Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. You manage two datacenters in different geographic regions and one branch office.
You plan to implement a geo-redundant backup solution.
You need to ensure that each datacenter is a cold site for the other.
You create a recovery vault. What should you do next?
A. Install the provider.
B. Upload a certificate to the vault.
C. Generate a vault key.
D. Set all virtual machines to DHCP.
E. Prepare System Center Virtual Machine Manager (SCVMM) servers.
F. Create mappings between the virtual machine (VM) networks.
Answer: C
Explanation: . Within the Azure Portal screen, scroll down to Recovery Services (on the left menu), and click on “Create a New Vault” (this is where your VMs will be replicated to) which will bring up a Data Services / Recovery Services / Site Recovery Vault option, select Quick Create . For the name of the Vault, give it something you’d remember, in my case, I’ll call it RandsVault, and I’ll choose the Region West US since I’m in the Western United States, then click Create Vault . Once the Vault has been created, click on the Right Arrow next to the name of your vault. Under Setup Recovery, choose “Between an on-premise site and Microsoft Azure” so that you are telling the configuration settings that you are going to be replicating between your on-premise datacenter and Azure in the cloud. . You will now see a list of things you need to do which the first thing is to create a key exchange of certificates between Microsoft Azure and your VMM server.
Reference: Leveraging Microsoft Azure as your disaster recovery/failover data center
Q2. DRAG DROP
You manage an Azure Web Site named contososite.
You download the subscription publishing credentials named Contoso-Enterprise.publishsettings.
You need to use Azure Power Shell to achieve the following:
Connect to the Contoso-Enterprise subscription.
Create a new App Setting named CustomSetting with a value of True.
Restart the website.
Which commands should you use? To answer, drag the appropriate Azure PowerShell command to the correct location in the solution. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q3. DRAG DROP
You publish a multi-tenant application named MyApp to Azure Active Directory (Azure AD).
You need to ensure that only directory administrators from the other organizations can access MyApp's web API.
How should you configure MyApp's manifest JSON file? To answer, drag the appropriate PowerShell command to the correct location in the application's manifest JSON file. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q4. Your company network includes an On-Premises Windows Active Directory (AD) that has a DNS domain named contoso.local and an email domain named contoso.com. You plan to migrate from On-Premises Exchange to Office 365.
You configure DirSync and set all Azure Active Directory {Azure AD)
usernames as %username%@contoso.com
You need to ensure that each user is able to log on by using the email domain as the username.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Verify the email domain in Azure AD domains.
B. Run the Set-MsolUserPnncipalName -UserPnncipalName %username%@co ntoso.onmicrosoft.com -NewUserPrincipalName %usemame %@contoso.com Power Shell cmdlet.
C. Edit the ProxyAddress attribute on the On-Premises Windows AD user account.
D. Verify the Windows AD DNS domain in Azure AD domains.
E. Update the On-Premises Windows AD user account UPN to match the email address.
Answer: C,D
Explanation: * There are two main traffic flows originating from the server hosting the Azure Active Directory Sync tool: The Azure Active Directory Sync tool queries a domain controller on the on-premises network for changes to accounts and passwords. The Azure Active Directory Sync tool sends the changes to accounts and passwords to the Azure AD instance of your Office 365 subscription. These changes are sent through the on-premises network’s proxy server.
* Verify that your virtual machine is joined to the domain by checking your internal DNS to make sure that an Address (A) record was added for the virtual machine with the correct IP address from Azure. For the Azure Active Directory Sync tool to gain access to Internet resources, you must configure the server that runs the Azure Active Directory Sync tool to use the on-premises network's proxy server.
Reference: Deploy Office 365 Directory Synchronization in Microsoft Azure
Q5. HOTSPOT
You manage two websites for your company. The sites are hosted on an internal server
that is beginning to experience performances issues due to high traffic.
You plan to migrate the sites to Azure Web Sites.
The sites have the following configurations:
In the table below, identity the web hosting plan with the lowest cost for each site. Make only one selection in each column.
Answer:
Q6. You administer a DirSync server configured with Azure Active Directory (Azure AD).
You need to provision a user in Azure AD without waiting for the default DirSync synchronization interval.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. Restart the DirSync server.
B. Run the Start-OnlineCoexistenceSync PowerShell cmdlet.
C. Run the Enable-SyncShare PowerShell cmdlet.
D. Run the Azure AD Sync tool Configuration Wizard.
E. Replicate the Directory in Active Directory Sites and Services.
Answer: B,D
Explanation: If you don’t want to wait for the recurring synchronizations that occur every three hours, you can force directory synchronization at any time.
B: Force directory synchronization using Windows PowerShell
You can use the directory synchronization Windows PowerShell cmdlet to force synchronization. The cmdlet is installed when you install the Directory Sync tool. On the computer that is running the Directory Sync tool, start PowerShell, type Import-Module DirSync, and then press ENTER.
Type Start-OnlineCoexistenceSync, and then press ENTER.
D: Azure Active Directory Sync Services (AAD Sync)
In September 2014 the Microsoft Azure AD Sync tool was released. This changed how
manual sync requests are issued.
To perform a manual update we now use the DirectorySyncClientCmd.exe tool. The Delta
and Initial parameters are added to the command to specify the relevant task.
This tool is located in:
C:\Program Files\Microsoft Azure AD Sync\Bin
You can use the directory synchronization Windows PowerShell cmdlet to force
synchronization. The cmdlet is installed when you install the Directory Sync tool. On the computer that is running the Directory Sync tool, start PowerShell, type Import-Module DirSync, and then press ENTER.
Type Start-OnlineCoexistenceSync, and then press ENTER.
Q7. You administer an Azure Active Directory (Azure AD) tenant where Box is configured for: . Application Access . Password Single Sign-on An employee moves to an organizational unit that does not require access to Box through
the Access Panel.
You need to remove only Box from the list of applications only for this user.
What should you do?
A. Delete the user from the Azure AD tenant.
B. Delete the Box Application definition from the Azure AD tenant.
C. From the Management Portal, remove the user's assignment to the application.
D. Disable the user's account in Windows AD.
Answer: C
Explanation: Note: Use Azure AD to manage user access, provision user accounts, and enable single sign-on with Box. Requires an existing Box subscription.
Q8. You manage several Azure virtual machines (VMs). You create a custom image to be used by employees on the development team.
You need to ensure that the custom image is available when you deploy new servers.
Which Azure Power Shell cmdlet should you use?
A. Update-AzureVMImage
B. Add-AzureVhd
C. Add-AzureVMImage
D. Update-AzureDisk
E. Add-AzureDataDisk
Answer: C
Explanation: The Add-AzureVMImage cmdlet adds an operating system image to the
image repository. The image should be a generalized operating system image, using either
Sysprep for Windows or, for Linux, using the appropriate tool for the distribution.
Example
This example adds an operating system image to the repository.
Windows PowerShell
C:\PS>Add-AzureVMImage -ImageName imageName -MediaLocation
http://yourstorageaccount.blob.core.azure.com/container/sampleImage.vhd -Label
Reference: Add-AzureVMImage
Q9. You administer a Microsoft Azure SQL Database database in the US Central region named contosodb. Contosodb runs on a Standard tier within the SI performance level.
You have multiple business-critical applications that use contosodb.
You need to ensure that you can bring contosodb back online in the event of a natural disaster in the US Central region. You want to achieve this goal with the least amount of downtime.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Upgrade to S2 performance level.
B. Use active geo-replication.
C. Use automated Export.
D. Upgrade to Premium tier.
E. Use point in time restore.
F. Downgrade to Basic tier.
Answer: B,D
Explanation: B: The Active Geo-Replication feature implements a mechanism to provide database redundancy within the same Microsoft Azure region or in different regions (geo-redundancy). One of the primary benefits of Active Geo-Replication is that it provides a database-level disaster recovery solution. Using Active Geo-Replication, you can configure a user database in the Premium service tier to replicate transactions to databases on different Microsoft Azure SQL Database servers within the same or different regions. Cross-region redundancy enables applications to recover from a permanent loss of a datacenter caused by natural disasters, catastrophic human errors, or malicious acts.
D: Active Geo-Replication is available for databases in the Premium service tier only.
Reference: Active Geo-Replication for Azure SQL Database
http://msdn.microsoft.com/en-us/library/azure/dn741339.aspx
Q10. Your company plans to migrate from On-Premises Exchange to Exchange Online in Office
365.
You plan to integrate your existing Active Directory Domain Services (AD DS) infrastructure with Azure AD.
You need to ensure that users can log in by using their existing AD DS accounts and passwords. You need to achieve this goal by using minimal additional systems.
Which two actions should you perform? Each answer presents part of the solution.
A. Configure Password Sync.
B. Set up a DirSync Server.
C. Set up an Active Directory Federation Services Server.
D. Set up an Active Directory Federation Services Proxy Server.
Answer: A,B
Explanation: Directory Sync with Password Sync Scenario' Applies To: Azure, Office 365, Windows Intune
Password sync is an extension to the Directory Sync Scenario. With directory sync, you can manage the entire lifecycle of your cloud user and group accounts using your on-premise Active Directory management tools.
When password sync is enabled on your directory sync computer, your users will be able to sign into Microsoft cloud services, such as Office 365, Dynamics CRM, and Windows InTune, using the same password as they use when logging into your on-premises network. When your users change their passwords in your corporate network, those changes are synchronized to the cloud.
Reference: Directory Sync with Password Sync Scenario'
URL: http://technet.microsoft.com/en-us/library/dn441214.aspx
Q11. You manage a software-as-a-service application named SaasApp1 that provides user management features in a multi-directory environment.
You plan to offer SaasApp1 to other organizations that use Azure Active Directory.
You need to ensure that SaasApp1 can access directory objects.
What should you do?
A. Configure the Federation Metadata URL
B. Register SaasApp1 as a native client application.
C. Register SaasApp1 as a web application.
D. Configure the Graph API.
Answer: D
Explanation: The Azure Active Directory Graph API provides programmatic access to Azure AD through REST API endpoints. Applications can use the Graph API to perform create, read, update, and delete (CRUD) operations on directory data and objects. For example, the Graph API supports the following common operations for a user object: / Create a new user in a directory / Get a user’s detailed properties, such as their groups / Update a user’s properties, such as their location and phone number, or change their password / Check a user’s group membership for role-based access / Disable a user’s account or delete it entirely
Reference: Azure AD Graph API
URL: http://msdn.microsoft.com/en-us/library/azure/hh974476.aspx
Q12. You publish an application named MyApp to Azure Active Directory (Azure AD). You grant access to the web APIs through OAuth 2.0.
MyApp is generating numerous user consent prompts.
You need to reduce the amount of user consent prompts.
What should you do?
A. Enable Multi-resource refresh tokens.
B. Enable WS-federation access tokens.
C. Configure the Open Web Interface for .NET.
D. Configure SAML 2.0.
Answer: A
Explanation: When using the Authorization Code Grant Flow, you can configure the client to call multiple resources. Typically, this would require a call to the authorization endpoint for each target service. To avoid multiple calls and multiple user consent prompts, and reduce the number of refresh tokens the client needs to cache, Azure Active Directory (Azure AD) has implemented multi-resource refresh tokens. This feature allows you to use a single refresh token to request access tokens for multiple resources.
Reference:Azure, OAuth 2.0, Refresh Tokens for Multiple Resources
Q13. HOTSPOT
You manage an Azure subscription.
You develop a storage plan with the following requirements:
. Database backup files that are generated once per year are retained for ten years. . High performance system telemetry logs are created constantly and processed for analysis every month.
In the table below, identify the storage redundancy type that must be used. Make only one selection in each column.
Answer:
Q14. DRAG DROP
You administer an Azure SQL database named contosodb that is running in Standard/S1 tier. The database is in a server named server1 that is a production environment. You also administer a database server named server2 that is a test environment. Both database servers are in the same subscription and the same region but are on different physical clusters.
You need to copy contosodb to the test environment.
Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q15. DRAG DROP
You manage an Azure virtual machine (VM) named AppVM. The application hosted on
AppVM continuously writes small files to disk. Recently the usage of applications on AppVM has increased greatly.
You need to improve disk performance on AppVM.
Which Microsoft Azure Power Shell cmdlet should you use with each Power Shell command line? To answer, drag the appropriate Microsoft Azure Power Shell cmdlet to the correct location in the Power Shell code. Each Power Shell cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer: