Implementing Microsoft Azure Infrastructure Solutions (70-533_Part-I)
I
am starting a blog to learn Implementing Microsoft Azure Infrastructure
Solutions (70-533). For this purpose I am posting practice questions
with answers from different dumps. The objective to achieve is to
discuss if the answers are correct or incorrect. I need input (comments) from you
people and it will also be helpful for those who intends to take this
exam. First question with its topic is as follows;
Question-1: A company has
three web apps that run in Azure.
The web apps
have the following characteristics and requriements:
a. App1 has a legacy database. Only one instance of the
web app must be used at a given time
b. App2 has users in different regions. Users must be
balanced between multiple web apps instances.
c. App2 has users in different regions. Users must access
the web app in the nearest physical region.
You need
configure Trafic routing.
Select:
Performance, priority or weighted for each App.
Answer:
App1: Priority
App2: Weight
App3:
Performance
Question-2 You create an
azure active directory tenant named Tenant1 that has a domain name of
tenant1.onmicrosoft.com
You need to add
the contoso.com domain name to Tenant1.
Which DNS
record should you add to the contosol.com zone to be able to verify from Azure
whether you own the contoso.com domain?
a.
Signature (SIG)
b.
Service Location (SRV)
c.
Text (TXT)
d.
DNSKEY
Answer:C
The Verify domain dialog
box opens giving you the values to create the TXT record in your DNS hosting
provider.
·
GoDaddy
users: Office 365
Management portal redirects you to GoDaddy's login page. After you enter your
credentials and accept the domain change permission agreement, the TXT record
is created automatically. You can alternatively create the TXT record.
·
Register.com
users: Follow
the step-by-step instructions to create
the TXT record.
https://docs.microsoft.com/en-us/intune/custom-domain-name-configure
Question-3 You plan implement shared storage policies.
You need to apply a policy to the appropriate resource.
What should you use?
A.
Queues B. Resource group
C Azure SQL Database
D. Recovery Services Vault
Policy assignment
A policy assignment is
a policy definition that has been assigned to take place within a specific
scope. This scope could range from a management group to a resource group. The
term scope refers to all the resource groups, subscriptions, or
management groups that the policy definition is assigned to
https://docs.microsoft.com/en-us/azure/azure-policy/azure-policy-introductionQUESTION-4
Which machines can be replicated to Azure using vmware vsphere 6.5
A.windows server 2012
B.windows server 2008R2
C.Centos 7.3
D.RHEL 7.3
B.windows server 2008R2
C.Centos 7.3
D.RHEL 7.3
Answer:A-can be replicated
B-can’t
be replicated
C-can be
replicated
D-can be
replocated
Not B (Needs to be Windows Server 2008 R2 with at least SP1)
Red Hat Enterprise Linux : 5.2 to 5.11, 6.1 to 6.9, 7.0 to 7.3
CentOS : 5.2 to 5.11, 6.1 to 6.9, 7.0 to 7.3
Question-5
Rearange ARM Json template so that only Storage and VM can be created
This is just an draft, couldn’t remember whole script but this could give you a hint how to reorder template file
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
{
"not": {
"field": "Microsoft.Storage/sku.name",
"field": "Microsoft.compute/sku.name",
"in": "[parameters('listOfAllowedSKUs')]"
}
}
]
},
"then": {
"effect": "Deny"
}
}
Can AD FS server be deployed to Azure in order for users to be authenticated in web App
It’s set of YES/NO answers
I can’t remember any of these questions but thumb of rule is that we should put ADFS server in Azure
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-azure-adfs
Question-6: You are an Administrator of an Azure subscnptton for your company
Management asks you to assign
the user UserI@adatumcom to a role that can create virtual (VMs) The user
must not bo able to manage storage or virtual network for the
MarketingGroupResources resource group. User I must have no need to impermeant
requirements.
How should you complete the Azure
PowerShell command?
In my opinion that was sth like
In here ware
Get-AzureRmRoleAssignment
Set-AzureRmRoleAssignment
New-AzureRmRoleAssignment -SignInName
allen.young@live.com
-RoleDefinitionName Virtual Machine Contributor -ResorceGroup
MarketingGroupResources
Question-7 :You administer an Azure subscription for your company, you plan to deploy virtual machine to azure.
The VM environment must provide 99.95% uptime. A single switch outage must not sure the VM environment to be unavailable. The VM must not be offline due to installation of an update that require a reboot.
You need to configure the environment.
Solution: Create two availability sets. Place a VM in each availability set.
Does the solution meet the goal?
Answer:NO
https://www.opsgility.com/blog/windows-azure-powershell-reference-guide/understanding_configuring_availability_sets_powershell/
One availiability set is enough
Question-8: You administer an Azure subscription for your company, you plan to deploy virtual machine to azure.
The VM environment must provide 99.95% uptime. A single switch outage must not sure the VM environment to be unavailable. The VM must not be offline due to installation of an update that require a reboot.
You need to configure the environment.
Solution: Create and availability set and deploy two VMs in it. Ensure that the VMs are in different update and fault domains.
Does the solution meet the goal
Answer:YES
Question-9: A company is using Azure to host virtual machines (VMs) and web apps. Two web apps named App1 and App2 are configured in the environment. App1 must be able to scale up to 10 instances. App2 must be able to scale up to 25 instances. The app services must be configured to minimize costs.
You need to set the app service tier for each application. Which service tier should you use for each app? To answer, select the appropriate options in the answer area.
App1: a) Shared b) Standard, c) Basic d) Premium
App2: a) Shared b) Standard, c) Basic d) Premium
Answer:App1-Standard
App2-Isolated (although isolated is not specified-maybe something is missing from question) ?
Standard tier maximum number of instances is up to 10, isolated-up to 100
Not premium (up to 20)
https://azure.microsoft.com/en-us/pricing/details/app-service/
Question-10: A company uses Azure to store data in blobs. You need to modify metadata properties for the Azure containers. How should you complete the REST API segment?
X-ms-version, X-ms-date, X-ms-meta-category, Authorization, SignedVersion
: 2017-08-18. Sun, 25 Sep 2011 22:50:32. Images. SharedKey myaccount: z5043vy
Answer:
X-ms-version ————————— 2017-08-18. Sun
X-ms-date —————————–25 Sep 2011 22:50:32
X-ms-meta-category—————– Images
Authorization, ————————- SharedKey myaccount: z5043vy
From https://docs.microsoft.com/en-us/rest/api/storageservices/set-container-metadata:
Request Headers:
x-ms-version: 2011-08-18
x-ms-date: Sun, 25 Sep 2011 22:50:32 GMT
x-ms-meta-Category: Images
Authorization: SharedKey myaccount:Z5043vY9MesKNh0PNtksNc9nbXSSqGHueE00JdjidOQ=
Question-11: A company has an Azure subscription and plans to deploy virtual machines (VMs). The company needs to use an Azure Active Directory Domain Services (Azure AD D) domain with the VMs. You need to ensure that you can join the VMs to the Azure AD DS domain. What should you do?
a) Place a the VMs in the same resource group as a domain controller
b) place the VMs on the same virtual network as the Azure AD DS domain,
c) Create an AD DS domain controller on a VM,
d) Create a custom domain in the Azure subscription.
Answer: B
According to https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-join-windows-vm-portal
On the Settings page of the wizard, select the virtual network in which your Azure AD Domain Services managed domain is deployed.
Question-12 :You plan to use Azure Monitor with AutoScale Services. You create a URI to be used with the monitoring service. You need to configure an alert that specifies the URI. Which Azure command-line interface (CLI) command or Azure Powershell cmdlet should you run?
a) Azure insights alert actions webhook create
b) New-AzureRMAlertRuleEmail
c) Azure insights logprofile add
d) Azure insights alerts rule list
Answer:A
From https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/insights-webhooks-alerts
You can add or update the webhook URI in the Create/Update Alerts screen in the portal.
Question-13: Select powershell runbook commnad to start vm in
azure
Answer: workflow MyFirstRunbook-Workflow
{
Param(
[string]$VMName,
[string]$ResourceGroupName
)
{
Param(
[string]$VMName,
[string]$ResourceGroupName
)
Start-AzureRmVM -Name $VMName -ResourceGroupName
$ResourceGroupName
}
Question-14: On which resource you can create shared
access policy?
1. Table 2. Resource Group 3. premium disk 4.
can’t remember
Answer is – Resource
Group
Reference:
Question-15: You need need provide monitoring and diagnostic capabilities
for the VM.
Which additional parameter should you include in the
template:
“resources”: [
{
“name”: …,
{
“name”: …,
“type”: …
“location”:…
“apiVersion”: …,
“dependsOn”: …
“tags”: {
…}
A.
instanceSizeB. instanceCount
C. condition
D. ExistingDiagnosticStorageAccount
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/extensions-diagnostics-template
QUESTION-16: A company has a hybrid environment. The public IP Address of the on-premises environment is 40.84.199.233. the company deploys virtual machines to azure on different subnets. You need to ensure that the azure vms can communicate with the on-premises environement. What should you create
a. A an internet rule for each subnet
b. A user defined route to 255.255.255.0/0 with a vpn gateway
c. A user defined route to 0.0.0.0/30 with a vpn gateway
d. A border gateway protocol route by using expressroute
Answer:A
QUESTION-17: You plan to integrate azure active directory with the following custom application;
a. App1: native client application
b. Requires access to the web API as the authenticated user
c. Requires access to the web api without user context
You need to configure the web api permissions for the apps. Which type of permissions should you use for each app
Application Permissions, Delegated Permissions (App1 Permssion type) . (App2 Permssion type). (App3: Permssion type)
Answer:
a. App1: Delegated Permission (Native client app can’t be
configured with Application Permission)
b. App2: Delegated Permission, to have authenticated access.
c. App3: Application Permission.
b. App2: Delegated Permission, to have authenticated access.
c. App3: Application Permission.
After
the user has signed in, Azure AD will determine if the user needs to be shown a
consent page. This determination is based on whether the user (or their
organization’s administrator) has already granted the application consent. If
consent has not already been granted, Azure AD prompts the user for consent and
displays the required permissions it needs to function. The set of permissions
that are displayed in the consent dialog match the ones selected in the
Delegated Permissions in the Azure portal.
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications
QUESTION-18: A company uses azure to host web apps. The company plans to deploy a new web app using a kubernetes cluster. You create a new resource group for the cluster. You need to deploy the application. Which three actions should you perform in sequence?
a. Configure the kubernetes credentials
b. Create the kubernetes applications
c. Clone the kubernetes application
d. Create a container image
e. Create the kubernetes cluster
Answer:CDE
https://koukia.ca/run-your-application-in-kubernetes-cluster-in-azure-container-service-85f87edceee3
QUESTION-19: A company uses azure to host virtual mahcines and we app. A line of business application that urns on a vm must use encrypted storage. You need to ensure that the vms support the lob application. What should you do?
a. Run the add-azurermvmsssecret azure powershell cmdlet
b. Scan the environemtn form the azure security manage.
c. Run the test-azurermvmaemextention azure powershell cmdlet
d. Run the set-azurermvmdiskencrpytionextension azure powershell cmdlet
Answer:D
QUESTION-20 : A company plans to integrate azure active directory and google apps using single sing-on (SSO). You need to configure the federation and demonstrate (SSO) with an account named User1. Which three actions should you perform in sequence?
a. Configure sso in the google apps admin console
b. Assign an azure ad premium license to user1
c. Create user1 and add the security assignment
d. Add the google apps application from the gallery.
Answer:DAC
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-google-apps-tutorial
QUESTION-21: You manage an azure subscription for your company. You plan to implement an application in azure that consists of a web tier and a data tier. The application has the following requirement;
a. Be available even if a single virtual machine becomes unavailable
b. Remain available during Microsoft planned maintenance events.
c. Verify the health of the vms before a connection to a vm is established.
You need to configure the environment
No. of availability sets:
i)
do not create ii)
ii)
create one
availability set
iii)
create two
availability sets
iv)
create three availabity sets
Answer: III) 2 availability sets (an
application in azure that consists of a web tier and a data tier)https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
Application tier availabity :
i) implement multiple fault domains
ii) implement multiple update domains
iii) implement an azure load balancer
iv) implement a recovery services vault
Answer:III)Impelemnt an Azure load balancer – Question says:Verify the health of the vms before a connection to a vm is established.
Azure Load Balancer can probe the health of the various server instances. When a probe fails to respond, the load balancer stops sending new connections to the unhealthy instances. Existing connections are not impacted.
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
QUESTION 22: A company plans to store data for the accounting and human resources departments in azure storage accounts. You have the following requirements
a. Data for both departments must be encrypted when stored
b. The accounting department must be able to query each object to verify that it is encrypted.
c. The human resources department must be abel to switch access tiers at any time.
Which storage types shoud you use?
i) Blob storage
ii) file storage
iii) table storage
iv) queue storage
Answer: I-Blob storage
In case we need to choose multiple answers then Blob and file storage
I had this question but can’t tell for sure if it asks for one or more answers
Blob storage can switch tiers
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
To verify encryption is enabled for their storage accounts, customers can either query the status of encrypted data for blobs and file (not available for table and queue storage), or check account properties.
https://azure.microsoft.com/en-us/blog/announcing-default-encryption-for-azure-blobs-files-table-and-queue-storage/
QUESTION-23: A company uses azure resource mangaer (ARM) templates to create resources. The following segment is from one of the company’s arm templates.
“properties”:{
Routes: {
{
:name”: “myroute”;
“properties” {
“addressprefix”: “{parameters)(‘backendsubnetfrefix’)};
“nexthoptype”: “”virtualappliance”,
“nexthopipaddress” : “[parameters(vmIPaddress’)]
}
}
]
Choose the the answer
The type of route defined is:
a) UDR-Frontend
b) UDR-BackEnd
c) VNet d) Internet
Answer: A
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-create-udr-arm-template#udr-resources-in-a-template-file
The route will send traffic directly to an:
a) Azure appliance
b) azure subnet
c) on-premises appliance
d) on-premises subnet
Answer:A (need confirmation)
QUESTION-24: How many licenses do I need to monitor my infrastructure?
The first Connect Health Agent requires at least one Azure AD Premium license.
Each additional registered agent requires 25 additional Azure AD Premium licenses.
https://docs.microsoft.com/en-us/azure/active-directory/connect-health/active-directory-aadconnect-health-faq
Installation action:
a) install agent on an azure virtual machine
b) install the agent on on-premises Ad ds server.
c) install the agent on on-premises ad cs server.
Answer:B (or any option which mention On premise Doman Controller (I presume AD DS server stands for Active Directory Domain Services server)
Azure AD Connect Health requires the Health Agents to be installed and configured on targeted servers to receive the data and provide the Monitoring and Analytics capabilities
For example, to get data from your AD FS infrastructure, the agent must be installed on the AD FS and Web Application Proxy servers. Similarly, to get data on your on-premises AD DS infrastructure, the agent must be installed on the domain controllers.
https://docs.microsoft.com/en-us/azure/active-directory/connect-health/active-directory-aadconnect-health-agent-install
QUESTION-25: You plan to use azure active directory connect health to monitor azure ad and on-premises active directory domain services.
You need to obtain the appropriates license type and ensure that you monitor the server.
What should you do?
Select license type:
a) azure ad standard
b) azure ad premium
c) enterprise mobility + security
d) operations management suite
Answer:B
QUESTION-26: A company plans to use operations management suite (OMS) to track changes within virtual machines (VMs). The company requires that data collection occur at least every 15 minutes. You need to recommend a solution to monitor VMs which ensure that data collection occurs at least every 15 minutes.
Solution: Monitor files on Linux VMs (Does the solution meet the goal? YES / NO)
YES-Monitoring frequency for Linux files is 15 minutes
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-change-tracking
QUESTION-27: A company plans to use operations management suite (OMS) to track changes within virtual machines (VMs). The company requires that data collection occur at least every 15 minutes. You need to recommend a solution to monitor VMs which ensure that data collection occurs at least every 15 minutes.
Solution: Monitor daemons on Linux VMs (Does the solution meet the goal? YES / NO)
Answer:YES
QUESTION-27: A company plans to use operations management suite (OMS) to track changes within virtual machines (VMs). The company requires that data collection occur at least every 15 minutes. You need to recommend a solution to monitor VMs which ensure that data collection occurs at least every 15 minutes.
Solution: Monitor registry keys on windows VMs. (Does the solution meet the goal? YES / NO)
Answer:NO
QUESTION-28: Akamai Vs Verizon Question:
Video streaming optimization
Custom domain HTTPS
Custom domain name support
Does Akamai support this
YES/NO
NO-Akamai doesn’t support Custom domain HTTPS from list above
Akamai DOESN’T support:
Custom domain HTTPS
Asset pre-loading
Cache/header settings (using rules engine)
Token authentication
Analytics and Reporting
Core reports from Verizon
Custom reports from Verizon
Advanced HTTP reports
Real-time stats
Edge node performance
Real-time alerts
Ease of Use
Customizable, rule-based content delivery engine
URL redirect/rewrite (using rules engine)
Mobile device rules (using rules engine)
https://docs.microsoft.com/en-us/azure/cdn/cdn-overview
QUESTION-29: You plan
to use Azure powershell runbook to start a virtual machine named VM1.
You need
to add the code to the runbook.
Which
code?
A. Workflow{
Start-AzureRMVM
-Name VM1 -ResourceGroupName ‘RG1’
}
B. Runbook{
Start-AzureRMVM
-Name VM1 -ResourceGroupName ‘RG1’
}
C. Runbook Runbook1{
Start-AzureRMVM
-Name VM1 -ResourceGroupName ‘RG1’
}
D. Workflow Runbook1{
Start-AzureRMVM
-Name VM1 -ResourceGroupName ‘RG1’
}
Answer:D
QUESTION-30: You need to deploy ubuntu machine to azure, what’s the
fastest way:
A-xPlat Azure CLI
B-Chef
C-Puppet
D-Unfortunately cannot remember what was for D VMSS DSC or Cloud-Int
B-Chef
C-Puppet
D-Unfortunately cannot remember what was for D VMSS DSC or Cloud-Int
Answer:
If D is Cloud-Int then it’s the answer, if D is DSC then
answer would be A
You need to determine the change types that report difference when changes are found
Which action for each source type is performed by the OMS agent, to answer, drag appropriate action to the data source
Answer:
Windows registry keys: Changes are not sent
Windows files:Changes sent to OMS
Linux files:Changes sent to OMS
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-change-tracking
QUESTION-32: A company uses Azure AD Connect to synchronize on-premises and Azure identities.The company uses Active Directory Federation Services for
external users
You need to ensure that Azure Connect Health can analyze all AD FS audit logs
A:On Azure AD Connect Server,enable security Auditing
B:On AD FS Server enable security auditing
C:On AD FS Server set audit policy to Verbose
D:ON Azure AD Connect server, set the audit policy to verbose
Answer:BC
QUESTION-33: You use Azure Backup to back up a System Center Data Protection Manager Server.You create
a backup vault and add it to DPM server
You need to ensure that you don’t accrue any extra cost
A:Disable the Azure Backup agent
B:Reissue the vault credential file
C:Change the storage redundancy option
D:Change the retention policy
Answer:CD
No comments:
Post a Comment