Chapter 17: Mock Exam Questions

  1. You have an Azure subscription that has eight VMs deployed in it. You need to configure monitoring for this and want to receive a notification when the Central Processing Unit (CPU) or available memory reaches a certain threshold value. The notification needs to be sent using an email and needs to create a new issue in the corporate issue tracker. What is the minimum number of action groups and alerts that you need to create in order to meet these requirements?

    A) Eight alerts and one action group

    B) Two alerts and two action groups

    C) One alert and two action groups

    D) One alert and one action group

  2. You have a Windows Server 2016 machine deployed inside an availability set. You need to change the availability set assignment for the VM. What should you do?

    A) Migrate the VM to another Azure region.

    B) Assign the VM to a new availability set.

    C) Redeploy the VM from a recovery point.

    D) Move the VM to a different availability set.

  3. You have an Azure Application Gateway deployed that currently load balances all traffic on port 80 to a single backend pool. You now have a requirement to load balance all traffic that includes /Video/* in the path to be forwarded to a different backend pool. What should you do?

    A) Create a new backend pool, and then create a new basic rule and include the /Video/* path and the new backend pool.

    B) Create a new backend pool, and then create a new path-based rule and include the /Video/* path and the new backend pool.

    C) Create a new Application Gateway and traffic manager and load balance all requests that contain the /Video/* path to the correct target.

    D) Add the /Video/* path to the default rule.

  4. Your company wants to deploy a storage account. You need to ensure that the data is available in the case of the failure of an entire data center. The solution must be the most cost-effective. What should you do?

    A) Configure geo-redundant storage.

    B) Configure local redundant storage.

    C) Configure read-access geo-redundant storage.

    D) Configure zone-redundant storage.

  5. You need to assign a static IPv4 address for a Windows Server VM named PacktVM1 running in a VNet named PacktVNet1. What should you do?

    A) Modify the IP configuration of the VNet interface associated with the PacktVM1 VM.

    B) Edit the address range of the PacktVNet1 VNet.

    C) Connect to the PacktVM1 VM by using WinRM and run the Set-NetIPAddress cmdlet.

    D) Connect to the PacktVM1 VM by using Remote Desktop Protocol and edit the VM's virtual network connection properties.

  6. You need to add another administrator who will be responsible for managing all Infrastructure-as-a-Service (IaaS) deployments in your Azure subscription. You create a new account in Azure AD for the user. You need to configure the user account to meet the following requirements: read and write access to all Azure IaaS deployments; read-only access to Azure AD; no access to Azure subscription metadata. The solution must also minimize your access maintenance in the future. What should you do?

    A) Assign the owner role at the resource level to the user account.

    B) Assign the global administrator directory role to the user account.

    C) Assign the VM operator role at the subscription level to the user account.

    D) Assign the contributor role at the resource group level to the user account.

  7. You have Azure Site Recovery configured for failover protection for 7 on-premises machines to Azure in case of an accident. You want to ensure that only 10 minutes of data is lost when an outage occurs. Which PowerShell cmdlet should you use for this?

    A) Edit-AzureRmSiteRecoveryRecoveryPlan

    B) Get-AzureRmSiteRecoveryPolicy

    C) Get-AzureRmSiteRecoveryRecoveryPlan

    D) Update-AzureRmSiteRecoveryPolicy

  8. Your organization has Azure resources deployed in the West US, West Europe, and East Australia regions. The company has four offices located in these regions. You need to provide connectivity between all the on-premises networks and all the resources in Azure using a private channel. You configure a VPN gateway for each Azure region and configure a site-to-site VPN for each office and connect to the nearest VPN gateway. You then configure virtual network peering. You need to ensure that users have the lowest traffic latency. Does this solution meet your goal?

    A) Yes

    B) No

  9. Your company has an Azure AD tenant and an on-premises AD that are synced using Azure AD Connect. The security department notices a high number of logins from various public IP addresses. What should you do to reduce these logins?

    A) Enable Azure AD smart lockout.

    B) Add all the public IP addresses to conditional access and use location blocking to deny all login attempts.

    C) Create a conditional access rule to require MFA for all risky logins labeled medium risk and above.

    D) Turn on Azure MFA fraud alerts.

