Page: 1
/ 20
Total 293 questions
SIMULATION -
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
When you are finished performing all the tasks, click the "˜Next"™ button.
Note that you cannot return to the lab once you click the "˜Next"™ button. Scoring occur in the background while you complete the rest of the exam.
Overview -
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn"™t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab -
You may start the lab by clicking the Next button.
You plan to deploy several Azure virtual machines and to connect them to a virtual network named VNET1007.
You need to ensure that future virtual machines on VNET1007 can register their name in an internal DNS zone named corp8548984.com. The zone must NOT be hosted on a virtual machine.
What should you do from Azure Cloud Shell?
To complete this task, start Azure Cloud Shell and select PowerShell (Linux), Click Show Advanced Settings, and then enter corpdata7523690n1 in the
Storage account text box and File1 share text box. Click Create storage, and then complete the task.
Answer : See solution below.
Explanation:
Step 1: Launch Cloud Shell from the top navigation of the Azure portal.
Step 2: Select PowerShell -
When you start the Azure Cloud Shell for the first time, you will be prompted to create a storage account in order to associate a new Azure File Share to persist files across sessions.
Step 3: Click Show Advanced settings.
Step 4: Enter corp8548984n1 in the Storage account text box and File1 share text box. Click Create storage.
Step 5: Enter the following command at the powershell command prompt:
New-AzDnsZone -Name "corp8548984.com"
-ResourceGroupName "mycloudshell"
-ZoneType Private
-RegistrationVirtualNetworkId VNET1007
Note: A DNS zone is created by using the New-AzDnsZone cmdlet with a value of Private for the ZoneType parameter.
References:
https://docs.microsoft.com/en-us/azure/dns/private-dns-getstarted-powershell https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart-powershell https://docs.microsoft.com/en-us/powershell/module/az.dns/new-azdnszone?view=azps-1.5.0
SIMULATION -
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
When you are finished performing all the tasks, click the "˜Next"™ button.
Note that you cannot return to the lab once you click the "˜Next"™ button. Scoring occur in the background while you complete the rest of the exam.
Overview -
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn"™t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab -
You may start the lab by clicking the Next button.
Another administrator reports that she is unable to configure a web app named corplod10217507n3 to prevent all connections from an IP address of 11.0.0.11.
You need to modify corplod10217507n3 to successfully prevent the connections from the IP address. The solution must minimize Azure-related costs.
What should you do from the Azure portal?
Answer : See explanation below.
Explanation:
Step 1:
Find and select application corplod10217507n3:
1. In the Azure portal, on the left navigation panel, click Azure Active Directory.
2. In the Azure Active Directory blade, click Enterprise applications.
Step 2:
To add an IP restriction rule to your app, use the menu to open Network>IP Restrictions and click on Configure IP Restrictions
Step 3:
Click Add rule -
You can click on [+] Add to add a new IP restriction rule. Once you add a rule, it will become effective immediately.
Step 4:
Add name, IP address of 11.0.0.11, select Deny, and click Add Rule
References:
https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions
SIMULATION -
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
When you are finished performing all the tasks, click the "˜Next"™ button.
Note that you cannot return to the lab once you click the "˜Next"™ button. Scoring occur in the background while you complete the rest of the exam.
Overview -
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn"™t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab -
You may start the lab by clicking the Next button.
You need to add a deployment slot named staging to an Azure web app named corplod10217507n4. The solution must meet the following requirements:
- When new code is deployed to staging, the code must be swapped automatically to the production slot.
- Azure-related costs must be minimized.
What should you do from the Azure portal?
Answer : See explanation below.
Explanation:
Step 1:
Locate and open the corplod10217507n4 web app.
1. In the Azure portal, on the left navigation panel, click Azure Active Directory.
2. In the Azure Active Directory blade, click Enterprise applications.
Step 2:
Open your app's resource blade and Choose the Deployment slots option, then click Add Slot.
Step 3:
In the Add a slot blade, give the slot a name, and select whether to clone app configuration from another existing deployment slot. Click the check mark to continue.
The first time you add a slot, you only have two choices: clone configuration from the default slot in production or not at all.
References:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-staged-publishing
SIMULATION -
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
When you are finished performing all the tasks, click the "˜Next"™ button.
Note that you cannot return to the lab once you click the "˜Next"™ button. Scoring occur in the background while you complete the rest of the exam.
Overview -
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn"™t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab -
You may start the lab by clicking the Next button.
You plan to deploy an application gateway named appgw1015 to load balance internal IP traffic to the Azure virtual machines connected to subnet0.
You need to configure a virtual network named VNET1015 to support the planned application gateway.
What should you do from the Azure portal?
Answer : See explanation below.
Explanation:
Step 1:
Click Networking, Virtual Network, and select VNET1015.
Step 2:
Click Subnets, and Click +Add on the VNET1015 - Subnets pane that appears.
Step 3:
On the Subnets page, click +Gateway subnet at the top to open the Add subnet page.
Step 4:
Locate subnet0 and add it.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
SIMULATION -
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
When you are finished performing all the tasks, click the "˜Next"™ button.
Note that you cannot return to the lab once you click the "˜Next"™ button. Scoring occur in the background while you complete the rest of the exam.
Overview -
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn"™t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab -
You may start the lab by clicking the Next button.
