Question

no. Question Statement

You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises
network. The on-premises network uses a public IP address space of
131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be
attached to a virtual network named VNet1. VNet1 uses an IP address space of
1
192.168.0.0/24.
You need to configure account1 to meet the following requirements:
✑ Ensure that you can upload the disk files to account1.
✑ Ensure that you can attach the disks to VM1.
✑ Prevent all other access to account1.
Which two actions should you perform? Each correct answer presents part of the solution.

You plan to use the Azure Import/Export service to copy files to a storage account.
2 Which two files should you create before you prepare the drives for the import job? Each
correct answer presents part of the solution.

You have a Recovery Service vault that you use to test backups. The test backups contain two
protected virtual machines.
3
You need to delete the Recovery Services vault.
What should you do first?

You have an Azure Storage account named storage1.

You plan to use AzCopy to copy data to storage1.
4
You need to identify the storage services in storage1 to which you can copy the data.
What should you identify?

You have an Azure subscription that contains an Azure Storage account.

You plan to create an Azure container instance named container1 that will use a Docker image
named Image1. Image1 contains a Microsoft SQL Server instance that requires persistent
5 storage.
You need to configure a storage service for Container1.
What should you use?

You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2.
You plan to implement an Azure Availability Set for App1. The solution must ensure that App1
6 is available during planned maintenance of the hardware hosting
VM1 and VM2.
What should you include in the Availability Set?

You have an Azure subscription named Subscription1.

You have 5 TB of data that you need to transfer to Subscription1.
7
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant
named rpsexample.com and an Azure Kubernetes Service (AKS) cluster named AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in
8
rpsexample.com.
You need to ensure that access to AKS1 can be granted to the rpsexample.com users.
What should you do first?
 You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named
rpsexample.com.
You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft
9 SharePoint document library named Library1.
You need to create groups for the users. The solution must ensure that the groups are deleted
automatically after 180 days.
Which two groups should you create? Each correct answer presents a complete solution.

You recently created a new Azure subscription that contains a user named Admin1.
Admin1 attempts to deploy an Azure Marketplace resource by using an Azure Resource
Manager template. Admin1 deploys the template by using Azure
PowerShell and receives the following error message: ‫ג‬€User failed validation to purchase
resources. Error message: ‫ג‬€Legal terms have not been accepted for this item on this
10
subscription. To accept legal terms, please go to the Azure portal
(http://go.microsoft.com/fwlink/?LinkId=534873) and configure programmatic deployment for
the Marketplace item or create it there for the first time.‫ג‬€
You need to ensure that Admin1 can deploy the Marketplace resource successfully.
What should you do?

You have an Azure subscription named Subscription1 and an on-premises deployment of

Microsoft System Center Service Manager.
Subscription1 contains a virtual machine named VM1.
11
You need to ensure that an alert is set in Service Manager when the amount of available
memory on VM1 is below 10 percent.
What should you do first?

You sign up for Azure Active Directory (Azure AD) Premium.

You need to add a user named admin1@rpsexample.com as an administrator on all the
12
computers that will be joined to the Azure AD domain.
What should you configure in Azure AD?

You have an Azure subscription named Subscription1 that contains a virtual network named
VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
13 ✑ Reader
✑ Security Admin
Security Reader -
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do?

You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.
Your company has a public DNS zone for rpsexample.com.
14 You add rpsexample.com as a custom domain name to Azure AD.
You need to ensure that Azure can verify the domain name.
Which type of DNS record should you create?

You have an Azure subscription named Subscription1 that contains an Azure Log Analytics
workspace named Workspace1.
15
You need to view the error from a table named Event.
Which query should you run in Workspace1?
 You have an Azure subscription.
Users access the resources in the subscription from either home or from customer sites. From
home, users must establish a point-to-site VPN to access the Azure resources. The users on the
customer sites access the Azure resources by using site-to-site VPNs.
16 You have a line-of-business-app named App1 that runs on several Azure virtual machine. The
virtual machines run Windows Server 2016.
You need to ensure that the connections to App1 are spread across all the virtual machines.
What are two possible Azure services that you can use? Each correct answer presents a
complete solution.

You have an Azure subscription.

You have 100 Azure virtual machines.
17 You need to quickly identify underutilized virtual machines that can have their service tier
changed to a less expensive offering.
Which blade should you use?

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the user1@outlook.com sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives
18 the following error message: ‫ג‬€Unable to invite user user1@outlook.com ‫ג‬€" Generic
authorization exception.‫ג‬€
You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD
tenant.
What should you do?

You have an Azure subscription linked to an Azure Active Directory tenant. The tenant includes
19 a user account named User1.
You need to ensure that User1 can assign a policy to the tenant root management group.
What should you do?

You have an Azure subscription that contains a user named User1.

You need to ensure that User1 can deploy virtual machines and manage virtual networks. The
20
solution must use the principle of least privilege.
Which role-based access control (RBAC) role should you assign to User1?

You have an Azure subscription named Subscription1 that contains an Azure virtual machine
named VM1. VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
21
You need to ensure that a service running on VM1 can manage the resources in RG1 by using
the identity of VM1.
What should you do first?

You have an Azure DNS zone named adatum.com.

You need to delegate a subdomain named research.adatum.com to a different DNS server in
22
Azure.
What should you do?

You have an on-premises server that contains a folder named D:\Folder1.

You need to copy the contents of D:\Folder1 to the public container in an Azure Storage
23 account named contosodata.
Which command should you run?
 A web developer creates a web application that you plan to deploy as an Azure web app. Users
must enter credentials to access the web application. You create a new web app named
24
WebAppl1 and deploy the web application to WebApp1.
You need to disable anonymous access to WebApp1. What should you configure?

You are building a custom Azure function app to connect to Azure Event Grid. You need to
ensure that resources are allocated dynamically to the function app. Billing must be based on
25
the executions of the app.
What should you configure when you create the function app?

You create an Azure Storage account named contosostorage. You plan to create a file share
named data. Users need to map a drive to the data file share from home computers that run
26
Windows 10.
Which outbound port should you open between the home computers and the data file share?

You deploy an Azure Application Gateway. You need to ensure that all the traffic requesting
https://adatum.com/internal resources is directed to an internal server pool and all the traffic
27 requesting https://adatum.com/external resources is directed to an external server pool.
What should you configure on the Application Gateway?

Your company has 53 offices distributed across the world. Your company uses Office 365 for all
employees and an Active Directory Domain Services (AD DS) domain to manage identity for
employees. The Azure AD tenant for Office 365 and the AD DS domain are not connected.
28 You are asked to implement multi-factor authentication (MFA). You need to ensure that users
do not need to provide two-factor authentication when they are connected to the company's
network from each of the 53 offices.
What two actions should you perform?

The development team asks you to provision an Azure storage account for their use. To remain
in compliance with IT security policy, you need to ensure that the new Azure storage account
meets the following requirements:
29 - Data must be encrypted at rest.
- Access keys must facilitate automatic rotation.
- The company must manage the access keys.
What should you do?

You are configuring Azure Active Directory (AD) Privileged Identity Management. You need to
provide a user named Admm1 with read access to a resource group named RG1 for only one
30
month. The user role must be assigned immediately.
What should you do?

You create an Azure subscription that is associated to a basic Azure Active Directory (Azure AD)
31 tenant. You need to receive an email notification when any user activates an administrative
role. What should you do?

You download an Azure Resource Manager template based on an existing virtual machine. The
template will be used to deploy 100 virtual machines.
32 You need to modify the template to reference an administrative password. You must prevent
the password from being stored in plain text.
What should you create to store the password?
 Your company is developing a line-of-business (LOB) application that uses the Azure loT Hub
for gathering information from Internet of things (loT) devices. The LOB application uses the
loT Hub Service SDK to read device telemetry from the loT Hub.
33
You need to monitor device telemetry and be able configure alerts based on device telemetry
values. Your solution should require the least administrative effort.
What should you do?

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant
named rpsexample.com and an Azure Kubernetes Service (AKS) cluster named AKS1. An
administrator reports that she is unable to grant access to AKS1 to the users in
34
rpsexample.com. You need to ensure that access to AKS1 can be granted to the
rpsexample.com users.
What should you do first?

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named
rpsexample.com.
You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft
35 SharePoint document library named Library1.
You need to create groups for the users. The solution must ensure that the groups are deleted
automatically after 180 days.
Which two groups should you create? Each correct answer presents a complete solution.

You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.
You create a new user account named AdminUser1.
36
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that
contains 100 user accounts.
37 You purchase 10 Azure AD Premium P2 licenses for the tenant.
You need to ensure that 10 users can use all the Azure AD Premium features.
What should you do?
38 Is IPV6 to IPV6 communication is supported without load balancer?
39 What effect is evaluated first in Azure Policy
40 What is the restore period of an Azure AD user?