  10. You have an Azure App Service API that allows users to upload documents to the cloud with a mobile device. A mobile app connects to the service by using REST API calls. When a document is uploaded to the service, the service extracts the document metadata. Usage statistics for the app show a significant increase in app usage. The extraction process is very CPU-intensive. You plan to modify the API to use a queue. You need to ensure that the solution scales, handles request spikes, and reduces costs between the spikes. What should you do?

    A) Configure a CPU-optimized VM and install the Web App service on the new instance.

    B) Configure a series of CPU-optimized VMs and install the extraction logic for the app to process a queue.

    C) Move the extraction logic to an Azure function and then create a queue-triggered function to process the queue.

    D) Configure Azure Container Instances to retrieve the items from the queue and run the extraction logic across a pool of VM nodes.

  11. You want to create a group of resource group managers in the Azure portal. Which RBAC role do you need to assign to them in order to manage all the resource groups in the Azure subscription?

    A) Contributor

    B) Reader

    C) Owner

    D) Monitoring reader

  12. Your company has an application that requires data from a blob storage to be moved from the hot access tier to the archive access tier to reduce costs. Which type of storage account do you need to create?

    A) A general-purpose V2 storage account

    B) A general-purpose V1 storage account

    C) Azure File storage

    D) Azure Blob storage

  13. You are planning data security for your Azure resources. The confidentially of code on your VMs must be protected while the code is being processed. Which feature should you use for this?

    A) Azure Batch

    B) Azure Confidential Compute

    C) Azure Container Instances

    D) Azure Disk Encryption

  14. You have two Azure resource groups, named ResourceGroup1 and ResourceGroup2. The ResourceGroup1 resource group contains 20 Windows Server VMs and all the VMs are connected to an Azure Log Analytics workspace named Workspace1. You need to write a log search query that collects all security events with the following properties: all security levels other than 8 and with the Event ID 4672. How should you write your query?

    A) SecurityEvent | where Level == 8 | and EventID == 4672

    B) SecurityEvent 4672 | where Level <> 8 | where EventID ==4672

    C) SecurityEvent 4672 | where Level == 8 |summarize EventID==4672

    D) SecurityEvent | where Level <> 8 | and EventID == 4672

  15. You are using an Azure Logic App to integrate SharePoint Online, Dynamics, and an on-premises Oracle database. You are informed that the logic app access key has been compromised. What should you do?

    A) Delete the logic app and redeploy it.

    B) Only allow internal IP addresses to access the logic app.

    C) Add a resource lock.

    D) Regenerate the access key.

  16. You have two subscriptions named subscription 1 and subscription 2. Each subscription is associated with a different Azure AD tenant. subscription 1 contains a virtual network named VNet 1. VNet 1 contains an Azure VM named VM1 and has an IP address space of 10.0.0.0/16. subscription 2 contains a virtual network named VNet 2. VNet 2 contains an Azure VM named VM2 and has an IP address space of 10.0.0.0/24. You need to connect VNet 1 to VNet 2. What should you do first?

    A) Move VM2 to subscription 1.

    B) Provision virtual network gateways.

    C) Move VNet 1 to subscription 2.

    D) Modify the IP address range of VNet 2.

  17. Your company has a VM that is stored inside a resource group. You need to deploy additional VMs in the same resource group. You are planning to deploy them using an ARM template. You need to create a template from the original VM using PowerShell. Which cmdlet should you use?

    A) Export-AzResourceGroup

    B) Get-AzResourceGroupDeployment

    C) Get-AzResourceGroupDeploymentOperation

    D) Get-AzResourceGroupDeploymentTemplate

  18. You are developing an app that references data that is shared across multiple Azure SQL databases. The app must guarantee transactional consistency for changes across several sharding key values. You need to manage the transactions. What should you implement?

    A) Elastic database transactions with horizontal partitioning

    B) Distributed transactions coordinated by Microsoft Distributed Transaction Coordinator (MSDTC)

    C) Server-coordinated transactions from a .NET application

    D) Elastic database transactions with vertical partitioning

  19. You create a VM called VM1 with a Premium SSD operating system disk. You enable Azure Disk Encryption for the VM and then you add a Premium SSD data disk. Is the data disk automatically encrypted?

