorted ASAP. Which recovery method will be the fastest even if it results in temporarily additional costs?

(A) File Recovery

(B) Restore VM

(C) Restore VHD

(D) Azure Site Recovery Failover

Answer : B

NO.220 You are the administrator of the Contoso financial group. You have been tasked to move an application to Azure. You choose to make use of a function app. The estimated maximum function app timeout is 1 hour. Which plan should you choose?

(A) App Service plan

(B) Consumption plan

Answer : A

NO.221 You are the architect of the Contoso airline group. You are responsible for designing a solution that will automate the process of assigning Resource Tags to newly created virtual machines. What solution should be used alongside Azure automation?

(A) Event Hub

(B) Event Grid

(C) Service Bus

(D) Notification Hub

Answer : B

NO.222 You are the architect of the Contoso airline group. You are responsible for designing a remote connectivity solution There is a virtual team of 10 users who are spread across different regions who needs access to specific resources on the ?Production_VNet?. The connection needs to be secure and minimal effort on the user?s side to connect each time. No additional hardware is available on the remote user?s side. This solution needs to be cost-effective and secure. What connectivity solution should be used?

(A) Virtual Network Peering

(B) Point-to-Site VPN

(C) Site-to-site VPN

(D) Express route

Answer : B

NO.223 You are the administrator of the Contoso financial group. You are responsible for all role permissions in the ?Production_Systems? Resource Group. You have received a request to grant a fellow employee permission to the ?financial_billings? VM. The fellow employee is the system owner for that VM and therefore requires full access to it, however, that user should not be able to assign other users and roles to the VM. Which RBAC role do you assign to her?

(A) Contributor role on the Resource Group level

(B) Owner Role on the VM level

(C) Owner Role on the Resource Group level

(D) Contributor Role on the VM level

Answer : D

NO.224 You are the architect of the Contoso airline group. You are responsible for designing remote connectivity between your head office and your virtual network in Azure. The connection needs to be secure, high speed and low latency. The bandwidth requirement is also very large, estimated at 48Gbps and should be able to be integrated into the current WAN solution. What connectivity solution should be used?

(A) Virtual Network Peering

(B) Point-to-Site VPN

(C) Site-to-site VPN

(D) Express route

Answer : D

NO.225 You are the architect of the ACME shipping group. You are responsible for designing a solution which includes 4 virtual machines with the following requirements:? 2 VMs requires a private and public IP address, these VMs are part of the production system? 2 VMs require only private IP addresses for Labs, these VMs are part of the Lab/testing system? Production VMs require the same inbound/outbound security group rules? Lab/testing VMs require the same inbound/outbound security group rulesBased on the above requirements, what is the minimum number of Network Interface Cards (NIC?s) that are required in total?

(A) 2

(B) 4

(C) 8

(D) 16

Answer : B

NO.226 You are the architect of the ACME shipping group. You are responsible for designing a solution which includes 4 virtual machines (VMs) with the following requirements:? 2 VMs requires a private and public IP address, these VMs are part of the production system? 2 VMs require only private IP addresses for Labs, these VMs are part of the Lab/testing system? Production VMs require the same inbound/outbound security group rules? Lab/testing VMs require the same inbound/outbound security group rulesBased on the above requirements, what is the minimum number of Network Security Groups (NSG?s) that are required in total?

(A) 2x Network Security Groups (NSG's)

(B) 4x Network Security Groups (NSG's)

(C) 8x Network Security Groups (NSG's)

(D) 16x Network Security Groups (NSG's)

Answer : A

NO.227 You are the architect of the ACME banking group. You have been tasked to assist with a design for a web application that is using Azure Webb App service. You have the following requirements:? Should have backup and restore capabilities? Support custom domains? Minimize costs as far as possibleWhich of the following App service plan will adhere to the requirements?

(A) Free Tier

(B) Shared Tier

(C) Basic Tier

(D) Standard Tier

(E) Premium Tier

(F) Isolated Tier

Answer : D

NO.228 You are the architect of the ACME banking group. You have been tasked to assist with a design for a web application that is using Azure Webb App service. You have the following requirements:? Supports VNET integration? Support custom domainsWhich of the following App service plan tiers will adhere to the requirements? Select all that apply.

