Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Your company has a subscription to Azure. You plan to deploy 10 websites. You have the following requirements:
. Each website has at least 15 GB of storage.
. All websites can use azurewebsite.net.
You need to deploy the 10 websites while minimizing costs.
Which web tier plan should you recommend?
A. Free
B. Small Business
C. Standard
D. Basic
Answer: C
Explanation: Standard offers 50 GB of storage space, while Basic only gives 10 GB:
Reference: Websites Pricing Details
URL: http://azure.microsoft.com/en-us/pricing/details/websites/
http://azure.microsoft.com/en-us/documentation/articles/azure-subscription-service-limits/
Q2. DRAG DROP
You administer a virtual machine (VM) that is deployed to Azure. The VM hosts a web service that is used by several applications.
You need to ensure that the VM sends a notification In the event that the average response time for the web service exceeds a pre-defined response time for an hour or more.
Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q3. DRAG DROP
Your company network includes a single forest with multiple domains. You plan to migrate from On-Premises Exchange to Exchange Online.
You want to provision the On-Premises Windows Active Directory (AD) and Azure Active Directory (Azure AD) service accounts.
You need to set the required permissions for the Azure AD service account.
Which settings should you use? To answer, drag the appropriate permission to the service account. Each permission may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q4. DRAG DROP
You administer an Azure Virtual Machine (VM) named CON-CL1. CON-CL1 is in a cloud service named ContosoService1.
You want to create a new VM named MyApp that will have a fixed IP address and be hosted by an Azure Datacenter in the US West region.
You need to assign a fixed IP address to the MyApp VM.
Which Azure Power Shell cmdlets and values should you use? To answer, drag the appropriate cmdlet or value to the correct location in the PowerShell command. Each cmdlet or value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content
Answer:
Q5. DRAG DROP
You administer two virtual machines (VMs) that are deployed to a cloud service. The VMs are part of a virtual network.
The cloud service monitor and virtual network configuration are configured as shown in the exhibits. (Click the Exhibits button.)
You need to create an internal load balancer named fabLoadBalancer that has a static IP address of 172.16.0.100.
Which value should you use in each parameter of the Power Shell command?
To answer, drag the appropriate value to the correct location in the Power Shell command. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q6. You administer an Azure solution that uses a virtual network named fabVNet. FabVNet has a single subnet named Subnet-1.
You discover a high volume of network traffic among four virtual machines (VMs) that are part of Subnet-1.
You need to isolate the network traffic among the four VMs. You want to achieve this goal with the least amount of downtime and impact on users.
What should you do?
A. Create a new subnet in the existing virtual network and move the four VMs to the new subnet.
B. Create a site-to-site virtual network and move the four VMs to your datacenter.
C. Create a new virtual network and move the VMs to the new network.
D. Create an availability set and associate the four VMs with that availability set.
Answer: A
Explanation: Machine Isolation Options
There are three basic options where machine isolation may be implemented on the Windows Azure platform:
* Between machines deployed to a single virtual network Subnets within a Single Virtual Network
* Between machines deployed to distinct virtual networks
* Between machines deployed to distinct virtual networks where a VPN connection has been established from on-premises with both virtual networks
Windows Azure provides routing across subnets within a single virtual network.
Reference: Network Isolation Options for Machines in Windows Azure Virtual Networks
Incorrect:
not B: A site-to-site VPN allows you to create a secure connection between your on-premises site and your virtual network.
Use a site-to-site connection when:
* You want to create a branch office solution.
* You want a connection between your on-premises location and your virtual network that’s available without requiring additional client-side configurations.
Q7. DRAG DROP
You plan to deploy a cloud service named contosoapp that has a web role named contosoweb and a worker role named contosoimagepurge.
You need to ensure the service meets the following requirements:
. Contosoweb can be accessed over the Internet by using http.
. Contosoimagepurge can only be accessed through tcp port 5001 from
contosoweb.
. Contosoimagepurge cannot be accessed directly over the Internet.
Which configuration should you use? To answer, drag the appropriate configuration setting to the correct location in the service configuration file. Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q8. You administer an Azure Storage account named contosostorage. The account has a blob container to store image files.
A user reports being unable to access an image file.
You need to ensure that anonymous users can successfully read image files from the
container.
Which log entry should you use to verify access?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Explanation:
Check for GetBlob and for AnonymousSuccess.
Example: Get Blob AnonymousSuccess:
1.0;2011-07-28T18:52:40.9241789Z;
GetBlob;AnonymousSuccess;200;18;10;anonymous;;sally;blob;"htt
p://
sally.blob.core.windows.net/thumbnails/lake.jpg?timeout=30000";"/sally/thumbnails/lake.jpg
";a84aa705-8a85-48c5-b064-b43bd22979c3;0;123.100.2.10;2009-09-19;252;0;265;100;0;;;"0x8CE1B6EA95033D5";Thursday, 28-Jul-11 18:52:40
GMT;;;;"7/28/2011 6:52:40 PM ba98eb12-700b-4d53-9230-33a3330571fc"
Incorrect:
Not C: Check for AnonymousSuccess not Access.
Not B, not D: Check for GetBlob not GetBlobProperties
nce: Windows Azure Storage Logging: Using Logs to Track Storage Requests
URL: http://blogs.msdn.com/b/windowsazurestorage/archive/2011/08/03/windows-azure-storage-logging-using-logs-to-track-storage-requests.aspx
Q9. Your company network includes an On-Premises Windows Active Directory (AD) that has a DNS domain named contoso.local and an email domain named contoso.com. You plan to migrate from On-Premises Exchange to Office 365.
You configure DirSync and set all Azure Active Directory {Azure AD)
usernames as %username%@contoso.com
You need to ensure that each user is able to log on by using the email domain as the username.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Verify the email domain in Azure AD domains.
B. Run the Set-MsolUserPnncipalName -UserPnncipalName %username%@co ntoso.onmicrosoft.com -NewUserPrincipalName %usemame %@contoso.com Power Shell cmdlet.
C. Edit the ProxyAddress attribute on the On-Premises Windows AD user account.
D. Verify the Windows AD DNS domain in Azure AD domains.
E. Update the On-Premises Windows AD user account UPN to match the email address.
Answer: C,D
Explanation: * There are two main traffic flows originating from the server hosting the Azure Active Directory Sync tool: The Azure Active Directory Sync tool queries a domain controller on the on-premises network for changes to accounts and passwords. The Azure Active Directory Sync tool sends the changes to accounts and passwords to the Azure AD instance of your Office 365 subscription. These changes are sent through the on-premises network’s proxy server.
* Verify that your virtual machine is joined to the domain by checking your internal DNS to make sure that an Address (A) record was added for the virtual machine with the correct IP address from Azure. For the Azure Active Directory Sync tool to gain access to Internet resources, you must configure the server that runs the Azure Active Directory Sync tool to use the on-premises network's proxy server.
Reference: Deploy Office 365 Directory Synchronization in Microsoft Azure
Q10. Your company has recently signed up for Azure.
You plan to register a Data Protection Manager (DPM) server with the Azure Backup service.
You need to recommend a method for registering the DPM server with the Azure Backup vault.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. Import a self-signed certificate created using the makecert tool.
B. Import a self-signed certificate created using the createcert tool.
C. Import an X.509 v3 certificate with valid clientauthentication EKU.
D. Import an X.509 v3 certificate with valid serverauthentication EKU.
Answer: A,C
Explanation: A: You can create a self-signed certificate using the makecert tool, or use any valid SSL certificate issued by a Certification Authority (CA) trusted by Microsoft, whose root certificates are distributed via the Microsoft Root Certificate Program.
C: The certificate must have a valid ClientAuthentication EKU.
Reference: Prerequisites for Azure Backup
URL: http://technet.microsoft.com/en-us/library/dn296608.aspx
Q11. Your network environment includes remote employees.
You need to create a secure connection for the remote employees who require access to your Azure virtual network.
What should you do?
A. Deploy Windows Server 2012 RRAS.
B. Configure a point-to-site VPN.
C. Configure an ExpressRoute.
D. Configure a site-to-site VPN.
Answer: B
Explanation: New Point-To-Site Connectivity
With today’s release we’ve added an awesome new feature that allows you to setup VPN connections between individual computers and a Windows Azure virtual network without the need for a VPN device. We call this feature Point-to-Site Virtual Private Networking. This feature greatly simplifies setting up secure connections between Windows Azure and client machines, whether from your office environment or from remote locations.
It is especially useful for developers who want to connect to a Windows Azure Virtual Network (and to the individual virtual machines within it) from either behind their corporate firewall or a remote location. Because it is point-to-site they do not need their IT staff to perform any activities to enable it, and no VPN hardware needs to be installed or configured. Instead you can just use the built-in Windows VPN client to tunnel to your Virtual Network in Windows Azure.
Reference: Windows Azure: Improvements to Virtual Networks, Virtual Machines, Cloud Services and a new Ruby SDK
http://azure.microsoft.com/blog/2013/04/26/virtual-network-adds-new-capabilities-for-cross-premises-connectivity/
Q12. Your company has two physical locations configured in a geo-clustered environment that includes:
System Center Virtual Machine Manager 2012 R2
System Center Data Protection Manager 2012 R2
SQL Server 2012
Windows Server 2012 R2 Hyper-V
Over 100 virtual machines (VMs) in each physical location
Your company has recently signed up for Azure.
You plan to leverage your current network environment to provide a backup solution for your VMs.
You need to recommend a solution that ensures all VMs are redundant and deployable between locations. You also want the solution to minimize downtime in the event of an outage at either physical location.
Which solution should you recommend?
A. Configure a backup vault in Azure and use Data Protection Manager to back up The Windows Servers.
B. Use Data Protection Manager and back up the VMs in each location.
C. Use Azure site recovery in an on-premises to Azure protection configuration.
D. Use Azure site recovery in an on-premises to on-premises protection configuration.
Answer: D
Explanation: On-Premises to On-Premises (Hyper-V replication)
* Cloud metadata is sent to Azure Site Recovery.
Replicated data is stored in location specified on target Hyper-V server.
* Azure account with Azure Site Recovery enabled.
* Virtual machines replicate from source on-premises Hyper-V server to another. You can set up reverse replication to replicate back to the source location.
* Requires source and target VMM servers with at least one cloud on each, or a single VMM server with two clouds. Clouds must contain at least one Hyper-V host server or cluster.
Reference: Microsoft Azure, Site Recovery
Q13. You administer a cloud service.
You plan to host two web applications named contosoweb and contosowebsupport.
You need to ensure that you can host both applications and qualify for the Azure Service
Level Agreement. You want to achieve this goal while minimizing costs.
How should you host both applications?
A. in different web roles with two instances in each web role
B. in the same web role with two instances
C. in different web roles with one instance in each web role
D. in the same web role with one instance
Answer: B
Explanation: A cloud service must have at least two instances of every role to qualify for the Azure Service Level Agreement, which guarantees external connectivity to your Internet-facing roles at least 99.95 percent of the time.
Reference: Azure, What is a cloud service?
URL: http://azure.microsoft.com/en-us/documentation/articles/cloud-services-what-is/
Q14. You manage a cloud service that has a web role named fabWeb. You create a virtual
network named fabVNet that has two subnets defined as Web and Apps.
You need to be able to deploy fabWeb into the Web subnet.
What should you do?
A. Modify the service definition (csdef) for the cloud service.
B. Run the Set-AzureSubnet PowerShell cmdlet.
C. Run the Set-AzureVNetConfig PowerShell cmdlet.
D. Modify the network configuration file.
E. Modify the service configuration (cscfg) for the fabWeb web role.
Answer: A
Explanation: Azure Service Definition Schema (.csdef File)
The service definition file defines the service model for an application. The file contains the
definitions for the roles that are available to a cloud service, specifies the service
endpoints, and establishes configuration settings for the service.
Q15. Your company plans to migrate from On-Premises Exchange to Office 365.
The existing directory has numerous service accounts in your On-Premises Windows Active Directory (AD), stored in separate AD Organizational Units (OU) for user accounts.
You need to prevent the service accounts in Windows AD from syncing with Azure AD.
What should you do?
A. Create an OU filter in the Azure AD Module for Windows PowerShell.
B. Configure directory partitions in miisclient.exe.
C. Set Active Directory ACLs to deny the DirSync Windows AD service account MSOL_AD_SYNC access to the service account OUs.
D. Create an OU filter in the Azure Management Portal.
Answer: B
Explanation: One customer, who was looking for OU level filtering to import selected users from On-Premises active directory to Office365.
Configure OU level filtering for Office365 directory synchronization.
1. Logged in to your Domain controller
2. Created an OU (Organisational Unit) from your AD (Active Directory)
a. In my case I named it “DirSync”
3. Move all those users you want to sync, to that.DirSync OU.
4. From your DirSync Server navigate to <Drive>\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell
5. Double click on.miisclient.exe
6. This opens a console something similar to the below screen capture
Identity Manager, click Management Agents, and then double-click SourceAD.