Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. DRAG DROP
You administer an Azure Virtual Machine (VM) named CON-CL1. CON-CL1 is in a cloud service named ContosoService1.
You want to create a new VM named MyApp that will have a fixed IP address and be hosted by an Azure Datacenter in the US West region.
You need to assign a fixed IP address to the MyApp VM.
Which Azure Power Shell cmdlets and values should you use? To answer, drag the appropriate cmdlet or value to the correct location in the PowerShell command. Each cmdlet or value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content
Answer:
Q2. Click Configure Directory Partitions, and then click Containers, as shown in the below screen capture.
Answer:
Q3. Your company has recently signed up for Azure.
You plan to register a Data Protection Manager (DPM) server with the Azure Backup service.
You need to recommend a method for registering the DPM server with the Azure Backup vault.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. Import a self-signed certificate created using the makecert tool.
B. Import a self-signed certificate created using the createcert tool.
C. Import an X.509 v3 certificate with valid clientauthentication EKU.
D. Import an X.509 v3 certificate with valid serverauthentication EKU.
Answer: A,C
Explanation: A: You can create a self-signed certificate using the makecert tool, or use any valid SSL certificate issued by a Certification Authority (CA) trusted by Microsoft, whose root certificates are distributed via the Microsoft Root Certificate Program.
C: The certificate must have a valid ClientAuthentication EKU.
Reference: Prerequisites for Azure Backup
URL: http://technet.microsoft.com/en-us/library/dn296608.aspx
Q4. You manage a cloud service named fabrikamReports that is deployed in an Azure data center.
You deploy a virtual machine (VM) named fabrikamSQL into a virtual network named fabrikamVNet.
FabrikamReports must communicate with fabrikamSQL.
You need to add fabrikam Reports to fabrikamVNet.
Which file should you modify?
A. the network configuration file for fabrikamVNet
B. the service definition file (.csdef) for fabrikamReports
C. the service definition file (.csdef) for fabrikamSQL
D. the service configuration file (.cscfg) for fabrikamReports
E. the service configuration file (.cscfg) fabrikamSQL
Answer: B
Explanation: Azure Service Definition Schema (.csdef File)
The service definition file defines the service model for an application. The file contains the
definitions for the roles that are available to a cloud service, specifies the service
endpoints, and establishes configuration settings for the service.
Incorrect:
not D, not E: The service configuration file (.cscfg) specifies the number of role instances to
deploy for each role in the service, the values of any configuration settings, and the
thumbprints for any certificates associated with a role.
Reference: Azure Service Definition Schema (.csdef File)
http://msdn.microsoft.com/en-us/library/azure/ee758711.aspx
Q5. You manage a software-as-a-service application named SaasApp1 that provides user management features in a multi-directory environment.
You plan to offer SaasApp1 to other organizations that use Azure Active Directory.
You need to ensure that SaasApp1 can access directory objects.
What should you do?
A. Configure the Federation Metadata URL
B. Register SaasApp1 as a native client application.
C. Register SaasApp1 as a web application.
D. Configure the Graph API.
Answer: D
Explanation: The Azure Active Directory Graph API provides programmatic access to Azure AD through REST API endpoints. Applications can use the Graph API to perform create, read, update, and delete (CRUD) operations on directory data and objects. For example, the Graph API supports the following common operations for a user object: / Create a new user in a directory / Get a user’s detailed properties, such as their groups / Update a user’s properties, such as their location and phone number, or change their password / Check a user’s group membership for role-based access / Disable a user’s account or delete it entirely
Reference: Azure AD Graph API
URL: http://msdn.microsoft.com/en-us/library/azure/hh974476.aspx
Q6. DRAG DROP
You plan to deploy a cloud service named contosoapp that has a web role named contosoweb and a worker role named contosoimagepurge.
You need to ensure the service meets the following requirements:
. Contosoweb can be accessed over the Internet by using http.
. Contosoimagepurge can only be accessed through tcp port 5001 from
contosoweb.
. Contosoimagepurge cannot be accessed directly over the Internet.
Which configuration should you use? To answer, drag the appropriate configuration setting to the correct location in the service configuration file. Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q7. You administer a Microsoft Azure SQL Database data base in the US Central region named contosodb. Contosodb runs on a Standard tier within the S1 performance level.
You have multiple business-critical applications that use contosodb.
You need to ensure that you can bring contosodb back online in the event of a natural disaster in the US Central region. You want to achieve this goal with the least amount of downtime.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Upgrade to S2 performance level.
B. Use active geo-replication.
C. Use automated Export.
D. Upgrade to Premium tier.
E. Use point in time restore.
F. Downgrade to Basic tier.
Answer: B,D
Explanation: B: The Active Geo-Replication feature implements a mechanism to provide database redundancy within the same Microsoft Azure region or in different regions (geo-redundancy). One of the primary benefits of Active Geo-Replication is that it provides a database-level disaster recovery solution. Using Active Geo-Replication, you can configure a user database in the Premium service tier to replicate transactions to databases on different Microsoft Azure SQL Database servers within the same or different regions. Cross-region redundancy enables applications to recover from a permanent loss of a datacenter caused by natural disasters, catastrophic human errors, or malicious acts.
D: Active Geo-Replication is available for databases in the Premium service tier only.
Reference: Active Geo-Replication for Azure SQL Database
http://msdn.microsoft.com/en-us/library/azure/dn741339.aspx
Q8. You manage an application deployed to virtual machines (VMs) on an Azure virtual network
named corpVnet1.
You plan to hire several remote employees who will need access to the application on corpVnet1.
You need to ensure that new employees can access corpVnet1. You want to achieve this goal by using the most cost effective solution.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Create a VPN subnet.
B. Enable point-to-point connectivity for corpVnet1.
C. Enable point-to-site connectivity for corpVnet1.
D. Create a gateway subnet.
E. Enable site-to-site connectivity for corpVnet1.
F. Convert corpVnet1 to a regional virtual network.
Answer: A,C
Explanation:
A point-to-site VPN also allows you to create a secure connection to your virtual network. In a point-to-site configuration, the connection is configured individually on each client computer that you want to connect to the virtual network. Point-to-site connections do not require a VPN device. They work by using a VPN client that you install on each client computer. The VPN is established by manually starting the connection from the on-premises client computer. You can also configure the VPN client to automatically restart.
Reference: About Secure Cross-Premises Connectivity
Q9. HOTSPOT
You manage two websites for your company. The sites are hosted on an internal server
that is beginning to experience performances issues due to high traffic.
You plan to migrate the sites to Azure Web Sites.
The sites have the following configurations:
In the table below, identity the web hosting plan with the lowest cost for each site. Make only one selection in each column.
Answer:
Q10. Your company network includes two branch offices. Users at the company access internal virtual machines (VMs).
You want to ensure secure communications between the branch offices and the internal VMs and network.
You need to create a site-to-site VPN connection.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. a private IPv4 IP address and a compatible VPN device
B. a private IPv4 IP address and a RRAS running on Windows Server 2012
C. a public-facing IPv4 IP address and a compatible VPN device
D. a public-facing IPv4 IP address and a RRAS running on Windows Server 2012
Answer: C,D
Explanation: C (not A): VPN Device IP Address.- This is public facing IPv4 address of your on-premises VPN device that you’ll use to connect to Azure. The VPN device cannot be located behind a NAT. D (Not B): At least one or preferably two publicly visible IP addresses: One of the IP addresses is used on the Windows Server 2012 machine that acts as the VPN device by using RRAS. The other optional IP address is to be used as the Default gateway for out-bound traffic from the on-premises network. If the second IP address is not available, it is possible to configure network address translation (NAT) on the RRAS machine itself, to be discussed in the following sections. It is important to note that the IP addresses must be public. They cannot be behind NAT and/or a firewall.
Reference: Configure a Site-to-Site VPN in the Management Portal
Site-to-Site VPN in Azure Virtual Network using Windows Server 2012 Routing and Remote Access Service (RRAS)
Q11. You administer an Azure subscription with an existing cloud service named contosocloudservice. Contosocloudservice contains a set of related virtual machines (VMs) named ContosoDC, ContosoSQL and ContosoWeb1.
You want to provision a new VM within contosocloudservice.
You need to use the latest gallery image to create a new Windows Server 2012 R2 VM that
has a target IOPS of 500 for any provisioned disks.
Which PowerShell command should you use?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Explanation: This example creates a new Windows virtual machine configuration with operating system disk, data disk and provisioning configuration. This configuration is then used to create a new virtual machine.
C:\PS> $image = (Get-AzureVMImage).ImageName C:\PS>New-AzureVMConfig -Name "MyVM1" -InstanceSize ExtraSmall -ImageName $image ` | Add-AzureProvisioningConfig -Windows -Password $adminPassword ` | Add-AzureDataDisk -CreateNew -DiskSizeInGB 50 -DiskLabel 'datadisk1' -LUN 0 ` | New-AzureVM –ServiceName "MySvc1"
Reference: New-AzureVMConfig
URL: http://msdn.microsoft.com/en-us/library/dn495159.aspx
Q12. You administer an Azure Storage account with a blob container. You enable Storage account logging for read, write and delete requests.
You need to reduce the costs associated with storing the logs.
What should you do?
A. Execute Delete Blob requests over https.
B. Create an export job for your container.
C. Set up a retention policy.
D. Execute Delete Blob requests over http.
Answer: C
Explanation: To ease the management of your logs, we have provided the functionality of retention policy which will automatically cleanup ‘old’ logs without you being charged for the cleanup. It is recommended that you set a retention policy for logs such that your analytics data will be within the 20TB limit allowed for analytics data (logs and metrics combined).
Reference: Windows Azure Storage Logging: Using Logs to Track Storage Requests, How do I cleanup my logs?
URL: http://blogs.msdn.com/b/windowsazurestorage/archive/2011/08/03/windows-azure-storage-logging-using-logs-to-track-storage-requests.aspx
Q13. HOTSPOT
You administer an Azure Active Directory (Azure AD) tenant.
You add a custom application to the tenant.
The application must be able to:
. Read data from the tenant directly.
. Write data to the tenant on behalf of a user. In the table below, identify the permission that must be granted to the application. Make only one selection in each column.
Answer:
Q14. You manage an Azure virtual network that hosts 15 virtual machines (VMs) on a single subnet which is used for testing a line of business (LOB) application. The application is deployed to a VM named TestWebServiceVM.
You need to ensure that TestWebServiceVM always starts by using the same IP address. You need to achieve this goal by using the least amount of administrative effort.
What should you do?
A. Use the Management Portal to configure TestWebServiceVM.
B. Use RDP to configure TestWebServiceVM.
C. Run the Set-AzureStaticVNetIP PowerShell cmdlet.
D. Run the Get-AzureReservedIP PowerShell cmdlet.
Answer: C
Explanation: Specify a static internal IP for a previously created VM
If you want to set a static IP address for a VM that you previously created, you can do so by using the following cmdlets. If you already set an IP address for the VM and you want to change it to a different IP address, you’ll need to remove the existing static IP address before running these cmdlets. See the instructions below to remove a static IP. For this procedure, you’ll use the Update-AzureVM cmdlet. The Update-AzureVM cmdlet restarts the VM as part of the update process. The DIP that you specify will be assigned after the VM restarts. In this example, we set the IP address for VM2, which is located in cloud service StaticDemo.
Get-AzureVM -ServiceName StaticDemo -Name VM2 | Set-AzureStaticVNetIP -IPAddress
192.168.4.7 | Update-AzureVM
Reference: Configure a Static Internal IP Address (DIP) for a VM URL: http://msdn.microsoft.com/en-us/library/azure/dn630228.aspx
Q15. You manage a cloud service that has a web role named fabWeb. You create a virtual
network named fabVNet that has two subnets defined as Web and Apps.
You need to be able to deploy fabWeb into the Web subnet.
What should you do?
A. Modify the service definition (csdef) for the cloud service.
B. Run the Set-AzureSubnet PowerShell cmdlet.
C. Run the Set-AzureVNetConfig PowerShell cmdlet.
D. Modify the network configuration file.
E. Modify the service configuration (cscfg) for the fabWeb web role.
Answer: A
Explanation: Azure Service Definition Schema (.csdef File)
The service definition file defines the service model for an application. The file contains the
definitions for the roles that are available to a cloud service, specifies the service
endpoints, and establishes configuration settings for the service.