Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Your company is launching a public website that allows users to stream videos.
You upload multiple video files to an Azure storage container.
You need to give anonymous users read access to all of the video files in the storage container.
What should you do?
A. Edit each blob's metadata and set the access policy to Public Blob.
B. Edit the container metadata and set the access policy to Public Container.
C. Move the files into a container sub-directory and set the directory access level to Public Blob.
D. Edit the container metadata and set the access policy to Public Blob.
Answer: C
Explanation:
By default, the container is private and can be accessed only by the account owner. To allow public read access to the blobs in the container, but not the container properties and metadata, use the "Public Blob" option. To allow full public read access for the container and blobs, use the "Public Container" option.
Q2. You administer a solution deployed to a virtual machine (VM) in Azure. The VM hosts a web service that is used by several applications. You are located in the US West region and have a worldwide user base.
Developers in Asia report that they experience significant delays when they execute the services.
You need to verify application performance from different locations.
Which type of monitoring should you configure?
A. Disk Read
B. Endpoint
C. Network Out
D. CPU
E. Average Response Time
Answer: E
Explanation:
Example:
Incorrect:
Not B: Health Endpoint Monitoring Pattern is used for checking the health of the program:
Implement functional checks within an application that external tools can access through
exposed endpoints at regular intervals. This pattern can help to verify that applications and
services are performing correctly.
Reference: How to Monitor and Analyze Performance of the Windows Azure Storage
Service
Q3. You manage a cloud service that has a web application named WebRole1. WebRole1 writes error messages to the Windows Event Log.
Users report receiving an error page with the following message: "Event 26 has occurred. Contact your system administrator."
You need to access the WebRole1 event log.
Which three actions should you perform? Each correct answer presents part of the solution.
A. Enable verbose monitoring.
B. Update the WebRole1 web.config file.
C. Update the cloud service definition file and the service configuration file.
D. Run the Set-AzureVMDiagnosticsExtension PowerShell cmdlet.
E. Run the Enable-AzureWebsiteApplicationDiagnostic PowerShell cmdlet.
F. Create a storage account.
Answer: A,C,F
Explanation: AF: You can monitor key performance metrics for your cloud services in the Azure Management Portal. You can set the level of monitoring to minimal and verbose for each service role, and can customize the monitoring displays. Verbose monitoring data is stored in a storage account, which you can access outside the portal.
* The service configuration file specifies the number of role instances to deploy for each role in the service, the values of any configuration settings, and the thumbprints for any certificates associated with a role. If the service is part of a Virtual Network, configuration information for the network must be provided in the service configuration file, as well as in the virtual networking configuration file. The default extension for the service configuration file is .cscfg.
* The service definition file defines the service model for an application. The file contains the definitions for the roles that are available to a cloud service, specifies the service endpoints, and establishes configuration settings for the service.
URLs:
http://azure.microsoft.com/en-us/documentation/articles/cloud-services-how-to-monitor/ http://msdn.microsoft.com/en-us/library/azure/ee758710.aspx http://msdn.microsoft.com/en-us/library/azure/ee758711.aspx
Q4. HOTSPOT
You manage a public-facing web application which allows authenticated users to upload and download large files. On the initial public page there is a promotional video.
You plan to give users access to the site content and promotional video.
In the table below, identify the access method that should be used for the anonymous and authenticated parts of the application. Make only one selection in each column.
Answer:
Q5. You administer an Azure Storage account named contosostorage. The account has a blob container to store image files.
A user reports being unable to access an image file.
You need to ensure that anonymous users can successfully read image files from the
container.
Which log entry should you use to verify access?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Explanation:
Check for GetBlob and for AnonymousSuccess.
Example: Get Blob AnonymousSuccess:
1.0;2011-07-28T18:52:40.9241789Z;
GetBlob;AnonymousSuccess;200;18;10;anonymous;;sally;blob;"htt
p://
sally.blob.core.windows.net/thumbnails/lake.jpg?timeout=30000";"/sally/thumbnails/lake.jpg
";a84aa705-8a85-48c5-b064-b43bd22979c3;0;123.100.2.10;2009-09-19;252;0;265;100;0;;;"0x8CE1B6EA95033D5";Thursday, 28-Jul-11 18:52:40
GMT;;;;"7/28/2011 6:52:40 PM ba98eb12-700b-4d53-9230-33a3330571fc"
Incorrect:
Not C: Check for AnonymousSuccess not Access.
Not B, not D: Check for GetBlob not GetBlobProperties
nce: Windows Azure Storage Logging: Using Logs to Track Storage Requests
URL: http://blogs.msdn.com/b/windowsazurestorage/archive/2011/08/03/windows-azure-storage-logging-using-logs-to-track-storage-requests.aspx
Q6. HOTSPOT
You manage an Internet Information Services (IIS) 6 website named contososite1. Contososite1 runs a legacy ASP.NET 1.1 application named LegacyApp1. LegacyApp1 does not contain any integration with any other systems or programming languages.
You deploy contososite1 to Azure Web Sites.
You need to configure Azure Web Sites. You have the following requirements:
LegacyApp1 runs correctly.
The application pool does not recycle.
Which settings should you configure to meet the requirements? To answer, select the appropriate settings in the answer area.
Answer:
Q7. Click Configure Directory Partitions, and then click Containers, as shown in the below screen capture.
Answer:
Q8. Your network includes a legacy application named LegacyApp1. The application only runs in the Microsoft .NET 3.5 Framework on Windows Server 2008.
You plan to deploy to Azure Cloud Services.
You need to ensure that LegacyApp1 will run correctly in the new environment.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. Upload a VHD with Windows Server 2008 installed.
B. Deploy LegacyApp1 to a cloud service instance configured with Guest OS Family 2.
C. Deploy LegacyApp1 to a cloud service instance configured with Guest OS Family 1.
D. Deploy LegacyApp1 to a cloud service instance configured with Guest OS Family 3.
Answer: B,C
Explanation: Guest OS Family 1 and Guest OS Family 2 supports .NET 3.5 and .Net 4.0. Guest OS Family 3 and Guest OS Family 4 supports .NET 4.0 and .Net 4.5.
Reference: Azure Guest OS Releases and SDK Compatibility Matrix
URL: http://msdn.microsoft.com/en-us/library/azure/ee924680.aspx
Q9. Your company network includes two branch offices. Users at the company access internal virtual machines (VMs).
You want to ensure secure communications between the branch offices and the internal VMs and network.
You need to create a site-to-site VPN connection.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. a private IPv4 IP address and a compatible VPN device
B. a private IPv4 IP address and a RRAS running on Windows Server 2012
C. a public-facing IPv4 IP address and a compatible VPN device
D. a public-facing IPv4 IP address and a RRAS running on Windows Server 2012
Answer: C,D
Explanation: C (not A): VPN Device IP Address.- This is public facing IPv4 address of your on-premises VPN device that you’ll use to connect to Azure. The VPN device cannot be located behind a NAT. D (Not B): At least one or preferably two publicly visible IP addresses: One of the IP addresses is used on the Windows Server 2012 machine that acts as the VPN device by using RRAS. The other optional IP address is to be used as the Default gateway for out-bound traffic from the on-premises network. If the second IP address is not available, it is possible to configure network address translation (NAT) on the RRAS machine itself, to be discussed in the following sections. It is important to note that the IP addresses must be public. They cannot be behind NAT and/or a firewall.
Reference: Configure a Site-to-Site VPN in the Management Portal
Site-to-Site VPN in Azure Virtual Network using Windows Server 2012 Routing and Remote Access Service (RRAS)
Q10. You manage a collection of large video files that is stored in an Azure Storage account.
A user wants access to one of your video files within the next seven days.
You need to allow the user access only to the video file, and then revoke access once the user no longer needs it.
What should you do?
A. Give the user the secondary key for the storage account.
Once the user is done with the file, regenerate the secondary key.
B. Create an Ad-Hoc Shared Access Signature for the Blob resource.
Set the Shared Access Signature to expire in seven days.
C. Create an access policy on the container.
Give the external user a Shared Access Signature for the blob by using the policy.
Once the user is done with the file, delete the policy.
D. Create an access policy on the blob.
Give the external user access by using the policy.
Once the user is done with the file, delete the policy.
Answer: C
Explanation: See 3) below. By default, only the owner of the storage account may access blobs, tables, and queues within that account. If your service or application needs to make these resources available to other clients without sharing your access key, you have the following options for permitting access:
1.You can set a container's permissions to permit anonymous read access to the container and its blobs. This is not allowed for tables or queues.
2. You can expose a resource via a shared access signature, which enables you to delegate restricted access to a container, blob, table or queue resource by specifying the interval for which the resources are available and the permissions that a client will have to it.
3. You can use a stored access policy to manage shared access signatures for a container or its blobs, for a queue, or for a table. The stored access policy gives you an additional measure of control over your shared access signatures and also provides a straightforward means to revoke them.
Reference: Manage Access to Azure Storage Resources
Q11. You administer a Windows Server virtual machine (VM).
You upload the VM to Azure.
You need to ensure that you are able to deploy the BGInfo and VMAccess extensions.
What should you do?
A. Select the Install the VM Agent checkbox while provisioning a VM based on your uploaded VHD.
B. Select the Enable the VM Extensions checkbox while provisioning a VM based on your uploaded VHD.
C. Install the VM Agent MSI and execute the following Power Shell commands: $vm = Get-AzureVM -serviceName $svc -Name $name $vm.VM.ProvisionGuestAgent = $true Update-AzureVM -Name Sname -VM $vm.VM -ServiceName $svc
D. Install the VM Agent MSI and execute the following Power Shell commands: $vm = Get-AzureVM -serviceName $svc -Name $name Set-AzureVMBGInfoExtension -VM $vm.VM Set-AzureVM Access Extension -VM $vm.VM Update-AzureVM -Name Sname -VM $vm.VM -ServiceName $svc
Answer: C
Explanation: The VM Agent can be enabled by manually downloading and installing the VM Agent (either the Windows or Linux version) on an existing VM instance and then setting the ProvisionGuestAgent value to true using Powershell or a REST call. (If you do not set this value after manually installing the VM Agent, the addition of the VM Agent is not detected properly.) The following code example shows how to do this using PowerShell where the $svc and $name arguments have already been determined.
$vm = Get-AzureVM –serviceName $svc –Name $name $vm.VM.ProvisionGuestAgent = $TRUE Update-AzureVM –Name $name –VM $vm.VM –ServiceName $svc
Reference: VM Agent and VM Extensions Overview
Q12. HOTSPOT
You manage an Azure Web Site named contosoweb.
Some users report that they receive the following error when they access contosoweb:
"http Status 500.0 - Internal Server Error."
You need to view detailed diagnostic information in XML format.
Which option should you enable? To answer, select the appropriate option in the answer
area.
Answer:
Q13. You manage a cloud service that is running in two small instances. The cloud service hosts a help desk application. The application utilizes a virtual network connection to synchronize data to the company's internal accounting system.
You need to reduce the amount of time required for data synchronization.
What should you do?
A. Configure the servers as large instances and re-deploy.
B. Increase the instance count to three.
C. Deploy the application to Azure Web Sites.
D. Increase the processors allocated to the instances.
Answer: A
Explanation:
Note: When you create your service model, you can specify the size to which to deploy an instance of your role, depending on its resource requirements. The size of the role determines the number of CPU cores, the memory capacity, and the local file system size that is allocated to a running instance.
Reference: Virtual Machine and Cloud Service Sizes for Azure
URL : http://msdn.microsoft.com/en-us/library/azure/dn197896.aspx
Q14. Your network environment includes remote employees.
You need to create a secure connection for the remote employees who require access to your Azure virtual network.
What should you do?
A. Deploy Windows Server 2012 RRAS.
B. Configure a point-to-site VPN.
C. Configure an ExpressRoute.
D. Configure a site-to-site VPN.
Answer: B
Explanation: New Point-To-Site Connectivity
With today’s release we’ve added an awesome new feature that allows you to setup VPN connections between individual computers and a Windows Azure virtual network without the need for a VPN device. We call this feature Point-to-Site Virtual Private Networking. This feature greatly simplifies setting up secure connections between Windows Azure and client machines, whether from your office environment or from remote locations.
It is especially useful for developers who want to connect to a Windows Azure Virtual Network (and to the individual virtual machines within it) from either behind their corporate firewall or a remote location. Because it is point-to-site they do not need their IT staff to perform any activities to enable it, and no VPN hardware needs to be installed or configured. Instead you can just use the built-in Windows VPN client to tunnel to your Virtual Network in Windows Azure.
Reference: Windows Azure: Improvements to Virtual Networks, Virtual Machines, Cloud Services and a new Ruby SDK
http://azure.microsoft.com/blog/2013/04/26/virtual-network-adds-new-capabilities-for-cross-premises-connectivity/
Q15. Your company has recently signed up for Azure.
You plan to register a Data Protection Manager (DPM) server with the Azure Backup service.
You need to recommend a method for registering the DPM server with the Azure Backup vault.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. Import a self-signed certificate created using the makecert tool.
B. Import a self-signed certificate created using the createcert tool.
C. Import an X.509 v3 certificate with valid clientauthentication EKU.
D. Import an X.509 v3 certificate with valid serverauthentication EKU.
Answer: A,C
Explanation: A: You can create a self-signed certificate using the makecert tool, or use any valid SSL certificate issued by a Certification Authority (CA) trusted by Microsoft, whose root certificates are distributed via the Microsoft Root Certificate Program.
C: The certificate must have a valid ClientAuthentication EKU.
Reference: Prerequisites for Azure Backup
URL: http://technet.microsoft.com/en-us/library/dn296608.aspx