Implementing Microsoft Azure Infrastructure Solutions (70-533_Part-IV)
I am starting a blog to learn Implementing Microsoft Azure Infrastructure Solutions (70-533). For this purpose I am posting practice questions with answers from different dumps. The objective to achieve is to discuss if the answers are correct or incorrect. I need input (comments) from you people and it will also be helpful for those who intends to take this exam. First question with its topic is as follows;
I am starting a blog to learn Implementing Microsoft Azure Infrastructure Solutions (70-533). For this purpose I am posting practice questions with answers from different dumps. The objective to achieve is to discuss if the answers are correct or incorrect. I need input (comments) from you people and it will also be helpful for those who intends to take this exam. First question with its topic is as follows;
QUESTION-1: You
administer an Azure SQL Database that runs in the S0 service tier.
The
database stored mission- critical data.
You must
meet the following requirements:
- minimize costs associated with hosting the database
in Azure
- minimize downtime in the event of an outage
- protect the database from unplanned events
What
should you do?
A.
Implement a secondary database in the paired
region.
B.
Ensure that a secondary databases are online and
readable at all times.
C. Create a continuously replicated copy
D. Use backups in a geo-redundant
Azure storage (GRS) location.
Answer: D
Explanation:
QUESTION-2:You have
an Azure subscription that contains a backup vault named BV1. BV1
contains five protected servers. Backups run daily.
You need
to modify the storage replication settings for the backups.
What
should you do first?
A.
Create a new backup vault.
B.
Modify the policies associated to BV1.
C.
Uninstall the backup agent from the five
servers.
D.
Run the Remove-OBFileSpec cmdlet.
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/backup/backup-configure-vault
QUESTION-3: You have
an Azure subscription.
In Azure,
you create two virtual machines named VM1 and VM2.
Both
virtual machines are instances in a cloud service named Cloud1.
You need
to ensure that any virtual hard disks that the VMs use are not replicated
between datacenters.
Which
settings should you modify?
A.
Azure subscription
B.
virtual machine
C.
cloud services
D.
storage account
Answer: D
Explanation:
https://docs.microsoft.com/en-us/azure/storage/storage-introduction
QUESTION-4: You deploy
several virtual machines (VMs) to Azure by using the Azure Service Manager
(classic).
You
must deploy new VMs by using the Azure Resource Manager (ARM). You need to
ensure the new VMs can communicate with the existing Vms. What should you do?
A.
Create a new resource group and include all VMs.
B.
Create a site-to-site (S2S) VPN connection
between the classic VNet and the ARM VNet.
C.
Migrate the classic VMs to the ARM VNet.
D.
Create a new availability set and include all
VMs.
Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-different-deployment-
models-
portal
QUESTION-5: You
develop a set of PowerShell scripts that will run when you deploy new virtual
machines (Vms).
You need
to ensure that the scripts are run automatically when the VM is started.
What should
you do?
A.
Load the scripts to a common file share
accessible by the VMs.
B.
Create a SetupComplete.cmd batch file to call
the scripts after the VM starts.
C.
Set the VNs to execute a custom extension.
D.
Create a new virtual hard disk (VHD) that
contains the scripts.
Answer: C
Explanation:
https://technet.microsoft.com/en-us/library/cc766314(v=ws.10).aspx
QUESTION-6:You plan
to implement Azure AD connect.
You have
an Active Directory Domain Services domain named Contoso.
You need
to determine if the organization's Active Directory is compatible with Azure AD
Connect.
Which
command should you run?
A.
dsquery *
cn=schema,cn=configuration,dc=contoso,dc=local -scope base -attr objectVersion
B.
nslookup finger contoso/objectVersion > >
scope
C.
ldifde -scope contoso -o domain -l objectVersion
-p schema
D.
csvde -i –s -j domain/schema -r objectVersion -b
contoso -o local
Answer: A
Explanation:
http://rickardnobel.se/verify-schema-versions-on-all-domain-controllers/
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-prerequisites
QUESTION-7: You manage
Azure Web Apps for a company.
You
migrate an on-premises web app to Azure.