You plan to connect a virtual network named VNET1017 to your on-premises network by using both an Azure ExpressRoute and a site-to-site VPN connection.
You need to prepare the Azure environment for the planned deployment. The solution must maximize the IP address space available to Azure virtual machines.
What should you do from the Azure portal before you create the ExpressRoute and the VPN gateway?
Answer : See explanation below.
Explanation:
We need to create a Gateway subnet
Step 1:
Go to More Services > Virtual Networks
Step 2:
Then click on the VNET1017, and click on subnets. Then click on gateway subnet.
Step 3:
In the next window define the subnet for the gateway and click OK
It is recommended to use /28 or /27 for gateway subnet.
As we want to maximize the IP address space we should use /27.
References:
https://blogs.technet.microsoft.com/canitpro/2017/06/28/step-by-step-configuring-a-site-to-site-vpn-gateway-between-azure-and-on-premise/
HOTSPOT -
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. You add the users in the following table.
Which user can perform each configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Explanation:
Box 1: User1 only.
User1: The Owner Role lets you manage everything, including access to resources.
Not User3: The Network Contributor role lets you manage networks, but not access to them.
Box 2: User1, User2, and Users3 -
The Owner Role lets you manage everything, including access to resources.
The Security Admin role: In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations.
Network Contributor role lets you manage networks, but not access to them. This includes Read roles and role assignments
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
You have an Azure subscription that contains three virtual networks named VNet1, VNet2, and VNet3. VNet2 contains a virtual appliance named VM2 that operates as a router.
You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network.
You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3.
You need to provide connectivity between VNet1 and VNet3 through VNet2.
Which two configurations should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. On the peering connections, allow forwarded traffic
- B. Create a route filter
- C. On the peering connections, allow gateway transit
- D. Create route tables and assign the table to subnets
- E. On the peering connections, use remote gateways
Answer : CE
Explanation:
Allow gateway transit: Check this box if you have a virtual network gateway attached to this virtual network and want to allow traffic from the peered virtual network to flow through the gateway.
The peered virtual network must have the Use remote gateways checkbox checked when setting up the peering from the other virtual network to this virtual network.
Note: VNet2 is the hub network.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-constraints
DRAG DROP -
You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.
The virtual networks have the address spaces and the subnets configured as shown in the following table.
You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Answer :
Explanation:
Step 1: Remove peering between Vnet1 and VNet2.
You can't add address ranges to, or delete address ranges from a virtual network's address space once a virtual network is peered with another virtual network.
To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering.
Step 2: Add the 10.44.0.0/16 address space to VNet1.
Step 3: Recreate peering between VNet1 and VNet2
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering
HOTSPOT -
You are designing a virtual network to support a web application. The web application uses Blob storage to store large images. The web application will be deployed to an Azure App Service Web App.
You have the following requirements:
-> Secure all communications by using Secured Socket layer (SSL)
-> SSL encryption and decryption must be processed efficiently to support high traffic load on the web application
-> Protect the web application from web vulnerabilities and attacks without modification to backend code
-> Optimize web application responsiveness and reliability by routing HTTP request and responses to the endpoint with the lowest network latency for the client.
You need to configure the Azure components to meet the requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Explanation:
Box 1: Azure application Gateway
Azure Application Gateway supports end-to-end encryption of traffic. Application Gateway terminates the SSL connection at the application gateway. The gateway then applies the routing rules to the traffic, re-encrypts the packet, and forwards the packet to the appropriate back-end server based on the routing rules defined.
Any response from the web server goes through the same process back to the end user.
Box 2: Azure Security Center -
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.
Box 3: Azure Traffic Manager -
Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness.
References:
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-end-to-end-ssl-powershell https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview https://docs.microsoft.com/en-us/azure/security-center/security-center-intro
HOTSPOT -
You have Azure Storage accounts as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Explanation:
Note: The three different storage account options are: General-purpose v2 (GPv2) accounts, General-purpose v1 (GPv1) accounts, and Blob storage accounts.
-> General-purpose v2 (GPv2) accounts are storage accounts that support all of the latest features for blobs, files, queues, and tables.
-> Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs.
-> General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-options
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs).
A monitoring solution on a different network will need access to the VMs inside the scale set.
You need to define public access to the VMs.
Solution: Deploy a standalone VM that has a public IP address to the virtual network.
Does the solution meet the goal?
- A. Yes
- B. No
Answer : A
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs).
A monitoring solution on a different network will need access to the VMs inside the scale set.
You need to define public access to the VMs.
Solution: Implement an Azure Load Balancer.
Does the solution meet the goal?
- A. Yes
- B. No
Answer : B
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs).
A monitoring solution on a different network will need access to the VMs inside the scale set.
You need to define public access to the VMs.
Solution: Design a scale set to automatically assign public IP addresses to all VMs.
Does the solution meet the goal?
- A. Yes
- B. No
Answer : B
HOTSPOT -
You have an on-premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
You need to create a site-to-site VPN. The solution must ensure that if a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Explanation:
Box 1: 4 -
Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET.
The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below.
Box 2: 2 -
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections.
Box 3: 2 -
Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
HOTSPOT -
You have peering configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Explanation:
Box 1: vNET6 only -
Box 2: Modify the address space -
The virtual networks you peer must have non-overlapping IP address spaces.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-constraints
30 days access 