(A) Free Tier

(B) Shared Tier

(C) Basic Tier

(D) Standard Tier

(E) Premium Tier

(F) Isolated Tier

Answer : D;E;F

NO.229 You are the architect of the ACME banking group. You have been tasked to assist with a design for a web application that is using Azure Webb App service. You have the following requirements:? Supports auto-scaling? Support custom domains? Minimize costs as far as possibleYou decide to assign the Premium App Service plan tier.Does this adhere to the requirements?

(A) True

(B) False

Answer : B

NO.230 True or False: Azure storage accounts automatically encrypts data at rest.

(A) True

(B) False

Answer : A

NO.231 True or False: Azure virtual machine disks are automatically encrypted.

(A) True

(B) False

Answer : B

NO.232 You are the architect of the ACME banking group. You have been tasked to ensure all identities within the Azure tenant for ACME.com tenant is secured by multi-factor authentication. You notice there are the following baseline policies:? Baseline policy: Require MFA for admins? Baseline policy: Block legacy authentication? Baseline policy: End-user protection? Baseline policy: Require MFA for Service ManagementYou need to block Exchange ActiveSync. Which of the following policies do you enable?

(A) Baseline policy: Require MFA for admins

(B) Baseline policy: Block legacy authentication

(C) Baseline policy: End-user protection

(D) Baseline policy: Require MFA for Service Management

(E) None of the above

Answer : E

NO.233 You are the architect of the ACME banking group. You have been tasked to ensure all identities within the Azure tenant for ACME.com tenant is secured by multi-factor authentication. You notice there are the following baseline policies:? Baseline policy: Require MFA for admins? Baseline policy: Block legacy authentication? Baseline policy: End-user protection? Baseline policy: Require MFA for Service ManagementYou need to prevent users from using IMAP and POP3 when authenticating. Which of the following policies do you enable?

(A) Baseline policy: Require MFA for admins

(B) Baseline policy: Block legacy authentication

(C) Baseline policy: End-user protection

(D) Baseline policy: Require MFA for Service Management

(E) None of the above

Answer : B

NO.234 You are the architect of the ACME banking group. You have been tasked to ensure all identities within the Azure tenant for ACME.com tenant is secured by multi-factor authentication. You notice there are the following baseline policies:? Baseline policy: Require MFA for admins? Baseline policy: Block legacy authentication? Baseline policy: End-user protection? Baseline policy: Require MFA for Service ManagementYou need to ensure MFA is prompted when authenticating to Azure PowerShell. Which of the following policies do you enable?

(A) Baseline policy: Require MFA for admins

(B) Baseline policy: Block legacy authentication

(C) Baseline policy: End-user protection

(D) Baseline policy: Require MFA for Service Management

(E) None of the above

Answer : D

NO.235 You are the architect of the ACME banking group. You have been tasked to manage role-based access control (RBAC) within the ACME.com Azure tenant. Within the ACME.com tenant, there are two subscriptions: one for production labeled ?Prod_US? and one non-prod labeled ?Sandbox?. ACME has the following requirements:Requirement 1: You need to assign RBAC access to a third party so that they have to view the resources within the production subscription only.Requirement 2: You need to assign RBAC access internally to the Azure team so that they are only allowed to manage backups but not remove any backups.Requirement 3: You need to assign RBAC access to the Dev manager so that he can manage user access to resources.Requirement 4: You need to assign RBAC access to the lead Azure engineer to ensure he has the correct permissions to test failover operations quarterly.What RBAC role should you assign for requirement 1?

(A) Reader role on the Prod_US subscription

(B) User Access Administrator role on the Prod_US subscription

(C) Reader role on the Sandbox subscription

(D) User Access Administrator role on the Sandbox subscription

Answer : A

NO.236 You are the architect of the ACME banking group. You have been tasked to manage role-based access control (RBAC) within the ACME.com Azure tenant. Within the ACME.com tenant, there are two subscriptions: one for production labeled ?Prod_US? and one non-prod labeled ?Sandbox?. ACME has the following requirements:Requirement 1: You need to assign RBAC access to a third party so that they have to view the resources within the production subscription only.Requirement 2: You need to assign RBAC access internally to the Azure team so that they are only allowed to manage backups but not remove any backups on both subscriptions.Requirement 3: You need to assign RBAC access to the Dev manager so that he can manage user access to resources.Requirement 4: You need to assign RBAC access to the lead Azure engineer to ensure he has the correct permissions to test failover operations quarterly.What RBAC role should you assign for requirement 2?