    A) Yes

    B) No

  20. Your company has an application that uses an Azure SQL database to store information. The company has also deployed System Center Service Manager. You need to configure an alert when the database reaches 80% of CPU usage. When this alert rises, you want your administrator to be notified using email and SMS. You also need to create a ticket in the corporate issue tracker automatically when the alert arises. Which two actions should you perform?

    A) Configure System Center Service Manager with Azure Automation.

    B) Configure one action group with three actions, one for email, one for SMS, and one for creating the ticket.

    C) Configure an IT Service Management Connector.

    D) Configure two actions groups, one for email and SMS, and one for creating the ticket.

  21. A VM named PacktVM1 is deployed in a resource group named PacktResourceGroup1. The VM is connected to a VNet named PacktVNet1. You plan to connect the PacktVM1 VM to an additional VNet named PacktVNet2. You need to create an additional network interface on the PacktVM1 VM and connect it to the PacktVNet2 VNet. Which two Azure Command-line Interface (CLI) commands should you use?

    A) az vm nic add

    B) az vm nic create

    C) az network update

    D) az network nic create

  22. You need to grant access to an external consultant to some resources inside your Azure subscription. You plan to add this external user using PowerShell. Which cmdlet should you use?

    A) New-AzADUser

    B) New-AzureADMSInvitation

    C) Get-AzADUser

    D) Get-AzureADMSInvitation

  23. You are planning to migrate your on-premises environment to Azure using Azure Site Recovery. You have already created a storage account, a virtual network, a Recovery Services vault, and a resource group in the Azure portal. You now need to grant the cloud engineer the requisite privileges to perform the migration. Which two built-in roles should you use, using the principle of least privilege?

    A) Site Recovery Contributor

    B) Network Contributor

    C) Reader

    D) Virtual Machine Contributor

  24. You use Azure AD Connect to synchronize all AD domain users and groups with Azure AD. As a result, all users can use Single Sign-on (SSO) to access applications. You should reconfigure the directory synchronization to exclude domain services accounts and user accounts that shouldn't have access to the application. What should you do?

    A) Rerun Azure AD Connect and configure OU filtering.

    B) Stop the synchronization service.

    C) Remove the domain services and user accounts manually.

    D) Configure conditional access rules in Azure AD.

  25. You configure Azure Application Gateway to host multiple websites on a single instance of the Application Gateway. You create two backend server pools, named PacktPool1 and PacktPool2. Requests for http://Packt1.info should be routed to PacktPool1, and requests for http://Packt2.info should be routed to PacktPool2. Users only see the content of PacktPool2, regardless of the URL they use. You need to identify which component is configured incorrectly. What should you check?

    A) The CName resource record

    B) The backend port settings

    C) The routing rule

    D) The SSL certificate

  26. Your company is developing a .NET application that stores information in an Azure Storage account. You need to ensure that the information is stored in a secure way. You ask the developers to use a Shared Access Signature (SAS) when accessing the information. You need to ensure that the required configurations on the storage account comply with security best practices. Which statement is false?

    A) You need to configure a stored access policy.

    B) To revoke an SAS, you can delete the stored access policy.

    C) You should set the SAS start time to now.

  27. You need to use an Azure logic app to receive a notification when an administrator modifies the settings of a VM in a resource group, ResourceGroup1. Which three components should you create next in the Logic Apps Designer? Pick the three components and set them in the correct order.

    A) An action

    B) An Azure Event Grid trigger

    C) A condition control

    D) A variable

  28. Your company has an Azure AD tenant and an on-premises AD that are synced using Azure AD Connect. Your on-premises environment is running a mix of Windows Server 2012 and Windows Server 2016 servers. You use Azure MFA for multi-factor authentication. Users report that they are required to use MFA while using company devices. You need to turn MFA off for domain-joined devices. What should you do?

    A) Enable SSO on Azure AD Connect.

    B) Create a conditional access rule to allow users to use either MFA or a domain-joined device when accessing applications.

    C) Configure Windows Hello for Business on all domain-joined devices.

    D) Add the company external IP address to the Azure MFA Trusted IPs list.

  29. You maintain an existing Azure SQL Database instance. Management of the database is performed by an external party. All cryptographic keys are stored in Azure Key Vault. You must ensure that the external party cannot access the data in the SSN column of the Person table. What should you do?

