Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. You administer an Access Control Service namespace named contosoACS that is used by a web application. ContosoACS currently utilizes Microsoft and Yahoo accounts.
Several users in your organization have Google accounts and would like to access the web application through ContosoACS.
You need to allow users to access the application by using their Google accounts.
What should you do?
A. Register the application directly with Google.
B. Edit the existing Microsoft Account identity provider and update the realm to include Google.
C. Add a new Google identity provider.
D. Add a new WS-Federation identity provider and configure the WS-Federation metadata to point to the Google sign-in URL.
Answer: C
Explanation: Configuring Google as an identity provider eliminates the need to create and manage authentication and identity management mechanism. It helps the end user experience if there are familiar authentication procedures.
Reference: Microsoft Azure, How to: Configure Google as an Identity Provider
URL: http://msdn.microsoft.com/en-us/library/azure/gg185976.aspx
Q2. You manage a large datacenter that has limited physical space.
You plan to extend your datacenter to Azure.
You need to create a connection that supports a multiprotocol label switching (MPLS) virtual private network.
Which connection type should you use?
A. Site-to-site
B. VNet-VNet
C. ExpressRoute.
D. Site-to-peer
Answer: C
Explanation:
ExpressRoute provides even richer capabilities by allowing a dedicated MPLS connection to Azure. Reference:
ExpressRoute:
An MPLS Connection to Microsoft Azure
http://azure.microsoft.com/en-us/services/expressroute/
Q3. DRAG DROP
Your company network includes a single forest with multiple domains. You plan to migrate from On-Premises Exchange to Exchange Online.
You want to provision the On-Premises Windows Active Directory (AD) and Azure Active Directory (Azure AD) service accounts.
You need to set the required permissions for the Azure AD service account.
Which settings should you use? To answer, drag the appropriate permission to the service account. Each permission may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q4. Your company has two cloud services named CS01 and CS02. You create a virtual machine (VM) in CS02 named Accounts.
You need to ensure that users in CS01 can access the Accounts VM by using port 8080.
What should you do?
A. Create a firewall rule.
B. Configure load balancing.
C. Configure port redirection.
D. Configure port forwarding.
E. Create an end point.
Answer: E
Explanation: All virtual machines that you create in Azure can automatically communicate using a private network channel with other virtual machines in the same cloud service or virtual network. However, other resources on the Internet or other virtual networks require endpoints to handle the inbound network traffic to the virtual machine.
Reference: How to Set Up Endpoints to a Virtual Machine
URL: http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/
Q5. You manage a virtual Windows Server 2012 web server that is hosted by an on-premises Windows Hyper-V server. You plan to use the virtual machine (VM) in Azure.
You need to migrate the VM to Azure Storage to add it to your repository.
Which Azure Power Shell cmdlet should you use?
A. Import-AzureVM
B. New-AzureVM
C. Add-AzureDisk
D. Add-AzureWebRole
E. Add-AzureVhd
Answer: E
Explanation: * How do I move an existing virtual machine to the cloud? The steps are pretty basic:
Create a place to store your hard disk in Windows Azure
Prepare your virtual hard disk
Upload your virtual hard disk
.Create your machine in Windows Azure
* Add-AzureVhd Uploads a virtual hard disk (in .vhd file format) from an on-premises virtual machine to a blob in a cloud storage account in Azure.
The Add-AzureVhd cmdlet allows you to upload on-premises virtual hard disks (in .vhd file format) to a blob storage account as fixed virtual hard disks. You can configure the number of uploader threads that will be used or overwrite an existing blob in the specified destination URI. Also supported is the ability to upload a patched version of an on-premises .vhd file: When a base virtual hard disk has already been uploaded, you can upload differencing disks that use the base image as the parent. Shared access signature (SAS URI) is supported as well.
Reference: Add-AzureVhd
URL: http://msdn.microsoft.com/en-us/library/dn495173.aspx
Q6. You are migrating a local virtual machine (VM) to an Azure VM. You upload the virtual hard disk (VHD) file to Azure Blob storage as a Block Blob.
You need to change the Block blob to a page blob.
What should you do?
A. Delete the Block Blob and re-upload the VHD as a page blob.
B. Update the type of the blob programmatically by using the Azure Storage .NET SDK.
C. Update the metadata of the current blob and set the Blob-Type key to Page.
D. Create a new empty page blob and use the Azure Blob Copy Power Shell cmdlet to copy the current data to the new blob.
Answer: A
Explanation: * To copy the data files to Windows Azure Storage by using one of the following methods: AzCopy Tool, Put Blob (REST API) and Put Page (REST API), or Windows Azure Storage Client Library for .NET or a third-party storage explorer tool. Important: When using this new enhancement, always make sure that you create a page blob not a block blob.
* Azure has two main files storage format: Page blob : mainly used for vhd’s (CloudPageBlob) Block Blob : for other files (CloudBlockBlob)
ference: Move your data files to Windows Azure Storage
http://msdn.microsoft.com/en-us/library/dn466429.aspx
Q7. HOTSPOT
Your company network has two branch offices. Some employees work remotely, including at public locations. You manage an Azure environment that includes several virtual networks.
All users require access to the virtual networks.
In the table below, identify which secure cross-premise connectivity option is needed for each type of user. Make only one selection in each column.
Answer:
Q8. DRAG DROP
You have a solution deployed into a virtual network in Azure named fabVNet. The fabVNet virtual network has three subnets named Apps, Web, and DB that are configured as shown in the exhibit. (Click the Exhibits button.)
You want to deploy two new VMs to the DB subnet.
You need to modify the virtual network to expand the size of the DB subnet to allow more IP addresses.
Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q9. DRAG DROP
You administer a cloud service named contosoapp that has a web role and worker role.
Contosoapp requires you to perform an in-place upgrade to the service.
You need to ensure that at least six worker role instances and eight web role instances are available when you apply upgrades to the service. You also need to ensure that updates are completed for all instances by using the least amount of time.
Which value should you use with each configuration? To answer, drag the appropriate value to the correct configuration. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q10. You manage an application deployed to virtual machines (VMs) on an Azure virtual network
named corpVnet1.
You plan to hire several remote employees who will need access to the application on corpVnet1.
You need to ensure that new employees can access corpVnet1. You want to achieve this goal by using the most cost effective solution.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Create a VPN subnet.
B. Enable point-to-point connectivity for corpVnet1.
C. Enable point-to-site connectivity for corpVnet1.
D. Create a gateway subnet.
E. Enable site-to-site connectivity for corpVnet1.
F. Convert corpVnet1 to a regional virtual network.
Answer: A,C
Explanation:
A point-to-site VPN also allows you to create a secure connection to your virtual network. In a point-to-site configuration, the connection is configured individually on each client computer that you want to connect to the virtual network. Point-to-site connections do not require a VPN device. They work by using a VPN client that you install on each client computer. The VPN is established by manually starting the connection from the on-premises client computer. You can also configure the VPN client to automatically restart.
Reference: About Secure Cross-Premises Connectivity
Q11. You manage a cloud service that utilizes data encryption.
You need to ensure that the certificate used to encrypt data can be accessed by the cloud service application.
What should you do?
A. Upload the certificate referenced in the application package.
B. Deploy the certificate as part of the application package.
C. Upload the certificate's public key referenced in the application package.
D. Use RDP to install the certificate.
Answer: C
Explanation: The developer must deploy the public key with their application so that, when Windows Azure spins up role instances, it will match up the thumbprint in the service definition with the uploaded service certificate and deploy the private key to the role instance. The private key is intentionally non-exportable to the .pfx format, so you won’t be able to grab the private key through an RDC connection into a role instance.
Reference: Field Note: Using Certificate-Based Encryption in Windows Azure Applications
Q12. You develop a set of Power Shell scripts that will run when you deploy new virtual machines (VMs).
You need to ensure that the scripts are executed on new VMs. You want to achieve this goal by using the least amount of administrative effort.
What should you do?
A. Create a new GPO to execute the scripts as a logon script.
B. Create a SetupComplete.cmd batch file to call the scripts after the VM starts.
C. Create a new virtual hard disk (VHD) that contains the scripts.
D. Load the scripts to a common file share accessible by the VMs.
E. Set the VMs to execute a custom script extension.
Answer: E
Explanation: After you deploy a Virtual Machine you typically need to make some changes before it’s ready to use. This is something you can do manually or you could use Remote PowerShell to automate the configuration of your VM after deployment for example.
But now there’s a third alternative available allowing you customize your VM: the CustomScript extension.
This CustomScript extension is executed by the VM Agent and it’s very straightforward: you specify which files it needs to download from your storage account and which file it needs to execute. You can even specify arguments that need to be passed to the script. The only requirement is that you execute a .ps1 file.
Reference: Customizing your Microsoft Azure Virtual Machines with the new CustomScript extension
http://fabriccontroller.net/blog/posts/customizing-your-microsoft-azure-virtual-machines-with-the-new-customscript-extension/
Q13. DRAG DROP
You plan to deploy a cloud service named contosoapp that has a web role named contosoweb and a worker role named contosoimagepurge.
You need to ensure the service meets the following requirements:
. Contosoweb can be accessed over the Internet by using http.
. Contosoimagepurge can only be accessed through tcp port 5001 from
contosoweb.
. Contosoimagepurge cannot be accessed directly over the Internet.
Which configuration should you use? To answer, drag the appropriate configuration setting to the correct location in the service configuration file. Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q14. You plan to use Password Sync on your DirSync Server with Azure Active Directory {Azure AD) on your company network. You configure the DirSync server and complete an initial synchronization of the users.
Several remote users are unable to log in to Office 365. You discover multiple event log entries for "Event ID 611 Password synchronization failed for domain."
You need to resolve the password synchronization issue.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Restart Azure AD Sync Service.
B. Run the Set-FullPasswordSync Power Shell cmdlet.
C. Force a manual synchronization on the DirSync server.
D. Add the DirSync service account to the Schema Admins domain group.
Answer: A,B
Explanation: On the computer that has the Azure Active Directory Sync tool installed, follow these steps: . Perform.a full password sync for all users who are synced through directory synchronization. To do this, follow these steps: Set-FullPasswordSync . Restart the Forefront Identity Manager Synchronization Service. To do this, follow
these steps: Reference: User passwords don't sync if your organization is using Azure Active Directory synchronization
http://support2.microsoft.com/kb/2915221
Q15. DRAG DROP
You administer an Azure Virtual Machine (VM) named CON-CL1. CON-CL1 is in a cloud service named ContosoService1.
You want to create a new VM named MyApp that will have a fixed IP address and be hosted by an Azure Datacenter in the US West region.
You need to assign a fixed IP address to the MyApp VM.
Which Azure Power Shell cmdlets and values should you use? To answer, drag the appropriate cmdlet or value to the correct location in the PowerShell command. Each cmdlet or value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content
Answer: