Question 1 of 50

You plan to create 100 new users by using the Bulk create users operation in the
Azure ActiveDirectory admin center.You need to create a CSV file that contains the
user information.Which attributes should you specify in the CSV file for each
user?Your Answer • <code>displayName, userPrincipalName,
passwordProfile,</code> and <code>accountEnabled</code> This answer is
correct.Correct Answer • <code>displayName, userPrincipalName,
passwordProfile,</code> and <code>accountEnabled</code> This answer is
correct.When you use the Bulk create users operation, you must specify four things:
the display name,the UPN, the initial password, and whether the account is enabled
or disabled. All other fieldsare optional.Bulk create users in the Azure Active Directory
portal - Microsoft Entra | Microsoft LearnConfigure user and group accounts -
Training | Microsoft LearnQuestion 2 of 50Your Azure AD tenant and on-premises
Active Directory domain contain multiple users.You need to configure self-service
password reset (SSPR) password writeback functionality. Thesolution must minimize
costs and include the on-premises domain.Which Azure AD edition should you
use?Your Answer • Azure AD Premium P1 This answer is correct.Correct Answer •
Azure AD Premium P1 This answer is correct.Only Azure AD Premium P1 and P2
support SSPR, but Azure AD Premium P1 is the lower costoption.Enable Azure Active
Directory self-service password reset - Microsoft Entra | Microsoft LearnWhat is self-
service password reset in Azure Active Directory? - Training | Microsoft
LearnQuestion 3 of 50You have the following resource groups, management groups,
and Azure subscriptions: • Two resource groups named RG1 and RG2 that are
associated with a subscription named 111-222-333 and a management group named
MG1 • Two resource groups named RG3 and RG4 that are associated with a
subscription named 777-888-999 and a management group named MG1 • Two
resource groups named RG5 and RG6 that are associated with a subscription named
444-555-666 and a management group named MG1 • Two resource group named
RG10 and RG11 that are associated with a subscription named 222-333-444 and a
management group named MG2 • Two resource group named RG11 and RG12 that
are associated with a subscription named 555-666-888 and a management group
named MG2 Which role should you assign to a user to ensure that the user can view
all the resources in thesubscriptions?Your Answer • the Contributor role for MG1 and
MG2 This answer is incorrect.Correct Answer • the Reader role for MG1 and MG2 This
answer is correct.Assigning the Reader role for MG1 and MG2 is correct because the
simplest way to give useraccess to all resources is to assign a role at the
management group level.Steps to assign an Azure role - Azure RBAC | Microsoft
LearnConfigure role-based access control - Training | Microsoft LearnQuestion 4 of
50You have an Azure subscription.An administrator manages access to resources at
the resource group level. The assignmentprocess is automated by running the
following PowerShell script nightly.$rg = "RG1"$RoleName = "CustomRole1"$Role =
Get-AzRoleDefinition -Name $RoleNameNew-AzRoleAssignment -
SignInName [email protected] ` -RoleDefinitionName $Role.Name ` -
ResourceGroupName $rgUser1 is unable to access the RG1 resource group. You
discover that the script fails to completefor new users.You run Get-AzRoleDefinition |
Format-Table -Property Name, Id and receive the followinginformation:Name:
Custom Role 1, ID: 111-222-333Name: Owner, ID: 222-333-444Name: Contributor,
ID: 333-444-555Name: Reader, ID: 666-777-888What should you change in the script
to ensure that the script does not fail in the future?Your Answer • <code>$Role =
Get-AzRoleAssignment -Name $RoleName </code> This answer is incorrect.Correct
Answer • <code>$RoleName = &quot;111-222-333&quot; </code> This answer is
correct.You should use the ID of the role in case the role name was changed to
prevent such a changefrom breaking the script.Assign Azure roles using Azure
PowerShell - Azure RBAC | Microsoft LearnConfigure role-based access control -
Training | Microsoft LearnQuestion 5 of 50You have an Azure subscription that
contains several storage accounts.You need to provide a user with the ability to
perform the following tasks: • Manage containers within the storage accounts. • View
account keys.The solution must use the principle of least privilege.Which role should
you assign to the user? Your Answer • Storage Blob Data Contributor This answer is
incorrect.Correct Answer • Storage Account Contributor This answer is
correct.Storage Account Contributor allows the management of storage accounts. It
provides access tothe account key, which can be used to access data via Shared Key
authorization. Storage BlobData Contributor grants permissions to read, write, and
delete Azure Storage containers andblobs. Reader allows you to view all resources
but does not allow you to make any changes.Owner grants full access to manage all
resources, including the ability to assign roles in AzureRBAC.Azure built-in roles -
Azure RBAC | Microsoft LearnConfigure role-based access control - Training |
Microsoft LearnQuestion 6 of 50You have an Azure subscription that contains an
Azure AD tenant. The tenant contains a usernamed User1.You need to assign User1 a
role that allows the user to create and manage all types of resourcesin the
subscription. The solution must prevent User1 from assigning roles to other
users.Which Azure role-based access control (RBAC) role should you assign to
User1?Your Answer • Contributor This answer is correct.Correct Answer • Contributor
This answer is correct.Users with the Contributor role can create and manage all
types of resources but cannot delegatenew access to other users. Users with the
Reader role can view existing Azure resources butcannot perform any action against
them. Users with the API Management Service Contributorrole can only manage API
Management services and APIs. Users with the Owner role providesfull access to all
resources, including the right to delegate access to others.Azure built-in roles - Azure
RBAC | Microsoft LearnConfigure role-based access control - Training | Microsoft
LearnQuestion 7 of 50You have an Azure subscription that contains a resource group
named RG1. RG1 contains avirtual machine that runs daily reports.You need to
ensure that the virtual machine shuts down when resource group costs exceed
75percent of the allocated budget.Which two actions should you perform? Each
correct answer presents part of the solution.Your Answer • From Cost Management
+ Billing, modify the Budgets settings. This answer is correct. • Create an action
group of type Runbook, and then select <strong>Stop VM</strong> as an action.
This answer is correct.Correct Answer • From Cost Management + Billing, modify the
Budgets settings. This answer is correct. • Create an action group of type Runbook,
and then select <strong>Stop VM</strong> as an action. This answer is correct.You
must go to Cost Management + Billing, and then Budgets to edit the budget
associated withthe resource group resources. You must also create a new action
group of the Runbook type, andthen choose Stop VM as an action. The cost analysis
will not stop the virtual machine fromrunning and the Scale Up VM action group is
not required.Tutorial - Create and manage Azure budgets - Microsoft Cost
Management | Microsoft LearnConfigure subscriptions - Training | Microsoft
LearnQuestion 8 of 50You have an Azure subscription that contains 150 virtual
machines.You plan to create an Azure Policy definition named Policy1 that has the
resource provider modeset to indexed.You need to identify the tools used to perform
the task.Which two tools can you use? Each correct answer presents a complete
solution.Your Answer • Azure Cloud Shell This answer is correct. • Azure Command-
Line Interface (CLI) This answer is correct.Correct Answer • Azure Cloud Shell This
answer is correct. • Azure Command-Line Interface (CLI) This answer is correct.Based
on the resource type, the resource manager mode supported values are set to either
all orindexed. You must use either Azure CLI or Azure Cloud Shell to set this value in
a policydefinition. Resource graphs allow queries to resources and not to create
policy definitions. TheAzure portal does not allow you to set a specific
mode.Configure Azure Policy - Training | Microsoft LearnDetails of the policy
definition structure - Azure Policy | Microsoft LearnQuestion 9 of 50You have an
Azure policy.You plan to create an Azure Policy definition named Policy1.You need to
include remediation information to indicate when users use Microsoft Defender
forCloud Regulatory and Compliance.To which definition section should you add
remediation information for Policy1?Your Answer • policyRule This answer is
incorrect.Correct Answer • metadata This answer is correct. You must use the
RemediationDescription field in the metadata section from properties tospecify a
custom recommendation. The remaining options are Azure policies, but do not
allowspecific custom remediation information.Create custom Azure security policies
in Microsoft Defender for Cloud | Microsoft LearnConfigure Azure Policy - Training |
Microsoft LearnQuestion 10 of 50You have an Azure AD tenant and several
offices.You need to assign permissions to the administrator of each office to manage
the users in theirrespective office.What should you use to manage the
permissions?Your Answer • administrative units This answer is correct.Correct Answer
• administrative units This answer is correct.You can have administrative units and
assign the administrators privilege over each unit. Youcan have one unit for each
office. Azure tags are name-value pairs that are used to organizeresources in the
Azure portal. Azure identity management secures access to resources andprotects
applications and data at the front gate. Azure Policy is a service that allows you to
createpolices that enforce and control the properties of a resource.Administrative
units in Azure Active Directory - Microsoft Entra | Microsoft LearnConfigure user and
group accounts - Training | Microsoft LearnQuestion 11 of 50You need to create an
Azure Storage account that meets the following requirements: • Stores data in
multiple Azure regions • Supports reading the data from primary and secondary
regionsWhich type of storage redundancy should you use?Your Answer • read-
access geo-redundant storage (RA-GRS) This answer is correct.Correct Answer •
read-access geo-redundant storage (RA-GRS) This answer is correct.Since you must
ensure that data can be read from a secondary region, you must choose read-access
geo-redundant storage (RA-GRS).Data redundancy - Azure Storage | Microsoft
LearnDetermine replication strategies - Training | Microsoft LearnQuestion 12 of
50You have an Azure Storage account named corpimages and an on-premises
shared foldernamed \\server1\images.You need to migrate all the contents from
\\server1\images to corpimages.Which two commands can you use? Each correct
answer presents a complete solution?Your Answer • <code>Azcopy copy
\\server1\images https://corpimages.blog.core.windows.net/public - recursive
</code> This answer is correct. • <code>Get-ChildItem -Path \\server1\images -
Recurse | Set-AzStorageBlobContent - Container &quot; corpimages&quot; </code>
This answer is correct.Correct Answer • <code>Azcopy copy \\server1\images
https://corpimages.blog.core.windows.net/public - recursive </code> This answer is
correct. • <code>Get-ChildItem -Path \\server1\images -Recurse | Set-
AzStorageBlobContent - Container &quot; corpimages&quot; </code> This answer
is correct.The AzCopy command allows you to copy all files to a storage account. You
then use Get-ChildItem with the path parameter, recurse to select everything, and
then use the Set-AzureStorageBlobContent cmdlet.Copy or move data to Azure
Storage by using AzCopy v10 | Microsoft LearnSet-AzureStorageBlobContent
(Azure.Storage) | Microsoft LearnConfigure Azure Storage with tools - Training |
Microsoft LearnQuestion 13 of 50You have an Azure subscription that contains the
following StorageV2 (general purpose v2)storage accounts: • store1 is a Premium
account that uses geo-redundant storage (GRS) replication. • store2 is a Standard
account that uses locally-redundant storage (LRS) replication. • store3 is a Premium
account that uses read-access geo-redundant storage (RA- GRS) replication • store4
is a Premium account that uses RA-GRS replication.You need to identify which
storage account can be converted to zone-redundant replication(ZRS) for live
migration.Which storage account should you identify?Your Answer • store1 This
answer is incorrect.Correct Answer • store2 This answer is correct.Only zone-
redundant replication (ZRS) supports StorageV2, FileStorage, and
BlockBlobStorageaccounts. Live migration is not supported for read-access geo-
redundant storage (RA-GRS) andonly standard storage accounts can be used.Data
redundancy - Azure Storage | Microsoft LearnDetermine replication strategies -
Training | Microsoft LearnQuestion 14 of 50You plan to configure object replication
between two Azure Storage accounts.The Blob service of the source storage account
has the following settings: • Hierarchical namespace: Disabled • Default access tier:
Hot • Blob public access: Enabled • Blob soft delete: Enabled (7 days) • Container soft
delete: Enabled (7 days) • Versioning: Disabled • Change feed: Enabled • NFS v3:
Disabled • Allow cross-tenant replication: EnabledWhich setting should be modified
on the source storage account to support object replication?Your Answer •
Hierarchical namespace This answer is incorrect.Correct Answer • Versioning This
answer is correct.Versioning must be enabled for both the source and destination
accounts. In this scenario,versioning is currently disabled.Object replication overview
- Azure Storage | Microsoft LearnConfigure Azure Blob Storage - Training | Microsoft
LearnQuestion 15 of 50You create an Azure Data Box Import/Export job from the
Azure portal.You package and ship a disk to an Azure datacenter.You need to ensure
that the data is imported into Azure.What should you do next?Your Answer • Update
the job to include tracking information. This answer is correct.Correct Answer •
Update the job to include tracking information. This answer is correct.The only task
that is left to be done is to add tracking information to the job. All other tasks
havealready been completed as part of creating the initial job.The Import/Export
service is a way to migrate data to Azure by shipping physical disks thatcontain data
to an Azure datacenter. When you create the job, you must create the journal
first,upload the journal, and then specify the storage account to which the journal will
be uploaded.Once you create the job, you must physically ship the disks to the Azure
datacenter. Aftercreating the job, you have two weeks to update the job to include
the tracking information fromthe shipping carrier. If you do not fill in the tracking
information, the job will be cancelled, andthe data will not be imported into
Azure.Tutorial to transfer data to Azure Files with Azure Import/Export | Microsoft
LearnConfigure Azure Storage with tools - Training | Microsoft LearnQuestion 16 of
50You have an Azure subscription that contains multiple storage accounts.A storage
account named storage1 has a file share that stores marketing videos. Users
reportedthat 99 percent of the assigned storage is used.You need to ensure that the
file share can support large files and store up to 100 TiB.Which two PowerShell
commands should you run? Each correct answer presents part of thesolution.Your
Answer • <code>Set-AzStorageAccount -ResourceGroupName RG1 -Name Storage1
- EnableLargeFileShare </code> This answer is correct. • <code>Update-
AzRmStorageShare -ResourceGroupName RG1 -Name - StorageAccountName
Storage1 -Name Share1 -QuotaGiB 102400 </code> This answer is correct.Correct
Answer • <code>Set-AzStorageAccount -ResourceGroupName RG1 -Name Storage1
- EnableLargeFileShare </code> This answer is correct. • <code>Update-
AzRmStorageShare -ResourceGroupName RG1 -Name - StorageAccountName
Storage1 -Name Share1 -QuotaGiB 102400 </code> This answer is correct.You must
enable the storage account to support large files and update the storage account
quotato 102,400 GB. You do not need to change the type of storage account, and
you are updating theexisting share.Object replication overview - Azure Storage |
Microsoft LearnConfigure Azure Blob Storage - Training | Microsoft LearnQuestion 17
of 50You have an Azure Storage account that contains a file share.Several users work
from a secure location that limits outbound traffic to the internet.You need to ensure
that the users at the secure location can access the file share in Azure.Which
outbound port should you allow from the secure location?Your Answer • 80 This
answer is incorrect.Correct Answer • 445 This answer is correct.For accessing the file
share, port 445 must be open. Port 5671 is used to send health informationto Azure
AD. It is recommended, but not required, in the latest versions. Port 80 is used
todownload certificate revocation lists (CRLs) to verify TLS/SSL certificates. Port 443 is
used tosync with Azure AD.Hybrid Identity required ports and protocols - Azure -
Microsoft Entra | Microsoft LearnConfigure Azure Storage security - Training |
Microsoft LearnQuestion 18 of 50You have an Azure Storage account named
storage1.You plan to store long-term backups in storage1. The solution must
minimize costs.Which storage tier should you use for the backups?Your Answer •
Archive This answer is correct.Correct Answer • Archive This answer is correct. Archive
is an offline tier that is optimized for storing data that is rarely accessed and has
flexiblelatency requirements. Data in the Archive tier must be stored for a minimum
of 180 days.Hot, cool, and archive access tiers for blob data - Azure Storage |
Microsoft LearnAssign blob access tiers - Training | Microsoft LearnQuestion 19 of
50You have an Azure subscription.You plan to create a storage account named
storage1 to store images.You need to replicate the images to a new storage
account.What are three requirements of storage1? Each correct answer presents part
of a completesolution.Your Answer • blob versioning This answer is correct. • a
container This answer is correct. • standard general-purpose v2 This answer is
correct.Correct Answer • blob versioning This answer is correct. • a container This
answer is correct. • standard general-purpose v2 This answer is correct.Versioning
must be enabled for the source and target. An object type container is needed
toreplicate the images. You must create a StandardV2 storage account. File shares
are not needed,and queues are unsupported for replication.Object replication
overview - Azure Storage | Microsoft LearnConfigure Azure Blob Storage - Training |
Microsoft LearnQuestion 20 of 50You have an Azure subscription that contains a
resource group named RG1.You have an Azure Resource Manager (ARM) template
for an Azure virtual machine.You need to use PowerShell to provision a virtual
machine in RG1 by using the template.Which PowerShell cmdlet should you
run?Your Answer • <code>New-AzResourceGroupDeployment </code> This answer
is correct.Correct Answer • <code>New-AzResourceGroupDeployment </code> This
answer is correct.Virtual machines are deployed to resource groups, so you must run
the New-AzResourceGroupDeployment cmdlet. You can deploy virtual machines to
subscriptions ormanagement groups directly, therefore, New-
AzManagementGroupDeployment and New-AzSubscriptionDeployment cannot be
used. New-AzVM can be used to provision a new virtualmachine, but without using a
template.Deploy resources with PowerShell and template - Azure Resource Manager
| Microsoft Learn Deploy Azure infrastructure by using JSON ARM templates -
Training | Microsoft LearnAutomate Azure tasks using scripts with PowerShell -
Training | Microsoft LearnQuestion 21 of 50You have an Azure Resource Manager
(ARM) template named deploy.json that is stored in anAzure Blob storage
container.You plan to deploy the template by running the New-
AzDeployment cmdlet.Which parameter should you use to reference the
template?Your Answer • <code>-Templatefile </code> This answer is
incorrect.Correct Answer • <code>-TemplateUri </code> This answer is correct.The
PowerShell deployment cmdlets can be used to deploy JSON templates that are
storedlocally in a resources group as a template spec, or from a web-based location.
You can use the -TemplateUri parameter to specify a web-based location, such as
GitHub or an Azure BlobStorage account. You can use -Templatefile to specify a local
file. You can use -TemplateSpecId to specify a template that was save to Azure as a
template spec.Deploy resources with PowerShell and template - Azure Resource
Manager | Microsoft LearnDeploy Azure infrastructure by using JSON ARM templates
- Training | Microsoft LearnAutomate Azure tasks using scripts with PowerShell -
Training | Microsoft LearnQuestion 22 of 50You plan to deploy an Azure virtual
machine based on a basic template stored in the AzureResource Manager (ARM)
library.What can you configure during the deployment of the template?Your Answer
• the resource group This answer is correct.Correct Answer • the resource group This
answer is correct.When you deploy a resource by using a template, you can mention
the resource group for thedeployment. The resource group is a container for Azure
resources and makes it easier to managethe resources.Deploy template - Azure
portal - Azure Resource Manager | Microsoft LearnNew-
AzResourceGroupDeployment (Az.Resources) | Microsoft LearnConfigure resources
with Azure Resource Manager templates - Training | Microsoft LearnQuestion 23 of
50You have an Azure virtual network that contains two subnets named Subnet1 and
Subnet2. Youhave a virtual machine named VM1 that is connected to Subnet1. VM1
runs Windows Server.You need to ensure that VM1 is connected directly to both
subnets.What should you do first?Your Answer • From the Azure portal, create an IP
group. This answer is incorrect.Correct Answer • From the Azure portal, add a
network interface. This answer is correct.A network interface is used to connect a
virtual machine to a subnet. Since VM1 is connected toSubnet1, VM1 already has a
network interface attached that is connected to Subnet1. To connectVM1 directly to
Subnet2, you must create a new network interface that is connected to Subnet2.Next,
you must attach the new network interface to VM1.An IP group is a user-defined
collection of static IP addresses, ranges, and subnets. A networkbridge allows you to
connect multiple existing network connection in Windows together.Changing the IP
configurations of the existing network interface results in VM1 being connectedto
Subnet2 but not to Subnet1.Virtual networks and virtual machines in Azure |
Microsoft LearnConfigure virtual networks - Training | Microsoft LearnQuestion 24 of
50You are deploying a virtual machine by using an availability set in the East US
Azure region.You have deployed 18 virtual machines in two fault domains and 10
update domains.Microsoft performed planned physical hardware maintenance in the
East US region.What is the maximum number of virtual machines that will be
unavailable?Your Answer • 2 This answer is correct.Correct Answer • 2 This answer is
correct.18 virtual machines are shared across 10 update domains. The first 10 virtual
machines go to 10update domains, so eight update domains will have two virtual
machines. When there is physicalhardware maintenance, some virtual machines will
be unavailable based on their configuration.If there was a rack failure, then 18 virtual
machines will be distributed to two fault domains withnine virtual machines
each.Availability sets overview - Azure Virtual Machines | Microsoft LearnConfigure
virtual machine availability - Training | Microsoft LearnQuestion 25 of 50You plan to
deploy an Azure virtual machine.You are evaluating whether to use an Azure Spot
instance.Which two factors can cause an Azure Spot instance to be evicted? Each
correct answer presentsa complete solution.Your Answer • the Azure capacity needs
This answer is correct. • the current price of the instance This answer is
correct.Correct Answer • the Azure capacity needs This answer is correct. • the
current price of the instance This answer is correct. Azure Spot instances allow you to
provision virtual machines at a reduced cost, but these virtualmachines can be
stopped by Azure when Azure needs the capacity for other pay-as-you-goworkloads,
or when the price of the spot instance exceeds the maximum price that you have
set.These virtual machines are good for dev, testing, or for workloads that do not
require anyspecific SLA.Use Azure Spot Virtual Machines - Azure Virtual Machines |
Microsoft LearnConfigure virtual machine availability - Training | Microsoft
LearnQuestion 26 of 50Your development team plans to deploy an Azure container
instance. The container needs apersistent storage layer.Which service should you
use?Your Answer • Azure Files This answer is correct.Correct Answer • Azure Files
This answer is correct.You can persist data for Azure Container Instances with the use
of Azure Files. Azure Filesoffers fully managed file shares hosted in Azure Storage
that are accessible via the industrystandard Server Message Block (SMB)
protocol.Mount Azure Files volume to container group - Azure Container Instances |
Microsoft LearnExplore Azure Storage services - Training | Microsoft LearnQuestion
27 of 50You have an Azure subscription that contains a Docker container named
container1.You create a new Azure web app named WebApp1.You need to ensure
that you can use container1 for WebApp1.Which WebApp1 setting should you
configure?Your Answer • Publish This answer is correct.Correct Answer • Publish This
answer is correct.If you want to run a Docker container as an Azure web service, you
must configure the Publishoption and select Docker container.Runtime stack
specifies the stack that you want to use for the web app. If you want to deploy
aDocker container as web app, the runtime stack option is unavailable.Pricing plan
specifies the location, features, and costs of the web app.Continuous deployment is a
strategy for software releases. This option is unavailable when youpublish a Docker
container as an Azure web app.Overview - Azure App Service | Microsoft
LearnConfigure Azure Container Instances - Training | Microsoft LearnQuestion 28 of
50You have an Azure subscription that contains an Azure container app named
cont1.You plan to add scaling rules to cont1. You need to ensure that cont1 replicas
are created based on received messages in Azure ServiceBus.Which scale trigger
should you use?Your Answer • event-driven This answer is correct.Correct Answer •
event-driven This answer is correct.Azure Container Apps allows a set of triggers to
create new instances, called replicas. For AzureService Bus, an event-driven trigger
can be used to run the escalation method. The remainingscale triggers cannot use a
scale rule based on messages in an Azure service bus.Scaling in Azure Container
Apps | Microsoft LearnScaling in Azure Container Apps | Microsoft LearnConfigure
Azure Container Instances - Training | Microsoft LearnQuestion 29 of 50You have an
Azure subscription that contains an Azure Kubernetes Service (AKS) cluster
namedAKS1. The autoscaling feature is enabled.You need to configure the minimum
and maximum node counts for AKS1.Which cmdlet should you run?Your Answer •
<code>Set-AzAksCluster</code> This answer is correct.Correct Answer •
<code>Set-AzAksCluster</code> This answer is correct.Set-AzAKsCluster:
Configures minimum and maximum node values for AKS autoscalingStart-
AzAksCluster: Starts a stopped managed clusterUpdate-AzAksNodePool: Updates a
node pool in a managed clusterSet-AzAksClusterCredential: Resets the service
principal of an existing AKS clusterUse the cluster autoscaler in Azure Kubernetes
Service (AKS) - Azure Kubernetes Service |Microsoft LearnSet-AzAksCluster (Az.Aks) |
Microsoft LearnConfigure Azure Kubernetes Service - Training | Microsoft
LearnQuestion 30 of 50You have a Basic Azure App Service plan that contains a web
app.You need to ensure that the web app can scale automatically when the CPU
percentage goesbeyond 80 percent for a duration of 15 minutes.Which two actions
should you perform? Each correct answer presents part of the solution.Your Answer •
Scale up the App Service plan. This answer is correct. • Configure a scaling condition
to scale based on a metric, and then add the rules. This answer is correct.Correct
Answer • Scale up the App Service plan. This answer is correct. • Configure a scaling
condition to scale based on a metric, and then add the rules. This answer is
correct.Scale up the web app by adding more CPU, memory, and disk space to fulfill
the requirement.Increase the number of virtual machine instances that run the app.
The scale settings take onlyseconds to apply and affect all the apps in the App
Service plan. Then, you must set up a scalingcondition with the required metrics to
scale up/down and scale out/in when certain thresholds aremet.Scale up features
and capacities - Azure App Service | Microsoft LearnConfigure Azure App Service -
Training | Microsoft LearnQuestion 31 of 50You need to create an Azure App Service
web app that runs on Windows. The web app requiresscaling to five instances, 45 GB
of storage, and a custom domain name. The solution mustminimize costs.Which App
Service plan should you use?Your Answer • Free This answer is incorrect.Correct
Answer • Standard This answer is correct.The Standard service plan can host
unlimited web apps, up to 50 GB of disk space, and up to 10instances. The plan will
cost approximately $0.10/hour. The Free plan only offers 1 GB of disksize and 0
instances to host the app. The Premium plan offers 250 GB of disk space and up to
30instances and will cost approximately $0.20/hour. The Basic plan offers 10 GB of
disk space andup to three virtual machines.App Service Pricing | Microsoft
AzureConfigure Azure App Service plans - Training | Microsoft LearnQuestion 32 of
50You have an Azure virtual network named VNet1.You create an Azure Private DNS
zone named contoso.com.You need to ensure that the virtual machines on VNet1
register in the contoso.com private DNSzone.What should you do?Your Answer •
Configure each virtual machine to use a custom DNS server. This answer is
incorrect.Correct Answer • Add a virtual network link to contoso.com. This answer is
correct.To associate a virtual network to a private DNS zone, you add the virtual
network to the zone bycreating a virtual network link.Azure DNS Private Resolver is
used to proxy DNS queries between on-premises environmentsand Azure DNS.A
custom DNS server will work if you deploy a DNS server as a virtual machine or
anappliance, however, this configuration does not work with a private DNS zone.
Quickstart - Create an Azure private DNS zone using the Azure portal | Microsoft
LearnConfigure Azure DNS - Training | Microsoft LearnQuestion 33 of 50You have an
Azure subscription that contains the following virtual networks: • VNet1 has an IP
address range of 192.168.0.0/24. • VNet2 has an IP address range of 10.10.0.0/24. •
VNet3 has an IP address range of 192.168.0.0/16.You need configure virtual network
peering.Which two peerings can you create? Each correct answer presents complete
solution.Your Answer • VNet1 can be peered with VNet3. This answer is incorrect. •
VNet3 can be peered with VNet1. This answer is incorrect.Correct Answer • VNet1
can be peered with VNet2. This answer is correct. • VNet2 can be peered with VNet3.
This answer is correct.VNet1 and VNet2 have non-overlapping IP addresses. For
virtual network peering, both virtualnetworks must have non-overlapping IP
addresses.Azure Virtual Network peering | Microsoft LearnConfigure virtual network
peering - Training | Microsoft LearnQuestion 34 of 50You have two Azure
subscriptions named Sub1 and Sub2.Sub1 contains a virtual network named VNet1
and a VPN gateway. Sub2 contains a virtualnetwork named VNet2.You have an on-
premises device named Device1 that runs Windows and has a Point-to-Site(P2S) VPN
client installed.You configure network peering between VNet1 and VNet2.You need
to ensure that Device1 can access VNet2 when a VPN connection is established.What
should you do?Your Answer • Download and reinstall the P2S VPN client on Device1.
This answer is correct.Correct Answer • Download and reinstall the P2S VPN client on
Device1. This answer is correct.Point-to-Site (P2S) VPN clients must be downloaded
and reinstalled again after virtual networkpeering is successfully configured to ensure
that the new routes are downloaded to the client.A private endpoint and Azure Front
Door are not required nor used to be able to access VNet2from VNet1.Device1
already has a digital certificate when you install the P2S VPN client, so you do not
needto create new certificate manually.Create, change, or delete an Azure virtual
network peering | Microsoft LearnConfigure virtual network peering - Training |
Microsoft Learn Question 35 of 50You have an Azure subscription that contains a
network security group (NSG) named NSG1.You plan to configure NSG1 to allow the
following types of traffic: • Remote Desktop Management • Secured HTTPSWhich
two ports should you allow in NSG1? Each correct answer presents part of the
solution.Your Answer • 443 This answer is correct. • 3389 This answer is
correct.Correct Answer • 443 This answer is correct. • 3389 This answer is correct.You
must open port 443 to secured HTTPS traffic, port 3389 for Remote Desktop, and 587
tosend outbound email by using authenticated SMTP relay. Port 80 is used for
unsecured traffic.Port 25 is used by mail traffic.Protect your Azure resources with a
lock - Azure Resource Manager | Microsoft LearnConfigure network security groups -
Training | Microsoft LearnQuestion 36 of 50You have a virtual machine named VM1
that is assigned to a network security group (NSG)named NSG1.NSG1 has the
following outbound security rules:Rule1: • Priority: 900 • Name: BlockInternet • Port:
80 • Protocol: TCP • Source: Any • Destination: Any • Action: BlockRule2: • Priority:
1000 • Name: AllowInternet • Port: 80 • Protocol: TCP • Source: Any • Destination:
Any • Action: AllowYou need to ensure that internet access to VM1 on port 80 is
allowed.What should you do?Your Answer • Change the priority of Rule2. This
answer is correct. Correct Answer • Change the priority of Rule2. This answer is
correct.Rule1 has higher priority, so the action will be blocked. You can increase the
priority of Rule2,decrease the priority of Rule1, or change the action of Rule1 to
achieve the goal.Azure network security groups overview | Microsoft LearnConfigure
network security groups - Training | Microsoft LearnQuestion 37 of 50You create
several Azure virtual machines that run Windows Server.You need to connect to the
virtual machines without exposing RDP ports over the internet.Which Azure service
should you deploy?Your Answer • Azure Network Watcher This answer is
incorrect.Correct Answer • Azure Bastion This answer is correct.Azure Bastion is a
service that lets you connect to a virtual machine by using a browser,
withoutexposing RDP and SSH ports. Azure Monitor helps you maximize the
availability andperformance of applications and services. Azure Network Watcher
provides tools to monitor,diagnose, view metrics, and enable or disable logs for
resources in an Azure virtual network.Remote Desktop is a feature of the operating
system, which exposes the RDP port to connect to aserver from the internet.About
Azure Bastion | Microsoft LearnConfigure virtual networks - Training | Microsoft
LearnQuestion 38 of 50Your company plans to migrate servers from on-premises to
Azure. There will be dev, test, andproduction virtual machines on a single virtual
network.You need to restrict traffic between the dev, test, and production virtual
machines to specificports.What should you use?Your Answer • a network security
group (NSG) This answer is correct.Correct Answer • a network security group (NSG)
This answer is correct.Must configure network security group (NSG) rules to allow
TCP or ICMP traffic for specificports. Azure Firewall is a managed service that protects
your Azure services across multiplevirtual networks. Load balancers are used to
distribute incoming traffic to available backendservers. Azure VPN is used to have a
connection establishment between on-premises and Azure.Azure network security
groups overview | Microsoft LearnConfigure network security groups - Training |
Microsoft LearnQuestion 39 of 50You have an Azure subscription that contains an
ASP.NET application. The application is hostedon four Azure virtual machines that
run Windows Server 2022. You have a load balancer named LB1 to load balances
requests to the virtual machines.You need to ensure that site users connect to the
same web server for all requests made to theapplication.Which two actions should
you perform? Each correct answer presents part of the solution.Your Answer • Set
Session persistence to <strong>Client IP</strong>. This answer is correct. • Set
Session persistence to <strong>Protocol</strong>. This answer is correct.Correct
Answer • Set Session persistence to <strong>Client IP</strong>. This answer is
correct. • Set Session persistence to <strong>Protocol</strong>. This answer is
correct.By setting Session persistence to Client IP and Protocol, you ensure that site
users connect to thesame web server for all requests made to the application. Setting
Session persistence to Nonedisables sticky sessions and an inbound NAT rule is used
to forward traffic from a load balancerfrontend to a backend pool.Azure Load
Balancer distribution modes | Microsoft LearnConfigure Azure Load Balancer -
Training | Microsoft LearnQuestion 40 of 50You deploy web servers to two virtual
machines named VM1 and VM2 in an availability setnamed AVSet1.You need to
configure Azure Load Balancer with a backend system of VM1 and VM2. Thesolution
must minimize costs.Which SKU should you use for the Azure Load Balancer
configuration?Your Answer • Basic Azure Load Balancer with Basic SKU public IP This
answer is correct.Correct Answer • Basic Azure Load Balancer with Basic SKU public IP
This answer is correct.Basic Azure Load Balancer supports deployment in a single
availability zone. Basic Azure LoadBalancer supports only Basic SKU public IP. Azure
Standard Load Balancer is zone-redundant,but has a higher cost.Azure Load Balancer
SKUs | Microsoft LearnConfigure Azure Load Balancer - Training | Microsoft
LearnQuestion 41 of 50You migrate a web app from on-premises to Azure. The web
app was configured by using loadbalancing in Azure.Users experience issues when
accessing the web app. You suspect an issue with the web serverand must check
whether the server is listening on port 80.Which command should you run?Your
Answer • <code>Test-NetConnection localhost </code> This answer is incorrect.
Correct Answer • <code>netstat -an </code> This answer is correct.Using netstat -
an will list the ports that the server is listening on. Test-NetConnection willperform a
ping/ICMP test. Nbtstat -c checks the NBT cache. Get-AzVirtualNetwork gets
thevirtual networks in a resource group.Troubleshoot Azure Load Balancer |
Microsoft LearnConfigure Azure Load Balancer - Training | Microsoft LearnQuestion
42 of 50You have an Azure subscription that contains a resource group named RG1.
RG1 contains twovirtual machines named VM1 and VM2.You need to inspect all the
network traffic from VM1 to VM2.The solution must use AzureMonitor metrics.Which
two actions should you perform? Each correct answer presents part of the
solution.Your Answer • Use packet capture. This answer is correct. • Install
AzureNetworkWatcherExtension. This answer is correct.Correct Answer • Use packet
capture. This answer is correct. • Install AzureNetworkWatcherExtension. This answer
is correct.Azure Network Watcher variable packet capture allows you to create packet
capture sessions totrack traffic to and from a virtual machine. Packet capture helps to
diagnose network anomaliesboth reactively and proactively.Tutorial: Monitor
network communication between two virtual machines using the Azure portal
|Microsoft LearnIntroduction to Packet capture in Azure Network Watcher | Microsoft
LearnConfigure Network Watcher - Training | Microsoft LearnQuestion 43 of 50You
have an Azure subscription that contains virtual machines, virtual networks,
applicationgateways, and load balancers.You need to monitor the network health of
the resources.Which Azure service should you use?Your Answer • Azure Network
Watcher This answer is correct.Correct Answer • Azure Network Watcher This answer
is correct.Azure Network Watcher provides tools to monitor, diagnose, view metrics,
and enable or disablelogs for resources on an Azure virtual network. Azure Resource
Manager is the deployment andmanagement service for Azure. Network security
groups (NSGs) are used only for security, not monitoring. Azure Monitor is used for
the HTTP Data Collector API to send log data to LogAnalytics.Azure Network Watcher
| Microsoft LearnConfigure Network Watcher - Training | Microsoft LearnQuestion 44
of 50You have an Azure subscription that contains a resource group named RG1.
RG1 has a virtualnetwork named VNet3, a virtual machine named VM1, and a public
IP address named PubIP1.All the resources are in the West US Azure region.You plan
to create and configure a network security group (NSG) named NSG1 for the
followingtypes of traffic: • Remote Desktop Management • HTTPNSG1 will be used
on the subnets of multiple virtual networks.Which two cmdlets should you run? Each
correct answer presents part of the solution.Your Answer • <code>New-
AzNetworkSecurityRuleConfig </code> This answer is correct. • <code>New-
AzNetworkSecurityGroup </code> This answer is correct.Correct Answer •
<code>New-AzNetworkSecurityRuleConfig </code> This answer is correct. •
<code>New-AzNetworkSecurityGroup </code> This answer is correct.New-
AzNetworkSecurityRuleConfig allows you to create a rule and provide the type,
protocol,direction, and port number. New-AzNetworkSecurityGroup creates a
network security group(NSG). -SecurityRules specifies a list of network security rule
objects to create in a NSG.New-AzNetworkSecurityRuleConfig (Az.Network) |
Microsoft LearnNew-AzNetworkSecurityGroup (Az.Network) | Microsoft LearnAzure
network security groups overview | Microsoft LearnConfigure network security
groups - Training | Microsoft LearnQuestion 45 of 50You need to create Azure alerts
based on metric values and activity log events.The solution must meet the following
requirements: • Set a limit on how many times an alert notification is sent. • Call an
Azure function when an alert is triggered. • Configure the alert to have a severity of
warning when triggered.Which two resources should you create? Each correct answer
presents part of the solution.Your Answer • a notification This answer is incorrect. •
an alert rule This answer is correct.Correct Answer • an action group This answer is
correct. • an alert rule This answer is correct.You must create an action group to set
up an action and create an alert rule to set the severity ofthe errors. A notification is
only used to send email and you do not need to call a webhook.Manage action
groups in the Azure portal - Azure Monitor | Microsoft LearnConfigure Azure alerts -
Training | Microsoft LearnQuestion 46 of 50You have an Azure virtual machine that
runs Linux. The virtual machine hosts a customapplication that outputs log data in
the JSON format.You need to recommend a solution to collect the logs in Azure
Monitor.What should you include in the recommendation?Your Answer • the Azure
VMAccess extension This answer is incorrect.Correct Answer • the Log Analytics
agent for Linux This answer is correct.You can use the Log Analytics agent for Linux
as part of a solution to collect JSON output fromthe Linux virtual machines.The Azure
Custom Script Extension is used for post-deployment configuration,
softwareinstallation, or any other configuration or management task.Desired State
Configuration (DSC) is a management platform that you can use to manage an ITand
development infrastructure with configuration as code.The Azure VMAccess
extension acts as a KVM switch that allows you to access the console toreset access
to Linux or perform disk-level maintenance.Collecting custom JSON data sources
with the Log Analytics agent for Linux in Azure Monitor -Azure Monitor | Microsoft
LearnConfigure Azure Monitor - Training | Microsoft LearnQuestion 47 of 50You have
multiple Azure virtual machines. Recovery Services is configured with the
defaultbackup policy to periodically back up the virtual machines.What is the
retention period of virtual machine backups in the default backup policy?Your
Answer • 30 days This answer is correct.Correct Answer • 30 days This answer is
correct.By default, backups of virtual machines are kept for 30 days.Back up an Azure
VM from the VM settings - Azure Backup | Microsoft LearnConfigure virtual machine
backups - Training | Microsoft LearnQuestion 48 of 50You have an Azure virtual
machine named Server1 that runs Windows Server.You need to configure Azure
Backup to back up files and folders.What should you install on Server1?Your Answer
• the Microsoft Azure Recovery Services (MARS) agent This answer is correct.Correct
Answer • the Microsoft Azure Recovery Services (MARS) agent This answer is
correct.The Microsoft Azure Recovery Service (MARS) agent must be installed on the
servers. TheMARS agent is mandatory to perform backup and recovery services for
any servers.Manage the Azure recovery services agent - Training | Microsoft
LearnQuestion 49 of 50You have an Azure virtual machine that you back up by using
Azure Backup.The backup policy sub type is Standard, and the backup policy has the
following configurations: • Backup schedule frequency: Weekly • Retain instant
recovery snapshot(s) for: 5 days • Retention of weekly backup point: On Sunday at
8:00 AM for 12 weeksYou plan to reduce the amount of storage used by Instant
Restore.You need to instance recovery snapshots to be retained for only two
days.What should you do first?Your Answer • Change Policy sub type to
<strong>Enhanced</strong> This answer is incorrect.Correct Answer • Change the
backup schedule frequency to <strong>Daily</strong>. This answer is correct.You
can choose to store between one and five instant recovery snapshots and the default
value istwo. However, when the backup schedule frequency is weekly, you must
retain five instantrecovery snapshots.Azure Instant Restore Capability - Azure Backup
| Microsoft LearnConfigure file and folder backups - Training | Microsoft
LearnQuestion 50 of 50You plan to create an alert in Azure Monitor that will have an
action group to send SMSmessages.What is the maximum number of SMS messages
that will be sent every hour if the alert getstriggered every minute?Your Answer • 12
This answer is correct.Correct Answer • 12 This answer is correct.A maximum of one
SMS message can be sent every five minutes. Therefore, a maximum of 12messages
will be sent per hour.Rate limiting for SMS, emails, push notifications - Azure Monitor
| Microsoft LearnConfigure Azure alerts - Training | Microsoft Learn