Mock Questions

  1. You have an Azure subscription that has eight VMs deployed in it. You need to configure monitoring for this, and want to receive a notification when the Central Processing Unit (CPU) or available memory reaches a certain threshold value. The notification needs to be sent using an email and needs to create a new issue in the corporate issue tracker. What is the minimum number of action groups and alerts that you need to create to meet these requirements?
    1. Eight alerts and one action group
    2. Two alerts and two action groups
    3. One alert and two action groups
    4. One alert and one action group
  2. You have a Windows Server 2016 machine deployed inside an availability set. You need to change the availability set assignment for the VM. What will you do?
    1. Migrate the VM to another Azure region.
    2. Assign the VM to a new availability set.
    3. Redeploy the VM from a recovery point.
    4. Move the VM to a different availability set.
  3. You have an Azure Application Gateway deployed that currently load balances all traffic on port 80 to a single backend pool. You now have a requirement to load balance all traffic that includes /Video/* in the path to be forwarded to a different backend pool. What should you do?
    1. Create a new backend pool, and then create a new basic rule and include the /Video/* path and the new backend pool.
    2. Create a new backend pool, and then create a new path-based rule and include the /Video/* path and the new backend pool.
    1. Create a new Application Gateway and traffic manager and load balance all requests that contain the /Video/* path to the correct target.
    2. Add the /Video/* path to the default rule.
  1. You have an application that uses Azure Service Bus, Azure Functions, and Azure Logic Apps. The Service Bus is deployed on the basic tier. You want to protect the Service Bus namespace from an outage in one data center. What should you do first?
    1. Change the pricing tier to Standard.
    2. Create a Service Bus namespace in another data center.
    3. Pair the namespace with another namespace in a different data center.
    4. Geo-replicate the relay endpoints to another data center.
  2. You are developing a workflow solution using Azure technologies. Which solution is the best fit if you want to debug the solution using Visual Studio?
    1. Durable functions only
    2. Logic Apps only
    3. Durable functions and Logic Apps
  3. You are developing a workflow solution using Azure technologies. Which solution is the best fit if you want to deploy the solution using Azure DevOps?
    1. Durable functions only
    2. Logic Apps only
    3. Durable functions and Logic Apps
  4. You have an Azure subscription that contains 10 VMs. You need to ensure that you receive an email when any VM is powered off, restarted, or deallocated. What is the minimum number of rules and action groups that you need to create?
    1. Three rules and three action groups
    2. One rule and one action groups
    3. Three rules and one action group
    4. One rule and three action groups
  5. Your company wants to deploy a storage account. You need to ensure that the data is available in the case of the failure of an entire data center. The solution must be the most cost-effective. What should you do?
    1. Configure geo-redundant storage.
    2. Configure local redundant storage.
    3. Configure read-access geo-redundant storage.
    4. Configure zone-redundant storage.
  1. You need to assign a static IPv4 address for a Windows Server VM named PacktVM1 running in a VNet named PacktVNet1. What should you do?
    1. Modify the IP configuration of the VNet interface associated with the PacktVM1 VM.
    2. Edit the address range of the PacktVNet1 VNet.
    3. Connect to the PacktVM1 VM by using WinRM and run the Set-NetIPAddress cmdlet.
    4. Connect to the PacktVM1 VM by using Remote Desktop Protocol and edit the VM's virtual network connection properties.
  2. You need to add another administrator who will be responsible for managing all Infrastructure-as-a-Service (IaaS) deployments in your Azure subscription. You create a new account in Azure AD for the user. You need to configure the user account to meet the following requirements: read and write access to all Azure IaaS deployments, read-only access to Azure AD, and no access to Azure subscription metadata. The solution must also minimize your access maintenance in the future. What should you do?
    1. Assign the owner role at the resource level to the user account.
    2. Assign the global administrator directory role to the user account.
    3. Assign the virtual machine operator role at the subscription level to the user account.
    4. Assign the contributor role at the resource group level to the user account.
  3. Your company wants to enable all user accounts to use SSO to log in to applications and Office 365. The company has an on-premises AD and uses smartcard authentication. Which solution do you need to deploy to allow users to log in without providing a password?
    1. Azure AD Connect with pass-through authentication and SSO
    2. Azure AD Connect with pass hash synchronization and SSO
    3. Azure AD Connect with pass hash synchronization
    4. Active Directory Federation Services
  4. You have Azure Site Recovery configured for failover protection for seven on-premises machines to Azure in case of an accident. You want to ensure that only 10 minutes of data is lost when an outage occurs. Which PowerShell cmdlet should you use for this?