    A) Enable AlwaysOn encryption.

    B) Set the column encryption setting to disabled.

    C) Assign users to the public fixed database role.

    D) Store the column encryption keys in the system catalog view in the database.

  30. You have an Azure resource group named PacktResourceGroup1 that contains a Linux VM named PacktVM1. You need to automate the deployment of 30 additional Linux machines. The VMs should be based on the configuration of the PacktVM1 VM. Which of the following solutions will meet the goal?

    A) From the VM Automation's script blade, click Deploy.

    B) From the Templates blade, click Add.

    C) From the resource group's policy blade, click Assign.

  31. You have an Azure subscription that contains two different VNets. You want the VNets to communicate through the Azure backbone. Which solution should you choose?

    A) VNet peering

    B) Site-to-site VPN

    C) Point-to-site VPN

    D) Azure Expressroute

  32. You are using Azure Application Gateway to manage traffic for your corporate website. The Application Gateway uses the standard tier, with an instance size of medium. You are asked to implement WAF to guard the website against SQL injection attacks and other vulnerabilities. To configure WAF, which two actions should you perform?

    A) Enable WAF in detection mode.

    B) Change the Azure Application Gateway to an instance size of large.

    C) Enable WAF in prevention mode.

    D) Change the Azure Application Gateway tier.

  33. You have VMs deployed inside a Hyper-V infrastructure and you are planning to move those VMs to Azure using Azure Site Recovery. You have the following types of machines. Can all these types of machines be moved using Azure Site Recovery?

    — Windows VMs Generation 2

    — Linux VMs Generation 2

    — Windows VMs with BitLocker installed on them

    A) Yes

    B) No

  34. You have a web app named PacktApp. You are developing a triggered app service background task using the WebJobs SDK. This task will automatically invoke a function in code whenever any new data is received in the queue. Which service should you use when you want to manage all code segments from the same Azure DevOps environment?

    A) Logic Apps

    B) A custom web app

    C) Web Jobs

    D) Functions

  35. You are developing a workflow solution using Azure technologies. Which solution is the best fit if you want to use a collection of ready-made actions?

    A) Azure Functions

    B) Logic Apps

    C) Web Apps

  36. You are creating a new Azure Functions app to run a serverless C# application. This function has an execution duration of 1 second and a memory consumption of 256 MB, and executes up to 1 million times during the month. Which plan should you use?

    A) The Linux App Service plan

    B) The Windows Consumption plan

    C) The Windows App Service plan

    D) The Kubernetes App Service plan

  37. You plan to create a Docker image that runs on an ASP.NET Core application named PacktApp. You have a setup script named setupScript.ps1 and a series of application files, including PacktApp. You need to create a Dockerfile document that calls the setup script when the container is built and runs the app when the container starts. The Dockerfile document must be created in the same folder where PacktApp.dll and setupScript.ps1 are stored. In which order do the following four commands need to be executed?

    A) Copy ./.

    B) WORKDIR /apps/PacktApp

    C) FROM microsoft/aspnetcore:2.0

    D) RUN powershell ./setupScript.ps1 CMD ["dotnet", "PacktApp.dll"]

  38. The HR department uses multiple Azure subscriptions within your tenant. The head of HR wants to be able to have read access to all components in anything built by their team. How can you achieve this?

    A) Assign the head of HR read access on every individual subscription.

    B) Create an Active Directory group and add all HR subscriptions to it. Make the head of HR the admin of that group.

    C) Create an Azure management group called HR. Ensure that all HR subscriptions are under that group. Grant read access to the head of HR for that management group.

    D) Create a resource group in each subscription. Add the Read RBAC role to the head of HR for each resource group.

  39. A VM has been deleted and nobody knows who did it or why. How can you investigate what happened and who did it?

    A) In the Virtual machine blade, go to the delete items view.

    B) Go to the subscription activity log view. Filter events on OperationDelete Virtual Machine.

    C) Go to the resource group the VM was deployed in, and then go to the Deployments tab.

    D) On the subscription blade, go to the Security view. Search for delete events.

  40. You are creating a solution that stores data in a database. The application is dynamic and needs to store data using different schemas, as opposed to using a well-defined, static schema. Which Azure native database technology is the best choice?

    A) Azure SQL

    B) Azure Cosmos DB

    C) Azure Blob storage

  41. Your security team wants you to ensure that all subscriptions contain a Key vault and a VNET that routes all traffic to a central hub containing a firewall. You need to prevent users from changing or deleting the VNET. How can this be achieved?

    A) Create an Azure blueprint that contains the desired configuration. Set the Blueprint to readonly.

    B) Create an ARM template that contains the desired configuration. Run that template against all new subscriptions.

    C) Manually create the desired configuration. Create an RBAC role to specifically deny access to network components.

    D) Manually create the desired configuration. Create an alert if any network component is deleted or modified.

  42. You have an application that uses a global Cosmos DB. Performance is not as important as ensuring that all replicas of the database are always up to date. Which is the best consistency model?

    A) Strong

    B) Bounded staleness

    C) Session

    D) Consistent prefix

    E) Eventual

  43. You are building a new solution that uses an Azure SQL backend database. The database itself must be protected from an entire region outage, and any failover must be fully automatic. How do you configure the Azure SQL Server and Database to achieve this?

    A) Build your SQL database in an elastic pool. Use the individual database connection string as this will be the same in the event of a failover.

    B) Set up geo-replication on the server with the replica in another region. Use the normal database connection string.

    C) Set up geo-replication on the server, and then create a database failover group. Use the normal database connection string.

    D) Set up geo-replication on the server, and then create a database failover group. Use the read/write listener endpoint connection string.

  44. You are developing a 3-tier application, and you need to ensure that the backend services, middle tier, and frontend UI are as secure as possible from a networking perspective. Which TWO options will achieve this?

    A) Build all three tiers within a single subnet. Set up the apps themselves to only communicate with each upstream or downstream tier.

    B) Build all three tiers within a single VNET. Set up Network Security Groups (NSGs) on the VNET to only allow communication between tiers.

    C) Build all three tiers within a single VNET, but separated into subnets. Set up NSGs on each subnet to only allow communication between tiers.

    D) Build all three tiers within a single subnet. Group each tier into an Application Security Group (ASG). Set up NSGs on the subnet to only allow communication between servers defined in the ASGs.

  45. You have multiple subscriptions and solutions in your Azure tenant. You need to ensure that all your services within the Azure platform are protected at the network level. Which of the following options would achieve this with minimal setup and administration?

    A) Define a single NSG that defines your firewall rules. Assign this NSG to all subnets.

    B) Create a hub subscription that contains an Azure Firewall with your firewall rules applied. Configure all other subscriptions to route traffic through the hub subscription.

    C) Create an Azure Firewall in each subscription and implement a standard set of rules on each.

    D) Define ASGs. Group the server types into ASGs. On each NSG, use the ASGs to control traffic.

  46. What kinds of VMs can you update with Azure Update Management?

    A) Windows

    B) Linux

    C) Both

  47. You have been asked to protect a VM workload in Azure. The Recovery Point Objective is 1 hour (the business cannot lose more than an hour's worth of data). Which is the best backup solution for this requirement and why?

    A) Azure Backup, because your VM can be backed up every hour

    B) Azure Site Recovery, because data can be copied to another region

    C) Azure Backup, because restoring is instant

    D) Azure Site Recovery, because snapshots are replicated every 5 minutes

  48. You are setting up an Azure Bastion service for the purpose of secure communication with your Azure VMs. Which statement is correct?

    A) Azure Bastion can be used to connect to VMs on another VNET without any additional configuration.

    B) Azure Bastion cannot be used to connect to VMs on another VNET.

    C) Azure Bastion can be used to connect to VMs on another VNET if that VNET is peered to the VNET Azure Bastion.

    D) Azure Bastion can only connect to VMs on the same subnet.

  49. You have been asked to build a solution that can load-balance and protect services that span two different regions. Which TWO of the following options can be used?

    A) Azure Traffic Manager + Azure Front Door

    B) Azure Application Gateway

    C) Azure Traffic Manager + Azure Application Gateway

    D) Azure Front Door + Azure Load Balancer

  50. Which of the following Azure SQL options use native VNET integration?

    A) SQL Managed Instance

    B) SQL Single Database

    C) SQL Elastic Pool

    D) SQL Hyperscale

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.140.185.147