Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. You administer a Microsoft Azure SQL Database data base in the US Central region named contosodb. Contosodb runs on a Standard tier within the S1 performance level.
You have multiple business-critical applications that use contosodb.
You need to ensure that you can bring contosodb back online in the event of a natural disaster in the US Central region. You want to achieve this goal with the least amount of downtime.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Upgrade to S2 performance level.
B. Use active geo-replication.
C. Use automated Export.
D. Upgrade to Premium tier.
E. Use point in time restore.
F. Downgrade to Basic tier.
Answer: B,D
Explanation: B: The Active Geo-Replication feature implements a mechanism to provide database redundancy within the same Microsoft Azure region or in different regions (geo-redundancy). One of the primary benefits of Active Geo-Replication is that it provides a database-level disaster recovery solution. Using Active Geo-Replication, you can configure a user database in the Premium service tier to replicate transactions to databases on different Microsoft Azure SQL Database servers within the same or different regions. Cross-region redundancy enables applications to recover from a permanent loss of a datacenter caused by natural disasters, catastrophic human errors, or malicious acts.
D: Active Geo-Replication is available for databases in the Premium service tier only.
Reference: Active Geo-Replication for Azure SQL Database
http://msdn.microsoft.com/en-us/library/azure/dn741339.aspx
Q2. You administer of a set of virtual machine (VM) guests hosted in Hyper-V on Windows Server 2012 R2.
The virtual machines run the following operating systems:
Windows Server 2008 Windows Server 2008 R2 Linux (openSUSE 13.1)
All guests currently are provisioned with one or more network interfaces with static bindings and VHDX disks. You need to move the VMs to Azure Virtual Machines hosted in an Azure subscription.
Which three actions should you perform? Each correct answer presents part of the solution.
A. Install the WALinuxAgent on Linux servers.
B. Ensure that all servers can acquire an IP by means of Dynamic Host Configuration Protocol (DHCP).
C. Upgrade all Windows VMs to Windows Server 2008 R2 or higher.
D. Sysprep all Windows servers.
E. Convert the existing virtual disks to the virtual hard disk (VHD) format.
Answer: A,C,D
Explanation: * A: Azure Linux Agent
This agent is installed on the Linux VM and is responsible to communicate with the Azure Frabric Controller.
* UPLOADING A VIRTUAL MACHINE TO WINDOWS AZURE
Assumption: A Windows Server (2008 R2 or 2012) is created and running as a virtual machine in Hyper-V. (C) Log onto the Windows Server hosted in Hyper-V you’d like to upload to Windows Azure
and open and command prompt (I’m using Windows Server 2012 R2).
Navigate to c:\Windows\System32\Sysprep
Type in sysprep.exe and select enter: (D)
Q3. HOTSPOT
You manage two websites for your company. The sites are hosted on an internal server
that is beginning to experience performances issues due to high traffic.
You plan to migrate the sites to Azure Web Sites.
The sites have the following configurations:
In the table below, identity the web hosting plan with the lowest cost for each site. Make only one selection in each column.
Answer:
Q4. You administer an Azure subscription with an existing cloud service named contosocloudservice. Contosocloudservice contains a set of related virtual machines (VMs) named ContosoDC, ContosoSQL and ContosoWeb1.
You want to provision a new VM within contosocloudservice.
You need to use the latest gallery image to create a new Windows Server 2012 R2 VM that
has a target IOPS of 500 for any provisioned disks.
Which PowerShell command should you use?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Explanation: This example creates a new Windows virtual machine configuration with operating system disk, data disk and provisioning configuration. This configuration is then used to create a new virtual machine.
C:\PS> $image = (Get-AzureVMImage).ImageName C:\PS>New-AzureVMConfig -Name "MyVM1" -InstanceSize ExtraSmall -ImageName $image ` | Add-AzureProvisioningConfig -Windows -Password $adminPassword ` | Add-AzureDataDisk -CreateNew -DiskSizeInGB 50 -DiskLabel 'datadisk1' -LUN 0 ` | New-AzureVM –ServiceName "MySvc1"
Reference: New-AzureVMConfig
URL: http://msdn.microsoft.com/en-us/library/dn495159.aspx
Q5. You administer an Azure virtual network named fabrikamVNet.
You need to deploy a virtual machine (VM) and ensure that it is a member of the fabrikamVNet virtual network.
What should you do?
A. Run the New-AzureVM Power Shell cmdlet.
B. Run the New-AzureQuickVM Power Shell cmdlet.
C. Run the New-AzureAfhnityGroup Power Shell cmdlet.
D. Update fabrikamVNet's existing Availability Set.
Answer: B
Explanation: The New-AzureQuickVM cmdlet sets the configuration for a new virtual machine and creates the virtual machine. You can create a new Azure service for the virtual machine by specifying either the Location or AffinityGroup parameters, or deploy the new virtual machine into an existing service.
Reference: New-AzureQuickVM
URL: http://msdn.microsoft.com/en-us/library/dn495183.aspx
Q6. You manage a collection of large video files that is stored in an Azure Storage account.
A user wants access to one of your video files within the next seven days.
You need to allow the user access only to the video file, and then revoke access once the user no longer needs it.
What should you do?
A. Give the user the secondary key for the storage account.
Once the user is done with the file, regenerate the secondary key.
B. Create an Ad-Hoc Shared Access Signature for the Blob resource.
Set the Shared Access Signature to expire in seven days.
C. Create an access policy on the container.
Give the external user a Shared Access Signature for the blob by using the policy.
Once the user is done with the file, delete the policy.
D. Create an access policy on the blob.
Give the external user access by using the policy.
Once the user is done with the file, delete the policy.
Answer: C
Explanation: See 3) below. By default, only the owner of the storage account may access blobs, tables, and queues within that account. If your service or application needs to make these resources available to other clients without sharing your access key, you have the following options for permitting access:
1.You can set a container's permissions to permit anonymous read access to the container and its blobs. This is not allowed for tables or queues.
2. You can expose a resource via a shared access signature, which enables you to delegate restricted access to a container, blob, table or queue resource by specifying the interval for which the resources are available and the permissions that a client will have to it.
3. You can use a stored access policy to manage shared access signatures for a container or its blobs, for a queue, or for a table. The stored access policy gives you an additional measure of control over your shared access signatures and also provides a straightforward means to revoke them.
Reference: Manage Access to Azure Storage Resources
Q7. You administer a virtual machine (VM) that is deployed to Azure. You configure a rule to generate an alert when the average availability of a web service on your VM drops below 95 percent for 15 minutes.
The development team schedules a one-hour maintenance period.
You have the following requirements:
. No alerts are created during the maintenance period.
. Alerts can be restored when the maintenance is complete. You want to achieve this goal by using the least amount of administrative effort.
What should you do from the Management Portal?
A. Select and disable the rule from the Dashboard page of the virtual machine.
B. Select and delete the rule from the Configure page of the virtual machine.
C. Select and disable the rule from the Monitor page of the virtual machine.
D. Select and disable the rule on the Configure page of the virtual machine.
Answer: C
Explanation: * Example:
* Virtual Machines
You can configure virtual machine alert rules on: / Monitoring metrics from the virtual machine host operating system / Web endpoint status metrics
Reference: Understanding Monitoring Alerts and Notifications in Azure
Q8. You manage an Azure virtual network that hosts 15 virtual machines (VMs) on a single subnet which is used for testing a line of business (LOB) application. The application is deployed to a VM named TestWebServiceVM.
You need to ensure that TestWebServiceVM always starts by using the same IP address. You need to achieve this goal by using the least amount of administrative effort.
What should you do?
A. Use the Management Portal to configure TestWebServiceVM.
B. Use RDP to configure TestWebServiceVM.
C. Run the Set-AzureStaticVNetIP PowerShell cmdlet.
D. Run the Get-AzureReservedIP PowerShell cmdlet.
Answer: C
Explanation: Specify a static internal IP for a previously created VM
If you want to set a static IP address for a VM that you previously created, you can do so by using the following cmdlets. If you already set an IP address for the VM and you want to change it to a different IP address, you’ll need to remove the existing static IP address before running these cmdlets. See the instructions below to remove a static IP. For this procedure, you’ll use the Update-AzureVM cmdlet. The Update-AzureVM cmdlet restarts the VM as part of the update process. The DIP that you specify will be assigned after the VM restarts. In this example, we set the IP address for VM2, which is located in cloud service StaticDemo.
Get-AzureVM -ServiceName StaticDemo -Name VM2 | Set-AzureStaticVNetIP -IPAddress
192.168.4.7 | Update-AzureVM
Reference: Configure a Static Internal IP Address (DIP) for a VM URL: http://msdn.microsoft.com/en-us/library/azure/dn630228.aspx
Q9. You manage a cloud service that is running in two small instances. The cloud service hosts a help desk application. The application utilizes a virtual network connection to synchronize data to the company's internal accounting system.
You need to reduce the amount of time required for data synchronization.
What should you do?
A. Configure the servers as large instances and re-deploy.
B. Increase the instance count to three.
C. Deploy the application to Azure Web Sites.
D. Increase the processors allocated to the instances.
Answer: A
Explanation:
Note: When you create your service model, you can specify the size to which to deploy an instance of your role, depending on its resource requirements. The size of the role determines the number of CPU cores, the memory capacity, and the local file system size that is allocated to a running instance.
Reference: Virtual Machine and Cloud Service Sizes for Azure
URL : http://msdn.microsoft.com/en-us/library/azure/dn197896.aspx
Q10. You administer an Access Control Service namespace named contosoACS that is used by a web application. ContosoACS currently utilizes Microsoft and Yahoo accounts.
Several users in your organization have Google accounts and would like to access the web application through ContosoACS.
You need to allow users to access the application by using their Google accounts.
What should you do?
A. Register the application directly with Google.
B. Edit the existing Microsoft Account identity provider and update the realm to include Google.
C. Add a new Google identity provider.
D. Add a new WS-Federation identity provider and configure the WS-Federation metadata to point to the Google sign-in URL.
Answer: C
Explanation: Configuring Google as an identity provider eliminates the need to create and manage authentication and identity management mechanism. It helps the end user experience if there are familiar authentication procedures.
Reference: Microsoft Azure, How to: Configure Google as an Identity Provider
URL: http://msdn.microsoft.com/en-us/library/azure/gg185976.aspx
Q11. Click OK on the SourceAD Properties page.
12. Perform a full sync: on the Management Agent tab, right-click SourceAD, click Run,
click Full Import Full Sync, and then click OK.
Etc. Reference: Installing and Configure DirSync with OU level filtering for Office365
URL: http://blogs.msdn.com/b/denotation/archive/2012/11/21/installing-and-configure-dirsync-with-ou-level-filtering-for-office365.aspx
Answer:
Q12. You develop a Windows Store application that has a web service backend.
You plan to use the Azure Active Directory Authentication Library to authenticate users to Azure Active Directory (Azure AD) and access directory data on behalf of the user.
You need to ensure that users can log in to the application by using their Azure AD credentials.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Create a native client application in Azure AD.
B. Configure directory integration.
C. Create a web application in Azure AD.
D. Enable workspace join.
E. Configure an Access Control namespace.
Answer: B,C
Explanation: B: An application that wants to outsource authentication to Azure AD must be
registered in Azure AD, which registers and uniquely identifies the app in the directory.
C (not A): NativeClient-WindowsStore
A Windows Store application that calls a web API that is secured with Azure AD.
Reference: AzureADSamples/NativeClient-WindowsStore Authentication Scenarios for Azure AD, Basics of Authentication in Azure AD http://msdn.microsoft.com/en-us/library/azure/dn499820.aspx#BKMK_Auth https://github.com/AzureADSamples/NativeClient-WindowsStore
Q13. HOTSPOT
You administer an Azure Active Directory (Azure AD) tenant.
You add a custom application to the tenant.
The application must be able to:
. Read data from the tenant directly.
. Write data to the tenant on behalf of a user. In the table below, identify the permission that must be granted to the application. Make only one selection in each column.
Answer:
Q14. You administer an Azure Storage account with a blob container. You enable Storage account logging for read, write and delete requests.
You need to reduce the costs associated with storing the logs.
What should you do?
A. Execute Delete Blob requests over https.
B. Create an export job for your container.
C. Set up a retention policy.
D. Execute Delete Blob requests over http.
Answer: C
Explanation: To ease the management of your logs, we have provided the functionality of retention policy which will automatically cleanup ‘old’ logs without you being charged for the cleanup. It is recommended that you set a retention policy for logs such that your analytics data will be within the 20TB limit allowed for analytics data (logs and metrics combined).
Reference: Windows Azure Storage Logging: Using Logs to Track Storage Requests, How do I cleanup my logs?
URL: http://blogs.msdn.com/b/windowsazurestorage/archive/2011/08/03/windows-azure-storage-logging-using-logs-to-track-storage-requests.aspx
Q15. HOTSPOT
You manage an Azure Web Site named contosoweb.
Some users report that they receive the following error when they access contosoweb:
"http Status 500.0 - Internal Server Error."
You need to view detailed diagnostic information in XML format.
Which option should you enable? To answer, select the appropriate option in the answer
area.
Answer: