1. 4—You should create one alert and one action group for this. One alert can contain multiple metrics-based conditions and a single action group can contain more than one notification or remediation step, so you can create the metrics for both the CPU and memory in one alert. You can use one action group for sending out the email and creating an issue in the corporate issue tracker.
2. 3—You should redeploy the VM from a recovery point. VMs can only be assigned to an availability set during initial deployment. 
3. 2—You should create a path-based rule for this.
4. 2—You should create a new service bus namespace in another data center first before you replicate the endpoints and pair the namespace with another namespace in a different data center.
5. 1—You should use durable functions only.
6. 1—You should use durable functions only.
7. 3—Three rules and one action group is the minimum here.
8. 4—You should configure a storage account with zone-redundant storage (ZRS) replication. This makes a synchronous copy of the data between three different zones in the same region. 
9. 1—You should modify the IP configuration of the virtual network interface associated with PacktVM1.
10. 4—You should assign the Contributor role at the resource group level to the user account. This provides the user with full read/write access at the resource group level, but doesn't grant the user any permissions in the subscription or Azure AD levels.
11. 4—You should deploy ADFS. Using this solution, users can log in using SSO and use smartcard authentication. Smartcard authentication is not supported for Azure AD Connect.

12. 4—You should use the Update-AzureRmSiteRecoveryPolicy cmdlet. This has the recovery points method in it, which you can set to specify the maximum amount of time that data will be lost for.
13. 1—Yes: because you configure a VPN gateway for each region, this solution meets the goals. This will result in the lowest traffic latency for your users.
14. 3—You should create a conditional access rule to require MFA authentication for all risky logins labeled medium-risk and above. Azure AD can apply risk levels to all sign-in attempts using a selection of parameters. You can use conditional access to enforce sign-in requirements based on those levels.
15. 3—You should move the extraction logic to an Azure function. This is the most scalable and cost-effective solution.
16. 3—You should assign the Owner role to the group of resource group managers.
17. 1—You need to configure a general-purpose V2 storage account to move data between different access tiers.
18. 3—You should use Azure Confidential Compute for this requirement.
19. 2—The right query should be SecurityEvent | where Level <> 8 | where EventID == 4672.
20. 4—You should regenerate the access key. This will automatically make the old access key invalid.
21. 2 —You need virtual network gateways to connect VNets that are associated with different Azure AD instances.
22. 1—You should use the Export-AzResourceGroup cmdlet. This captures the specified resource group as a template and saves it to a JSON file.
23. 1—You should implement Elastic database transactions with horizontal partitioning.
24. 3—The data disk is automatically encrypted using the Premium disks.
25. 2 and 3—You need to create one action group and you need to configure the IT Service Management Connector (ITSMC). This connector connects the System Center Service Manager with Azure.
26. 1 and 4—You should use az vm nic add to create a new NIC. Then you should use az network nic create to attach the NIC to PacktVM1.
27. 2—You should use the New-AzureADMSInvitation cmdlet to add an external user to your Azure AD tenant using PowerShell.

28. 1 and 4—You need to grant the cloud engineer the Virtual Machine Contributor role to enable the replication of a new VM. You do this by creating a new VM inside the Azure portal. You should also grant the Site Recovery Contributor role to the engineer. This way, the engineer has permission to manage the site recovery vault without permission to create new vaults or assign permissions to other users.
29. 1—You should rerun Azure AD Connect. This will perform OU filtering and refresh the directory schema.
30. 2—You should check the routing rule; backend port settings is configured incorrectly.
31. 1—True: you need to configure a stored access policy. 2—True: to revoke an SAS, you can delete the stored access policy. 3—False: when you set the timer to now, there can be differences in the clock of the servers hosting your storage account. This can lead to access problems for a short period of time.
32. 2—You should configure an Azure VPN gateway to accept point-to-site VPN connections from users' laptops.
33. 1—You should create new groups using the Direct Reports rule. This will create a dynamic group that includes all members who have the same ManagerID attribute. This will also handle updates to the group accordingly. 
34. 1—You should grant the Packt_HD group the Password Administrator role in Azure AD. This role grants the right to reset nonadmin passwords, which are the minimal permissions that are required.
35. 2, 3 and 1—You should set them in the following order:
    1. An Azure Event Grid trigger
    2. A condition control
    3. An action
36. 2—You should create a conditional access rule to allow users to use either MFA or a domain-joined device when accessing applications. The rule will not force MFA when using a domain-joined device.
37. 3—You should enable AlwaysOn encryption.
38. 1 and 2—You can deploy the ARM template of the virtual machine from the virtual machine's Automation script blade and you can deploy the template from the Templates blade in the Azure portal. 

39. 1—VNet peering is the only solution that makes it possible to communicate directly through the Azure backbone.
40. 3 and 4—You should enable WAF in prevention mode and change the application gateway tier. The Standard tier doesn't support the ability to configure WAF. Prevention mode actively blocks SQL-injection attacks. 
41. 4—VNet peering is the most cost-effective solution for connecting different VNets.
42. 2—No: you can only use Azure Site Recovery for the Windows VMs Generation 2 machines that you have installed inside your Hyper-V environment. The rest are not supported.
43. 3—You should use Web Jobs to manage all the code segments from the same DevOps environment.
44. 2—You should use the Set-AzureRmLocalNetworkGateway cmdlet. You need to reconfigure the local network gateway for this.
45. 2—You should use Logic Apps only.
46. 2—You should enable pass-through authentication. This enables SSO for users and allows the company to implement two-factor authentication using Azure MFA.
47. 2—You should use the Windows Consumption plan. This plan supports per-second resource consumption and execution.
48. 1—Yes: this is the right way to create a custom role using PowerShell.
49. 1 and 3—Both calls to a phone and notification via mobile apps don't require the user to enter a code in a browser.
50. 3, 2, 1, and 4—The script should look like the following:
    1. FROM microsoft/aspnetcore:2.0
    2. WORKDIR /apps/PacktApp
    3. Copy ./.
    4. RUN powershell ./setupScript.ps1 CMD ["dotnet", "PacktApp.dll"]
51. 3—You should use Web Jobs to process the queue item.
52. 4—You should use an autoscale setting with an unlimited maximum number of instances.
53. 3—You should change the directory from the Azure portal.