Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub (beta) v1.0 (AZ-600)

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -

Existing Environment -

Network Environment -
The Litware offices and the Fabrikam office connect by using a private circuit. Each office connects directly to the Internet.

Identity Environment -
The Litware network contains an Active Directory forest named litwareinc.com. The forest and an Azure Active Directory (Azure AD) tenant named litwareinc.com are integrated by using Active Directory Federation Services (AD FS). Litware has an enterprise certification authority (CA).
The Azure subscriptions of Litware are associated to the litwareic.com Azure AD tenant.
Fabrikam also has an Azure AD tenant.

Azure Stack Hub Environment -
Litware has the following two Azure Stack Hub integrated systems:
A fully operational integrated system in Boston that connects to the Internet and has the following configurations:
- Is managed by using an administrator management endpoint of: https://adminportal.eastus.litwareinc.com
- Has an Azure App Service deployment that has two dedicated, large web workers
- Currently uses version 2005 of Azure Stack Hub
A newly delivered integrated system in Chicago that is disconnected from the Internet and will be managed by using an administrator management endpoint of: https://adminportal.northcentralus.litwareinc.com

Datacenter Environment -
The Chicago datacenter of Litware contains the infrastructure shown in the following table.

HOTSPOT -
You have an Azure Stack Hub integrated system that is enabled for multitenancy and uses an Azure Active Directory (Azure AD) tenant named fabrikam.com as an identity provider.
The integrated system has the following guest directory tenants onboarded and enabled for multitenancy:
✑ com
✑ onmicrosoft.com
✑ onmicrosoft.com
You need to verify whether all the guest directory tenants are registered properly.
How should you complete the PowerShell script? To answer, drag the appropriate cmdlet to the correct targets. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Hot Area:

You have a multitenant Azure Stack Hub integrated system for a Cloud Solution Provider (CSP). The integrated system is used by several customers.
You hire a new support technician to help manage the integrated system.
You need to configure access for the support technician. The solution must meet the following requirements:
✑ The technician must be prevented from accessing customer resources.
✑ The technician must be able to monitor the status of infrastructure backups.
✑ The technician must be able to create and manage plans, offers, and quotas.
Which built-in role should you assign to the support technician?

DRAG DROP -
You have an Azure Stack Hub integrated system that uses an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com as an identity provider.
You need to ensure that users from an Azure AD tenant named fabrikam.onmicrosoft.com can authenticate to the integrated system.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

DRAG DROP -
You have an Azure Stack Hub integrated system that uses an Azure Active Directory (Azure AD) identity provider.
You have a group named AppGroup1.
You need to provide an application with the ability to access Azure Stack Hub resources by using AppGroup1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
A company named Northwind Traders has a main office and a datacenter. All development occurs at the main office.

Existing Environment -

Identity Environment -
The network contains an Active Directory forest named northwind.com. The forest and an Azure Active Directory (Azure AD) tenant named northwind.onmicrosoft.com are integrated by using Active Directory Federation Service (AD FS).
All Azure subscriptions use the northwind.onmicrosoft.com Azure AD tenant.
Northwind Traders uses an Enterprise Agreement (EA) subscription.
All operators are global administrators in northwind.onmicrosoft.com.

Azure Stack Hub Environment -
Northwind Traders has the following five Azure Stack Hub integrated systems:
One integrated system that connects to an internet-facing network and has the following configurations:
- The region name is int1.
- The operators do not have access to the user subscriptions.
- The integrated system is used for customer and partner applications.
- The partners and customers of NorthWind Traders use guest user accounts to access various user resources.
Two integrated systems that connect to a private network, are accessed only from inside the company, and have the following configurations:
- The integrated systems are dedicated to research and development.
- One integrated system has a region name of priv1, and the other has a region name of priv2.
- The integrated systems are used for various data rendering, AI workloads, inference, and data visualization.
Two integrated systems that are dedicated to application development and have the following configurations:
- The integrated systems are disconnected from the Internet. The workloads in the user subscriptions have Internet access.
- One integrated system has a region name of dev1, and the other has a region name of dev2.
- Both regions are used only by developers at Northwind Traders.
The external domain name of all the integrated systems is northwind.com. All the integrated systems have Azure App Service and the Azure Kubernetes Service
(AKS) engine deployed.
The computer of the operator in each region has all the prerequisite software installed for managing Azure Stack Hub.

Current Problems -
You identify the following issues in the current environment:
The priv2 region recently experienced a catastrophic failure.
The developers report high chargeback costs for the dev1 region.
The int1 region runs a high number of Windows virtual machines that use pay-as-you-use images.
The Northwind Traders partners and customers report that use of the guest user accounts is too complex.
Users in the priv1 region recently deployed NCas_v4 virtual machines for various AI workload. The users discover that the virtual machines do not use GPUs.

