You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate
resource groups. Another administrator plans to create several network security groups (NSGs) in the
subsc
...
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate
resource groups. Another administrator plans to create several network security groups (NSGs) in the
subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between
the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?
No
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com. You
plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint
document library named Library1. You need to create groups for the users. The solution must ensure that the
groups are deleted automatically after 180 days. Which two groups should you create? Each correct answer
presents a complete solution.
Multiple answers
1) An office 365 group that uses the Assigned membership type.
2) An office 365 group that uses the Dynamic User membership type.
00:0201:47
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in
the following table.
Name Type Member of
User1 Member Group1
User2 Guest Group1
User3 Member None
UserA Member Group2
UserB Guest Group2
User3 is the owner of Group1.
Group2 is a member of Group1.
You configure an access review named Review1 as shown in the following exhibit:
Statements: Yes or No answer
User3 can perform an access review of User1: Yes
User3 can perform an access review of UserA: Yes
User3 can perform an access review of UserB: Yes
You have an on-premises server that contains a folder named D:\Folder1. You need to copy the contents of
D:\Folder1 to the public container in an Azure Storage account named contosodata.
Which command should you run?
azcopy copy D:\folder1 https://contosodata.blob.core.windows.net/public --recursive
DRAG DROP
You have an Azure subscription named Subscription1. You create an Azure Storage account named
contosostorage, and then you create a file share named data. Which UNC path should you include in a script
that references files from the data file share? To answer, drag the appropriate values to the correct targets.
Each value may be used once, more than once or not at all. You may need to drag the split bar between
panes or scroll to view content.
Note: Each correct selection is worth one point.
\\Contosostorage.file.core.windows.net\data
HOTSPOT
You have the Azure management groups shown in the following table:
Name In management group
Tenant Root Group Not applicable
Management Group11 Tenant Root Group
Management Group12 Tenant Root Group
Management Group21 ManagementGroup11
You add Azure subscription to the management group as shown in the following table:
Name Management group
Subscription1 ManagementGroup21
Subscription2 ManagementGroup12
Name Parameter
Not allowed resource types. VirtualNetworks
Allowed resource types VirtualNetworks
Statements: Answers yes or no
You can create a virtual network in Subscription1: No
You can create a virtual machine in Subscription2: Yes
You can add Subscription1 to ManagementGroup11:Yes
HOTSPOT
You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM 1.
You install and configure a web server and a DNS server on VM1.
VM1 has an effective network security rules shown in the following exhibit:
Network Interface: vm 1900. Effective security rules Topology
Virtual network/subnet: VMRG-vnet/default. Public IP: 104.40.215.211
Private IP: 10.0.0.5 Accelerated. networking: Disabled
Inbound Port Rules:
Network security group VM1-nsg (attached to network interface: vm1900)
Impacts 0 subnets, 1 network interfaces
Priority. Name PORT Protocol
900. Rule2 50-60 Any
1000. Default-allow-rdp. 3389 TCP
1010 Rule1 50-500 TCP
65000 AllowVnetldBound. Any Any
65001 AllowAzureLoadBalan.. Any Any
65500. DenyAllnBound Any. Any
Answer Area: Scroll down answer
Internet Users [answer choice]-Can connect to only the web server on VM1.
If you delete Rule2, Internet users
[answer choice]- can connect to the web server and the DNS server on VM1.
You have an Azure web app named App1. App1 has the deployment slots shown in the following table:
Name Function
Webapp1-prod Production
Webapp1-test Staging
In webapp1-test, you test several changes to App1.
You back up App1.
You swap webapp1-test for webapp1-prod and discover that App1 is experiencing performance issues. You
need to revert to the previous version of App1 as quickly as possible.
What should you do?
Swap the slots
HOTSPOT
You have an Azure subscription named Subscription1.
Subscription1 contains the virtual machines in the following table:
Name IP address
VM1 10.0.1.4
VM2 10.0.2.4
VM3 10.0.3.4
Subscription1 contains a virtual network named VNet1 that has the subnets in the following table:
Name Address space Connected virtual machine
Subnet1 10.0.1.0/24 VM1
Subnet2 10.0.2.0/24 VM2
Subnet3 10.0.3.0/24 VM3
VM3 has multiple network adapters, including a network adapter named NIC3. IP forwarding is enabled on
NIC3. Routing is enabled on VM3. You create a route table RT1 that contains the routes in the following table:
Address prefix Next hop type Next hop address
10.0.1.0/24 Virtual appliance 10.0.3.4
10.0.2.0/24 Virtual appliance 10.0.3.4
You apply RT1 to Subnet1 and Subnet2.
For each of the following statements, select Yes if the statement is true. Otherwise, select no.
Note: Each correct selection is worth one point.
Answer Area: Yes or no answers
1) VM3 can establish a network connection to VM1: Yes
2) If VM3 is turned off, VM2 can establish a network connection to VM1: No
3) VM1 can establish a network connection to VM2: Yes
HOTSPOT
You have an Azure subscription that contains the resources in the following table:
Name Type
VMRG. Resource group
VNet1 Virtual network
VNet2 Virtual network
VM5 Virtual machine connected to VNet1
VM6 Virtual machine connected to VNet2
In Azure, you create a private DNS zone named adatum.com. You set the registration virtual network to
VNet2. The adatum.com zone is configured as shown in the following exhibit:
Resource group (change).
Answer Area: Yes or no
1) The A record for VM5 will be registered automatically in the adatum.com zone: NO
2) VM5 can resolve VM9.adatum.com: NO
3) VM6 can resolve VM9.adatum.com: YES
HOTSPOT
You have an Azure subscription named Subscription1 that contains a resource group named RG1. In RG1, you
create an internal load balancer named LB1 and a public load balancer named BL2. You need to ensure that
an administrator named Admin1 can manage LB1 and LB2. The solution must follow the principle of least
privilege. Which role should you assign to Admin1 for each task? To answer, select the appropriate options in
the answer area.
NOTE: Each correct selection is worth one point.
Multiple Answer Area
1) To add a backend pool to LB1: Network Contributor on LB1 (answer)
2) To add a health probe to LB2: Network Contributor on LB2 (Answer)
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named
contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com. You need to
ensure that access to AKS1 can be granted to the contoso.com users. What should you do first?
From contoso.com, create an OAuth 2.0 authorization endpoint.
You have an Azure subscription that contains an Azure Storage account. You plan to create an Azure
container instance named container1 that will use a Docker image named Image1. Image1 contains a
Microsoft SQL Server instance that requires persistent storage. You need to configure a storage service for
Container1.
What should you use?
Azure Table storage
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1.
RG1 contains resources that were deployed by using templates. Solution: From the Subscriptions blade, you
select the subscription and then click Programmatic deployment.
Does this meet the goal?
No
DRAG DROP
You have an on-premises file server named Server1 that runs Windows Server 2016. You have an Azure
subscription that contains an Azure file share. You deploy an Azure File Sync Storage Sync Service, and you
create a sync group. You need to synchronize files from Server1 to Azure. Which three actions should you
perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area
and arrange them in the correct order.
Actions
1) Install the Azure File Sync agent on Server1
2) Create an Azure on-premises data gateway
3) Create a Recovery Services vault
4) Register Server1
5) Add a server endpoint
6) Install the DFS Replication server role on Server1
Answer Area:
1) Install the Azure File Sync agent on Server
[Show More]