    1. Edit-AzureRmSiteRecoveryRecoveryPlan
    2. Get-AzureRmSiteRecoveryPolicy
    1. Get-AzureRmSiteRecoveryRecoveryPlan
    2. Update-AzureRmSiteRecoveryPolicy
  1. Your organization has Azure resources deployed in the West US, West Europe, and East Australia regions. The company has four offices located in these regions. You need to provide connectivity between all the on-premises networks and all the resources in Azure using a private channel. You configure a VPN gateway for each Azure region and configure a site-to-site VPN for each office and connect to the nearest VPN gateway. You then configure virtual network peering. You need to ensure that users have the lowest traffic latency. Does this solution meet your goal?
    1. Yes
    2. No
  2. Your company has an Azure AD tenant and an on-premises AD that are synced using Azure AD Connect. The security department notices a high number of logins from various public IP addresses. What should you do to reduce these logins?
    1. Enable Azure AD smart lockout.
    2. Add all the public IP addresses to conditional access and use location blocking to deny all login attempts.
    3. Create a conditional access rule to require MFA for all risky logins labeled medium risk and above.
    4. Turn on Azure MFA fraud alerts.
  3. You have an Azure App Service API that allows users to upload documents to the cloud with a mobile device. A mobile app connects to the service by using REST API calls. When a document is uploaded to the service, the service extracts the document metadata. Usage statistics for the app show a significant increase in app usage. The extraction process is very CPU-intensive. You plan to modify the API to use a queue. You need to ensure that the solution scales, handles request spikes, and reduces costs between the spikes. What should you do?
    1. Configure a CPU-optimized VM and install the Web App service on the new instance.
    2. Configure a series of CPU-optimized VMs and install the extraction logic for the app to process a queue.
    3. Move the extraction logic to an Azure function. Create a queue-triggered function to process the queue.
    4. Configure Azure Container Instances to retrieve the items from the queue and run the extraction logic across a pool of VM nodes.
  1. You want to create a group of resource group managers in the Azure portal. Which RBAC role do you need to assign to them to manage all the resource groups in the Azure subscription?
    1. Contributor
    2. Reader
    3. Owner
    4. Monitoring reader
  2. Your company has an application that requires data from a blob storage to be moved from the hot access tier to the archive access tier to reduce costs. Which type of storage account do you need to create?
    1. General Purpose V2 storage account
    2. General Purpose V1 storage account
    3. Azure File storage
    4. Azure Blob storage
  3. You are planning data security for your Azure resources. The confidentially of code on your VMs must be protected while the code is being processed. Which feature should you use for this?
    1. Azure Batch
    2. Azure Confidential Compute
    3. Azure Container Instances
    4. Azure Disk Encryption
  4. You have two Azure resource groups, named ResourceGroup1 and ResourceGroup2. The ResourceGroup1 resource group contains 20 Windows Server VMs and all the VMs are connected to an Azure Log Analytics workspace named Workspace1. You need to write a log search query that collects all security events with the following properties: all security levels other than 8 and with the Event ID 4672. How should you write your query?
    1. SecurityEvent | where Level == 8 | and EventID == 4672
    2. SecurityEvent | where Level <> 8 | where EventID == 4672
    3. SecurityEvent | where Level == 8 | summarize EventID == 4672
    4. SecurityEvent | where Level <> 8 | and EventID == 4672
  1. You are using an Azure Logic App to integrate SharePoint Online, Dynamics, and an on-premises Oracle database. You are informed that the Logic App access key has been compromised. What should you do?
    1. Delete the Logic App and redeploy it.
    2. Only allow internal IP addresses to access the Logic App.
    3. Add a resource lock.
    4. Regenerate the access key.
  2. You have two subscriptions named subscription 1 and subscription 2. Each subscription is associated with a different Azure AD tenant. Subscription 1 contains a virtual network named VNet 1. VNet 1 contains an Azure VM named VM1 and has an IP address space of 10.0.0.0/16. Subscription 2 contains a virtual network named VNet 2. VNet 2 contains an Azure VM named VM2 and has an IP address space of 10.0.0.0/24. You need to connect VNet1 to VNet 2. What should you do first?
    1. Move VM2 to subscription 1.
    2. Provision virtual network gateways.
    3. Move VNet 1 to subscription 2.
    4. Modify the IP address range of VNet 2.
  3. Your company has a VM that is stored inside a resource group. You need to deploy additional VMs in the same resource group. You are planning to deploy them using an ARM template. You need to create a template from the original VM using PowerShell. Which cmdlet should you use?
    1. Use the Export-AzResourceGroup
    2. Use the Get-AzResourceGroupDeployment
    3. Use the Get-AzResourceGroupDeploymentOperation
    4. Use the Get-AzResourceGroupDeploymentTemplate
  4. You are developing an app that references data that is shared across multiple Azure SQL databases. The app must guarantee transactional consistency for changes across several sharding key values. You need to manage the transactions. What should you implement?
    1. Elastic database transactions with horizontal partitioning
    2. Distributed transactions coordinated by Microsoft Distributed Transaction Coordinator (MSDTC)
    3. Server-coordinated transactions from a .NET application
    4. Elastic database transactions with vertical partitioning
  1. You create a VM called VM1 with a Premium SSD operating system disk. You enable Azure Disk Encryption for the VM and then you add a Premium SSD data disk. Is the data disk automatically encrypted?
    1. Yes
    2. No
  2. Your company has an application that uses an Azure SQL Database to store information. The company has also deployed System Center Service Manager. You need to configure an alert when the database reaches 80% of CPU usage. When this alert rises, you want your administrator to be notified using email and SMS. You also need to create a ticket in the corporate issue tracker automatically when the alert arises. Which two actions should you perform?
    1. Configure System Center Service Manager with Azure Automation.
    2. Configure one action group with three actions: one for email, one for SMS, and one for creating the ticket.
    3. Configure an IT Service Management Connector.
    4. Configure two actions groups: one for email and SMS, and one for creating the ticket.
  3. A VM named PacktVM1 is deployed in a resource group named PacktResourceGroup1. The VM is connected to a VNet named PacktVNet1. You plan to connect the PacktVM1 VM to an additional VNet named PacktVNet2. You need to create an additional network interface on the PacktVM1 VM and connect it to the PacktVNet2 VNet. Which two Azure Command-line Interface (CLI) commands should you use?
    1. az vm nic add
    2. am vm nic create
    3. az network update
    4. az network nic create
  1. You need to grant access to an external consultant to some resources inside your Azure subscription. You plan to add this external user using PowerShell. Which cmdlet should you use?
    1. New-AzADUser
    2. New-AzureADMSInvitation
    3. Get-AzADUser
    4. Get-AzureADMSInvitation
  1. You are planning to migrate your on-premises environment to Azure using Azure Site Recovery. You have already created a storage account, a virtual network, a Recovery Services vault, and a resource group in the Azure portal. You now need to grant the cloud engineer the requisite privileges to perform the migration. Which two built-in roles should you use, using the principle of least privilege?
    1. Site Recovery Contributor
    2. Network Contributor
    3. Reader
    4. Virtual Machine Contributor
  2. You use Azure AD Connect to synchronize all AD domain users and groups with Azure AD. As a result, all users can use Single Sign-on (SSO) to access applications. You should reconfigure the directory synchronization to exclude domain services accounts and user accounts that shouldn't have access to the application. What should you do?
    1. Rerun Azure AD Connect.
    2. Stop the synchronization service.
    3. Remove the domain services and user accounts manually.
    4. Configure conditional access rules in Azure AD.
  3. You configure Azure Application Gateway to host multiple websites on a single instance of the Application Gateway. You create two backend server pools, named PacktPool1 and PackPool2. Requests for http://Packt1.info should be routed to PacktPool1, and requests for http://Packt2.info should be routed to PacktPool2. Users only see the content of PacktPool2, regardless of the URL they use. You need to identify which component is configured incorrectly. What should you check?
    1. CName resource record
    2. Backend port settings
    3. Routing rule
    4. SSL certificate
  4. Your company is developing a .NET application that stores information in an Azure storage account. You need to ensure that the information is stored in a secure way. You ask the developers to use a shared access signature (SAS) when accessing the information. You need to make the required configurations on the storage account to follow security best practices. Which statement is true?
    1. You need to configure a stored access policy.
    2. To revoke an SAS, you can delete the stored access policy.
    3. You should set the SAS start time to now.
  1. You have an application running on an Azure VM. Your on-premises network connects to the Azure Virtual Network using an Azure VPN Gateway. The application cannot be exposed directly to the internet due to security requirements. Users of the marketing department should be able to access the application when they are traveling and are using their company laptop. Which kind of connection should you configure?
