Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. You manage an Azure Active Directory (AD) tenant
You plan to allow users to log in to a third-party application by using their Azure AD credentials.
To access the application, users will be prompted for their existing third-party user names and passwords.
You need to add the application to Azure AD.
Which type of application should you add?
A. Existing Single Sign-On with identity provisioning
B. Password Single Sign-On with identity provisioning
C. Existing Single Sign-On without identity provisioning
D. Password Single Sign-On without identity provisioning
Answer: A
Explanation: * Azure AD supports two different modes for single sign-on: / Federation using standard protocols Configuring Federation-based single sign-on enables the users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account information from Azure AD. / Password-based single sign-on * Support for user provisioning
User provisioning enables automated user provisioning and deprovisioning of accounts in third-party SaaS applications from within the Azure Management Portal, using your Windows Server Active Directory or Azure AD identity information. When a user is given permissions in Azure AD for one of these applications, an account can be automatically created (provisioned) in the target SaaS application.
Reference: Application access enhancements for Azure AD
URL: http://msdn.microsoft.com/en-us/library/azure/dn308588.aspx
Q2. DRAG DROP
You have an Azure Virtual Network named fabVNet with three subnets named Subnet-1, Subnet-2 and Subnet-3. You have a virtual machine (VM) named fabVM running in the fabProd service.
You need to modify fabVM to be deployed into Subnet-3. You want to achieve this goal by using the least amount of time and while causing the least amount of disruption to the existing deployment.
What should you do? To answer, drag the appropriate Power Shell cmdlet to the correct location in the Power Shell command. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q3. DRAG DROP
Your company manages several Azure Web Sites that are running in an existing web-hosting plan named plan1.
You need to move one of the websites, named contoso, to a new web-hosting plan named plan2.
Which Azure PowerShell cmdlet should you use with each PowerShell command line? To answer, drag the appropriate Azure PowerShell cmdlet to the correct location in the PowerShell code. Each PowerShell cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q4. Your company has a subscription to Azure.
You configure your contoso.com domain to use a private Certificate Authority. You deploy a web site named MyApp by using the Shared (Preview) web hosting plan.
You need to ensure that clients are able to access the MyApp website by using https.
What should you do?
A. Back up the Site and import into a new website.
B. Use the internal Certificate Authority and ensure that clients download the certificate chain.
C. Add custom domain SSL support to your current web hosting plan.
D. Change the web hosting plan to Standard.
Answer: D
Explanation: Enabling HTTPS for a custom domain is only available for the Standard web hosting plan mode of Azure websites.
Reference: Enable HTTPS for an Azure website
http://azure.microsoft.com/en-us/pricing/details/websites/
Q5. DRAG DROP
You manage an Azure Web Site in Standard mode at the following address: contoso.azurevvebsites.net.
Your company has a new domain for the site that needs to be accessible by Secure Socket Layer (SSL) encryption.
You need to be able to add a custom domain to the Azure Web Site and assign an SSL certificate.
Which three steps should you perform next in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. More than one order of answer choices may be correct You will receive credit for any of the correct orders you select
Answer:
Q6. You administer an Azure solution that uses a virtual network named fabVNet. FabVNet has a single subnet named Subnet-1.
You discover a high volume of network traffic among four virtual machines (VMs) that are part of Subnet-1.
You need to isolate the network traffic among the four VMs. You want to achieve this goal with the least amount of downtime and impact on users.
What should you do?
A. Create a new subnet in the existing virtual network and move the four VMs to the new subnet.
B. Create a site-to-site virtual network and move the four VMs to your datacenter.
C. Create a new virtual network and move the VMs to the new network.
D. Create an availability set and associate the four VMs with that availability set.
Answer: A
Explanation: Machine Isolation Options
There are three basic options where machine isolation may be implemented on the Windows Azure platform:
* Between machines deployed to a single virtual network Subnets within a Single Virtual Network
* Between machines deployed to distinct virtual networks
* Between machines deployed to distinct virtual networks where a VPN connection has been established from on-premises with both virtual networks
Windows Azure provides routing across subnets within a single virtual network.
Reference: Network Isolation Options for Machines in Windows Azure Virtual Networks
Incorrect:
not B: A site-to-site VPN allows you to create a secure connection between your on-premises site and your virtual network.
Use a site-to-site connection when:
* You want to create a branch office solution.
* You want a connection between your on-premises location and your virtual network that’s available without requiring additional client-side configurations.
Q7. DRAG DROP
You manage an application deployed to a cloud service that utilizes an Azure Storage account.
The cloud service currently uses the primary access key.
Security policy requires that all shared access keys are changed without causing application downtime.
Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q8. You administer an Azure Storage account with a blob container. You enable Storage account logging for read, write and delete requests.
You need to reduce the costs associated with storing the logs.
What should you do?
A. Execute Delete Blob requests over https.
B. Create an export job for your container.
C. Set up a retention policy.
D. Execute Delete Blob requests over http.
Answer: C
Explanation: To ease the management of your logs, we have provided the functionality of retention policy which will automatically cleanup ‘old’ logs without you being charged for the cleanup. It is recommended that you set a retention policy for logs such that your analytics data will be within the 20TB limit allowed for analytics data (logs and metrics combined).
Reference: Windows Azure Storage Logging: Using Logs to Track Storage Requests, How do I cleanup my logs?
URL: http://blogs.msdn.com/b/windowsazurestorage/archive/2011/08/03/windows-azure-storage-logging-using-logs-to-track-storage-requests.aspx
Q9. Your company network has two physical locations configured in a geo-clustered environment. You create a Blob storage account in Azure that contains all the data associated with your company.
You need to ensure that the data remains available in the event of a site outage.
Which storage option should you enable?
A. Locally redundant storage
B. Geo-redundant storage
C. Zone-redundant storage
D. Read-only geo-redundant storage
Answer: D
Explanation: Introducing Read-only Access to Geo Redundant Storage (RA-GRS):
RA-GRS allows you to have higher read availability for your storage account by providing “read only” access to the data replicated to the secondary location. Once you enable this feature, the secondary location may be used to achieve higher availability in the event the data is not available in the primary region. This is an “opt-in” feature which requires the storage account be geo-replicated.
Reference: Windows Azure Storage Redundancy Options and Read Access Geo Redundant Storage
Q10. You manage a cloud service that supports features hosted by two instances of an Azure virtual machine (VM).
You discover that occasional outages cause your service to fail.
You need to minimize the impact of outages to your cloud service.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Deploy a third instance of the VM.
B. Configure Load Balancing on the VMs.
C. Redeploy the VMs to belong to an Affinity Group.
D. Configure the VMs to belong to an Availability Set.
Answer: B,D
Explanation: Adding your virtual machine to an availability set helps your application stay available during network failures, local disk hardware failures, and any planned downtime..
Combine the Azure Load Balancer with an Availability Set to get the most application resiliency. The Azure Load Balancer distributes traffic between multiple virtual machines..
http://azure.microsoft.com/en-gb/documentation/articles/virtual-machines-manage-availability/
Reference: Manage the availability of virtual machines, Understand planned versus unplanned maintenance
Q11. You manage a cloud service that utilizes an Azure Service Bus queue. You need to ensure that messages that are never consumed are retained. What should you do?
A. Check the MOVE TO THE DEAD-LETTER SUBQUEUE option for Expired Messages in the Azure Portal.
B. From the Azure Management Portal, create a new queue and name it Dead-Letter.
C. Execute the Set-AzureServiceBus PowerShell cmdlet.
D. Execute the New-AzureSchedulerStorageQueueJob PowerShell cmdlet.
Answer: A
Explanation: The EnableDeadLetteringOnMessageExpiration property allows to enable\disable the dead-lettering on message expiration.
Reference: Azure, Managing and Testing Topics, Queues and Relay Services with the Service Bus Explorer Tool
Q12. DRAG DROP
You administer an Azure Web Site named contosoweb that uses a production database. You deploy changes to contosoweb from a deployment slot named contosoweb-staging.
You discover issues in contosoweb that are affecting customer data.
You need to resolve the issues in contosoweb while ensuring minimum downtime for users. You swap contosoweb to contosoweb-staging.
Which four steps should you perform next in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q13. DRAG DROP
You administer a virtual machine (VM) that is deployed to Azure. The VM hosts a web service that is used by several applications.
You need to ensure that the VM sends a notification In the event that the average response time for the web service exceeds a pre-defined response time for an hour or more.
Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q14. You administer a Microsoft Azure SQL Database data base in the US Central region named contosodb. Contosodb runs on a Standard tier within the S1 performance level.
You have multiple business-critical applications that use contosodb.
You need to ensure that you can bring contosodb back online in the event of a natural disaster in the US Central region. You want to achieve this goal with the least amount of downtime.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Upgrade to S2 performance level.
B. Use active geo-replication.
C. Use automated Export.
D. Upgrade to Premium tier.
E. Use point in time restore.
F. Downgrade to Basic tier.
Answer: B,D
Explanation: B: The Active Geo-Replication feature implements a mechanism to provide database redundancy within the same Microsoft Azure region or in different regions (geo-redundancy). One of the primary benefits of Active Geo-Replication is that it provides a database-level disaster recovery solution. Using Active Geo-Replication, you can configure a user database in the Premium service tier to replicate transactions to databases on different Microsoft Azure SQL Database servers within the same or different regions. Cross-region redundancy enables applications to recover from a permanent loss of a datacenter caused by natural disasters, catastrophic human errors, or malicious acts.
D: Active Geo-Replication is available for databases in the Premium service tier only.
Reference: Active Geo-Replication for Azure SQL Database
http://msdn.microsoft.com/en-us/library/azure/dn741339.aspx
Q15. You administer a cloud service.
You plan to host two web applications named contosoweb and contosowebsupport.
You need to ensure that you can host both applications and qualify for the Azure Service
Level Agreement. You want to achieve this goal while minimizing costs.
How should you host both applications?
A. in different web roles with two instances in each web role
B. in the same web role with two instances
C. in different web roles with one instance in each web role
D. in the same web role with one instance
Answer: B
Explanation: A cloud service must have at least two instances of every role to qualify for the Azure Service Level Agreement, which guarantees external connectivity to your Internet-facing roles at least 99.95 percent of the time.
Reference: Azure, What is a cloud service?
URL: http://azure.microsoft.com/en-us/documentation/articles/cloud-services-what-is/