Requirements -

Planned Changes -
Northwind Traders plans to implement the following changes:
Remove all guest user accounts.
Change the DNS forwarder of the priv1 region.
Change the billing model and registration name of the int1 region.
After the catastrophic failure, restore the priv2 region to its original state.
Provide each partner with its own dedicated user subscription that will use its own dedicated Azure AD tenant.

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
A company named Northwind Traders has a main office and a datacenter. All development occurs at the main office.

Existing Environment -

Identity Environment -
The network contains an Active Directory forest named northwind.com. The forest and an Azure Active Directory (Azure AD) tenant named northwind.onmicrosoft.com are integrated by using Active Directory Federation Service (AD FS).
All Azure subscriptions use the northwind.onmicrosoft.com Azure AD tenant.
Northwind Traders uses an Enterprise Agreement (EA) subscription.
All operators are global administrators in northwind.onmicrosoft.com.

Azure Stack Hub Environment -
Northwind Traders has the following five Azure Stack Hub integrated systems:
One integrated system that connects to an internet-facing network and has the following configurations:
- The region name is int1.
- The operators do not have access to the user subscriptions.
- The integrated system is used for customer and partner applications.
- The partners and customers of NorthWind Traders use guest user accounts to access various user resources.
Two integrated systems that connect to a private network, are accessed only from inside the company, and have the following configurations:
- The integrated systems are dedicated to research and development.
- One integrated system has a region name of priv1, and the other has a region name of priv2.
- The integrated systems are used for various data rendering, AI workloads, inference, and data visualization.
Two integrated systems that are dedicated to application development and have the following configurations:
- The integrated systems are disconnected from the Internet. The workloads in the user subscriptions have Internet access.
- One integrated system has a region name of dev1, and the other has a region name of dev2.
- Both regions are used only by developers at Northwind Traders.
The external domain name of all the integrated systems is northwind.com. All the integrated systems have Azure App Service and the Azure Kubernetes Service
(AKS) engine deployed.
The computer of the operator in each region has all the prerequisite software installed for managing Azure Stack Hub.

Current Problems -
You identify the following issues in the current environment:
The priv2 region recently experienced a catastrophic failure.
The developers report high chargeback costs for the dev1 region.
The int1 region runs a high number of Windows virtual machines that use pay-as-you-use images.
The Northwind Traders partners and customers report that use of the guest user accounts is too complex.
Users in the priv1 region recently deployed NCas_v4 virtual machines for various AI workload. The users discover that the virtual machines do not use GPUs.

Requirements -

Planned Changes -
Northwind Traders plans to implement the following changes:
Remove all guest user accounts.
Change the DNS forwarder of the priv1 region.
Change the billing model and registration name of the int1 region.
After the catastrophic failure, restore the priv2 region to its original state.
Provide each partner with its own dedicated user subscription that will use its own dedicated Azure AD tenant.

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
A company named Northwind Traders has a main office and a datacenter. All development occurs at the main office.

Existing Environment -

Identity Environment -
The network contains an Active Directory forest named northwind.com. The forest and an Azure Active Directory (Azure AD) tenant named northwind.onmicrosoft.com are integrated by using Active Directory Federation Service (AD FS).
All Azure subscriptions use the northwind.onmicrosoft.com Azure AD tenant.
Northwind Traders uses an Enterprise Agreement (EA) subscription.
All operators are global administrators in northwind.onmicrosoft.com.

Azure Stack Hub Environment -
Northwind Traders has the following five Azure Stack Hub integrated systems:
One integrated system that connects to an internet-facing network and has the following configurations:
- The region name is int1.
- The operators do not have access to the user subscriptions.
- The integrated system is used for customer and partner applications.
- The partners and customers of NorthWind Traders use guest user accounts to access various user resources.
Two integrated systems that connect to a private network, are accessed only from inside the company, and have the following configurations:
- The integrated systems are dedicated to research and development.
- One integrated system has a region name of priv1, and the other has a region name of priv2.
- The integrated systems are used for various data rendering, AI workloads, inference, and data visualization.
Two integrated systems that are dedicated to application development and have the following configurations:
- The integrated systems are disconnected from the Internet. The workloads in the user subscriptions have Internet access.
- One integrated system has a region name of dev1, and the other has a region name of dev2.
- Both regions are used only by developers at Northwind Traders.
The external domain name of all the integrated systems is northwind.com. All the integrated systems have Azure App Service and the Azure Kubernetes Service
(AKS) engine deployed.
The computer of the operator in each region has all the prerequisite software installed for managing Azure Stack Hub.

Current Problems -
You identify the following issues in the current environment:
The priv2 region recently experienced a catastrophic failure.
The developers report high chargeback costs for the dev1 region.
The int1 region runs a high number of Windows virtual machines that use pay-as-you-use images.
The Northwind Traders partners and customers report that use of the guest user accounts is too complex.
Users in the priv1 region recently deployed NCas_v4 virtual machines for various AI workload. The users discover that the virtual machines do not use GPUs.

Requirements -

Planned Changes -
Northwind Traders plans to implement the following changes:
Remove all guest user accounts.
Change the DNS forwarder of the priv1 region.
Change the billing model and registration name of the int1 region.
After the catastrophic failure, restore the priv2 region to its original state.
Provide each partner with its own dedicated user subscription that will use its own dedicated Azure AD tenant.

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
A company named Northwind Traders has a main office and a datacenter. All development occurs at the main office.

Existing Environment -

Identity Environment -
The network contains an Active Directory forest named northwind.com. The forest and an Azure Active Directory (Azure AD) tenant named northwind.onmicrosoft.com are integrated by using Active Directory Federation Service (AD FS).
All Azure subscriptions use the northwind.onmicrosoft.com Azure AD tenant.
Northwind Traders uses an Enterprise Agreement (EA) subscription.
All operators are global administrators in northwind.onmicrosoft.com.

Azure Stack Hub Environment -
Northwind Traders has the following five Azure Stack Hub integrated systems:
One integrated system that connects to an internet-facing network and has the following configurations:
- The region name is int1.
- The operators do not have access to the user subscriptions.
- The integrated system is used for customer and partner applications.
- The partners and customers of NorthWind Traders use guest user accounts to access various user resources.
Two integrated systems that connect to a private network, are accessed only from inside the company, and have the following configurations:
- The integrated systems are dedicated to research and development.
- One integrated system has a region name of priv1, and the other has a region name of priv2.
- The integrated systems are used for various data rendering, AI workloads, inference, and data visualization.
Two integrated systems that are dedicated to application development and have the following configurations:
- The integrated systems are disconnected from the Internet. The workloads in the user subscriptions have Internet access.
- One integrated system has a region name of dev1, and the other has a region name of dev2.
- Both regions are used only by developers at Northwind Traders.
The external domain name of all the integrated systems is northwind.com. All the integrated systems have Azure App Service and the Azure Kubernetes Service
(AKS) engine deployed.
The computer of the operator in each region has all the prerequisite software installed for managing Azure Stack Hub.

Current Problems -
You identify the following issues in the current environment:
The priv2 region recently experienced a catastrophic failure.
The developers report high chargeback costs for the dev1 region.
The int1 region runs a high number of Windows virtual machines that use pay-as-you-use images.
The Northwind Traders partners and customers report that use of the guest user accounts is too complex.
Users in the priv1 region recently deployed NCas_v4 virtual machines for various AI workload. The users discover that the virtual machines do not use GPUs.

Requirements -

Planned Changes -
Northwind Traders plans to implement the following changes:
Remove all guest user accounts.
Change the DNS forwarder of the priv1 region.
Change the billing model and registration name of the int1 region.
After the catastrophic failure, restore the priv2 region to its original state.
Provide each partner with its own dedicated user subscription that will use its own dedicated Azure AD tenant.

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -

Existing Environment -

Network Environment -
The Litware offices and the Fabrikam office connect by using a private circuit. Each office connects directly to the Internet.

Identity Environment -
The Litware network contains an Active Directory forest named litwareinc.com. The forest and an Azure Active Directory (Azure AD) tenant named litwareinc.com are integrated by using Active Directory Federation Services (AD FS). Litware has an enterprise certification authority (CA).
The Azure subscriptions of Litware are associated to the litwareic.com Azure AD tenant.
Fabrikam also has an Azure AD tenant.

Azure Stack Hub Environment -
Litware has the following two Azure Stack Hub integrated systems:
A fully operational integrated system in Boston that connects to the Internet and has the following configurations:
- Is managed by using an administrator management endpoint of: https://adminportal.eastus.litwareinc.com
- Has an Azure App Service deployment that has two dedicated, large web workers
- Currently uses version 2005 of Azure Stack Hub
A newly delivered integrated system in Chicago that is disconnected from the Internet and will be managed by using an administrator management endpoint of: https://adminportal.northcentralus.litwareinc.com

Datacenter Environment -
The Chicago datacenter of Litware contains the infrastructure shown in the following table.

DRAG DROP -
You have an Azure Stack Hub integrated system that has syslog forwarding configured.
You need to remove syslog forwarding and the associated certificate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

DRAG DROP -
You have an Azure Stack Hub integrated system that is disconnected from the Internet.
You need to collect diagnostic logs, but do not have access to an SMB share.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

HOTSPOT -
You have an Azure Stack Hub integrated system that has 10 user subscriptions. Each subscription contains approximately 50 virtual machines.
You are planning a backup and restore strategy for the integrated system.
You need to identify which type of backup to use to back up specific resources.
What should you identify for each resource? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

You have an Azure Stack Hub integrated system.
You perform infrastructure backups twice daily.
User workloads are protected by using Azure Site Recovery.
The architect of the user workloads is planning a business continuity disaster recovery (BCDR) strategy.
You need to recommend to the architect which resources to include in the BCDR strategy.
Which two resources should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

You have an Azure Stack Hub integrated system that was recently moved to a new datacenter and powered on.
You need to verify whether the infrastructure components are fully operational.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.