    1. ExpressRoute
    2. Point-to-site
    3. Site-to-site
    4. VNet-to-VNet
  2. You are asked to create a new set of Azure Active Directory (AD) security groups that represent the entire hierarchy of a manager's team. This includes people who are managed by the manager. You need to implement the request using the least amount of administrative effort. What should you do?
    1. Create new groups using the Direct Reports rule.
    2. Create new Azure AD groups for each manager and use a custom script to detect the ManagerID attribute changes and modify the group membership when needed.
    3. Create dynamic groups and Azure AD using a ruleset, including the ManagerID attribute.
    4. Create multiple Azure AD groups and add the members with the same ManagerID attribute value to each group.
  3. Your company has an Azure AD tenant and an on-premises AD that are synced using Azure AD Connect. You have one subscription called Packt_Main. The helpdesk administrators are members of the Packt_HD group. You need to grant the helpdesk group the permissions to reset user passwords using the Azure portal, while using the least amount of permissions. What should you do?
    1. Grant the Packt_HD group the password administrator role in Azure administrator.
    2. Delegate password reset privileges to the Packt_HD group on the user's Organizational Unit (OU) in Azure Directory users and computers.
    3. Add the Packt_HD group to the domain admins user group.
    4. Grant the Packt_HD group the ownership role on the Packt_Main subscription.
  1. You need to use an Azure logic app to receive a notification when an administrator modifies the settings of a virtual machine in a resource group, ResourceGroup1. Which three components should you create next in the Logic Apps Designer? Pick the three components and set them in the correct order.
    1. An action
    2. An Azure Event Grid trigger
    3. A condition control
    4. A variable
  2. Your company has an Azure AD tenant and an on-premises AD that are synced using Azure AD Connect. Your on-premises environment is running a mix of Windows Server 2012 and Windows Server 2016 servers. You use Azure MFA for multi-factor authentication. Users report that they are required to use MFA while using company devices. You need to turn MFA off for domain-joined devices. What should you do?
    1. Enable SSO on Azure AD Connect.
    2. Create a conditional access rule to allow users to use either MFA or a domain-joined device when accessing applications.
    3. Configure Windows Hello for Business on all domain-joined devices.
    4. Add the company external IP address to the Azure MFA Trusted IPs list.
  3. You maintain an existing Azure SQL Database instance. Management of the database is performed by an external party. All cryptographic keys are stored in Azure Key Vault. You must ensure that the external party cannot access the data in the SSN column of the Person table. What should you do?
    1. Enable AlwayOn encryption.
    2. Set the column encryption setting to disabled.
    3. Assign users to the public fixed database role.
    4. Store the column encryption keys in the system catalog view in the database.
  4. You have an Azure resource group named PacktResourceGroup1 that contains a Linux VM named PacktVM1. You need to automate the deployment of 30 additional Linux machines. The VMs should be based on the configuration of the PacktVM1  VM. Which of the following solutions will meet the goal?
    1. From the VM Automation's script blade, you click Deploy.
    2. From the Templates blade, you click Add.
    3. From the resource group's policy blade, you click Assign policy.
  1. You have an Azure subscription that contains two different VNets. You want the VNets to communicate through the Azure backbone. Which solution should you choose?
    1. VNet peering
    2. Site-to-site VPN
    3. Point-to-site VPN
    4. Azure Expressroute
  2. You are using Azure Application Gateway to manage traffic for your corporate website. The Application Gateway uses the standard tier with an instance size of medium. You are asked to implement WAF to guard the website against SQL injection attacks and other vulnerabilities. To configure WAF, which two actions should you perform?
    1. Enable WAF in detection mode.
    2. Change the Azure Application Gateway to an instance size of large.
    3. Enable WAF in prevention mode.
    4. Change the Azure Application Gateway tier.
  1. Your company has two Virtual Networks (VNets) deployed, VNet1 and VNet2. You need to connect both VNets together. What is the most cost-effective solution?
    1. VNet-to-VNet 
    2. Site-to-site
    3. User-defined routes
    4. VNet peering
  2. You have VMs deployed inside a Hyper-V infrastructure and you are planning to move those VMs to Azure using Azure Site Recovery. You have the following types of machines. Can all these types of machines be moved using Azure Site Recovery?:
    • Windows VMs Generation 2
    • Linux VMs Generation 2
    • Windows VMs with BitLocker installed on it
  3. You have a web app named PacktApp. You are developing a triggered App Service background task using the WebJobs SDK. This task will automatically invoke a function in code whenever any new data is received in the queue. Which service should you use when you want to manage all code segments from the same Azure DevOps environment?
    1. Logic Apps
    2. A custom web app
    3. Web Jobs
    4. Functions
  4. You are managing the network of your organization. The on-premises infrastructure consists of multiple subnets. A new branch office was recently added. The network devices in the new office are assigned to a 192.168.22.0/24 subnet. You need to configure the Azure VPN Gateway to make sure that all the network devices in the branch office are accessible from the Azure network as well. Which PowerShell cmdlet should you use?
    1. Add-AzureRmVirtualNetworkSubnetConfig
    2. Set-AzureRmLocalNetworkGateway
    3. Set-AzureRmNetworkInterface
    4. Add-AzureRmNetworkInterfaceIpConfig
  5. You are developing a workflow solution using Azure technologies. Which solution is the best fit if you want to use a collection of ready-made actions?
    1. Durable functions only
    2. Logic Apps only
    3. Durable functions and Logic Apps
  6. You are asked to configure a solution that allows users to log into Office 365 applications without providing their passwords. Your company also wants to deploy cloud-based, two-factor authentication for some user profiles. What should you do?
    1. Enable password hash synchronization.
    2. Enable pass-through authentication.
    3. Install Azure AD Connect.
    4. Enable Azure Multi-Factor authentication.
  7. You are creating a new Azure Function app to run a serverless C# application. This function has an execution duration of one second and a memory consumption of 256 MB, and executes up to 1 million times during the month. Which plan should you use?
    1. Linux App Service plan
    2. Windows Consumption plan
    3. Windows App Service plan
    4. Kubernetes App Service plan
  1. You need to delegate some of the global administrator privileges to a new cloud engineer in your office. You decide to create a custom role using a JSON file and the following PowerShell cmdlet to add the custom role: New-AzureRmRoleDefinition -InputFile "C:ARM_templates/customrole.json". Is this correct?
    1. Yes
    2. No
  2. You deploy Multi-Factor Authentication (MFA) in your Azure AD tenant. You don't want your users to be required to enter any additional passwords or code in the browser when using MFA. Which two methods should you make available?
    1. Call to phone
    2. Text message to phone
    3. Notification through the mobile app
    4. Verification code from hardware token
  3. You plan to create a Docker image that runs on an ASP.NET Core application named PacktApp. You have a setup script named setupScrip.ps1 and a series of application files including PacktApp. You need to create a Dockerfile document that calls the setup script when the container is built and runs the app when the container starts. The Dockerfile must be created in the same folder where PacktApp.dll and setupScrip.ps1 are stored. In which order do the following four commands need to be executed?
    1. Copy ./.
    2. WORKDIR /apps/PacktApp
    3. FROM microsoft/aspnetcore:2.0
    4. RUN powershell ./setupScript.ps1 CMD ["dotnet", "PacktApp.dll"]
  1. You have a web app named PacktApp. You are developing a triggered App Service background task using the WebJobs SDK. This task will automatically invoke a function in code whenever any new data is received in the queue. Which service should you use to process a queue data item?
    1. Logic Apps
    2. A custom web app
    3. Web Jobs
    4. Functions
  1. You are migrating an existing on-premises, third-party website to Azure. The website is stateless. You don't have access to the source code of the website and you don't have the original installer. The number of visitors to the website varies throughout the year. The on-premises infrastructure was resized to accommodate peaks, but the extra capacity was not used. You need to implement a VM scale set instance. What should you do?
    1. Use an autoscale setting to scale instances vertically.
    2. Create 100 autoscale settings per resource.
    3. Use an autoscale setting with an unlimited maximum number of instances.
    4. Use Azure Monitor to create autoscale settings using custom metrics.
  2. You have two Azure Active Directory tenants. You have a Microsoft account that can be used to sign into both accounts. You need to configure the default sign-in tenant for the Azure portal. What should you do?
    1. From Azure Cloud Shell, run Set-AzContext.
    2. From Azure Cloud Shell, run Set-AzSubscription.
    3. From the Azure portal, change the directory.
    4. From the Azure portal, configure the portal settings.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset