Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. HOTSPOT
You manage an Internet Information Services (IIS) 6 website named contososite1. Contososite1 runs a legacy ASP.NET 1.1 application named LegacyApp1. LegacyApp1 does not contain any integration with any other systems or programming languages.
You deploy contososite1 to Azure Web Sites.
You need to configure Azure Web Sites. You have the following requirements:
LegacyApp1 runs correctly.
The application pool does not recycle.
Which settings should you configure to meet the requirements? To answer, select the appropriate settings in the answer area.
Answer:
Q2. You administer a DirSync server configured with Azure Active Directory (Azure AD).
You need to provision a user in Azure AD without waiting for the default DirSync synchronization interval.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. Restart the DirSync server.
B. Run the Start-OnlineCoexistenceSync PowerShell cmdlet.
C. Run the Enable-SyncShare PowerShell cmdlet.
D. Run the Azure AD Sync tool Configuration Wizard.
E. Replicate the Directory in Active Directory Sites and Services.
Answer: B,D
Explanation: If you don’t want to wait for the recurring synchronizations that occur every three hours, you can force directory synchronization at any time.
B: Force directory synchronization using Windows PowerShell
You can use the directory synchronization Windows PowerShell cmdlet to force synchronization. The cmdlet is installed when you install the Directory Sync tool. On the computer that is running the Directory Sync tool, start PowerShell, type Import-Module DirSync, and then press ENTER.
Type Start-OnlineCoexistenceSync, and then press ENTER.
D: Azure Active Directory Sync Services (AAD Sync)
In September 2014 the Microsoft Azure AD Sync tool was released. This changed how
manual sync requests are issued.
To perform a manual update we now use the DirectorySyncClientCmd.exe tool. The Delta
and Initial parameters are added to the command to specify the relevant task.
This tool is located in:
C:\Program Files\Microsoft Azure AD Sync\Bin
You can use the directory synchronization Windows PowerShell cmdlet to force
synchronization. The cmdlet is installed when you install the Directory Sync tool. On the computer that is running the Directory Sync tool, start PowerShell, type Import-Module DirSync, and then press ENTER.
Type Start-OnlineCoexistenceSync, and then press ENTER.
Q3. You publish an application named MyApp to Azure Active Directory (Azure AD). You grant access to the web APIs through OAuth 2.0.
MyApp is generating numerous user consent prompts.
You need to reduce the amount of user consent prompts.
What should you do?
A. Enable Multi-resource refresh tokens.
B. Enable WS-federation access tokens.
C. Configure the Open Web Interface for .NET.
D. Configure SAML 2.0.
Answer: A
Explanation: When using the Authorization Code Grant Flow, you can configure the client to call multiple resources. Typically, this would require a call to the authorization endpoint for each target service. To avoid multiple calls and multiple user consent prompts, and reduce the number of refresh tokens the client needs to cache, Azure Active Directory (Azure AD) has implemented multi-resource refresh tokens. This feature allows you to use a single refresh token to request access tokens for multiple resources.
Reference:Azure, OAuth 2.0, Refresh Tokens for Multiple Resources
Q4. DRAG DROP
Your company network includes a single forest with multiple domains. You plan to migrate from On-Premises Exchange to Exchange Online.
You want to provision the On-Premises Windows Active Directory (AD) and Azure Active Directory (Azure AD) service accounts.
You need to set the required permissions for the Azure AD service account.
Which settings should you use? To answer, drag the appropriate permission to the service account. Each permission may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q5. DRAG DROP
You manage an Azure Web Site named contososite.
You download the subscription publishing credentials named Contoso-Enterprise.publishsettings.
You need to use Azure Power Shell to achieve the following:
Connect to the Contoso-Enterprise subscription.
Create a new App Setting named CustomSetting with a value of True.
Restart the website.
Which commands should you use? To answer, drag the appropriate Azure PowerShell command to the correct location in the solution. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q6. DRAG DROP
You have a solution deployed into a virtual network in Azure named fabVNet. The fabVNet virtual network has three subnets named Apps, Web, and DB that are configured as shown in the exhibit. (Click the Exhibits button.)
You want to deploy two new VMs to the DB subnet.
You need to modify the virtual network to expand the size of the DB subnet to allow more IP addresses.
Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q7. HOTSPOT
You manage an Azure Web Site for a consumer-product company.
The website runs in Standard mode on a single medium instance.
You expect increased traffic to the website due to an upcoming sale during a holiday
weekend.
You need to ensure that the website performs optimally when user activity is at its highest.
Which option should you select? To answer, select the appropriate option in the answer
area.
Answer:
Q8. You administer a cloud service.
You plan to host two web applications named contosoweb and contosowebsupport.
You need to ensure that you can host both applications and qualify for the Azure Service
Level Agreement. You want to achieve this goal while minimizing costs.
How should you host both applications?
A. in different web roles with two instances in each web role
B. in the same web role with two instances
C. in different web roles with one instance in each web role
D. in the same web role with one instance
Answer: B
Explanation: A cloud service must have at least two instances of every role to qualify for the Azure Service Level Agreement, which guarantees external connectivity to your Internet-facing roles at least 99.95 percent of the time.
Reference: Azure, What is a cloud service?
URL: http://azure.microsoft.com/en-us/documentation/articles/cloud-services-what-is/
Q9. You administer an Azure Web Site named contoso. The development team has implemented changes to the website that need to be validated.
You need to validate and deploy the changes with minimum downtime to users.
What should you do first?
A. Create a new Linked Resource.
B. Configure Remote Debugging on contoso.
C. Create a new website named contosoStaging.
D. Create a deployment slot named contosoStaging.
E. Back up the contoso website to a deployment slot.
Answer: D
Explanation: When you deploy your application to Azure Websites, you can deploy to a separate deployment slot instead of the default production slot, which are actually live sites with their own hostnames.
Furthermore, you can swap the sites and site configurations between two deployment slots, including the production slot. Deploying your application to a deployment slot has the following benefits:
* You can validate website changes in a staging deployment slot before swapping it with the production slot.
* After a swap, the slot with previously staged site now has the previous production site. If the changes swapped into the production slot are not as you expected, you can perform the same swap immediately to get your "last known good site" back.
* Deploying a site to a slot first and swapping it into production ensures that all instances of the slot are warmed up before being swapped into production. This eliminates downtime when you deploy your site. The traffic redirection is seamless, and no requests are dropped as a result of swap operations.
Reference: Staged Deployment on Microsoft Azure Websites
Q10. You develop a Windows Store application that has a web service backend.
You plan to use the Azure Active Directory Authentication Library to authenticate users to Azure Active Directory (Azure AD) and access directory data on behalf of the user.
You need to ensure that users can log in to the application by using their Azure AD credentials.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Create a native client application in Azure AD.
B. Configure directory integration.
C. Create a web application in Azure AD.
D. Enable workspace join.
E. Configure an Access Control namespace.
Answer: B,C
Explanation: B: An application that wants to outsource authentication to Azure AD must be
registered in Azure AD, which registers and uniquely identifies the app in the directory.
C (not A): NativeClient-WindowsStore
A Windows Store application that calls a web API that is secured with Azure AD.
Reference: AzureADSamples/NativeClient-WindowsStore Authentication Scenarios for Azure AD, Basics of Authentication in Azure AD http://msdn.microsoft.com/en-us/library/azure/dn499820.aspx#BKMK_Auth https://github.com/AzureADSamples/NativeClient-WindowsStore
Q11. HOTSPOT
You manage two cloud services named Service1 and Service2. The development team updates the code for each application and notifies you that the services are packaged and ready for deployment.
Each cloud service has specific requirements for deployment according to the following table.
In the table below, identify the deployment method for each service. Make only one selection in each column.
Answer:
Q12. You manage an application running on Azure Web Sites Standard tier. The application uses a substantial amount of large image files and is used by people around the world.
Users from Europe report that the load time of the site is slow.
You need to implement a solution by using Azure services.
What should you do?
A. Configure Azure blob storage with a custom domain.
B. Configure Azure CDN to cache all responses from the application web endpoint.
C. Configure Azure Web Site auto-scaling to increase instances at high load.
D. Configure Azure CDN to cache site images and content stored in Azure blob storage.
Answer: A
Explanation: You can configure a custom domain for accessing blob data in your Azure storage account. The default endpoint for the Blob service is https://<mystorageaccount>.blob.core.windows.net. If you map a custom domain and subdomain such as www.contoso.com to the blob endpoint for your storage account, then your users can also access blob data in your storage account using that domain.
Reference: Configure a custom domain name for blob data in an Azure storage account
URL: http://azure.microsoft.com/en-us/documentation/articles/storage-custom-domain-name/
Q13. You administer a virtual machine (VM) that is deployed to Azure. You configure a rule to generate an alert when the average availability of a web service on your VM drops below 95 percent for 15 minutes.
The development team schedules a one-hour maintenance period.
You have the following requirements:
. No alerts are created during the maintenance period.
. Alerts can be restored when the maintenance is complete. You want to achieve this goal by using the least amount of administrative effort.
What should you do from the Management Portal?
A. Select and disable the rule from the Dashboard page of the virtual machine.
B. Select and delete the rule from the Configure page of the virtual machine.
C. Select and disable the rule from the Monitor page of the virtual machine.
D. Select and disable the rule on the Configure page of the virtual machine.
Answer: C
Explanation: * Example:
* Virtual Machines
You can configure virtual machine alert rules on: / Monitoring metrics from the virtual machine host operating system / Web endpoint status metrics
Reference: Understanding Monitoring Alerts and Notifications in Azure
Q14. Your network environment includes remote employees.
You need to create a secure connection for the remote employees who require access to your Azure virtual network.
What should you do?
A. Deploy Windows Server 2012 RRAS.
B. Configure a point-to-site VPN.
C. Configure an ExpressRoute.
D. Configure a site-to-site VPN.
Answer: B
Explanation: New Point-To-Site Connectivity
With today’s release we’ve added an awesome new feature that allows you to setup VPN connections between individual computers and a Windows Azure virtual network without the need for a VPN device. We call this feature Point-to-Site Virtual Private Networking. This feature greatly simplifies setting up secure connections between Windows Azure and client machines, whether from your office environment or from remote locations.
It is especially useful for developers who want to connect to a Windows Azure Virtual Network (and to the individual virtual machines within it) from either behind their corporate firewall or a remote location. Because it is point-to-site they do not need their IT staff to perform any activities to enable it, and no VPN hardware needs to be installed or configured. Instead you can just use the built-in Windows VPN client to tunnel to your Virtual Network in Windows Azure.
Reference: Windows Azure: Improvements to Virtual Networks, Virtual Machines, Cloud Services and a new Ruby SDK
http://azure.microsoft.com/blog/2013/04/26/virtual-network-adds-new-capabilities-for-cross-premises-connectivity/
Q15. DRAG DROP
You administer an Azure Virtual Machine (VM) named CON-CL1. CON-CL1 is in a cloud service named ContosoService1.
You discover unauthorized traffic to CON-CL1. You need to:
. Create a rule to limit access to CON-CL1.
. Ensure that the new rule has the highest precedence.
Which Azure Power Shell cmdlets and values should you use? To answer, drag the appropriate cmdlet or value to the correct location in the Power Shell command. Each cmdlet or value may be used once, more than once, or not at all. You may need to drag the split bat between panes or scroll to view content.
Answer: