0% found this document useful (0 votes)

376 views240 pages

Azure VM & Network Configuration Guide

Traffic from VM1 in the VNET1 virtual network can reach the TCP port 1433 services on VM3 because there are no network security groups applied to VM3's subnet or network interface that would block the

Uploaded by

carlos david

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

376 views240 pages

Azure VM & Network Configuration Guide

Uploaded by

carlos david

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 240

Pregunta 1:

Omitido
You create an Azure VM named VM1 that runs Windows Server 2019.

VM1 is configured as shown in the exhibit.

You need to enable Desired State Configuration for VM1.

What should you do first?


Connect to VM1

Configure a DNS name for VM1

Capture a snapshot of VM1

Start VM1

(Correcto)

Explicación
Correct Answer: Start VM1

Status is Stopped (Deallocated).

The DSC extension for Windows requires that the target virtual machine is able to
communicate with Azure.

The VM needs to be started.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-
windows

Quick Preview:
Pregunta 2:
Omitido
You have an Azure App Service web app named app1.

You configure autoscaling as shown in following exhibit.

You configure the autoscale rule criteria as shown in the following exhibit.
Use the drop-down menus to select the answer choice that answers following
question based on the information presented in the graphic.

After CPU usage has reached 80 percent for 15 minutes, .......... will
be running

4 instances

2 instances

(Correcto)

5 instances

1 instance

3 instances
Explicación
Correct Answer: 2 instances

Initial instance is 1 as specified in first figure. 80% for 15 minutes reaches 10

minutes duration, but haven't reached second turn of scale out, so only one new
instance is created.
Note: Autoscale settings help ensure that you have the right amount of resources
running to handle the fluctuating load of your application. You can configure
autoscale settings to be triggered based on metrics that indicate load or
performance, or triggered at a scheduled date and time.

Reference:

https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-
understanding-settings

https://github.com/MicrosoftDocs/azure-docs/issues/56120

Quick Preview:

Pregunta 3:
Omitido
You have a virtual network named VNET1 that contains the subnets shown in the
following table:

You have two Azure virtual machines that have the network configurations shown
in the following table:

For NSG1, you create the inbound security rule shown in the following table:

For NSG2, you create the inbound security rule shown in the following table:

For each of the following statements, select Yes if the statement is true. Otherwise,
select No.

VM2 can connect to the TCP port 1433 services on VM3

Yes

(Correcto)

No
Explicación
Correct Answer: Yes
YES - For VM3 there are no NSGs applied neither on subnet or NIC level hence all
traffic is allowed.

Note: You can use an Azure network security group to filter network traffic to and
from Azure resources in an Azure virtual network. A network security group
contains security rules that allow or deny inbound network traffic to, or outbound
network traffic from, several types of Azure resources. For each rule, you can
specify source and destination, port, and protocol.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Quick Preview:

Pregunta 4:
Omitido
You have an Azure subscription that contains a resource group named RG1.
You plan to use an Azure Resource Manager (ARM) template named template1 to
deploy resources. The solution must meet the following requirements:

 Deploy new resources to RG1.

 Remove all the existing resources from RG1 before deploying the new
resources.
1. New-AzResourceGroupDeployment -TemplateUri
"https://contoso.com/template1" -TemplateParameterfile params.json
[....Slot-1....] RG1 -Mode [....Slot-2....]

How should you complete the command?

Slot-1: -ResourceGroupName

(Correcto)

Slot-2: Complete

(Correcto)

Slot-1: -Name

Slot-1: -Tag

Slot-1: -QueryString


Slot-2: Incremental

Slot-2: All
Explicación
Correct Answer:
 Slot-1: -ResourceGroupName
 Slot-2: Complete

-ResourceGroupName: Specifies the name of the resource group to deploy.

Complete: In complete mode, Resource Manager deletes resources that exist in

the resource group but are not specified in the template.

Reference:

https://learn.microsoft.com/en-us/powershell/module/az.resources/new-
azresourcegroupdeployment?view=azps-9.3.0#-resourcegroupname

Quick Preview:
Pregunta 5:
Omitido
You have an Azure subscription that contains three virtual networks named VNET1,
VNET2, and VNET3.

Peering for VNET1 is configured as shown in the following exhibit.

Peering for VNET2 is configured as shown in the following exhibit.

Peering for VNET3 is configured as shown in the following exhibit.

How can packets be routed between the virtual networks?

Packets from VNET1 can be routed to ..........


VNET3 only

VNET2 and VNET3

(Correcto)

VNET2 only
Explicación
Correct Answer: VNET2 and VNET3

VNet1 is peered with VNet2 and VNet3. Also Gateway transit is disabled.

VNet1: Peered with VNet2 and VNet3

VNet2: Peered with VNet1

VNet3: Peered with VNet1

Note: Virtual network peering enables you to seamlessly connect two or more

Virtual Networks in Azure. The virtual networks appear as one for connectivity
purposes. The traffic between virtual machines in peered virtual networks uses the
Microsoft backbone infrastructure. Like traffic between virtual machines in the
same network, traffic is routed through Microsoft's private network only.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-
overview
Quick Preview:

Pregunta 6:
Omitido
You have an Azure DNS zone named adatum.com.
You need to delegate a subdomain named research.adatum.com to a different
DNS server in Azure.

What should you do?

Modify the SOA record of adatum.com

Create a PTR record named research in the adatum.com zone

Create an A record named *.research in the adatum.com zone

Create an NS record named research in the adatum.com zone

(Correcto)

Explicación
Correct Answer: Create an NS record named research in the adatum.com zone

An NS record or (name server record) tells recursive name servers which name
servers are authoritative for a zone. You can have as many NS records as you
would like in your zone file. The benefit of having multiple NS records is the
redundancy of your DNS service.

You need to create a name server (NS) record for the zone.
Reference:

https://docs.microsoft.com/en-us/azure/dns/delegate-subdomain

Quick Preview:

Pregunta 7:
Omitido
You have an Azure subscription that contains the resources shown in the following
table.

LB1 is configured as shown in the following table.

You plan to create new inbound NAT rules that meet the following requirements:
 Provide Remote Desktop access to VM1 from the internet by using port
3389.
 Provide Remote Desktop access to VM2 from the internet by using port
3389.

What should you create on LB1 before you can create the new inbound NAT rules?

a load balancing rule

a frontend IP address

(Correcto)

a backend pool


a health probe
Explicación
Correct Answer: a frontend IP address

Key is port 3389 from the internet for both VMs. If we want to connect to two
different machines on the same port we need to have two different frontend IPs for
the port forwarding.

Before creating new inbound NAT rules on LB1, you need to create a frontend IP
address. Creating a frontend IP address is necessary because it is the public IP
address that external clients use to connect to the load balancer. Without a
frontend IP address, the load balancer cannot receive incoming traffic from the
internet.

To enable Remote Desktop access to VM1 and VM2 from the internet using port
3389, you need to create two new inbound NAT rules on LB1. Each NAT rule maps
an external port on the frontend IP address to an internal port on a specific virtual
machine's IP address and port number. Therefore, you need to create a frontend IP
address first so that the NAT rules can use it to receive external traffic.

Reference:

https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-floating-ip

https://learn.microsoft.com/en-us/azure/load-balancer/manage-inbound-nat-rules

Quick Preview:
Pregunta 8:
Omitido
You have an Azure subscription that contains the resources shown in the following
table.

In Azure Cloud Shell, you need to create a virtual machine by using an Azure
Resource Manager (ARM) template.
Which of the following would go into Slot-2 ?

-Subscription 9c8bc1cd-7655-4c66-b3ea-a8ee101d8f75

-GroupName ManagementGroup1'

-ResourceGroupName RG1'

(Correcto)

-Tag Tag1'
Explicación
Correct Answer: -ResourceGroupName RG1'

It’s one of parameters of New-AzResourceGroupDeployment to specify to which

resource group you want to deploy resources.

You could use New-AzVm to create a VM, but it doesn’t use a template. You would
need to provide all parameters in the command line.

1. $resourceGroupName = Read-Host -Prompt "Enter the Resource Group name"

2. $location = Read-Host -Prompt "Enter the location (i.e. centralus)"
3. $adminUsername = Read-Host -Prompt "Enter the administrator username"
4. $adminPassword = Read-Host -Prompt "Enter the administrator password" -
AsSecureString
5. $dnsLabelPrefix = Read-Host -Prompt "Enter an unique DNS name for the
public IP"
6.
7. New-AzResourceGroup -Name $resourceGroupName -Location "$location"
8. New-AzResourceGroupDeployment `
9. -ResourceGroupName $resourceGroupName `
10. -TemplateUri "https://raw.githubusercontent.com/Azure/azure-
quickstart-templates/master/quickstarts/microsoft.compute/vm-simple-
windows/azuredeploy.json" `
11. -adminUsername $adminUsername `
12. -adminPassword $adminPassword `
13. -dnsLabelPrefix $dnsLabelPrefix
14.
15. (Get-AzVm -ResourceGroupName $resourceGroupName).name

Reference:

https://learn.microsoft.com/en-us/azure/virtual-machines/windows/ps-template

https://learn.microsoft.com/en-us/powershell/module/az.compute/new-azvm?
view=azps-9.6.0

https://learn.microsoft.com/en-us/powershell/module/az.resources/new-
azresourcegroupdeployment?view=azps-9.6.0

Quick Preview:
Pregunta 9:
Omitido
You have an Azure subscription named Subscription1 that contains a resource
group named RG1.

In RG1, you create an internal load balancer named LB1 and a public load balancer
named LB2.

You need to ensure that an administrator named Admin1 can manage LB1 and
LB2. The solution must follow the principle of least privilege.

Which role should you assign to Admin1 to add a health probe to LB2 ?

Network Contributor on RG1

(Correcto)

Owner on LB2

Contributor on LB2

Network Contributor on LB2

Explicación
Correct Answer: Network Contributor on RG1

For Health Probe also, without having access to RG1, no health probe can be
added. If only Network Contributor role is assigned to LB then the user would not
be able to access the IP addresses of the member pools.
Owner/Contributor can give the user access for everything. So it will not fit into the
the principle of least privilege. Hence Owner and contributor role is incorrect
choices for the question.

Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Quick Preview:
Pregunta 10:
Omitido
You are creating an Azure Kubernetes Services (AKS) cluster as shown in the
following exhibit.
Use the drop-down menus to select the answer choice that completes the
following statement based on the information presented in the graphic.

To ensure that you can integrate AKS1 with an Azure container registry,
you must modify the .......... setting.

Authorized IP ranges

AKS-managed Azure Active Directory

(Correcto)

Authentication method

Kubernetes version

Network configuration
Explicación
Correct Answer: AKS-managed Azure Active Directory

The AKS to ACR integration assigns the AcrPull role to the Azure Active Directory
(Azure AD) managed identity associated with your AKS cluster.
Note: There is a latency issue with Azure Active Directory groups when attaching
ACR. If the AcrPull role is granted to an Azure AD group and the kubelet identity is
added to the group to complete the RBAC configuration, there may be a delay
before the RBAC group takes effect. If you are running automation that requires the
RBAC configuration to be complete, we recommended you use the Bring your own
kubelet identity as a workaround. You can pre-create a user-assigned identity, add
it to the Azure AD group, then use the identity as the kubelet identity to create an
AKS cluster. This ensures the identity is added to the Azure AD group before a
token is generated by kubelet, which avoids the latency issue.

Reference:

https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-
integration?tabs=azure-cli

Quick Preview:
Pregunta 11:
Omitido
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated
goals. Some question sets might have more than one correct solution, while others
might not have a correct solution.

Your company's Azure solution makes use of Multi-Factor Authentication for when
users are not in the office. The Per Authentication option has been configured as
the usage model.

After the acquisition of a smaller business and the addition of the new staff to
Azure Active Directory (Azure AD) obtains a different company and adding the new
employees to Azure Active Directory (Azure AD), you are informed that these
employees should also make use of Multi-Factor Authentication.

To achieve this, the Per Enabled User setting must be set for the usage model.

Solution: You reconfigure the existing usage model via the Azure CLI.

Does the solution meet the goal?

Yes

(Correcto)

Explicación
Correct Answer: No
Since it is not possible to change the usage model of an existing provider as it is
right now, you have to create a new one and reactivate your existing server with
activation credentials from the new provider.

You cannot change the usage model (per enabled user or per authentication) after
an MFA provider is created.

If you purchased enough licenses to cover all users that are enabled for MFA, you
can delete the MFA provider altogether.

If your MFA provider is not linked to an Azure AD tenant, or you link the new MFA
provider to a different Azure AD tenant, user settings and configuration options are
not transferred. Also, existing Azure MFA Servers need to be reactivated using
activation credentials generated through the MFA Provider.

Reference:

https://365lab.net/2015/04/11/switch-usage-model-in-azure-multi-factor-
authentication-server/

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-
mfa-authprovider#manage-your-mfa-provider

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-
mfa-getstarted

Quick Preview:
Pregunta 12:
Omitido
You have an Azure subscription that contains the resource groups shown in the
following table.

The subscription contains the virtual networks shown in the following table.

You plan to deploy the Azure Kubernetes Service (AKS) clusters shown in the
following table.
For each of the following statements, select Yes if the statement is true. Otherwise,
select No.

You can deploy AKS2 to VNet1

Yes

(Correcto)

Explicación
Correct Answer: Yes

Azure container network interface (CNI) and VNET1 are in the same region than
AKS2

If you want to select an existing virtual network, make sure it's in the same location
and Azure subscription as your Kubernetes cluster.

Reference:

https://learn.microsoft.com/en-us/azure/aks/configure-kubenet

https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni

Quick Preview:
Pregunta 13:
Omitido
You have an Azure subscription named Subscription1 that contains the storage
accounts shown in the following table:

You plan to use the Azure Import/Export service to export data from Subscription1.

You need to identify which storage account can be used to export the data.
What should you identify?

storage4

(Correcto)

storage2

storage1

storage3
Explicación
Correct Answer: storage4

Azure Import/Export service supports the following of storage accounts:

 Standard General Purpose v2 storage accounts (recommended for most

scenarios)
 Blob Storage accounts
 General Purpose v1 storage accounts (both Classic or Azure Resource
Manager deployments),

Azure Import/Export service supports the following storage types:

 Import supports Azure Blob storage and Azure File storage

 Export supports Azure Blob storage
Only storage4 can be exported.

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-
requirements

Quick Preview:

Pregunta 14:
Omitido
You have an Azure subscription that contains two virtual machines named VM1
and VM2.

You create an Azure load balancer.

You plan to create a load balancing rule that will load balance HTTPS traffic
between VM1 and VM2.

Which two additional load balancer resources should you create before you can
create the load balancing rule?

an inbound NAT rule

a health probe

(Correcto)

a frontend IP address

a backend pool

(Correcto)

a virtual network
Explicación
Correct Answer:
1. a backend pool
2. a health probe
You can't create a LB without FrontEnd IP, so if we have a LB we also have a
FrontEnd IP already. You can however create a LB without a backend pool and
without any rules. If you want to add a rule to your LB later you have to create a
backend pool and health probe first. These are mandatory properties for a rule.

Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/components

Quick Preview:
Pregunta 15:
Omitido
You have an Azure virtual machine named VM1 that connects to a virtual network
named VNet1. VM1 has the following configurations:
 Subnet: 10.0.0.0/24
 Availability set: AVSet
 Network security group (NSG): None
 Private IP address: 10.0.0.4 (dynamic)
 Public IP address: 40.90.219.6 (dynamic)

You deploy a standard, Internet-facing load balancer named slb1.

You need to configure slb1 to allow connectivity to VM1.

What changes should you apply to VM1 before creating a backend pool on
slb1 ?

Create and assign an NSG to VM1

Remove the public IP address from VM1

(Correcto)

Change the private IP address of VM1 to static

Explicación
Correct Answer: Remove the public IP address from VM1

You can only attach virtual machines in the backend pool that have a standard SKU
public IP configuration or no public IP configuration. Since the Public IP of VM is
dynamic, the IP must be a Basic SKU IP. You cannot add such a VM (with Basic
SKU IP) to a standard SKU load balancer. The VM does not even show up in the
backend pool portal for selection unless you remove the public IP or convert it to a
Standard SKU IP.

Note: A public load balancer can provide outbound connections for virtual
machines (VMs) inside your virtual network. These connections are accomplished
by translating their private IP addresses to public IP addresses. Public Load
Balancers are used to load balance internet traffic to your VMs. Load balancer and
the public IP address SKU must match when you use them with public IP
addresses. Only Basic SKU IPs work with the Basic SKU load balancer and only
Standard SKU IPs work with Standard SKU load balancers.

Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

Quick Preview:
Pregunta 16:
Omitido
You have an Azure subscription that contains the resources in the following table:

In Azure, you create a private DNS zone named adatum.com. You set the
registration virtual network to VNet2. The adatum.com zone is configured as
shown in the following exhibit:
For each of the following statements, select Yes if the statement is true. Otherwise,
select No.

The A record for VM5 will be registered automatically in the adatum.com

zone.

(Correcto)

Yes
Explicación
Correct Answer: No

No - Azure DNS provides automatic registration of virtual machines from a single

virtual network that's linked to a private zone as a registration virtual network. VM5
does not belong to the registration virtual network though.

Reference:

https://docs.microsoft.com/en-us/azure/dns/private-dns-overview

Quick Preview:
Pregunta 17:
Omitido
Your company has an Azure subscription named Subscription1.

The company also has two on-premises servers named Server1 and Server2 that
run Windows Server 2016. Server1 is configured as a DNS server that has a primary
DNS zone named adatum.com. Adatum.com contains 1,000 DNS records.

You manage Server1 and Subscription1 from Server2. Server2 has the following
tools installed:

 The DNS Manager console

 Azure PowerShell
 Azure CLI 2.0

You need to move the adatum.com zone to an Azure DNS zone in Subscription1.
The solution must minimize administrative effort.

What should you use?

Azure PowerShell

Azure CLI

(Correcto)

the DNS Manager console

the Azure portal

Explicación
Correct Answer: Azure CLI
Azure DNS supports importing and exporting zone files by using the Azure
command-line interface (CLI). Zone file import is not currently supported via Azure
PowerShell or the Azure portal.

PrivateDNSMigrationScript is for migrating legacy Azure DNS private zones to the

new Azure DNS private zone resource.

Reference:

https://docs.microsoft.com/en-us/azure/dns/dns-import-export

Quick Preview:
Pregunta 18:
Omitido
You have an Azure virtual machine named VM1 and a Recovery Services vault
named Vault1.

You create a backup policy named Policy1 as shown in the exhibit.

You configure the backup of VM1 to use Policy1 on Thursday, January 1.

You need to identify the number of available recovery points for VM1.
How many recovery points are available on January 15 at 2:00 PM (14:00) ?

(Correcto)

5
Explicación
Correct Answer: 8

Total recovery point is 5 daily backups (1 weekly backup included) + 1 weekly + 1

monthly + 1 yearly. = Total 8

Note: Azure Backup provides independent and isolated backups to guard against

unintended destruction of the data on your VMs. Backups are stored in a Recovery
Services vault with built-in management of recovery points. Configuration and
scaling are simple, backups are optimized, and you can easily restore as needed.

Reference:
https://social.technet.microsoft.com/Forums/en-US/854ab6ae-79aa-4bad-ac65-
471c4d422e94/daily-monthly-yearly-recovery-points-and-storage-used?
forum=windowsazureonlinebackup

https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-introduction

https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm

Quick Preview:

Pregunta 19:
Omitido
You have an Azure subscription named Subscription1. Subscription1 contains a
virtual machine named VM1.

You have a computer named Computer1 that runs Windows 10. Computer1 is
connected to the Internet.

You add a network interface named vm1173 to VM1 as shown in the exhibit.
From Computer1, you attempt to connect to VM1 by using Remote Desktop, but
the connection fails.

You need to establish a Remote Desktop connection to VM1.

What should you do first?

Start VM1

(Correcto)

Attach a network interface

Change the priority of the RDP rule



Delete the DenyAllInBound rule

Explicación
Correct Answer: Start VM1

Αny resource with a dynamically assigned public IP address will display

the 'name' you gave it when the resource it is assigned to is offline. A static
address will be shown regardless of the resource state. This means that we need
to start the VM1.

Incorrect Answers:

Change the priority of the RDP rule:

Rules are processed in priority order, with lower numbers processed before higher
numbers, because lower numbers have higher priority. Once traffic matches a rule,
processing stops. RDP already has the lowest number and thus the highest priority.

Attach a network interface:

The network interface has already been added to VM.

Delete the DenyAllInBound rule:

The Outbound rules are fine.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Quick Preview:
Pregunta 20:
Omitido
You have an Azure subscription.

You plan to use Azure Resource Manager templates to deploy 50 Azure virtual
machines that will be part of the same availability set.

You need to ensure that as many virtual machines as possible are available if the
fabric fails or during servicing.
Which of the following would go into Slot-1 ?

(Correcto)

0
Explicación
Correct Answer: 3

Use three fault domains.

2 or 3 is max, depending on which region you are in.

These regions have 3 Fault Domains:

 East US
 East US 2
 West US
 Central US
 North Central US
 South Central US
 Canada Central
 North Europe
 West Europe

The rest have 2 Fault Domains.

Availability sets can be configured by assigning a fault domain and an update

domain. Fault domain represents a group of servers that have shared power,
cooling, and networking, while an update domain represents a group of servers
that can be rebooted at the same time. Each availability set can have up to 20
update domains and 3 fault domains. This reduces the impact to VMs from
physical hardware failures, such as server, network, or power interruptions on one
of the physical racks. It is important to understand that the availability set must be
set at creation time of the virtual machine.

Reference:

https://learn.microsoft.com/en-us/azure/virtual-machines/availability-set-
overview#how-do-availability-sets-work

https://docs.microsoft.com/en-us/azure/virtual-machines/availability

Quick Preview:
Pregunta 21:
Omitido
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated
goals. Some question sets might have more than one correct solution, while others
might not have a correct solution.

You have an Azure virtual machine named VM1 that runs Windows Server 2016.

You need to create an alert in Azure when more than two error events are logged to
the System event log on VM1 within an hour.

Solution: You create an Azure storage account and configure shared access

signatures (SASs). You install the Microsoft Monitoring Agent on VM1. You create
an alert in Azure Monitor and specify the storage account as the source.

Does this meet the goal?

Yes

(Correcto)

Explicación
Correct Answer: No

You must install the Microsoft Monitoring Agent on VM1, and not the Microsoft
Monitoring Agent VM extension
Instead: You create an Azure Log Analytics workspace and configure the data
settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in
Azure Monitor and specify the Log Analytics workspace as the source.

1. Log analytics agent - Install in VM.

2. Log analytics workspace - collect the log files from Log Analytics Agent.
3. Azure Monitor - Create alert based on logs read from Log Analytics
Workspace.

Note: The legacy Log Analytics agent collects monitoring data from the guest
operating system and workloads of virtual machines in Azure, other cloud
providers, and on-premises machines. It sends data to a Log Analytics workspace.
The Log Analytics agent is the same agent used by System Center Operations
Manager, and you can multihome agent computers to communicate with your
management group and Azure Monitor simultaneously. This agent is also required
by certain insights in Azure Monitor and other services in Azure

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview

Quick Preview:
Pregunta 22:
Omitido
You have an Azure subscription named Subscription1 that contains two Azure
virtual networks named VNet1 and VNet2. VNet1 contains a VPN gateway named

VPNGW1 that uses static routing. There is a site-to-site VPN connection between
your on-premises network and VNet1.

On a computer named Client1 that runs Windows 10, you configure a point-to-site
VPN connection to VNet1.

You configure virtual network peering between VNet1 and VNet2. You verify that
you can connect to VNet2 from the on-premises network. Client1 is unable to
connect to VNet2.

You need to ensure that you can connect Client1 to VNet2.

What should you do?


Select Allow gateway transit on VNet2

Download and re-install the VPN client configuration package on Client1

(Correcto)

Enable BGP on VPNGW1

Select Allow gateway transit on VNet1

Explicación
Correct Answer: Download and re-install the VPN client configuration package on
Client1

If you make a change to the topology of your network and have Windows VPN
clients, the VPN client package for Windows clients must be downloaded and
installed again

site-to-site config has been changed AFTER the point-to-site client installation was
performed. Installation of the client software package needs installing again post
site-to-site config changes.

Reference:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-
to-site-routing

Quick Preview:
Pregunta 23:
Omitido
You have an on-premises datacenter and an Azure subscription.

You plan to connect the datacenter to Azure by using ExpressRoute.

You need to deploy an ExpressRoute gateway. The solution must meet the
following requirements:

 Support up to 10 Gbps of traffic.

 Support availability zones.
 Support FastPath.
 Minimize costs.

Which SKU should you deploy?

ErGw3

ERGw2


ErGw3AZ

(Correcto)

ERGw1AZ
Explicación
Correct Answer: ErGw3AZ

ErGw3Az supports FastPath.

The following table shows the features supported across each gateway type.

Note: ExpressRoute virtual network gateways can use the following SKUs:

 Standard
 HighPerformance
 UltraPerformance
 ErGw1Az
 ErGw2Az
 ErGw3Az

Reference:
https://learn.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-
network-gateways

Quick Preview:

Pregunta 24:
Omitido
You have an Azure subscription that contains three virtual networks named VNET1,
VNET2, and VNET3.

Peering for VNET1 is configured as shown in the following exhibit.

Peering for VNET2 is configured as shown in the following exhibit.

Peering for VNET3 is configured as shown in the following exhibit.

How can packets be routed between the virtual networks?

Packets from VNET2 can be routed to ..........

VNET3 only

VNET1 and VNET3

VNET1 only

(Correcto)

Explicación
Correct Answer: VNET1 only

Gateway transit is disabled, so it can only communicate with the connected

VNET1.

VNet1: Peered with VNet2 and VNet3

VNet2: Peered with VNet1

VNet3: Peered with VNet1

Note: Virtual network peering enables you to seamlessly connect two or more

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-
overview

Quick Preview:
Pregunta 25:
Omitido
You have an Azure App Service web app named app1.

You configure autoscaling as shown in following exhibit.

Once the first scale-out instance is created, the minimum time before an
addition instance is created will be ..........

15 minutes

(Correcto)

10 minutes

5 minutes

1 minute
Explicación
Correct Answer: 15 minutes

Since cool down time is 5 minutes, which means after one scale happens, it will
count 5 minutes before counting a new 10 minutes, so 15 minutes total.

Note: Autoscale settings help ensure that you have the right amount of resources
running to handle the fluctuating load of your application. You can configure
autoscale settings to be triggered based on metrics that indicate load or
performance, or triggered at a scheduled date and time.
Reference:

https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-
understanding-settings

https://github.com/MicrosoftDocs/azure-docs/issues/56120

Quick Preview:

Pregunta 26:
Omitido
You have an Azure virtual machine named VM1 and a Recovery Services vault
named Vault1.

You create a backup policy named Policy1 as shown in the exhibit.

You configure the backup of VM1 to use Policy1 on Thursday, January 1.

You need to identify the number of available recovery points for VM1.
How many recovery points are available on January 8 at 2:00 PM (14:00) ?

(Correcto)

Explicación
Correct Answer: 6

5 latest daily recovery points, which includes the weekly backup from the previous
Sunday, plus the monthly recovery point.

8th January = 5 daily backups (1 weekly backup included) + 1 Monthly = 6 backups

Note: Azure Backup provides independent and isolated backups to guard against

Reference:
https://social.technet.microsoft.com/Forums/en-US/854ab6ae-79aa-4bad-ac65-
471c4d422e94/daily-monthly-yearly-recovery-points-and-storage-used?
forum=windowsazureonlinebackup

https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-introduction

https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm

Quick Preview:

Pregunta 27:
Omitido
You have an Azure subscription.

You are deploying an Azure Kubernetes Service (AKS) cluster that will contain
multiple pods. The pods will use kubernet networking.

You need to restrict network traffic between the pods.

What should you configure on the AKS cluster?

the Calico network policy

(Correcto)

an application security group

pod security policies

the Azure network policy

Explicación
Correct Answer: the Calico network policy

To provide network connectivity, AKS clusters can use kubenet (basic networking)
or Azure CNI (advanced networking).

Azure Network Policies supports Azure CNI only. Calico Network Policies supports
both Azure CNI (Windows Server 2019 and Linux) and kubenet (Linux).

Reference:

https://docs.microsoft.com/en-us/azure/aks/use-network-policies

https://docs.microsoft.com/en-us/azure/aks/configure-kubenet

Quick Preview:
Pregunta 28:
Omitido
You have an Azure subscription named Subscription1 that contains a virtual
network named VNet1. VNet1 is in a resource group named RG1.

Subscription1 has a user named User1. User1 has the following roles:

 Reader
 Security Admin
 Security Reader

You need to ensure that User1 can assign the Reader role for VNet1 to other users.

What should you do?

Remove User1 from the Security Reader and Reader roles for
Subscription1

Assign User1 the Network Contributor role for RG1

Assign User1 the Network Contributor role for VNet1

Assign User1 the User Access Administrator role for VNet1

(Correcto)

Explicación
Correct Answer: Assign User1 the User Access Administrator role for VNet1

Has full access to all resources including the right to delegate access to others.

Note:

There are several versions of this question in the exam. The question can have
other incorrect answer options, including the following:
1. Name Server (NS)
2. Assign User1 the Contributor role for VNet1.
3. Remove User1 from the Security Reader and Reader roles for Subscription1.
Assign User1 the Contributor role for Subscription1.

Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/overview

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-
roles#user-access-administrator

Quick Preview:

Pregunta 29:
Omitido
You have an Azure subscription that contains a virtual network named VNET1.
VNET1 contains the subnets shown in the following table.
Each virtual machine uses a static IP address.

You need to create network security groups (NSGs) to meet following

requirements:

 Allow web requests from the internet to VM3, VM4, VM5, and VM6.
 Allow all connections between VM1 and VM2.
 Allow Remote Desktop connections to VM1.
 Prevent all other network traffic to VNET1.

What is the minimum number of NSGs you should create?

(Correcto)

Explicación
Correct Answer: 1
NSGs can be associated to subnets, individual VMs (classic), or individual network
interfaces (NIC) attached to VMs (Resource Manager). You can associate zero, or
one, NSG(s) to each VNet subnet and NIC in a virtual machine. The same NSG can
be associated to as many subnets and NICs as you choose.

So, you can create 1 NSG and associate it with all 3 Subnets.

 Allow web requests from internet to VM3, VM4, VM5 and VM 6: You need to
add an inbound rule to allow Internet TCP 80 to VM3, VM4, VM5 and VM6
static IP addresses.
 Allow all connections between VM1 & VM2: You do not need an NSG as
communication in the same VNet is allowed by default, without even
configuring NSG.
 Allow remote desktop to VM1: You need to add an inbound rule to allow RDP
3389 in VM1’s static IP address .
 Prevent all other network traffic to VNET1: You do not need to configure any
NSG as the there is explicit deny rule (DenyAllInbound) in every NSG.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/security-
overview#default-security-rules

Quick Preview:
Pregunta 30:
Omitido
You have an Azure subscription named Subscription1.

You have 5 TB of data that you need to transfer to Subscription1.

You plan to use an Azure Import/Export job.

What can you use as the destination of the imported data?

an Azure Cosmos DB database

the Azure File Sync Storage Sync Service

a virtual machine

Azure File Storage

(Correcto)

Explicación
Correct Answer: Azure File Storage

Azure Import/Export service is used to securely import large amounts of data to

Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
This service can also be used to transfer data from Azure Blob storage to disk
drives and ship to your on-premises sites. Data from one or more disk drives can
be imported either to Azure Blob storage or Azure Files. The maximum size of an
Azure Files Resource of a file share is 5 TB.

Note:

There are several versions of this question in the exam. The question has two
correct answers:

1. Azure File Storage

2. Azure Blob Storage

The question can have other incorrect answer options, including the following:

 Azure Data Lake Store

 Azure SQL Database
 Azure Data Factory

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-
service

Quick Preview:
Pregunta 31:
Omitido
Your company has an Azure subscription.

You need to deploy a number of Azure virtual machines (VMs) using Azure
Resource Manager (ARM) templates. You have been informed that the VMs will be
included in a single availability set.

You are required to make sure that the ARM template you configure allows for as
many VMs as possible to remain accessible in the event of fabric failure or
maintenance.

Which of the following is the value that you should configure for
the platformUpdateDomainCount property?


(Correcto)

30
Explicación
Correct Answer: 20

Each virtual machine in your availability set is assigned an update domain and a
fault domain by the underlying Azure platform. For a given availability set, five non-
user-configurable update domains are assigned by default (Resource Manager
deployments can then be increased to provide up to 20 update domains) to
indicate groups of virtual machines and underlying physical hardware that can be
rebooted at the same time.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/availability-set-overview

Quick Preview:
Pregunta 32:
Omitido
You have an Azure subscription named Subscription1. Subscription1 contains the
resources in the following table.

VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and

VNet2.

An administrator named Admin1 creates an Azure virtual machine named VM1 in

RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a
custom application in VM1.
You need to move the custom application to VNet2. The solution must minimize
administrative effort.

Which first action should you perform?

Move a network interface to RG2

Detach a network interface

Delete VM1

(Correcto)

Create a network interface in RG2

Explicación
Correct Answer: Delete VM1

We cannot just move a virtual machine between networks. What we need to do is

identify the disk used by the VM, delete the VM itself while retaining the disk, and
recreate the VM in the target virtual network and then attach the original disk to it.

Note: You can change the Subnet a VM is connected to after it's created, but you
cannot change the VNet.
Reference:

https://blogs.technet.microsoft.com/canitpro/2014/06/16/step-by-step-move-a-
vm-to-a-different-vnet-on-azure/

https://4sysops.com/archives/move-an-azure-vm-to-another-virtual-network-
vnet/#migrate-an-azure-vm-between-vnets

https://docs.microsoft.com/en-us/azure/virtual-machines/network-overview

Quick Preview:
Pregunta 33:
Omitido
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated
goals. Some question sets might have more than one correct solution, while others
might not have a correct solution.

Your company makes use of Multi-Factor Authentication for when users are not in
the office. The Per Authentication option has been configured as the usage model.

To achieve this, the Per Enabled User setting must be set for the usage model.

Solution: You reconfigure the existing usage model via the Azure portal.

Does the solution meet the goal?

(Correcto)

Yes
Explicación
Correct Answer: No
Since it is not possible to change the usage model of an existing provider as it is
right now, you have to create a new one and reactivate your existing server with
activation credentials from the new provider.

You cannot change the usage model (per enabled user or per authentication) after
an MFA provider is created.

If you purchased enough licenses to cover all users that are enabled for MFA, you
can delete the MFA provider altogether.

Reference:

https://365lab.net/2015/04/11/switch-usage-model-in-azure-multi-factor-
authentication-server/

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-
mfa-authprovider#manage-your-mfa-provider

Quick Preview:
Pregunta 34:
Omitido
You have an Azure subscription that contains an Azure Kubernetes Service (AKS)
cluster named Cluster1. Cluster1 hosts a node pool named Pool1 that has four
nodes.

You need to perform a coordinated upgrade of Cluster1. The solution must meet
the following requirements:

 Deploy two new nodes to perform the upgrade.

 Minimize costs.

az aks nodepool [....SLOT-1....] -n pool1 -g RG1 --cluster-name cluster1

[....SLOT-2....]

How should you complete the command?

SLOT-2: --max-surge 2

(Correcto)


SLOT-1: update

(Correcto)

SLOT-1: get-updates

SLOT-2: --max-pods 2

SLOT-1: add

SLOT-2: --node-count 2

SLOT-2: --max-count 2

SLOT-1: scale
Explicación
Correct Answer:
 SLOT-1: update
 SLOT-2: --max-surge 2

Update a node pool properties.

Update a node pool to enable/disable cluster-autoscaler or change min-count or
max-count. When called with no optional arguments this attempts to move the
node pool to its goal state without changing the current node pool configuration.
This can be used to move out of a non succeeded state.

--max-surge

Extra nodes used to speed upgrade. When specified, it represents the number or
percent used, eg. 5 or 33%.

Reference:

https://learn.microsoft.com/en-us/cli/azure/aks/nodepool?view=azure-cli-latest

https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster?tabs=azure-cli

https://learn.microsoft.com/en-us/cli/azure/aks/nodepool?view=azure-cli-
latest#az-aks-nodepool-update-optional-parameters

Quick Preview:
Pregunta 35:
Omitido
You have an Azure subscription.

You plan to use Azure Resource Manager templates to deploy 50 Azure virtual
machines that will be part of the same availability set.

You need to ensure that as many virtual machines as possible are available if the
fabric fails or during servicing.
Which of the following would go into Slot-2 ?

(Correcto)


30

40
Explicación
Correct Answer: 20

Use 20 for platformUpdateDomainCount

Increasing the update domain (platformUpdateDomainCount) helps with capacity

and availability planning when the platform reboots nodes. A higher number for the
pool (20 is max) means that fewer of their nodes in any given availability set would
be rebooted at once.

Availability sets can be configured by assigning a fault domain and an update

Reference:

https://learn.microsoft.com/en-us/azure/virtual-machines/availability-set-
overview#how-do-availability-sets-work

https://docs.microsoft.com/en-us/azure/virtual-machines/availability

Quick Preview:
Pregunta 36:
Omitido
You have an Azure virtual machine named VM1 that runs Windows Server 2019.

You save VM1 as a template named Template1 to the Azure Resource Manager
library.

You plan to deploy a virtual machine named VM2 from Template1.

What can you configure during the deployment of VM2?

operating system

resource group

(Correcto)

administrator username

virtual machine size

Explicación
Correct Answer: resource group

When you create a template, you may parameterize some values, like admin
username, but you don't have to. The RG is impossible to put in a template,
therefore you must specify this at deployment.

Creating an Azure virtual machine usually includes two steps:

 Create a resource group. An Azure resource group is a logical container into
which Azure resources are deployed and managed. A resource group must
be created before a virtual machine.
 Create a virtual machine.

When deploying a virtual machine from a template, you must specify:

 the Resource Group name and location for the VM

 the administrator username and password
 an unique DNS name for the public IP

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/ps-template

https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/
quickstart-create-templates-use-the-portal

Quick Preview:
c

Pregunta 37:
Omitido
You have an Azure subscription named Subscription1 that contains a resource
group named RG1.

In RG1, you create an internal load balancer named LB1 and a public load balancer
named LB2.

You need to ensure that an administrator named Admin1 can manage LB1 and
LB2. The solution must follow the principle of least privilege.

Which role should you assign to Admin1 to add a backend pool to LB1 ?


Owner on LB1

Network Contributor on LB1

Network Contributor on RG1

(Correcto)

Contributor on LB1
Explicación
Correct Answer: Network Contributor on RG1

To add to the backend pool, write permission is required on the Resource Group
because it writes deployment information. To add a backend pool, you need
network contributor role on the LB and on the VMs that will be part of the backend
pool.

For this reason the network contributor role must be assigned to the RG where the
LB and the VM resides. So the correct answer is Network Contributor on RG1.

Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Quick Preview:
Pregunta 38:
Omitido
You have an Azure subscription that contains 100 virtual machines.

You regularly create and delete virtual machines.

You need to identify unattached disks that can be deleted.

What should you do?



From Azure Cost Management, view Advisor Recommendations

(Correcto)

From Microsoft Azure Storage Explorer, view the Account Management

properties

From Azure Cost Management, view Cost Analysis

From Azure Advisor, modify the Advisor configuration

Explicación
Correct Answer: From Azure Cost Management, view Advisor Recommendations

From Home -> Cost Management + Billing -> Cost Management, scroll down on the
options and select View Recommendations
Azure Cost Management / Advisor -

From here you will see the recommendations for your subscription, if you have
orphaned disks, they will be listed.

Reference:

https://docs.microsoft.com/en-us/azure/cost-management-billing/cost-
management-billing-overview

https://codeserendipity.com/2020/07/08/microsoft-azure-find-unattached-disks-
that-can-be-deleted-and-other-recommendations/

Quick Preview:
Pregunta 39:
Omitido
You plan to deploy an Azure container instance by using the following Azure
Resource Manager template.
Complete the following statement based on the information presented in the
template.

If Internet Information Services (IIS) in the container fail, ..........



the container will only restart manually

the container must be redeployed

the container will restart automatically

(Correcto)

Explicación
Correct Answer: the container will restart automatically

If IIS in the container fail, the container will restart automatically: "restartPolicy":
"OnFailure"

Note: Azure Container Instances is a great solution for any scenario that can
operate in isolated containers, including simple applications, task automation, and
build jobs.

Reference:

https://docs.microsoft.com/en-us/azure/container-instances/container-instances-
overview

https://docs.microsoft.com/en-us/cli/azure/container?view=azure-cli-latest

https://docs.docker.com/config/containers/start-containers-automatically/

Quick Preview:
Pregunta 40:
Omitido
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated
goals. Some question sets might have more than one correct solution, while others
might not have a correct solution.

You have an Azure virtual machine named VM1 that runs Windows Server 2016.

You need to create an alert in Azure when more than two error events are logged to
the System event log on VM1 within an hour.

Solution: You create an Azure Log Analytics workspace and configure the data
settings. You add the Microsoft Monitoring Agent VM extension to VM1. You
create an alert in Azure Monitor and specify the Log Analytics workspace as the
source.

Does this meet the goal?



(Correcto)

Yes
Explicación
Correct Answer: No

You must install the Microsoft Monitoring Agent on VM1, and not the Microsoft
Monitoring Agent VM extension

Instead: You create an Azure Log Analytics workspace and configure the data
settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in
Azure Monitor and specify the Log Analytics workspace as the source.

1. Log analytics agent - Install in VM.

2. Log analytics workspace - collect the log files from Log Analytics Agent.
3. Azure Monitor - Create alert based on logs read from Log Analytics
Workspace.

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview

Quick Preview:

Pregunta 41:
Omitido
You have an Azure subscription named Subscription1. Subscription1 contains the
resources in the following table.

VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and

VNet2.

An administrator named Admin1 creates an Azure virtual machine named VM1 in

Which second action should you perform?

Attach a network interface

Move VM1 to RG2

Create a network interface in RG2

Create a new virtual machine

(Correcto)

Explicación
Correct Answer: Create a new virtual machine

We cannot just move a virtual machine between networks. What we need to do is

identify the disk used by the VM, delete the VM itself while retaining the disk,
and recreate the VM in the target virtual network and then attach the original disk
to it.

Note: You can change the Subnet a VM is connected to after it's created, but you
cannot change the VNet.
Reference:

https://blogs.technet.microsoft.com/canitpro/2014/06/16/step-by-step-move-a-
vm-to-a-different-vnet-on-azure/

https://4sysops.com/archives/move-an-azure-vm-to-another-virtual-network-
vnet/#migrate-an-azure-vm-between-vnets

https://docs.microsoft.com/en-us/azure/virtual-machines/network-overview

Quick Preview:
Pregunta 42:
Omitido
You have Azure Storage accounts as shown in the following exhibit.

You can use .......... for Azure Blob Storage.

storageaccount1 and storageaccount3 only

storageaccount2 and storageaccount3 only

all the storage accounts

(Correcto)

storageaccount3 only
Explicación
Correct Answer: all the storage accounts
The three different storage account options are: General-purpose v2 (GPv2)
accounts, General-purpose v1 (GPv1) accounts, and Blob storage accounts.

 General-purpose v2 (GPv2) accounts are storage accounts that support all

of the latest features for blobs, files, queues, and tables.
 Blob storage accounts support all the same block blob features as GPv2,
but are limited to supporting only block blobs.
 General-purpose v1 (GPv1) accounts provide access to all Azure Storage
services, but may not have the latest features or the lowest per gigabyte
pricing.

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-
options

Quick Preview:
Pregunta 43:
Omitido
You have an Azure Active Directory (Azure AD) tenant.

You plan to delete multiple users by using Bulk delete in the Azure Active Directory
admin center.

You need to create and upload a file for the bulk delete.

Which user attributes should you include in the file?

The display name and user principal name of each user only

The display name of each user only

The user principal name of each user only

(Correcto)

The user principal name and usage location of each user only

The display name and usage location of each user only

Explicación
Correct Answer: The user principal name of each user only
Using the admin center in Azure Active Directory (Azure AD), part of Microsoft
Entra, you can remove a large number of members to a group by using a comma-
separated values (CSV) file to bulk delete users.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/users-
bulk-delete

Quick Preview:
Pregunta 44:
Omitido
Your company's Azure subscription includes Azure virtual machines (VMs) that run
Windows Server 2016.

One of the VMs is backed up every day using Azure Backup Instant Restore.

When the VM becomes infected with data encrypting ransomware, you are required
to restore the VM.
Which of the following actions should you take?

You should restore the VM to an on-premise Windows device

You should restore the VM to any VM within the company's subscription

You should restore the VM to a new Azure VM

(Correcto)

You should restore the VM after deleting the infected VM

Explicación
Correct Answer: You should restore the VM to a new Azure VM

You can Restore Virtual Machine to a new VM or replace disks on existing VM.

Create new: Use this option if you want to create a new VM. You can create a VM
with simple settings, or restore a disk and create a customized VM.

Replace existing: Use this option if you want to replace disks on an existing VM.

Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-
vms#choose-a-vm-restore-configuration

Quick Preview:

Pregunta 45:
Omitido
You have downloaded an Azure Resource Manager (ARM) template to deploy
numerous virtual machines (VMs). The ARM template is based on a current VM,
but must be adapted to reference an administrative password.

You need to make sure that the password cannot be stored in plain text.

You are preparing to create the necessary components to achieve your goal.

Which of the following should you create to achieve your goal?


A backup policy

An access policy

(Correcto)

An Azure Key Vault

(Correcto)

Identity Protection

Azure Active Directory (AD)

An Azure Storage account

An Azure policy
Explicación
Correct Answer:
1. An Azure Key Vault
2. An access policy

A Key Vault access policy determines whether a given security principal, namely a
user, application or user group, can perform different operations on Key Vault
secrets, keys, and certificates.
Key Vault will store your KV pairs but you still need to configure the access policy
to determine the level of access that a service principal (ARM template will use)
can perform against the key vault.

Reference:

https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy

Quick Preview:

Pregunta 46:
Omitido
You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The
virtual machines will host a web app named App1.

You need to ensure that at least two virtual machines are available if a single Azure
datacenter becomes unavailable.

What should you deploy?



all three virtual machines in a single Availability Zone

each virtual machine in a separate Availability Zone

(Correcto)

all virtual machines in a single Availability Set

each virtual machine in a separate Availability Set

Explicación
Correct Answer: each virtual machine in a separate Availability Zone

Use availability zones to protect from datacenter level failures. Availability sets are
a datacenter configuration to provide VM redundancy and availability. This
configuration within a datacenter ensures that during either a planned or
unplanned maintenance event, at least one virtual machine is available.

Note: Availability zones expands the level of control you have to maintain the
availability of the applications and data on your VMs. An Availability Zone is a
physically separate zone, within an Azure region. There are three Availability Zones
per supported Azure region.

Each Availability Zone has a distinct power source, network, and cooling. By
designing your solutions to use replicated VMs in zones, you can protect your apps
and data from the loss of a data center. If one zone is compromised, then
replicated apps and data are instantly available in another zone.
Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/availability

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-
availability-sets

Quick Preview:

Pregunta 47:
Omitido
You have an Azure subscription linked to an Azure Active Directory tenant. The
tenant includes a user account named User1.

You need to ensure that User1 can assign a policy to the tenant root management
group.
What should you do?

Assign the Global administrator role to User1, and then instruct User1 to
configure access management for Azure resources

(Correcto)

Assign the Owner role for the Azure subscription to User1, and then
instruct User1 to configure access management for Azure resources

Create a new management group and delegate User1 as the owner of the
new management group

Assign the Owner role for the Azure Subscription to User1, and then modify
the default conditional access policies
Explicación
Correct Answer: Assign the Global administrator role to User1, and then instruct
User1 to configure access management for Azure resources

No one is given default access to the root management group. Azure AD Global
Administrators are the only users that can elevate themselves to gain access.
Once they have access to the root management group, the global administrators
can assign any Azure role to other users to manage it.
Note: If your organization has many Azure subscriptions, you may need a way to
efficiently manage access, policies, and compliance for those
subscriptions. Management groups provide a governance scope above
subscriptions. You organize subscriptions into management groups the
governance conditions you apply cascade by inheritance to all associated
subscriptions.

Management groups give you enterprise-grade management at scale no matter

what type of subscriptions you might have. However, all subscriptions within a
single management group must trust the same Azure Active Directory (Azure AD)
tenant.

Reference:

https://docs.microsoft.com/en-us/azure/governance/management-groups/
overview

https://docs.microsoft.com/en-us/azure/governance/management-groups/
overview#important-facts-about-the-root-management-group

Quick Preview:
Pregunta 48:
Omitido
You have an Azure subscription named Sub1.
You plan to deploy a multi-tiered application that will contain the tiers shown in the
following table.

You need to recommend a networking solution to meet the following requirements:

 Ensure that communication between the web servers and the business logic
tier spreads equally across the virtual machines.
 Protect the web servers from SQL injection attacks.

Which Azure resource should you recommend for the following requirement?

Ensure that communication between the web servers and the business logic
tier spreads equally across the virtual machines

an application gateway that uses the Standard tier

an internal load balancer

(Correcto)

an application gateway that uses the WAF tier

a network security group (NSG)



a public load balancer

Explicación
Correct Answer: an internal load balancer

Azure Internal Load Balancer (ILB) provides network load balancing between virtual
machines that reside inside a cloud service or a virtual network with a regional
scope.

Note: An internal (or private) load balancer is used where private IPs are needed at
the frontend only. Internal load balancers are used to load balance traffic inside a
virtual network.

Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

Quick Preview:
Pregunta 49:
Omitido
You have an Azure subscription that contains the resource groups shown in the
following table.

The subscription contains the virtual networks shown in the following table.

You plan to deploy the Azure Kubernetes Service (AKS) clusters shown in the
following table.

For each of the following statements, select Yes if the statement is true. Otherwise,
select No.

You can deploy AKS3 to VNet3

Yes

(Correcto)
Explicación
Correct Answer: Yes

As a compromise, you can create an AKS cluster that uses kubenet and connect to
an existing virtual network subnet. This approach lets the nodes receive defined IP
addresses, without the need to reserve a large number of IP addresses up front for
all of the potential pods that could run in the cluster.

If you want to select an existing virtual network, make sure it's in the same location
and Azure subscription as your Kubernetes cluster.

Note: The kubenet networking option is the default configuration for AKS cluster

creation. With kubenet:

1. Nodes receive an IP address from the Azure virtual network subnet.

2. Pods receive an IP address from a logically different address space than the
nodes' Azure virtual network subnet.
3. Network address translation (NAT) is then configured so that the pods can
reach resources on the Azure virtual network.
4. The source IP address of the traffic is translated to the node's primary IP
address.

Reference:

https://learn.microsoft.com/en-us/azure/aks/configure-kubenet

https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni

https://learn.microsoft.com/en-us/azure/aks/concepts-network#kubenet-basic-
networking

Quick Preview:
Pregunta 50:
Omitido
You have a virtual network named VNet1 as shown in the exhibit.
No devices are connected to VNet1.

You plan to peer VNet1 to another virtual network named VNet2. VNet2 has an
address space of 10.2.0.0/16.

You need to create the peering.

What should you do first?

Add a gateway subnet to VNet1

Create a subnet on VNet1 and VNet2


Modify the address space of VNet1

(Correcto)

Configure a service endpoint on VNet2

Explicación
Correct Answer: Modify the address space of VNet1

The virtual networks you peer must have non-overlapping IP address spaces. The
exhibit indicates that VNet1 has an address space of 10.2.0.0/16, which is the
same as VNet2, and thus overlaps. We need to change the address space for
VNet1.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-
peering#requirements-and-constraints

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq

Quick Preview:
Pregunta 51:
Omitido
You have a virtual network named VNET1 that contains the subnets shown in the
following table:
You have two Azure virtual machines that have the network configurations shown
in the following table:

For NSG1, you create the inbound security rule shown in the following table:

For NSG2, you create the inbound security rule shown in the following table:

For each of the following statements, select Yes if the statement is true. Otherwise,
select No.

VM1 can connect to the TCP port 1433 services on VM2

Yes

(Correcto)

No
Explicación
Correct Answer: Yes
YES - For VM2 there are no NSGs applied neither on subnet or NIC level hence all
traffic is allowed.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Quick Preview:

Pregunta 52:
Omitido
You develop the following Azure Resource Manager (ARM) template to create a
resource group and deploy an Azure Storage account to the resource group.
Which cmdlet should you run to deploy the template?

New-AzDeployment

New-AzResourceGroupDeployment

(Correcto)


New-AzTenantDeployment

New-AzResource
Explicación
Correct Answer: New-AzResourceGroupDeployment

The New-AzResourceGroupDeployment cmdlet adds a deployment to an existing

resource group. This includes the resources that the deployment requires. An
Azure resource is a user-managed Azure entity, such as a database server,
database, website, virtual machine, or Storage account. An Azure resource group is
a collection of Azure resources that are deployed as a unit, such as the website,
database server, and databases that are required for a financial website. A
resource group deployment uses a template to add resources to a resource group
and publishes them so that they are available in Azure.

Reference:

https://learn.microsoft.com/en-us/powershell/module/az.resources/new-
azresourcegroupdeployment?view=azps-9.6.0

Quick Preview:
Pregunta 53:
Omitido
You plan to move a distributed on-premises app named App1 to an Azure
subscription.

After the planned move, App1 will be hosted on several Azure virtual machines.
You need to ensure that App1 always runs on at least eight virtual machines during
planned Azure maintenance.

What should you create?

one Availability Set that has three fault domains and one update domain

one virtual machine scale set that has 10 virtual machines instances

(Correcto)

one virtual machine scale set that has 12 virtual machines instances

one Availability Set that has 10 update domains and one fault domain
Explicación
Correct Answer: one virtual machine scale set that has 10 virtual machines
instances

VM Scale Set consists of a set of identically configured VMs.

Availability Set consists of a set of discrete VMs.

No more than 20% of the Scale Set upgrading at any time, then 2 machines out of
10 will have maintenance, the 8 remaining VMs will be up.
Virtual machine scale sets are created with five fault domains by default in Azure
regions with no zones. For the regions that support zonal deployment of virtual
machine scale sets and this option is selected, the default value of the fault
domain count is 1 for each of the zones. FD=1 in this case implies that the VM
instances belonging to the scale set will be spread across many racks on a best
effort basis.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/manage-availability

https://docs.microsoft.com/en-us/learn/modules/build-app-with-scale-sets/2-
features-benefits-virtual-machine-scale-sets

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-
machine-scale-sets-automatic-upgrade

Quick Preview:
Pregunta 54:
Omitido
You have an Azure subscription named Subscription1 that contains the resources
shown in the following table.

In storage1, you create a blob container named blob1 and a file share named
share1.

Which resources can be backed up to Vault2 ?


blob1 and share1 only

storage1 and SQL1 only

storage1 only

VM1 and share1 only

share1 only

(Correcto)

Explicación
Correct Answer: share1 only

Storage1 is in the same region (West USA) as Vault2. Share1 is in Storage1.

Note: After you select Backup, the Backup pane opens and prompts you to select a
storage account from a list of discovered supported storage accounts. They're
either associated with this vault or present in the same region as the vault, but not
yet associated to any Recovery Services vault.

Reference:

https://docs.microsoft.com/en-us/azure/backup/backup-afs

https://docs.microsoft.com/en-us/azure/backup/azure-file-share-backup-overview
Quick Preview:

Pregunta 55:
Omitido
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated
goals. Some question sets might have more than one correct solution, while others
might not have a correct solution.

You have an Azure virtual machine named VM1 that runs Windows Server 2016.

You need to create an alert in Azure when more than two error events are logged to
the System event log on VM1 within an hour.

Solution: You create an event subscription on VM1. You create an alert in Azure

Monitor and specify VM1 as the source
Does this meet the goal?

Yes

(Correcto)

Explicación
Correct Answer: No

You need to specify Log Analytics as the source for this alert, and not the VM as
source for the alert.

1. You create an Azure Log Analytics workspace and configure the data
settings.
2. You install the Microsoft Monitoring Agent on VM1.
3. You create an alert in Azure Monitor and specify the Log Analytics
workspace as the source.

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview

Quick Preview:

Pregunta 56:
Omitido
You plan to use Azure Network Watcher to perform the following tasks:
 Task1: Identify a security rule that prevents a network packet from reaching
an Azure virtual machine.
 Task2: Validate outbound connectivity from an Azure virtual machine to an
external host.

Which feature should you use for Task1 ?

Next hop


Packet capture

IP flow verify

(Correcto)

Traffic Analytics

Security group view

Explicación
Correct Answer: IP flow verify

At some point, a VM may become unable to communicate with other resources,

because of a security rule. The IP flow verify capability enables you to specify a
source and destination IPv4 address, port, protocol (TCP or UDP), and traffic
direction (inbound or outbound). IP flow verify then tests the communication and
informs you if the connection succeeds or fails. If the connection fails, IP flow
verify tells you which.

Reference:

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-
monitoring-overview

Quick Preview:
Pregunta 57:
Omitido
You have an Azure Storage account named storage1.

You plan to use AzCopy to copy data to storage1.

You need to identify the storage services in storage1 to which you can copy the
data.

What should you identify?

blob and file only

(Correcto)

file and table only



file only

blob, file, table, and queue

blob, table, and queue only

Explicación
Correct Answer: blob and file only

AzCopy is a command-line utility that you can use to copy blobs or files to or from
a storage account.

You can provide authorization credentials by using Azure Active Directory (AD), or
by using a Shared Access Signature (SAS) token.

 Blob storage: Azure AD & SAS

 File storage: SAS only

Incorrect Answers:

blob, file, table, and queue,

file and table only,

blob, table, and queue only:

AzCopy does not support table and queue storage services.

blob, table, and queue only:

AzCopy supports file storage services, as well as blob storage services.

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-
v10

Quick Preview:

Pregunta 58:
Omitido
You have an Azure subscription that contains the resources shown in the following
table.

The Not allowed resource types Azure policy is assigned to RG1 and uses the
following parameters:
 Microsoft.Network/virtualNetworks
 Microsoft.Compute/virtualMachines

In RG1, you need to create a new virtual machine named VM2, and then connect
VM2 to VNET1.

What should you do first?

Create an Azure Resource Manager template

Remove Microsoft.Network/virtualNetworks from the policy

Add a subnet to VNET1

Remove Microsoft.Compute/virtualMachines from the policy

(Correcto)

Explicación
Correct Answer: Remove Microsoft.Compute/virtualMachines from the policy

The Not allowed resource types Azure policy prohibits the deployment of specified
resource types. You specify an array of the resource types to block. Virtual
Networks and Virtual Machines are prohibited.

By removing VMs from policy you will be able to create a new VM on the RG, and
assign an already existing Vnet to the VM.
Note: Azure Policy helps to enforce organizational standards and to assess
compliance at-scale.

Reference:

https://docs.microsoft.com/en-us/azure/governance/policy/samples/not-allowed-
resource-types

Quick Preview:

Pregunta 59:
Omitido
You have an Azure subscription that contains an Azure Active Directory (Azure AD)
tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named
AKS1.

An administrator reports that she is unable to grant access to AKS1 to the users in
contoso.com.

You need to ensure that access to AKS1 can be granted to the contoso.com users.

What should you do first?

From contoso.com, modify the Organization relationships settings

From contoso.com, create an OAuth 2.0 authorization endpoint

(Correcto)

From AKS1, create a namespace

Recreate AKS1
Explicación
Correct Answer: From contoso.com, create an OAuth 2.0 authorization endpoint

The Azure AD client application is used by kubectl to sign in users with OAuth 2.0
device authorization grant flow.
Note: Enhance your AKS cluster security with Azure AD integration. Built on
decades of enterprise identity management, Azure AD is a multi-tenant, cloud-
based directory and identity management service that combines core directory
services, application access management, and identity protection. With Azure AD,
you can integrate on-premises identities into AKS clusters to provide a single
source for account management and security.

Reference:

https://kubernetes.io/docs/reference/access-authn-authz/authentication/

https://docs.microsoft.com/en-us/azure/aks/concepts-identity

Quick Preview:
Pregunta 60:
Omitido
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated
goals. Some question sets might have more than one correct solution, while others
might not have a correct solution.

You have an Azure virtual machine named VM1 that runs Windows Server 2016.

You need to create an alert in Azure when more than two error events are logged to
the System event log on VM1 within an hour.

Solution: You create an Azure Log Analytics workspace and configure the data
settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in
Azure Monitor and specify the Log Analytics workspace as the source.

Does this meet the goal?

Yes

(Correcto)

Explicación
Correct Answer: Yes

Alerts in Azure Monitor can identify important information in your Log Analytics
repository. They are created by alert rules that automatically run log searches at
regular intervals, and if results of the log search match particular criteria, then an
alert record is created and it can be configured to perform an automated response.
The Log Analytics agent collects monitoring data from the guest operating system
and workloads of virtual machines in Azure, other cloud providers, and on-
premises. It collects data into a Log Analytics workspace.

1. Log analytics agent - Install in VM.

2. Log analytics workspace - collect the log files from Log Analytics Agent.
3. Azure Monitor - Create alert based on logs read from Log Analytics
Workspace.

Note: You must install the Microsoft Monitoring Agent on VM1, and not the
Microsoft Monitoring Agent VM extension

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview

https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-response

Quick Preview:
Pregunta 61:
Omitido
You have an Azure subscription that contains the resource groups shown in the
following table.

The subscription contains the virtual networks shown in the following table.

You plan to deploy the Azure Kubernetes Service (AKS) clusters shown in the
following table.
For each of the following statements, select Yes if the statement is true. Otherwise,
select No.

You can deploy AKS1 to VNet2

(Correcto)

Yes
Explicación
Correct Answer: No

Subnet is not in the same location as cluster "If you want to select an existing
virtual network, make sure it's in the same location and Azure subscription as your
Kubernetes cluster."

Reference:

https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni

https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni
Quick Preview:

Pregunta 62:
Omitido
You have a Recovery Service vault that you use to test backups. The test backups
contain two protected virtual machines.

You need to delete the Recovery Services vault.

What should you do first?


Modify the disaster recovery properties of each virtual machine

From the Recovery Service vault, stop the backup of each backup item

(Correcto)

From the Recovery Service vault, delete the backup data

Modify the locks of each virtual machine

Explicación
Correct Answer: From the Recovery Service vault, stop the backup of each backup
item

You can't delete a Recovery Services vault if it is registered to a server and holds
backup data. If you try to delete a vault, but can't, the vault is still configured to
receive backup data.

Remove vault dependencies and delete vault

In the vault dashboard menu, scroll down to the Protected Items section, and click
Backup Items. In this menu, you can stop and delete Azure File Servers, SQL
Servers in Azure VM, and Azure virtual machines.
Reference:

https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault

Quick Preview:
Pregunta 63:
Omitido
You have an app named App1 that runs on an Azure web app named webapp1.

The developers at your company upload an update of App1 to a Git repository

named Git1.
Webapp1 has the deployment slots shown in the following table.

You need to ensure that the App1 update is tested before the update is made
available to users.

Which two actions should you perform?

Stop webapp1-prod

Stop webapp1-test

Deploy the App1 update to webapp1-prod, and then test the update

Deploy the App1 update to webapp1-test, and then test the update

(Correcto)

Swap the slots

(Correcto)

Explicación
Correct Answer:
1. Swap the slots
2. Deploy the App1 update to webapp1-test, and then test the update

 Deploy the App to “webapp1-test” which is staging environment and test it

there.
 Once the test is success swap the slots, so the new changes will be
available under production.

Note: App Service not only adds the power of Microsoft Azure to your application,
such as security, load balancing, autoscaling, and automated management. You
can also take advantage of its DevOps capabilities, such as continuous
deployment from Azure DevOps, GitHub, Docker Hub, and other sources, package
management, staging environments, custom domain, and TLS/SSL certificates.

Reference:

https://docs.microsoft.com/en-us/azure/app-service/overview

Quick Preview:
Pregunta 64:
Omitido
You have a virtual network named VNET1 that contains the subnets shown in the
following table:

You have two Azure virtual machines that have the network configurations shown
in the following table:

For NSG1, you create the inbound security rule shown in the following table:

For NSG2, you create the inbound security rule shown in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise,
select No.

VM2 can connect to the TCP port 1433 services on VM1

(Correcto)

Yes
Explicación
Correct Answer: No

VM1 has the NSG1 on Subnet1, which allows traffic over port 1433 between
Subnet2 and Subnet1. But NSG2 also applied on NIC level for VM1 that blocks the
traffic on port 1433. Hence No traffic allowed. Answer is NO.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Quick Preview:
Pregunta 65:
Omitido
You have Azure Storage accounts as shown in the following exhibit.

You can use .......... for Azure Table Storage.

storageaccount1 and storageaccount2 only

(Correcto)


storageaccount1 only

storageaccount3 only

storageaccount2 and storageaccount3 only

storageaccount2 only
Explicación
Correct Answer: storageaccount1 and storageaccount2 only

General-purpose v1 accounts: Legacy account type for blobs, files, queues, and

tables. Use general-purpose v2 accounts instead when possible.

General-purpose v2 accounts: Basic storage account type for blobs, files, queues,

and tables. Recommended for most scenarios using Azure Storage.

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-
options

Quick Preview:
Pregunta 66:
Omitido
You plan to deploy an Azure container instance by using the following Azure
Resource Manager template.

Complete the following statement based on the information presented in the

template.
Internet users ..........

can connect to the container from any device

(Correcto)

cannot connect to the container

can only connect to the container from devices that run Windows
Explicación
Correct Answer: can connect to the container from any device

Internet users can connect to the container from any device because of this ARM
line:

"type": "Public"

Note: Azure Container Instances is a great solution for any scenario that can
operate in isolated containers, including simple applications, task automation, and
build jobs.

Reference:

https://docs.microsoft.com/en-us/azure/container-instances/container-instances-
overview

https://docs.microsoft.com/en-us/cli/azure/container?view=azure-cli-latest
https://docs.docker.com/config/containers/start-containers-automatically/

Quick Preview:

Pregunta 67:
Omitido
You have an Azure App Services web app named App1.

You plan to deploy App1 by using Web Deploy.

You need to ensure that the developers of App1 can use their Azure AD credentials
to deploy content to App1. The solution must use the principle of least privilege.

What should you do?

Configure user-level credentials for FTPS


Configure app-level credentials for FTPS

Assign the Website Contributor role to the developers

(Correcto)

Assign the Owner role to the developers

Explicación
Correct Answer: Assign the Website Contributor role to the developers

To allow the developers of App1 to use their Azure AD credentials to deploy

content to App1 using Web Deploy, you should assign the Website Contributor role
to the developers. This role provides the necessary permissions for developers to
deploy content to the web app, but does not grant them excessive permissions that
could be used to make unwanted changes.

Option "Assign the Website Contributor role to the developers" is a potential

solution, but the Website Contributor role provides a more targeted and appropriate
level of permissions for the scenario

Incorrect Answers:

Assign the Owner role to the developers is not recommended as it would grant
excessive permissions to the developers, which could be used to make unwanted
changes.

Configure app-level credentials for FTPS & Configure user-level credentials for

FTPS

are not relevant to the scenario as the question is specifically asking for how to use
Azure AD credentials for Web Deploy, not FTPS.
Reference:

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-
roles#website-contributor

Quick Preview:
Pregunta 68:
Omitido
You plan to use Azure Network Watcher to perform the following tasks:
 Task1: Identify a security rule that prevents a network packet from reaching
an Azure virtual machine.
 Task2: Validate outbound connectivity from an Azure virtual machine to an
external host.

Which feature should you use for Task2 ?

Connection troubleshoot

(Correcto)

NSG flow logs

Traffic Analytics

Next hop

IP flow verify
Explicación
Correct Answer: Connection troubleshoot

Diagnose outbound connections from a VM: The connection troubleshoot

capability enables you to test a connection between a VM and another VM, an
FQDN, a URI, or an IPv4 address. The test returns similar information returned
when using the connection monitor capability, but tests the connection at a point in
time, rather than monitoring it over time, as connection monitor does. Learn more
about how to troubleshoot connections using connection-troubleshoot.

Reference:

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-
monitoring-overview

Quick Preview:

Pregunta 69:
Omitido
You have Azure virtual machines that run Windows Server 2019 and are configured
as shown in the following table.

You create a public Azure DNS zone named adatum.com and a private Azure DNS
zone named contoso.com.
For controso.com, you create a virtual network link named link1 as shown in the
exhibit.

You discover that VM1 can resolve names in contoso.com but cannot resolve
names in adatum.com. VM1 can resolve other hosts on the Internet.

You need to ensure that VM1 can resolve host names in adatum.com.

What should you do?

Modify the Access control (IAM) settings for link1

Create an SRV record in the contoso.com zone



Update the DNS suffix on VM1 to be adatum.com

Configure the name servers for adatum.com at the domain registrar

(Correcto)

Explicación
Correct Answer: Configure the name servers for adatum.com at the domain
registrar

Adatum.com is a public DNS zone. The Internet top level domain DNS servers need
to know which DNS servers to direct DNS queries for adatum.com to. You
configure this by configuring the name servers for adatum.com at the domain
registrar.

Note: If you use Azure Provided DNS then appropriate DNS suffix will be
automatically applied to your virtual machines. For all other options you must
either use Fully Qualified Domain Names (FQDN) or manually apply appropriate
DNS suffix to your virtual machines.

Reference:

https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-
resolution-for-vms-and-role-instances

Quick Preview:
Pregunta 70:
Omitido
Your company has a Microsoft Azure subscription.

The company has datacenters in Los Angeles and New York.

You are configuring the two datacenters as geo-clustered sites for site resiliency.

You need to recommend an Azure storage redundancy option.

You have the following data storage requirements:

 Data must be stored on multiple nodes.

 Data must be stored on nodes in separate geographic locations.
 Data can be read from the secondary location as well as from the primary
location.

Which of the following Azure stored redundancy options should you recommend?

Geo-redundant storage

Zone-redundant storage

Read-only geo-redundant storage

(Correcto)

Locally redundant storage

Explicación
Correct Answer: Read-only geo-redundant storage
Read-access geo-redundant storage (RA-GRS)

It is based on the GRS, but it also provides an option to read from the secondary
region, regardless of whether Microsoft initiates a failover from the primary to the
secondary region.

Note: Geo-redundant storage (with GRS or GZRS) replicates your data to another

physical location in the secondary region to protect against regional outages. With
an account configured for GRS or GZRS, data in the secondary region is not directly
accessible to users or applications, unless a failover occurs. The failover process
updates the DNS entry provided by Azure Storage so that the secondary endpoint
becomes the new primary endpoint for your storage account. During the failover
process, your data is inaccessible. After the failover is complete, you can read and
write data to the new primary region.

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy

Quick Preview:
Pregunta 71:
Omitido
You have an Azure subscription that contains the resources shown in the following
table.

You need to create a network interface named NIC1.

In which location can you create NIC1?

East US only
(Correcto)

East US and North Europe only

East US and West Europe only

East US, West Europe, and North Europe

Explicación
Correct Answer: East US only

Before creating a network interface, you must have an existing virtual network in
the same location and subscription you create a network interface in.

If you try to create a NIC on a location that does not have any Vnets you will get the
following error: "The currently selected subscription and location lack any existing
virtual networks. Create a virtual network first."

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-
interface

Quick Preview:
Pregunta 72:
Omitido
You have an Azure subscription that contains the resources shown in the following
table.

In Azure Cloud Shell, you need to create a virtual machine by using an Azure
Resource Manager (ARM) template.
Which of the following would go into Slot-1 ?

NEW-AzTemplateSpec

New-AzResource

New-AzVm

New-AzResourceGroupDeployment

(Correcto)

Explicación
Correct Answer: New-AzResourceGroupDeployment

New-AzResourceGroupDeployment. This cmdlet allows you to use a custom ARM

template file to deploy resources to a resource group. For example:

1. $resourceGroupName = Read-Host -Prompt "Enter the Resource Group name"

Reference:

https://learn.microsoft.com/en-us/azure/virtual-machines/windows/ps-template

https://learn.microsoft.com/en-us/powershell/module/az.compute/new-azvm?
view=azps-9.6.0

Quick Preview:
Pregunta 73:
Omitido
Your company has an Azure subscription.

You need to deploy a number of Azure virtual machines (VMs) using Azure
Resource Manager (ARM) templates. You have been informed that the VMs will be
included in a single availability set.
You are required to make sure that the ARM template you configure allows for as
many VMs as possible to remain accessible in the event of fabric failure or
maintenance.

Which of the following is the value that you should configure for
the platformFaultDomainCount property?

Min Value

Max Value

(Correcto)

10
Explicación
Correct Answer: Max Value

You can set the parameter --platform-fault-domain-count to 1, 2, or 3 (default of

3 if not specified).

1. az vmss create \
2. --resource-group myResourceGroup \
3. --name myScaleSet \
4. --orchestration-mode Flexible \
5. --image UbuntuLTS \
6. --upgrade-policy-mode automatic \
7. --admin-username azureuser \
8. --platform-fault-domain-count 3\
9. --generate-ssh-keys

Each virtual machine in your availability set is assigned an update domain and a
fault domain by the underlying Azure platform. Each availability set can be
configured with up to three fault domains and twenty update domains.

So answer is Max Value

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-
availability

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-
machine-scale-sets-manage-fault-domains

https://docs.microsoft.com/en-us/azure/virtual-machines/availability-set-overview

Quick Preview:
Pregunta 74:
Omitido
You have an Azure subscription that has the public IP addresses shown in the
following table.

You plan to deploy an Instance of Azure Firewall Premium named FW1.

Which IP addresses can you use?



IP1, IP2, and IP5 only

IP1 and IP2 only

(Correcto)

IP2 only

IP1, IP2, IP4, and IP5 only

Explicación
Correct Answer: IP1 and IP2 only

Azure Firewall

 Dynamic IPv4: No
 Static IPv4: Yes
 Dynamic IPv6: No
 Static IPv6: No

Azure Firewall is a cloud-based network security service that protects your Azure
Virtual Network resources. Azure Firewall requires at least one public static IP
address to be configured. This IP or set of IPs is the external connection point to
the firewall.

Azure Firewall supports Standard SKU public IP addresses. Basic SKU public IP
address and public IP prefixes aren't supported.
Reference:

https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-
addresses#at-a-glance

https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/configure-
public-ip-firewall

Quick Preview:

Pregunta 75:
Omitido
You have an Azure subscription named Sub1.
You plan to deploy a multi-tiered application that will contain the tiers shown in the
following table.

You need to recommend a networking solution to meet the following requirements:

 Ensure that communication between the web servers and the business logic
tier spreads equally across the virtual machines.
 Protect the web servers from SQL injection attacks.

Which Azure resource should you recommend for the following requirement?

Protect the web servers from SQL injection attacks

a public load balancer

an application gateway that uses the Standard tier

an application gateway that uses the WAF tier

(Correcto)

an internal load balancer


a network security group (NSG)
Explicación
Correct Answer: an application gateway that uses the WAF tier

Azure Web Application Firewall (WAF) on Azure Application Gateway provides

centralized protection of your web applications from common exploits and
vulnerabilities. Web applications are increasingly targeted by malicious attacks
that exploit commonly known vulnerabilities. Application gateway which uses WAF
tier.

Reference:

https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

Quick Preview:
Pregunta 76:
Omitido
You have an Azure virtual machine named VM1.

Azure collects events from VM1.

You are creating an alert rule in Azure Monitor to notify an administrator when an
error is logged in the System event log of VM1.

Which target resource should you monitor in the alert rule?

virtual machine extension

Azure Log Analytics workspace

(Correcto)

metric alert

virtual machine
Explicación
Correct Answer: Azure Log Analytics workspace

For the first step to create the new alert tule, under the Create Alert section, you are
going to select your Log Analytics workspace as the resource, since this is a log
based alert signal.
The log data goes to the analytics workspace and it is from there that the alert is
triggered.

Reference:

https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/
configure-azure-monitor

Quick Preview

Pregunta 77:
Omitido
You plan to back up an Azure virtual machine named VM1.

You discover that the Backup Pre-Check status displays a status of Warning.
What is a possible cause of the Warning status?

VM1 is stopped

A Recovery Services vault is unavailable

VM1 does not have the latest version of the Azure VM Agent
(WaAppAgent.exe) installed

(Correcto)

VM1 has an unmanaged disk

Explicación
Correct Answer: VM1 does not have the latest version of the Azure VM Agent
(WaAppAgent.exe) installed

The Warning state indicates one or more issues in VM's configuration that might
lead to backup failures and provides recommended steps to ensure successful
backups. Not having the latest VM Agent installed, for example, can cause backups
to fail intermittently and falls in this class of issues.

Reference:

https://azure.microsoft.com/en-us/blog/azure-vm-backup-pre-checks/
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/backup/
backup-azure-manage-windows-server.md

Quick Preview:

Pregunta 78:
Omitido
You have an Azure Active Directory (Azure AD) tenant.

You need to create a conditional access policy that requires all users to use multi-
factor authentication when they access the Azure portal.
Which three settings should you configure?

Grant
(Correcto)

Cloud apps

(Correcto)

Session

Conditions

Users and groups

(Correcto)

Explicación
Correct Answer:
1. Users and groups
2. Cloud apps
3. Grant

 Select Users & Groups : Where you have to choose all users.
 Select Cloud apps or actions: to specify the Azure portal
 Grant: to grant the MFA.
These are the minimum requirements to create MFA policy. No conditions are
required in the question.

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-
based-mfa

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/
concept-conditional-access-policies

Quick Preview:

Pregunta 79:
Omitido
You have an on-premises server that contains a folder named D:\Folder1.
You need to copy the contents of D:\Folder1 to the public container in an Azure
Storage account named contosodata.

Which command should you run?

azcopy copy D:\folder1 https://contosodata.blob.core.windows.net/public

--recursive

(Correcto)

az storage blob copy start-batch D:\Folder1

https://contosodata.blob.core.windows.net/public

azcopy sync D:\folder1 https://contosodata.blob.core.windows.net/public

--snapshot

https://contosodata.blob.core.windows.net/public
Explicación
Correct Answer: azcopy copy D:\folder1
https://contosodata.blob.core.windows.net/public --recursive

The azcopy copy command copies a directory (and all of the files in that directory)
to a blob container. The result is a directory in the container by the same name.

Incorrect Answers:
https://contosodata.blob.core.windows.net/public:

URL of the Storage Account.

azcopy sync D:\folder1 https://contosodata.blob.core.windows.net/public --

snapshot:

The azcopy sync command replicates the source location to the destination
location. However, the file is skipped if the last modified time in the destination is
more recent.

az storage blob copy start-batch D:\Folder1

https://contosodata.blob.core.windows.net/public:

The az storage blob copy start-batch command copies multiple blobs to a blob
container.

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-
blobs

https://docs.microsoft.com/en-us/azure/storage/common/storage-ref-azcopy-
copy

Quick Preview:
Pregunta 80:
Omitido
You have an Azure subscription named Subscription1 that has the following
providers registered:
 Authorization
 Automation
 Resources
 Compute
 KeyVault
 Network
 Storage
 Billing
 Web

Subscription1 contains an Azure virtual machine named VM1 that has the
following configurations:

 Private IP address: 10.0.0.4 (dynamic)

 Network security group (NSG): NSG1
 Public IP address: None
 Availability set: AVSet
 Subnet: 10.0.0.0/24
 Managed disks: No
 Location: East US
You need to record all the successful and failed connection attempts to VM1.

Which three actions should you perform?

Register the Microsoft.Insights resource provider

(Correcto)

Create an Azure Storage account

(Correcto)

Enable Azure Network Watcher flow logs

(Correcto)

Add an Azure Network Watcher connection monitor

Register the MicrosoftLogAnalytics provider

Enable Azure Network Watcher in the East US Azure region

Explicación
Correct Answer:
1. Create an Azure Storage account
2. Register the Microsoft.Insights resource provider
3. Enable Azure Network Watcher flow logs

A network security group (NSG) enables you to filter inbound traffic to, and
outbound traffic from, a virtual machine (VM). You can log network traffic that
flows through an NSG with Network Watcher's NSG flow log capability.

1. Create a VM with a network security group - Already available

2. Enable Network Watcher - Since 2018, Network Watcher has been enabled
by default on any subscription with a Virtual Network
3. Register the Microsoft.Insights provider
4. Configure Azure Storage account.
5. Enable a traffic flow log for an NSG, using Network Watcher's NSG flow log
capability
6. Download logged data
7. View logged data

To record the successful and failed connection requests, we should use Azure
Network Watcher flow logs. The Network Watcher is already enabled in the region,
and we can utilize the Network Watcher NSG's flow log functionality. For that, we
need to register the microsoft.insights resource provider and create a storage
account for storing the flow logs.

Reference:

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-
flow-logging-portal

Quick Preview:
Pregunta 81:
Omitido
You have an on-premises network that contains a database server named
dbserver1.

You have an Azure subscription.

You plan to deploy three Azure virtual machines. Each virtual machine will be
deployed to a separate availability zone.

You need to configure an Azure VPN gateway for a site-to-site VPN. The solution
must ensure that the virtual machines can connect to dbserver1.

Which type of public IP address SKU and assignment should you use for the
gateway?


a standard SKU and a static IP address assignment

(Correcto)

a basic SKU and a dynamic IP address assignment

a basic SKU and a static IP address assignment

Explicación
Correct Answer: a standard SKU and a static IP address assignment

Zone-redundant gateways and zonal gateways both rely on the Azure public IP
resource Standard SKU. The configuration of the Azure public IP resource
determines whether the gateway that you deploy is zone-redundant, or zonal. If you
create a public IP resource with a Basic SKU, the gateway will not have any zone
redundancy, and the gateway resources will be regional.

Reference:

https://learn.microsoft.com/en-us/azure/vpn-gateway/about-zone-redundant-vnet-
gateways

https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-
addresses#at-a-glance

Quick Preview:
Pregunta 82:
Omitido
You have an Azure subscription named Subscription1 that contains the resources
shown in the following table.

In storage1, you create a blob container named blob1 and a file share named
share1.
Which resources can be backed up to Vault1 ?

VM1, blob1, share1 and SQL1

VM1, storage1 and SQL1 only

VM1 only

(Correcto)

VM1 and share1 only

VM1 and SQL1 only

Explicación
Correct Answer: VM1 only

VM1 is in the same region as Vault1. File1 is not in the same region as Vautl1. SQL
is not in the same region as Vault1. Blobs cannot be backup up to service vaults.

Note: To create a Vault to protect VMs, the Vault must be in the same Region as
the VMs.

Reference:
https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault

https://docs.microsoft.com/bs-latn-ba/azure/backup/backup-azure-recovery-
services-vault-overview

Quick Preview:
Pregunta 83:
Omitido
You have an Azure subscription that contains the resources in the following table:

VM5 can resolve VM9.adatum.com

(Correcto)

Yes
Explicación
Correct Answer: No

No - Forward DNS resolution is supported across virtual networks that are linked to
the private zone as resolution virtual networks. VM5 does belong to a resolution
virtual network.

Reference:

https://docs.microsoft.com/en-us/azure/dns/private-dns-overview

Quick Preview:
Pregunta 84:
Omitido
You have Azure subscription that includes data in following locations:

You plan to export data by using Azure import/export job named Export1.

You need to identify the data that can be exported by using Export1.

Which data should you identify?

container1

(Correcto)

DB1

Share1

Table1
Explicación
Correct Answer: container1

Azure Import/Export service supports the following of storage accounts:

 Standard General Purpose v2 storage accounts (recommended for most
scenarios)
 Blob Storage accounts
 General Purpose v1 storage accounts (both Classic or Azure Resource
Manager deployments),

Azure Import/Export service supports the following storage types:

 Import supports Azure Blob storage and Azure File storage

 Export supports Azure Blob storage. Azure Files not supported.

Only container1 can be exported.

Note: The jobs can be import or export jobs. An import job allows you to import
data into Azure Blobs or Azure files whereas the export job allows data to be
exported from Azure Blobs. For an import job, you ship drives containing your data.
When you create an export job, you ship empty drives to an Azure datacenter.

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-
requirements

https://docs.microsoft.com/en-us/azure/import-export/storage-import-export-
service

Quick Preview:
Pregunta 85:
Omitido
You have an Azure virtual machine named VM1 that connects to a virtual network
named VNet1. VM1 has the following configurations:
 Subnet: 10.0.0.0/24
 Availability set: AVSet
 Network security group (NSG): None
 Private IP address: 10.0.0.4 (dynamic)
 Public IP address: 40.90.219.6 (dynamic)

You deploy a standard, Internet-facing load balancer named slb1.

You need to configure slb1 to allow connectivity to VM1.

What changes should you apply to VM1 before slb1 connects to VM1 ?

Remove the public IP address from VM1

Create and configure an NSG

(Correcto)

Change the private IP address of VM1 to static

Explicación
Correct Answer: Create and configure an NSG

NSGs are used to explicitly permit allowed traffic. If you do not have an NSG on a
subnet or NIC of your virtual machine resource, traffic is not allowed to reach this
resource.

Note: Standard load balancer is built on the zero trust network security model.
Standard load balancers and standard public IP addresses are closed to inbound
connections unless opened by Network Security Groups.

Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

https://docs.microsoft.com/en-us/azure/load-balancer/skus

https://docs.microsoft.com/en-us/azure/load-balancer/backend-pool-
management

Quick Preview:
Pregunta 86:
Omitido
You have five Azure virtual machines that run Windows Server 2016. The virtual
machines are configured as web servers.

You have an Azure load balancer named LB1 that provides load balancing services
for the virtual machines.

You need to ensure that visitors are serviced by the same web server for each
request.

What should you configure?

Protocol to UDP


Floating IP (direct server return) to Disabled

Session persistence to Client IP

(Correcto)

Session persistence to None

Explicación
Correct Answer: Session persistence to Client IP

With Sticky Sessions when a client starts a session on one of your web servers,
session stays on that specific server. To configure An Azure Load-Balancer For
Sticky Sessions set Session persistence to Client IP or to Client IP and protocol.

Note:

 Client IP and protocol specifies that successive requests from the same
client IP address and protocol combination will be handled by the same
virtual machine.
 Client IP specifies that successive requests from the same client IP address
will be handled by the same virtual machine.

Reference:

https://cloudopszone.com/configure-azure-load-balancer-for-sticky-sessions/

Quick Preview:
Pregunta 87:
Omitido
You are creating an Azure Kubernetes Services (AKS) cluster as shown in the
following exhibit.
Use the drop-down menus to select the answer choice that completes the
following statement based on the information presented in the graphic.
To ensure that you can create Windows containers in AKS1, you
must ..........

enable virtual nodes

modify the Kubernetes version setting

modify the Network configuration setting

(Correcto)

increase the number of node pools

Explicación
Correct Answer: modify the Network configuration setting

To run an AKS cluster that supports node pools for Windows Server containers,
your cluster needs to use a network policy that uses Azure CNI (advanced) network
plugin.

Reference:

https://learn.microsoft.com/en-us/azure/aks/learn/quick-windows-container-
deploy-cli

Quick Preview:
Pregunta 88:
Omitido
You administer a solution in Azure that is currently having performance issues.

You need to find the cause of the performance issues pertaining to metrics on the
Azure infrastructure.

Which of the following is the tool you should use?


Azure Advisor

Azure Traffic Analytics

Azure Monitor

(Correcto)

Azure Activity Log

Explicación
Correct Answer: Azure Monitor

Metrics in Azure Monitor are stored in a time-series database which is optimized

for analyzing time-stamped data. This makes metrics particularly suited for alerting
and fast detection of issues.

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/overview

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-platform

https://docs.microsoft.com/en-us/azure/architecture/framework/scalability/
monitor-infrastructure

Quick Preview:
Pregunta 89:
Omitido
You have an Azure subscription that contains the resources in the following table:
In Azure, you create a private DNS zone named adatum.com. You set the
registration virtual network to VNet2. The adatum.com zone is configured as
shown in the following exhibit:

For each of the following statements, select Yes if the statement is true. Otherwise,
select No.

VM6 can resolve VM9.adatum.com



Yes

(Correcto)

Explicación
Correct Answer: Yes

Yes - VM6 belongs to registration virtual network, and an A (Host) record exists for
VM9 in the DNS zone.

By default, registration virtual networks also act as resolution virtual networks, in

the sense that DNS resolution against the zone works from any of the virtual
machines within the registration virtual network.

Reference:

https://docs.microsoft.com/en-us/azure/dns/private-dns-overview

Quick Preview:
Pregunta 90:
Omitido
You have an Azure Active Directory (Azure AD) tenant named
contoso.onmicrosoft.com.

The User administrator role is assigned to a user named Admin1.

An external partner has a Microsoft account that uses the [email protected]

Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and
receives the following error message: “Unable to invite user [email protected] “”
Generic authorization exception.”

You need to ensure that Admin1 can invite the external partner to sign in to the
Azure AD tenant.

What should you do?

From the Organizational relationships blade, add an identity provider

From the Custom domain names blade, add a custom domain

From the Roles and administrators blade, assign the Security administrator
role to Admin1

From the Users settings blade, modify the External collaboration settings

(Correcto)
Explicación
Correct Answer: From the Users settings blade, modify the External collaboration
settings

You can adjust the guest user settings, their access, who can invite them from
"External collaboration settings"

External collaboration settings let you specify what roles in your organization can
invite external users for B2B collaboration. These settings also include options for
allowing or blocking specific domains, and options for restricting what external
guest users can see in your Azure AD directory. The following options are available:

Determine guest user access: Azure AD allows you to restrict what external guest
users can see in your Azure AD directory. For example, you can limit guest users'
view of group memberships, or allow guests to view only their own profile
information.

Specify who can invite guests: By default, all users in your organization, including
B2B collaboration guest users, can invite external users to B2B collaboration. If you
want to limit the ability to send invitations, you can turn invitations on or off for
everyone, or limit invitations to certain roles.

Enable guest self-service sign-up via user flows: For applications you build, you
can create user flows that allow a user to sign up for an app and create a new
guest account. You can enable the feature in your external collaboration settings,
and then add a self-service sign-up user flow to your app.

Allow or block domains: You can use collaboration restrictions to allow or deny
invitations to the domains you specify. For details, see Allow or block domains.
Reference:

https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Generic-
authorization-exception-inviting-Azure-AD-gests/td-p/274742

https://docs.microsoft.com/en-us/azure/active-directory/external-identities/
external-collaboration-settings-configure

Quick Preview:

AZ-700 Examtopics
No ratings yet
AZ-700 Examtopics
81 pages
1 I Wonder 5 Activity Book
100% (2)
1 I Wonder 5 Activity Book
29 pages
Renewal-AZ-104 Pic
0% (2)
Renewal-AZ-104 Pic
36 pages
Examtopics Microsoft's AZ-104 Topic5
No ratings yet
Examtopics Microsoft's AZ-104 Topic5
110 pages
AZ-104 Study Material
0% (2)
AZ-104 Study Material
36 pages
Microsoft Certified Azure Administrator Associate
No ratings yet
Microsoft Certified Azure Administrator Associate
12 pages
AZ - 104 Test 1
No ratings yet
AZ - 104 Test 1
204 pages
Azure Admin Exam Prep Guide
100% (1)
Azure Admin Exam Prep Guide
8 pages
AZ-104 Exam Questions and Answers
No ratings yet
AZ-104 Exam Questions and Answers
50 pages
Az 104 PDF
100% (1)
Az 104 PDF
10 pages
Deploy and Manage Azure Compute Resources
No ratings yet
Deploy and Manage Azure Compute Resources
67 pages
Describe Core Azure Services
No ratings yet
Describe Core Azure Services
26 pages
AZ-300 Demo PDF
No ratings yet
AZ-300 Demo PDF
35 pages
Az 104QABank
No ratings yet
Az 104QABank
255 pages
Azure 303 Practice Test 01
No ratings yet
Azure 303 Practice Test 01
74 pages
Azure Storage and Networking Q&A
No ratings yet
Azure Storage and Networking Q&A
8 pages
AZ - 104 Test 2
No ratings yet
AZ - 104 Test 2
248 pages
Microsoft Azure Exam Guide
No ratings yet
Microsoft Azure Exam Guide
234 pages
Az 300 D4PV20.03.04 269qa
No ratings yet
Az 300 D4PV20.03.04 269qa
522 pages
AZ-700 Updated Dumps - Designing and Implementing Microsoft Azure Networking Solutions
No ratings yet
AZ-700 Updated Dumps - Designing and Implementing Microsoft Azure Networking Solutions
43 pages
Az-104 9
No ratings yet
Az-104 9
50 pages
Az 300 PDF
No ratings yet
Az 300 PDF
533 pages
Question 3
No ratings yet
Question 3
20 pages
WRTGH
No ratings yet
WRTGH
100 pages
Microsoft AZ-104 Exam Prep Guide
No ratings yet
Microsoft AZ-104 Exam Prep Guide
18 pages
Azure Solutions and Best Practices Guide
No ratings yet
Azure Solutions and Best Practices Guide
51 pages
Renewal-AZ-104 Word
No ratings yet
Renewal-AZ-104 Word
7 pages
AZ Question 2
No ratings yet
AZ Question 2
358 pages
Microsoft AZ-104 v2024-12-30 q139
100% (1)
Microsoft AZ-104 v2024-12-30 q139
143 pages
AZ-104 Microsoft Azure Administrator Exam Dumps 1
No ratings yet
AZ-104 Microsoft Azure Administrator Exam Dumps 1
14 pages
AZ 700 Demo
No ratings yet
AZ 700 Demo
21 pages
Azure Virtual Network
No ratings yet
Azure Virtual Network
8 pages
Azure Quiz: CLI, AD Roles, VPN, Storage
No ratings yet
Azure Quiz: CLI, AD Roles, VPN, Storage
3 pages
Lab6 - Understanding Features of Virtual Network - Azure
No ratings yet
Lab6 - Understanding Features of Virtual Network - Azure
39 pages
Examtopics Microsoft's AZ-500 Topic6
100% (1)
Examtopics Microsoft's AZ-500 Topic6
24 pages
AZ 700 Demo
No ratings yet
AZ 700 Demo
21 pages
Az-104 3
No ratings yet
Az-104 3
12 pages
Az-104 2
No ratings yet
Az-104 2
57 pages
Azure Architect Exam AZ-300 Guide
No ratings yet
Azure Architect Exam AZ-300 Guide
285 pages
Az 104t00a Enu Powerpoint 04
No ratings yet
Az 104t00a Enu Powerpoint 04
42 pages
Microsoft AZ-104 Exam Guide
100% (2)
Microsoft AZ-104 Exam Guide
10 pages
3
No ratings yet
3
2 pages
AZ 300 Examcollection 209 Questions
No ratings yet
AZ 300 Examcollection 209 Questions
458 pages
Az 104
No ratings yet
Az 104
214 pages
Az 104t00a Enu Powerpoint 04
No ratings yet
Az 104t00a Enu Powerpoint 04
42 pages
Microsoft Prep4sure AZ-300 v2019-11-14 by Andrew 136q
No ratings yet
Microsoft Prep4sure AZ-300 v2019-11-14 by Andrew 136q
213 pages
Free AZ-104 Exam Questions & Answers
No ratings yet
Free AZ-104 Exam Questions & Answers
12 pages
MC - Uge 36 Og Uge37-Dario Baskarad
No ratings yet
MC - Uge 36 Og Uge37-Dario Baskarad
6 pages
Microsoft Azure Administrator Exam: Microsoft AZ-104 Version Demo
No ratings yet
Microsoft Azure Administrator Exam: Microsoft AZ-104 Version Demo
18 pages
AZ 104T00A ENU PowerPoint - 04
No ratings yet
AZ 104T00A ENU PowerPoint - 04
42 pages
Azure Admin Exam Prep Guide
No ratings yet
Azure Admin Exam Prep Guide
7 pages
Azure Admin Exam Prep Guide
No ratings yet
Azure Admin Exam Prep Guide
7 pages
Azure Interview Questions and Answers: 4. What Is Azure Virtual Machine?
No ratings yet
Azure Interview Questions and Answers: 4. What Is Azure Virtual Machine?
7 pages
AZ-303 Prepaway Premium Exam 59q
No ratings yet
AZ-303 Prepaway Premium Exam 59q
68 pages
Microsoft Az 104 Dumps by Cooper 18 01 2024 9qa Dumpshq
No ratings yet
Microsoft Az 104 Dumps by Cooper 18 01 2024 9qa Dumpshq
15 pages
Azure Assignment Instructions
No ratings yet
Azure Assignment Instructions
12 pages
This Study Resource Was
0% (2)
This Study Resource Was
2 pages
Microsoft AZ-104 v2022-03-14 q213
No ratings yet
Microsoft AZ-104 v2022-03-14 q213
174 pages
Readme
No ratings yet
Readme
138 pages
Psychopedagogy
100% (1)
Psychopedagogy
2 pages
Smart GPSLog
No ratings yet
Smart GPSLog
5 pages
新文件 12
No ratings yet
新文件 12
15 pages
Is 621
No ratings yet
Is 621
8 pages
Striving For Inner Peace Najmi
No ratings yet
Striving For Inner Peace Najmi
2 pages
BSCS CC-112 PF 2022 Solved
No ratings yet
BSCS CC-112 PF 2022 Solved
8 pages
Endsem Deep Learning Important
No ratings yet
Endsem Deep Learning Important
2 pages
Elasticsearch Docker Setup & Queries
No ratings yet
Elasticsearch Docker Setup & Queries
2 pages
69th Film Awards MCQs
No ratings yet
69th Film Awards MCQs
25 pages
The Antediluvian Patriarchs and The Sumerian King List 4n4774ei70
No ratings yet
The Antediluvian Patriarchs and The Sumerian King List 4n4774ei70
11 pages
Migration Tool Office Plus Templates
No ratings yet
Migration Tool Office Plus Templates
8 pages
Advanced NX Meshing Techniques
No ratings yet
Advanced NX Meshing Techniques
22 pages
Ir Mod4 Notes
No ratings yet
Ir Mod4 Notes
19 pages
Grammar Practice Activities
No ratings yet
Grammar Practice Activities
6 pages
Ex05 - To Create A CD Pipeline in Jenkins and Deploying To Azure Cloud
No ratings yet
Ex05 - To Create A CD Pipeline in Jenkins and Deploying To Azure Cloud
4 pages
History of Yoga and Signifcance
No ratings yet
History of Yoga and Signifcance
1 page
The Stolen Legacy Student's Name University Affiliation Course Number and Name Instructor Name Assignment Due Date
No ratings yet
The Stolen Legacy Student's Name University Affiliation Course Number and Name Instructor Name Assignment Due Date
6 pages
Primer On Byzantine Musical System Using Western Notation and Theory - Stanley Takis
No ratings yet
Primer On Byzantine Musical System Using Western Notation and Theory - Stanley Takis
8 pages
Unix IPC for Developers
No ratings yet
Unix IPC for Developers
15 pages
Ch-4 - Introduction To Calculus
No ratings yet
Ch-4 - Introduction To Calculus
51 pages
MultiTerm iXFirstSteps PDF
No ratings yet
MultiTerm iXFirstSteps PDF
40 pages
Session Guide
No ratings yet
Session Guide
6 pages
English (Long Term Plan)
No ratings yet
English (Long Term Plan)
33 pages
Section 4
No ratings yet
Section 4
4 pages
Shortcut Keys For Desktop & Laptop
No ratings yet
Shortcut Keys For Desktop & Laptop
3 pages
Shi'Ur Qomah
No ratings yet
Shi'Ur Qomah
2 pages
CHAITYAVANDAN
No ratings yet
CHAITYAVANDAN
4 pages
Women in Heart of Darkness
No ratings yet
Women in Heart of Darkness
4 pages
Lance: Efficient Random Access in Columnar Storage Through Adaptive Structural Encodings
No ratings yet
Lance: Efficient Random Access in Columnar Storage Through Adaptive Structural Encodings
13 pages