(A) Backup Contributor role on the Prod_US subscription only

(B) Backup Operator role on the Prod_US subscription only

(C) Backup Contributor role on the Sandbox subscription only

(D) Backup Operator role on the Sandbox subscription only

(E) Backup Contributor role on the Sandbox and Prod_US subscriptions

(F) Backup Operator role on the Sandbox and Prod_US subscriptions

Answer : F

NO.237 You are the architect of the ACME banking group. You have been tasked to manage role-based access control (RBAC) within the ACME.com Azure tenant. Within the ACME.com tenant, there are two subscriptions: one for production labeled ?Prod_US? and one non-prod labeled ?Sandbox?. ACME has the following requirements:Requirement 1: You need to assign RBAC access to a third party so that they have to view the resources within the production subscription only.Requirement 2: You need to assign RBAC access internally to the Azure team so that they are only allowed to manage backups but not remove any backups on both subscriptions.Requirement 3: You need to assign RBAC access to the Dev manager so that he can manage user access to resources within the non-prod environment.Requirement 4: You need to assign RBAC access to the lead Azure engineer to ensure he has the correct permissions to test failover operations quarterly.What RBAC role should you assign for requirement 3?

(A) Contributor role on the Prod_US subscription only

(B) User Access Administrator role on the Prod_US subscription only

(C) Contributor role on the Sandbox subscription only

(D) User Access Administrator role on the Sandbox subscription-only

(E) Contributor role on the Sandbox and Prod_US subscriptions

(F) User Access Administrator role on the Sandbox and Prod_US subscriptions

Answer : D

NO.238 You are the architect of the ACME banking group. You have been tasked to manage role-based access control (RBAC) within the ACME.com Azure tenant. Within the ACME.com tenant, there are two subscriptions: one for production labeled ?Prod_US? and one non-prod labeled ?Sandbox?. ACME has the following requirements:Requirement 1: You need to assign RBAC access to a third party so that they have to view the resources within the production subscription only.Requirement 2: You need to assign RBAC access internally to the Azure team so that they are only allowed to manage backups but not remove any backups on both subscriptions.Requirement 3: You need to assign RBAC access to the Dev manager so that he can manage user access to resources within the non-prod environment.Requirement 4: You need to assign RBAC access to the lead Azure engineer to ensure he has the correct permissions to only test failover operations quarterly in the production environment.What RBAC role should you assign for requirement 4?

(A) Site Recovery Operator role on the Prod_US subscription only

(B) Site Recovery Contributor role on the Prod_US subscription only

(C) Site Recovery Operator role on the Sandbox subscription only

(D) Site Recovery Contributor role on the Sandbox subscription only

(E) Site Recovery Operator role on the Sandbox and Prod_US subscriptions

(F) Site Recovery Contributor role on the Sandbox and Prod_US subscriptions

Answer : A

NO.239 True or False: Azure Front Door service supports HTTP to HTTPS redirection.

(A) True

(B) False

Answer : A

NO.240 True or False: You can deploy an Azure Load Balancer behind Azure Front Door service.

(A) True

(B) False

Answer : A

NO.241 You are the architect of the ACME banking group. You have been tasked to plan the deployment of an Azure Application Gateway. You plan on making use of the Application Gateway V2 SKU with the below requests from the application team:Request 1: Can you assign a static public IP address to the App gateway?Request 2: Can you assign multiple static public IPs to the App gateway?Request 3: Can you host multiple applications behind the App gateway?What is your response to request 1?

(A) Yes, it is supported

(B) No, it is not supported

Answer : A

NO.242 You are the architect of the ACME banking group. You have been tasked to plan the deployment of an Azure Application Gateway. You plan on making use of the Application Gateway V2 SKU with the below requests from the application team:Request 1: Can you assign a static public IP address to the App gateway?Request 2: Can you assign multiple static public IPs to the App gateway?Request 3: Can you host multiple applications behind the App gateway?What is your response to request 2?

(A) Yes, it is supported

(B) No, it is not supported

Answer : B

NO.243 You are the architect of the ACME banking group. You have been tasked to plan the deployment of an Azure Application Gateway. You plan on making use of the Application Gateway V2 SKU with the below requests from the application team:Request 1: Can you assign a static public IP address to the App gateway?Request 2: Can you assign multiple static public IPs to the App gateway?Request 3: Can you host multiple applications behind the App gateway?What is your response to request 3?

(A) Yes, it is supported

(B) No, it is not supported

Answer : A

Practicing AZ-300: Microsoft Azure Architect Technologies