Topic 5: Mix Questions
You have an Azure subscription that contains the resources shown in the following table.
You plan to create new inbound NAT rules that meet the following requirements:
Provide Remote Desktop access to VM2 from the internet by using port 3389.
A.
A frontend IP address
B.
A health probe
C.
A load balancing rule
D.
A backend pool
A frontend IP address
Explanation:
To create an inbound NAT rule, you need to specify a frontend IP address and a frontend port for the load balancer to receive the traffic, and a backend IP address and a backend port for the load balancer to forward the traffic to1. According to the first table, LB1 has only one frontend IP address, which is 40.121.183.105. However, this frontend IP address is already used by the existing inbound NAT rule named rule1, which forwards port 80 to VM1 on port 802. Therefore, you cannot use the same frontend IP address and port for another inbound NAT rule.
To solve this problem, you need to create a new frontend IP address for LB1 before you can create the new inbound NAT rules. You can do this by using the Azure portal, PowerShell, or CLI3. After you create a new frontend IP address, you can use it to create the new inbound NAT rules that meet your requirements.
You have an Azure subscription.
You have 100 Azure virtual machines.
You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.
Which blade should you use?
A.
Metrics
B.
Customer insights
C.
Monitor
D.
Advisor
Advisor
The Advisor dashboard displays personalized recommendations for all your subscriptions.
You can apply filters to display recommendations for specific subscriptions and resource types. The recommendations are divided into five categories:
Reliability (formerly called High Availability): To ensure and improve the continuity of your business-critical applications. For more information, see Advisor Reliability recommendations.
Security: To detect threats and vulnerabilities that might lead to security breaches. For more information, see Advisor Security recommendations.
Performance: To improve the speed of your applications. For more information, see Advisor Performance recommendations.
Cost: To optimize and reduce your overall Azure spending. For more information, see Advisor Cost recommendations.
Operational Excellence: To help you achieve process and workflow efficiency, resource manageability and deployment best practices. . For more information, see Advisor Operational Excellence recommendations.
You have an Azure Active Directory tenant named Contoso.com that includes following users:
You have two Azure virtual machines named VM1 and VM2 that run Windows Server. The virtual machines are in a subnet named Subnet1. Subnet1 is in a virtual network name VNet1. You need to prevent VM1 from accessing VM2 on port 3389. What should you do?
A.
Create a network security group (NSG) that has an outbound security rule to deny destination port 3389 and apply the NSG to the network interface of VM1.
B.
Create a network security group (NSG) that has an inbound security rule to deny source port 3389 and apply the NSG to Subnet1.
C.
Create a network security group (NSG) that has an outbound security rule to deny source port 3389 and apply the NSG to Subnet1.
D.
Configure Azure Bastion in VNet1.
Create a network security group (NSG) that has an outbound security rule to deny destination port 3389 and apply the NSG to the network interface of VM1.
You have an Azure virtual machine named VM1 that connects to a virtual network named VNet1. VM1 has the following configurations:
Subnet: 10.0.0.0/24
Availability set: AVSet
Network security group (NSG): None
Private IP address: 10.0.0.4 (dynamic)
Public IP address: 40.90.219.6 (dynamic)
You deploy a standard, Internet-facing load balancer named slb1.
You need to configure slb1 to allow connectivity to VM1.
Which changes should you apply to VM1 as you configure slb1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription named Subscription 1 and an on-premises deployment of Microsoft System Center Service Manager Subscription! contains a virtual machine named VM1.
You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent. What should you do first?
A.
Create a notification
B.
Create an automation runbook.
C.
Deploy the IT Service Management Connector (ITSM).
D.
Deploy a function app
Deploy the IT Service Management Connector (ITSM).
Explanation: IT Service Management Connector (ITSMC) allows you to connect Azure to a supported IT Service Management (ITSM) product or service. Azure services like Azure Log Analytics and Azure Monitor provide tools to detect, analyze, and troubleshoot problems with your Azure and non-Azure resources. But the work items related to an issue typically reside in an ITSM product or service. ITSMC provides a bi-directional connection between Azure and ITSM tools to help you resolve issues faster. ITSMC supports connections with the following ITSM tools: ServiceNow, System Center Service Manager, Provance, Cherwell.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/itsmc-overview
You have an Azure Active Directory (Azure AD) tenant that contains three global administrators named Admin1, Admin2, and Admin3.
The tenant is associated to an Azure subscription. Access control for the subscription is configured as shown in the Access control exhibit. (Click the Exhibit tab.)
You manage two Azure subscriptions named Subscription 1 and Subscription2.
Subscription! has following virtual networks:
You have an Azure App Services web app named App1.
You plan to deploy App1 by using Web Deploy.
You need to ensure that the developers of App1 can use their Azure Active Directory (Azure AD) credentials to deploy content to App1. The solution must use the principle of least privilege.
What should you do?
A.
Configure app-level credentials for FTPS.
B.
Assign The Website Contributor role to the developers.
C.
Assign the Owner role to the developers.
D.
Configure user-level credentials for FTPS.
Assign The Website Contributor role to the developers.
Explanation:
"To secure app deployment from a local computer, Azure App Service supports two types of credentials for local Git deployment and FTP/S deployment. These credentials are not the same as your Azure subscription credentials." https://learn.microsoft.com/enus/azure/app-service/deploy-configure-credentials?tabs=cli
You have three Azure subscriptions named Sub1, Sub2, and Sub3 that are linked to an Azure AD tenant.
The tenant contains a user named User1, a security group named Group1, and a management group named MG1. User1 is a member of Group1.
Sub1 and Sub2 are members of MG1. Sub1 contains a resource group named RG1. RG1 contains five Azure functions.
You create the following role assignments for MG1:
• Group1: Reader
• User1: User Access Administrator
You assign User1 the Virtual Machine Contributor role for Sub1 and Sub2.
You assign User1 the Contributor role for RG1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources shown in the following table.
You need to configure a proximity placement group for VMSS1.
Which proximity placement groups should you use?
A.
Proximity2 only
B.
Proximity 1, Proximity2, and Proximity3
C.
Proximity 1 and Proximity3 only
D.
Proximity1 only
Proximity2 only
Explanation:
Placement Groups is a capability to achieve co-location of your Azure Infrastructure as a Service (IaaS) resources and low network latency among them, for improved application performance.
Azure proximity placement groups represent a new logical grouping capability for your Azure Virtual Machines, which in turn is used as a deployment constraint when selecting where to place your virtual machines. In fact, when you assign your virtual machines to a proximity placement group, the virtual machines are placed in the same data center, resulting in lower and deterministic latency for your applications. The VMSS should share the same region, even it should be the same zone as proximity groups are located in the same data center. Accordingly, it should be proximity 2 only.
Reference:
https://azure.microsoft.com/en-us/blog/introducing-proximity-placement-groups
You have an Azure subscription that contains a storage account named storage1.
You plan to use conditions when assigning role-based access control (RABC) roles to storage1
Which storage1 services support conditions when assigning roles?
A.
containers only
B.
file shares only
C.
tables only
D.
queues only
E.
containers and queues only
F.
files shares and tables only
containers only
Explanation:
"Currently, conditions can be added to built-in or custom role assignments that have blob storage or queue storage data actions. " https://learn.microsoft.com/en-us/azure/rolebased-access-control/conditions-overview#where-can-conditions-be-added
| Page 5 out of 27 Pages |
| Previous |