You plan
to update the Azure Web App by modifying the connection string and updating the
files that have changed since previous revision.
The
deployment process must use Secure Socket Layer (SSL) and occur during off-peak
hours as an automated batch process.
You need
to update the Azure Web App.
What
should you do?
A.
Close the Internet Information Services (IIS)
virtual machine (VM) to Azure.
B.
Deploy the web app from GitHub.
C.
Use MSDeploy.exe.
D.
Deploy the web app from the Internet Information
Services (IIS) Management console.
Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/app-service-web/app-service-deploy-local-git
QUESTION-8: You have
an application that needs to use single sign-on (SSO) between the company's
Azure Active Directory (Azure AD) and the on-premises Windows Server 2012 R2
Active Directory. You configure the application to use Integrated Windows
Authentication (IWA).
You
install an Application Proxy connector in the same domain as the server that is
publishing the application.
You need
to configure the published application in Azure AD to enable SSO.
What
should you do?
B.
Set the preauthenticated method to Pass through.
C.
Set the internal authentication method to IWA.
D.
Enable an access rule to require Multi-Factor
Authentication.
Answer: C
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-sso-
using-kcd
QUESTION-9: You
administer an Azure Active Directory (Azure AD) tenant that hosts a Software as
a Service (SaaS) application named MyApp.
You
control access to MyApp by using the following two Azure AD groups:
- a group named SaaSApp that contains 200 users
- a group named AdminSaaS that contains 20 users
You need
to revoke all access to MyApp for the SaaSApp by using the least administrative
effort. What should you do?
A.
Delete the tenant.
B.
Revoke access to MyApp.
C.
Delete the SaaSApp group from Azure AD.
D.
Revoke application access from users belonging
to the SaaSApp group.
Answer: D
Explanation:
https://blogs.technet.microsoft.com/enterprisemobility/2014/05/21/identity-and-access-
management-for-the-
cloud/
QUESTION-10: Note: This question is part of a series of
questions that present the same scenario.
Each questions in the series contains a unique solution that might meet
the stated goals. Some questions sets might have more than one correct
solution, while others might not have a correct solution. After you answer a
question in this section, you will NOT be able to return to it. As a result,
these questions will not appear in the review scree.
You create
an Ubuntu Linux virtual machine (VM) by using the Azure Portal.
You do not
specify a password when you create the VM.
You need
to connect to the terminal of the VM.
Solution:
You connect to the public IP address of the VM by using Secure Shell (SSH) and
specify your private key.
Does the
solution meet the goal?
A.
Yes
B.
No
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-linux-quick-create-
portal?toc=%2fazure%2fvirtual-machines%2flinux%2ftoc.json
In
order to connect to linux machine in Azure you need to specify Public
IP/Private Key
QUESTION-11: Note: This question is part of a series of
questions that present the same scenario.
Each questions in the series contains a unique
solution that might meet the stated goals. Some questions sets might have more
than one correct solution, while others might not have a correct solution. After
you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in
the review scree.
You create
an Ubuntu Linux virtual machine (VM) by using the Azure Portal.
You do not
specify a password when you create the VM.
You need
to connect to the terminal of the VM.
Solution:
You use the Connect button on the Overview blade for the VM.
Does the
solution meet the goal?
A.
Yes
B.
No
Answer: B
QUESTION 12: Note: This question is part of a series of
questions that present the same scenario.
Each questions in the series contains a unique solution that might meet
the stated goals. Some questions sets might have more than one correct
solution, while others might not have a correct solution. After you answer a
question in this section, you will NOT be able to return to it. As a result,
these questions will not appear in the review scree.
You create
an Ubuntu Linux virtual machine (VM) by using the Azure Portal.
You do not
specify a password when you create the VM.
You need
to connect to the terminal of the VM.
Solution:
You connect to the public IP address of the VM by using Secure Shell (SSH) and
specify your public key.
Does the
solution meet the goal?
A. Yes
B. No
Answer: B
Explanation:
You need
to connect to the public IP and private key
QUESTION-13: You have
an Azure subscription that has a virtual machine named VM1.
VM1 runs a
line-of-business application named APP1.
You create
two additional virtual machines named VM2 and VM3 to host APP1.
You need
to ensure that there is always at least one virtual machine online to host App1.
Which
command should you run? To answer, select the appropriate options in the answer
area.
A.
Export-AzureVM
B.
Get-AzureaffinityGroup
C.
Get-AzureEndPoint
D.
Get-AzureVM
Answer: D
Explanation
https://msdn.microsoft.com/fr-fr/library/azure/dn495236.aspx
QUESTION-14: You manage
an Azure web app in standard service tier at the following address:
contoso.azurewebsites.net.
Your
company has a new domain for the site named www.contoso.com that must be
accessible by secure socket layer(SSL) encryption.
You need
to add a custom domain to the Azure web app and assign an SSL certificate.
Which
three actions should you perform? Each correct answer presents part of the
solution.
A.
Add SSL binding for the www.contosco.com domain
with the IP-based SSL option selected.
B.
Create a CNAME record from www.contoso.com to
contoso.azurewebsites.net.
C. Create a new file that will redirect the site to
the new URL and upload it to the Azure Web site.
D.
Add SSL binding for the www.contoso.com domain
with the server Name indication (SNL)SSL option selected.
E.
Add www.contoso.com to the list of domain names
as a custom domain.
QUESTION-15: You deploy
an Azure web app named contosoApp. ContosoApp is available by using HTTP or
HTTPS. You need to ensure that a web administrator receives an email
notification if the average response time for contosoAPP exceeds 50
milliseconds.
Which two
tasks should you perform? Each correct answer presents part of the solution.
A.
Create an HTTPS monitoring endpoint.
B.
Create a metric
C.
Create a rule.
D.
Create an HTTP monitoring endpoint.
E.
Modify the properties of the connection strings.
F.
Enable Application logging.
Answer: BC
Explanations:
https://docs.microsoft.com/en-gb/azure/application-insights/app-insights-alerts#set-a-metric-alert
Answer: B
QUESTION-16: You have
an Azure subscription.
You create
an Azure Active Directory (Azure AD) tenant named Tenant1.
You need
to configure the integration of Tenant1 and Google Apps.
You
perform the required configuration on the google apps tenant.
Which
three actions should you perform from the Azure Management Portal? Each correct
answer presents part of the solution.
A.
Configure directory integration.
B.
Enable application integration
C.
Add a custom domain.
D.
Configure Single-Sign On (SSO)
E.
Add a multi-factor authentication provider.
Answer: ABD
Explanation:
https://msdn.microsoft.com/en-us/library/azure/dn308591.aspx
QUESTION-17: You have
an Azure subscription that contains a storage account named STOR1 and a
container name CONTAINER1.
You need
to monitor read access for the blobs inside CONTAINER1.
The monitoring
data must be retained for 10 days.
What
should you do?
A.
Run the Set-AzureStorageServiceMetricsProperty
cmdlet.
B.
Run the New-AzureStorageBlobSASToken cmdlet.
C.
Run the Set-AzureStorageServiceLoggingProperty
cmdlet.
D.
Edit the blob properties of CONTAINER1.
Answer: C
Explanation:
https://msdn.microsoft.com/library/mt603595.aspx?f=255&MSPPError=-2147217396
QUESTION-18: You are
designing a Windows Azure application that will use a worker role.
The worker
role will create temporary files.
You need
to recommend an approach for creating the temporary files that minimizes
storage transactions.
What
should you recommend?
A.
Create the files on a Windows Azure Drive.
B.
Create the files in Windows Azure local storage.
C.
Create the files in Windows Azure Storage page
blobs.
D.
Create the files in Windows Azure Storage block
blobs.
Answer: B
QUESTION-19 You are
evaluating a Windows Azure application.
The
application uses one instance of a web role.
The role
instance size is set to Medium.
The
application does not use SQL Azure.
You have
the following requirements for scaling the application:
- Maximize throughput.
- Minimize downtime while scaling.
- Increase system resources.
You need
to recommend an approach for scaling the application.
What
should you recommend?
A.
Set up vertical partitioning.
B.
Set up horizontal partitioning.
C.
Increase the number of role instances.
D.
Change the role instance size to Large.
Answer: C
QUESTION-20: You are
designing a Windows Azure web application.
The
application will be accessible at a standard cloudapp.net URL.
You need
to recommend a DNS resource record type that will allow you to configure access
to the application through a custom domain name. Which type should you
recommend?
A.
A
B.
CNAME
C.
MX
D.
SRV
Answer: B
QUESTION-21: A Windows
Azure application retrieves data from SQL Azure.
You need
to recommend an approach for improving application query performance.
What
should you recommend?
A.
Create a database view to retrieve the data.
B.
Use a clustered index on the SQL Azure database
tables.
C.
Open a new database connection when an operation
times out.
D.
Create SQL Azure database table indexes based on
application queries.
Answer: D
QUESTION-22: You are
developing a Windows Azure application in which a web role and worker role will
communicate by using a Windows Azure Queue.
You need
to recommend an approach for ensuring that the worker role does not attempt to
process any message more than three times. What should you recommend?
A.
Appropriately handle poison messages.
B.
Decrease the visibility timeout for messages.
C.
Reduce the time-to-live interval for messages in
the queue.
D.
Increase the number of worker role instances
reading messages from the queue.
Answer: A
QUESTION-23:
You are
designing a Windows Azure application.
The
application includes processes that communicate by using Windows Communications
Foundation (WCF) services.
The WCF
services must support streaming.
You need
to recommend a host for the processes and a WCF binding.
Which two
actions should you recommend? (Each correct answer presents part of the
solution. Choose two.)
A.
Host the processes in web roles.
B.
Host the processes in worker roles.
C.
Use NetTcpBinding for the WCF services.
D.
Use WSHttpBinding for the WCF services.
Answer: BC
QUESTION-24: An
application uses Windows Azure Table storage.
The
application uses five tables.
One table
used by the application is approaching the limit for storage requests per
second.
You need
to recommend an approach for avoiding data access throttling.
What
should you recommend?
A.
Use a single partition key for the table.
B.
Compress data before storing it in the table.
C.
Create additional partition keys for the table.
D.
Continually remove unnecessary data from the
table.
Answer: C
QUESTION-25: You are
designing an application that will use Windows Azure Table storage to store
millions of data points each day.
The
application must retain each day's data for only one week.
You need
to recommend an approach for minimizing storage transactions.
What
should you recommend?
A.
Use a separate table for each date. Delete each
table when it is one week old.
B.
Use a separate table for each week. Delete each
table when it is one week old.
C.
Use a single table, partitioned by date.
Use Entity
Group Transactions to delete data when it is one week old.
D.
Use a single table, partitioned by week.
Use Entity
Group Transactions to delete data when it is one week old.
Answer: A
QUESTION-26: You are
designing a Windows Azure application that will store data in two SQL Azure
databases.
The
application will insert data in both databases as part of a single logical
operation.
You need
to recommend an approach for maintaining data consistency across the databases.
What should you recommend?
A.
Execute database calls on parallel threads.
B.
Wrap the database calls in a single transaction
scope.
C.
Use Microsoft Distributed Transaction
Coordinator (MSDTC).
D.
Handle errors resulting from the database calls
by using compensatory logic.
Answer: D
QUESTION-27: A Windows
Azure application stores data in a SQL Azure database.
The
application will start an operation that includes three insert statements.
You need
to recommend an approach for rolling back the entire operation if the
connection to SQL Azure is lost.
What
should you recommend?
A.
Ensure that all statements execute in the same
database transaction.
B.
Create a stored procedure in the database that
wraps the insert statements in a TRY CATCH block
C.
Create a stored procedure in the database that
wraps the insert statements in a TRANSACTION block.
D.
Open a new connection to the database. Use a
separate transaction scope to roll back the original operation.
Answer: A
QUESTION-28: You are
developing a REST API service that provides data about products.
The service
will be hosted in an Azure virtual machine (VM).
The
product data must be stored in Azure tables and replicated to multiple
geographic locations.
API calls that use the HTTP GET operation must
continue to function when the data tables at the
primary
Azure datacenter are not accessible.
You need
to configure storage for the service.
Which type
of replication should you choose?
A.
Locally Redundant Storage replication
B.
Geo-Redundant Storage replication
C.
Zone-Redundant Storage replication
D.
Read-Access Geo-Redundant Storage replication
Answer: D
QUESTION-29: You are
migrating an existing solution to Azure.
The
solution includes a user interface tier and a database tier.
The user
interface tier runs on multiple virtual machines (VMs).
The user
interface tier has a website that uses Node.js.
The user
interface tier has a background process that uses Python.
This
background process runs as a scheduled job.
The user
interface tier is updated frequently.
The
database tier uses a self-hosted MySQL database.
The user
interface tier requires up to 25 CPU cores.
You must
be able to revert the user interface tier to a previous version if updates to
the website cause technical problems. The database requires up to 50 GB of
memory. The database must run in a single VM.
You need
to deploy the solution to Azure.
What
should you do first?
A.
Deploy the entire solution to an Azure website.
Use a web
job that runs continuously to host the database.
B.
Deploy the database to a VM that runs Windows
Server on the Standard tier.
C.
Deploy the entire solution to an Azure website.
Run the
database by using the Azure data management services.
D.
Deploy the user interface tier to a VM.
Use
multiple availability sets to continuously deploy updates from Microsoft Visual
Studio Online.
Answer: C
QUESTION-30: You are
designing a Windows Azure application that will use Windows Azure Table
storage.
You need
to recommend an approach for minimizing storage costs.
What
should you recommend?
A.
Use Entity Group Transactions.
B.
Use multiple partitions to store data.
C.
Use a transaction scope to group all storage
operations.
D.
Use Microsoft Distributed Transaction
Coordinator (MSDTC).
Answer: A
QUESTION-31: You host
an application on an Azure virtual machine (VM) that uses a data disk. The
application performs several input and output operations per second. You need
to disable disk caching for the data disk.
Which two
actions will achieve the goal? Each answer presents a complete solution.
A.
Use the Azure Resource Manager REST API
B.
Use the Service Management REST API.
C.
Run the following Windows PowerShell cmdlet:
Remove-AzureDataDisk
D.
Run the following Windows PowerShell cmdlet:
Set-AzureDataDisk
Answer: AD
Explanation:
http://msdn.microsoft.com/en-us/library/azure/jj157190.aspx
QUESTION-32: You manage
an Azure virtual network that hosts 15 virtual machines (VMs) on a single
subnet, which is used for testing a line of business (LOB) application.
The
application is deployed to a VM named TestWebServiceVM.
You need
to ensure that TestWebServiceVM always starts by using the same IP address.
You need
to achieve this goal by using the least amount of administrative effort.
What are
two possible ways to achieve the goal? Each correct answer presents a complete
solution.
A.
Run the following Azure PowerShell
cmdlet:Set-AzureStaticVNetIP
B.
Use the Azure portal to configure TestWebServiceVM.
C.
Run the following Azure PowerShell
cmdlet:Get-AzureReservedIP
D.
Use RDP to configure TestWebServiceVM.
Answer: AB
Explanation:
https://msdn.microsoft.com/en-us/library/azure/dn722490.aspx
QUESTION-33: You have
an Azure subscription that contains a backup vault named BV1.
BV1
contains five protected servers. Backups run daily.
You need
to modify the storage replication settings for the backups.
What
should you do first?
B.
Run the Remove-OBPolicy cmdlet.
C.
Configure the backup agent properties on all
five servers.
D.
Run the Remove-OBFileSpec cmdlet.
Answer: A
Explanation:
QUESTION-34: You deploy
a web application to an Azure Cloud Service.
The
application uses a storage account that contains a large number of storage
objects. You need to grant clients access to application data for a specified
interval of time while minimizing effort.
What
should you create?
A.
a stored access policy
B.
a service shared access signature
C.
an account shared access signature
D.
a network security group
Answer: C
Explanation:
https://azure.microsoft.com/en-gb/documentation/articles/storage-dotnet-shared-access-
signature-part-1/
QUESTION-35: A company is
developing a new on-premises desktop application.
The app
must be able to access Azure Active Directory (Azure AD) in addition to the
on-premises Active Directory.
You need to
configure the application.
Which two
actions should you perform? Each correct answer presents part of the solution.
A.
Install and run Azure AD Connect
B.
Add an application manifest JSON file to the
application and configure the oauth2Permissions section.
C.
Update the application to be multi-tenant.
D.
Update the application to use OAuth 2.0
authentication.
E.
In the Azure Management portal, register the
application.
Answer: AE
QUESTION-36: You have
an Azure subscription that has five virtual machines (VMs).
You
provision the VMs in an availability set to support an existing web service.
You
anticipate additional traffic.
You
identify the following additional requirements for the VMs:
You need
to scale the service.
What
should you recommend?
A.
P10 Premium Storage
B.
P20 Premium Storage
C.
a Basic Tier VM
D.
a Standard Tier VM
Answer: B
Explanation:
https://azure.microsoft.com/en-gb/documentation/articles/storage-premium-storage/#premium-
storage-scalability-and-performance-targets
QUESTION-37: You manage
a cloud service that utilizes an Azure Service Bus queue. You need
to ensure that messages that are never consumed are retained.
What should
you do?
A.
Check the MOVE TO THE DEAD-LETTER SUBQUEUE
option for Expired Messages in the Azure Portal.
B.
From the Azure Management Portal, create a new
queue and name it Dead-Letter.
C.
Execute the Set-AzureServiceBus PowerShell
cmdlet.
D.
Execute the New-AzureSchedulerStorageQueueJob
PowerShell cmdlet.
Answer: A
Explanation:
The
EnableDeadLetteringOnMessageExpiration property allows to enable\disable the
dead-lettering on message expiration.
QUESTIO-38: A company
has an Azure subscription with four virtual machines (VM) that are provisioned
in an availability set. The VMs support an existing web service. The company
expects additional demand for the web service.
You add 10
new VMs to the environment.
You need
to configure the environment.
How many
Update Domains (UDs) and Fault Domains (FDs) should you create?
A.
2 UDs and 5 FDs
B.
5 UDs and 2 FDs
C.
14 UDs and 2 FDs
D.
14 UDs and 14 FDs
Answer: B
QUESTION-39: You have
an Azure subscription.
In Azure,
you create two virtual machines named VM1 and VM2. Both virtual machines are
instances in a cloud service named Cloud1.
You need
to ensure that the virtual machines only replicate within the data center in
which they were created.
Which
settings should you modify?
A.
virtual machine
B.
storage account
C.
cloud services
D.
Azure subscription
Answer: B
QUESTION-40: You are
the global administrator for a company's Azure subscription.
The
company uses Azure Active Directory Premium and the Application Access Panel.
You are
configuring access to a Software as a Service (SaaS) application.
You need
to ensure that the sales team lead is able to manage user access to the application
but is unable to modify administrative access to the application. In the Azure
portal, what should you do?
Create an
Azure user with the User Admin role, and assign the user as the owner of the
new group.
B.
Create an Azure group and assign it to the SaaS
application.
Create an
Azure user with the Service Admin role, and assign the user as the owner of the
new group.
C.
Set the values of the Delegated group management
and Users can create groups settings to Enabled.
D.
Create an Azure group and assign it to the SaaS
application.
Create an
Azure user with the Global Admin role, and assign the user as the owner of the
new group.
Answer: C
Delegated
group management An example is an administrator who is managing access to a
SaaS application that the company is using. Managing these access rights is
becoming cumbersome, so this administrator asks the business owner to create a
new group. The administrator assigns access for the application to the new
group, and adds to the group all people already accessing to the application.
The business owner then can add more users, and those users are automatically
provisioned to the application. The business owner doesn’t need to wait for the
administrator to manage access for users. If the administrator grants the same
permission to a manager in a different business group, then that person can
also manage access for their own users. Neither the business owner nor the
manager can view or manage each other’s users. The administrator can still see
all users who have access to the application and block access rights if needed.
No comments:
Post a Comment