You have deployed in Azure an application App1, on two Azure
virtual machines named VM1 and VM2. You plan to implement an Azure Availability
Set for App1. The solution must ensure that App1 is available during planned
maintenance of the servers hosting VM1 and VM2. What
should you include in the Availability Set?
A.
one fault domain
B.
one update domain
C. two update domains
D.
two fault domains
Answer
C
You have a computer named Computer-01 that has a
point-to-site VPN connection to an Azure virtual network named AZ-104-VNET. The
point-to-site connection uses a self-signed certificate. From Azure, you download
and install the VPN client configuration package on a computer named
Computer-02. You need to ensure that you can establish a point-to-site VPN
connection to AZ-104-VNET from Computer- 02. Solution: You modify the Azure
Active Directory (Azure AD) authentication policies. Does this meet the goal?
A. No
B.
Yes
Answer
A
You have a Microsoft 365 tenant and an Azure Active
Directory (Azure AD) tenant named t3p.com. You plan to grant three users named
User1, User2, and User3 access to a temporary Microsoft SharePoint document library
named Library1.
You need to create groups for the users. The solution must
ensure that the groups are deleted automatically after 180 days.
Which two groups should you create?
A.
a Security group that uses the Dynamic User
membership type
B. an Office 365 group that uses
the Dynamic user membership type
C. an Office 365 group that uses
the Assigned membership type
D.
a Security group that uses the Dynamic Device
membership type
E.
a Security group that uses the Assigned
membership type
Answer
B,C
You want to monitor the metrics and the logs of your Linux
virtual machine VM-01. Which of the following Azure services would you use for this
task?
A.
Azure HDInsight
B. Linux Diagnostic Extension (LAD)
3.0
C.
Azure Performance Diagnostics extension
D.
Azure Analysis Services
Answer
B
You have an Azure subscription named Subscription-Dev.
Subscription- Dey contains a resource group named RG-01. RG-01 contains
resources that were deployed by using templates.
You need to view the date and time when the resources were
created in RG-01.
Solution: From the RG-01 blade, you click Deployments. Does
this meet the goal?
A. YES
B.
NO
Answer
A
You have an Azure subscription named Subscription-Dev.
Subscription- Dey contains a resource group named RG-01. RG-01 contains
resources that were deployed by using templates. You need to view the date and time
when the resources were created in RG-01.
Solution: From the Subscriptions blade, you select the
subscription, and then click Resource providers. Does this meet the goal?
A. NO
B.
YES
Answer
A
You have an Azure Storage account named storage-01 that uses
Azure Blob storage. You need to use AzCopy to copy data to blob storage, in storage
account storage-01. Which authentication method should you use for blob
storage?
A.
Azure Active Directory (Azure AD) only
B.
Access Keys and Sharped Access Signatures (SAS)
only
C. Azure Active Directory (Azure
AD) and Shared Access Signatures (SAS) only
D.
Shared Access Signatures (SAS) only
Answer
C
You have an Azure subscription that contains 10 virtual
networks. The virtual networks are hosted in separate resource groups. Another
administrator plans to create several network security groups (NSGS) in the
subscription.
You need to ensure that when an NSG is created, it
automatically blocks TCP port 8080 between the virtual networks.
Solution: You assign a built-in policy definition to the
subscription. Does this meet the goal?
A. NO
B.
YES
Answer
A
You have an Azure subscription named Subscription-Prod that
contains a resource group named RG-01. In RG-01, you create a public load balancer
named LB-02. You need to ensure that an administrator named Admin-01 can manage
LB-02 and is allowed to add a health probe to LB-
02. The solution must follow the principle of least
privilege. Which role should you assign to Admin-01 ?
A.
owner on LB-02
B.
Network Contributor on LB-02
C. Network Contributor on RG-01
D.
Contributor on LB-02
Answer
C
You have an Azure subscription that contains an Azure
Storage account. You need to create an Azure container instance that will use a
Docker image. The image contains a Microsoft SQL Server instance that requires persistent
storage. You need to configure a storage service for your container. What Azure
service should you use?
A.
Azure Table Storage
B. Azure Files
C.
Azure Blob Storage
D.
Azure Queue Storage
Answer
B
You have an Azure subscription named Subscription1 that
contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage
the resources in RG1 by using the identity of VM1. What should you do first?
A.
From the Azure portal, modify the Policies
settings of RG1
B. From the Azure portal, modify
the Managed Identity settings of VM1
C.
From the Azure portal, modify the Access control
(IAM) settings of RG1
D.
From the Azure portal, modify the Access control
(IAM) settings of VM1
Answer
B
You have an Azure subscription named New-Subscription.
New-Subscription contains two Azure virtual machines VM-01 and VM-02. VM-01 and
VM-02 run Windows Server 2016. VM1 is backed up daily by Azure Backup without
using the Azure Backup agent. VM-01 data has been compromised by a Ransomware attack,
that encrypted all the data. You need to restore the latest backup of VM-01. To
which location can you restore the backup?
You can restore VM-01 to .
A. VM-01 or a new Azure virtual
machine only
B.
VM -01 only
C.
Any Windows computer that has internet
connectivity
D.
VM-01 and VM-02
Answer
A
You have an Azure subscription named New-Subscription. New- Subscription
contains two Azure virtual machines VM-01 and VM-02. VM-01 and VM-02 run
Windows Server 2016. VM-01 is backed up daily by Azure Backup without using the
Azure Backup agent. VM-01 data has been compromised by a Ransomware attack,
that encrypted all the data. VM-01 is not working, you need to restore the
latest backup of VM-01. To
which location can you restore the backup?
You can perform a file recovery of VM-01 to
A.
VM-01 and VM-02
B. VM-02 only
C.
VM-01 only
D.
VM-01 or a new Azure virtual machine only
Answer
B
You download an Azure Resource Manager template based on an existing
virtual machine. The template will be used to deploy 100 virtual machines. You
need to modify the template to reference an administrative password. You must
prevent the password from being stored in plain text.
What should you create to store the password?
A. an Azure Key Vault and an access
policy
B.
an Azure Storage account and an access policy
C.
a Recovery Services vault and a backup policy
D.
Azure Active Directory (AD) Identity Protection
and an Azure policy
Answer
A
Your company has a main office in London that contains 100
client computers. Three years ago, you migrated to Azure Active Directory
(Azure AD). The company's security policy states that all personal devices and
corporate-owned devices must be registered or joined to Azure AD. A remote user
named User1 is unable to join a personal device to Azure AD from a home
network. You verify that User1 was able to join devices to Azure AD in the
past. You need to ensure that User1 can join the device to Azure AD. What
should you do?
A.
Create a point-to-site VPN from the home network
of User1 to Azure
B.
Assign the User administrator role to User1
C. From the Device settings blade,
modify the Maximum number of devices per user setting
D.
From the Device settings blade, modify the Users
may join devices to Azure AD setting
Answer
C
You have an Azure subscription. You have 100 Azure virtual
machines. You need to quickly identify underutilized virtual machines that can
have their service tier changed to a less expensive offering. Which blade should
you use from Azure Portal?
A.
Metrics
B.
Monitor
C. Advisor
D.
Customer Insights
Answer
C
You have an Azure subscription named Subscription1 and an
on- premises deployment of Microsoft System Center Service Manager. Subscription1
contains a virtual machine named VM1. You need to ensure that an alert is set
in Service Manager when the amount of available memory on VM1 is below 10
percent. What should you do first?
A.
Create an automation runbook
B. Deploy the IT Service Management
Connector (ITSM)
C.
Create a notification
D.
Deploy a function app
Answer
B
You have an Azure subscription that contains a user named
User1. You need to ensure that User1 can deploy virtual machines and manage virtual
networks. The solution must use the principle of least privilege.
Which role-based access control (RBAC) role should you
assign to User1?
A.
Virtual Machine Administrator Login
B.
Owner
C. Contributor
D.
Virtual Machine Contributor
Answer
C
You have an Azure Kubernetes Service (AKS) cluster named
AKS1 and a computer named Computer1 that runs Windows 10. Computer1 that has the
Azure CLI installed. You need to install the kubectl client on Computer1.
Which two options help to complete the command that you
should you run?
A. az
B.
/package
C.
docker
D. aks
E.
msiexec.exe
Answer
A,D
You sign up for Azure Active Directory (Azure AD) Premium.
You need to add a user named user1@t3p.com as an administrator on all the computers
that will be joined to the Azure AD domain. What should you configure in Azure
AD?
A.
Providers from the MFA Server blade
B. Device settings from the Devices
blade
C.
General settings from the Groups blade
D.
User settings from the Users blade
Answer
B
When you're creating an Azure Public Load Balancer, which
option allows you to set the Load Balancer as Public?"
A.
SKU
B. Туре
C.
Subscription
D.
Public IP Address
Answer
B
When creating an Azure Virtual Network Gateway, you choose
the types of workloads, throughputs, features, and SLAS (service-level
agreements). These items should satisfy your requirements for the gateway.
Which Azure gateway object satisfies workloads, throughputs, features, and
SLAS?
A.
License
B.
Data Transfer
C.
Vault
D. SKUS
E.
None of the above
Answer
D
What is true with regard to the features of Azure-provided
name resolution?
A. It is high availability because
you don't need to create and manage clusters of your own DNS servers.
B. Name resolution can be used
between VMs and role instances within the same cloud service, without the need
for FQDN (fully qualified domain name).
C. Administrators can use names
that best describe deployments, instead of auto-generated names.
D. Services can be used with
already-owned DNS servers to resolve both on-premises and Azure host names.
E.
Azure-provided name resolution must be configured
F.
All the above.
Answer
A,B,C,D
How many security rules can be included in a network
security group (NSG)?
A.
There is a limit of 100 security rules per NSG.
B.
There is a limit of 1000 security rules per NSG.
C. There is no limit to the number
of security rules, and zero security rules are also allowed per NSG, depending on the subscription limits.
D.
There is no limit to the number of security
rules, and zero security rules are also allowed per NSG.
E.
NSGS must contain at least one security rule
(zero rules are not allowed).
F.
There is a limit of one security rule per NSG.
G.
None of the above.
Answer
C
Azure ExpressRoute allows connectivity to Microsoft Cloud
Services, including Azure Services and Office 365 Services. Which ExpressRoute
option allows connectivity across geopolitical boundaries for the purpose of
allowing access to all Microsoft Cloud Services in all regions across the
world?
A.
ExpressRoute
B.
ExpressRouteLocal
C. ExpressRoutePremium
D.
ExpressRouteDirect
E.
None of the above
F.
All of the above
Answer
C
To configure an Azure virtual WAN, which set of Azure CLI
commands do you use?
A.
az network
B. az network vwan
C.
az network virtual wan
D.
az network wan
Answer
B
When you're creating an Azure Kubernetes cluster, what is
true about the VM Node Size property?
A.
The VM size can be changed in the Azure portal
after the cluster has been deployed.
B. The VM size can never be changed
after the cluster has been deployed.
C.
The VM size can be changed with Azure CLI after
the cluster has been deployed.
D.
The VM size can be changed with the Node Count
property.
Answer
B
The steps to creating and configuring an app service are as
follows. (Put the items in the correct sequence.)
Match the following VNet description with concepts given in
options:
A.
Allows Azure to assign resources to a private
IP.
B.
Allows segmenting of virtual networks.
C.
Virtual network peering can connect virtual
networks to these.
D.
VNet is scoped to this.
E.
Prefix-based standard for IP addresses and their
routing.
F.
Secures subnets.
Match the type of Azure Storage description with the type of
Azure Storage
A.
Can hold any type of object, including
nonregular file types such as VM images, movies, pictures, and URIS. Includes
Page, Append, and Block types.
B.
Can hold any regular file types such as Excel
files, text files, and HTML files.
C.
Can hold any type of message.
D.
Can hold columns, rows, and keys in a generic
format.
What is true regarding Microsoft Azure Storage Explorer?
A.
Storage Explorer can be used to download and
manage Azure blobs and files.
B.
Storage Explorer can be used to download and
manage Azure blobs, files, and queues,
but not tables.
C. Storage Explorer can be used to
download and manage Azure blobs, files, queues, and tables.
D.
Storage Explorer can be used to download and
manage tables only.
E.
Storage Explorer cannot be used to manage
CosmosDB or Azure Data Lake Storage.
Answer
C
Which Azure Storage access tier(s) may be set as default?
A.
Only hot
B.
Only cool
C.
Only archive
D.
Hot, cool, and archive
E. Hot and cool
F.
Hot and archive
G.
Cool and archive
Answer
E
When you are using AZCopy, which of the following statements
are true?
A.
AZCopy can be used to copy blobs to an Azure
storage account.
B. AZCopy can be used to copy files
to an Azure storage account.
C. AZCopy can be used to move blobs
to an Azure storage account.
D.
AZCopy can be used to move files to an Azure
storage account.
Answer
B,C
Alex is an Azure administrator who has just been assigned
the task of managing licensing for over 5000 Active Directory users. Choose the
following option that is the most efficient use of Alex's time.
A.
Use the Azure portal and choose each individual user
to manage their license.
B.
Use the Azure portal and choose each group to
manage licenses for that group, no matter how many users are in it.
C.
Use a PowerShell script that utilizes the
Microsoft Active Directory PowerShell Module that manages individual users.
D. Use a PowerShell script that
utilizes the Microsoft Active Directory PowerShell Module that manages groups.
E.
Use a PowerShell script that utilizes the
Microsoft Active Directory PowerShell Module that manages users through
location, department, and/or tenancy.
Answer
D
A company has an Azure subscription named T3P-Staging. They
also have a resource group named T3P-RG. In the resource group they have
created an internal load balancer named "T3P-internal" and a public
load balancer named "T3P-public". Mary Ann, An employee of the
company needs permissions to configure both the load balancers. The solution
must follow the principle of least privilege.
Which role would you assign to the user to allow the addition
of a backend pool to the load balancer "T3P-internal"?
A. Network Contributor role on
T3P-rg
B.
Contributor role on T3P-internal
C.
Owner role on T3P-internal
D.
Network Contributor role on T3P-internal
Answer
A
A company has setup a Load balancer that load balances
traffic on port 80 and 443 across 3 virtual machines.
You have to ensure that all RDP traffic is directed towards
a VM named testvm. How would you achieve this?
A.
By creating an inbound NAT rule
B. By creating an inbound NAT rule
C.
By creating a new internal load balancer for
testvm
D.
By creating a new public load balancer for
testvm
Answer
B
Your company currently has a Virtual Network defined in
Azure. The Virtual Network has a default subnet that contains 2 Virtual machines
named testvm1 and testvm2.
There is a requirement to inspect all network traffic
between the Virtual Machines for a duration of 3 hours. You propose a solution
to
create a metric chart for Network In and Network Out
Does this solution fulfil the requirement
A. No
B.
Yes
Answer
A
A company needs to create a storage account that needs to
have the following requirements
*Users should be able to add files such as images and videos
*Ability to store archive data
*File shares need to be in place which can be accessed
across several VM 's
*The data needs to be available even if a region goes down
*The solution needs to be cost effective
What is the type of replication that needs to be configured
for the storage account?
A. Geo-redundant storage (GRS)
B.
Locally redundant storage (LRS)
C.
Zone-redundant storage (ZRS)
D.
Read-access geo-redundant storage (RA-GRS)
Answer
A
Which of the following rule would you apply to the Network
Security Group for the Network interface attached to the Web server?
A.
An outbound rule allowing traffic on port 80
B.
An outbound rule allowing traffic on port 443
C. An inbound rule allowing traffic
on port 443
D.
An inbound rule allowing traffic on port 80
Answer
C
You have created a storage account named T3P. You have
created a file share named share1 using the file service. You need to ensure
that users can connect to the file share from their home computers.
Which of the following port should be open to ensure the
connectivity?
A.
3389
B. 445
C.
443
D.
80
Answer
B
In Azure, controlling access to all resources starts at what
point?
A. Subscription
B.
Tenant
C.
Billing
D.
Resource Group
Answer
A
What is the maximum number of accounts you can enable for
MFA in your tenant
A. Unlimited
B.
5000
C.
10000
D.
2000
Answer
A
Your company has a main office in Germany that contains 100
client computers. Three years ago, you migrated to Azure Active Directory (Azure
AD).
The company's seçurity policy states that all personal
devices and company-owned devices must be registered or joined to Azure AD.
A remote user named UserA is unable to join a personal
device to Azure AD from a home network.
You verify that other users can join their devices to Azure
AD.
You need to ensure that UserA can join the device to Azure
AD. What should you do?
A.
From the Device settings blade, modify the Users
may join devices to Azure AD setting.
B. From the Device settings blade,
modify the Maximum number of devices per user setting.
C.
Create a point-to-site VPN from the home network
of UserA to Azure.
D.
Assign the User administrator role to UserA.
Answer
B
You have an Azure subscription named Subscription1. In
Subscription1, you create an Azure web app named WebApp1.
WebApp1 will access an external service that requires
certificate authentication.
You plan to require the use of HTTPS to access WebApp1.
You need to upload certificates to WebApp1.
In which Certificate format you will upload the certificate
for HTTPS Access?
A.
CER
B. PFX
C.
CRL
D.
CRT
Answer
B
You have an Azure storage account named T3P-1000.
You are going to use the AzCopy tool to copy data to the
storage account.
You are going to be copying data to the blob storage and
file storage in the storage account.
Which authentication method can be used for accessing File
storage?
A.
Azure Active Directory only
B. Shared Access Signature only
C.
Access Keys and Shared Access Signatures
D.
Azure Active Directory and Shared Access
Signatures only
Answer
B
Your company has an on-premises file server named testserver
that runs Windows Server 2016.
Your company also has an Azure subscription that contains an
Azure file share.
You must deploy an Azure File Sync Storage Sync Service, so
you go ahead and create a sync group. You now need to synchronize files from
testserver to Azure.
Which of the following actions would you need to perform for
this purpose?
Choose 3 answers from the options given below.
A.
Create an Azure on-premise data gateway
B. Install the azure file sync
agent on testserver
C.
Create a recovery service vault
D. Register testserver
E.
Install the DFS replication server role on
testserver
F.
Add a server endpoint
Answer
B,D
A company has an Azure subscription. They want to transfer
around 6 TB of data to the subscription.They plan to use the Azure
Import/Export service. Which of the following can they use as the destination
for the imported data?
A.
Azure data lake storage
B.
Azure SQL database
C. Azure blob storage
D.
Azure file sync storage
Answer
C
A company has an Azure subscription and an Azure tenant. The
administrator has enabled multi-factor authentication for all users. The administrator
needs to ensure that users can lock out their own account if they receive an
unsolicited MFA request from Azure. Which of the following needs to be
configured for this requirement?
A.
Configure block/unblock users
B.
Configure providers
C. Configure fraud alerts
D.
Configure notifications
Answer
C
You have to deploy a web application for your company by
using the Azure Web App Service. The backup and restore option should be available
for the web application. Costs should also be minimized for hosting the
application.
Which of the following would you choose as the underlying
App Service Plan?
A.
Shared
B.
Basic
C. Standard
D.
Premium
Answer
C
What types of Virtual Network Gateways are available in
Azure?
A.
Point-to-Site and ExpressRoute
B. VPN and Express Route
C.
a Site-to-Site and ExpressRoute
D.
Policy Based and Site-to-Site
Answer
B
Which of the following is NOT a valid Azure Site Recovery
migration option?
A. Migrate on-premises VirtualBox
virtual machines to Azure
B.
Migrate physical on-premises servers to Azure
C.
Migrate on-premises Hyper-V virtual machines to
Azure
D.
Migrate Azure virtual machies to a different
region
Answer
A
Which statement regarding the shown inbound port rules is correct?
A. Remote desktop protocol administration
is allowed
B.
Remote desktop protocol administration is listed
but disabled
C.
SSH administration is allowed
D.
LDAP traffic is allowed
Answer
A
Which PowerShell cmdlet and parameter creates a virtual
machine and assigns it to an existing Availability Set?
A.
New-AzureRmVM, -Faultdomain
B. New-AzureRmVM,
-AvailabilitySetName
C.
New-AzureRmVM, -Updatedomain
D.
New-AzureRmVM, -ASName
Answer
B
A company has an Azure subscription. The Subscription
contains a resource group named "demogroup".
Resources have been deployed to the resource group using
templates.
You need to see the date and time when the resources were
created in the resource group.
You decide to use the Subscriptions blade and then choose
Programmatic
deployment. Would this fulfil the requirement?
A. No
B.
Yes
Answer
A
A company has an Azure subscription. The Subscription
contains a resource group named "demogroup".
Resources have been deployed to the resource group using
templates.
You need to see the date and time when the resources were
created in the resource group.
You decide to use the Subscriptions blade and then choose
Resource providers Would this fulfil the requirement?
A. No
B.
Yes
Answer
A
You are planning on hosting an application that will run on
two Azure virtual machines named demovm1 and demovm2. You are planning on implementing
an Availability set for the application. You have to ensure that the
application is available during planned maintenance of the hardware that is
hosting the two Azure virtual machines.
A.
One update domain
B.
One fault domain
C. Two Update domains
D.
Two Fault Domains
Answer
C
A company called T3P has an Azure subscription and an Azure
tenant. The administrator has enabled multifactor authentication for all users.
The administrator needs to ensure that users can lock out their own account if
they receive an unsolicited MFA request from Azure. Which of the following
needs to be configured for this requirement?
A.
Configure Notifications
B.
Configure Providers
C. Configure Fraud alerts
D.
Configure Block/unblock users
Answer
C
I hope it's helpful for you. If you have any queries, don't hesitate to contact me.
Name : Muhammad Sahal Qasim
E-mail : s.m.sahal789@gmail.com
Thank you.