41 How are NotActions used in a role definition?

42 What Role is needed to manage access to Azure Resources?

43 Pubilc IP assigned to the Nic will take precedence over one on the Load balancer?
44 In Kubernetes can a POD share Managed Disks?
45 A Basic IP SKU can support availability zones
We need to set up and DNS record to point to an Azure load-balancer which record will need
46
to be created.
47 What files is used to customise Linux on first boot?
48 azure Private DNS be linked to multiple VNETS
49 What command is used to update VPN Gateway with Subnet?
50 What is the maximum recovery period for Azure File Shares
Which two files should you create before you prepare the drives for the import job? Each
51
correct answer presents part of the solution.
 Which among the following is the correct Azure CLI cmdlet to create a Network Security Group
52
(NSG)?
You are assigning Azure AD roles. Which role will allow the user to manage all the groups in
53
your Team’s tenants and be able to assign other administrator roles? Select one.
You would like to categorize resources and billing for different departments like IT and HR. The
54 billing needs to be consolidated across multiple resource groups and you need to ensure
everyone complies with the solution. What should you do?

55 Which of the following best describes the format of an Azure Resource Manager template?

Your company has an existing Azure tenant named alpineskihouse.onmicrosoft.com. The

company wants to start using alpineskihouse.com for its Azure resources. You add a custom
56
domain to Azure. Now, you need to add a DNS record to prepare for verifying the custom
domain. Which two of the following record types could you create?

Your company is preparing to implement a Site-to-Site VPN to Microsoft Azure. You are
selected to plan and implement the VPN. Currently, you have an Azure subscription, an Azure
virtual network, and an Azure gateway subnet. You need to prepare the on-premises
57
environment and Microsoft Azure to meet the prerequisites of the Site-to-Site VPN. Later, you
will create a VPN connection and test it. What should you do? (Each answer presents part of
the solution. Select three.

58 Which load balancing strategy does the Application Gateway implement?

You discover that VM3 does NOT meet the technical requirements. You need to verify whether
59
the issue relates to the NSGs. What should you use?

60 You need to meet the technical requirement for VM4. What should you create and configure?

You need to recommend a solution to automate the configuration for the finance department
61 users. The solution must meet the technical requirements. What should you include in the
recommended?

You need to prepare the environment to meet the authentication requirements. Which two
62
actions should you perform? Each correct answer presents part of the solution.

You have an Azure subscription that contains the following resources:

100 Azure virtual machines
20 Azure SQL databases
63
50 Azure file shares
You need to create a daily backup of all the resources by using Azure Backup. What is the
minimum number of backup policies that you must create?
 You have an Azure virtual machine named VM1.
You use Azure Backup to create a backup of VM1 named Backup1. After creating Backup1, you
perform the following changes to VM1:
Modify the size of VM1.
Copy a file named Budget.xls to a folder named Data.
64
Reset the password for the built-in administrator account.
Add a data disk to VM1.
An administrator uses the Replace existing option to restore VM1 from Backup1. You need to
ensure that all the changes to VM1 are restored.
Which change should you perform again?

You need to resolve the licensing issue before you attempt to assign the license again. What
65
should you do?

You have an Azure virtual machine named VM1.

The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)
You deploy a web server on VM1, and then create a secure website
66 that is accessible by using the
HTTPS protocol VM1 is used as a web server only.
You need to ensure that users can connect to the website from the Internet.
What should you do?

67 Which blade should you instruct the finance department auditors to use?

You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services
vaults named RSV1 and RSV2.
68
VM2 is protected by RSV1.
You need to use RSV2 to protect VM2. What should you do first?\

You have an Azure Active Directory (Azure AD) tenant named rpsexample.com. Multi-factor
authentication (MFA) is enabled for all users.
69 You need to provide users with the ability to bypass MFA for 10 days on devices to which they
have successfully signed in by using MFA.
What should you do?

You download an Azure Resource Manager template based on an existing virtual machine. The
template will be used to deploy 100 virtual machines. You need to modify the template to
70
reference an administrative password. You must prevent the password from being stored in
plain text. What should you create to store the password?

You have an Azure virtual machine named VM1 that runs Windows Server 2019. You sign in to
VM1 as a user named User 1 and perform the following actions:
* Create files on drive C.
71 * Create files on drive 0.
* Modify the screen saver timeout.
* Change the desktop background. You plan to redeploy VM1.
Which changes will be lost after you redeploy VM1?
 You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant
named adatum.com. The tenant contains 500 user accounts.
You deploy Microsoft Office 365. You configure Office 365 to use the user accounts in
adatum.com. You configure 60 users to connect to mailboxes in Microsoft
72 Exchange Online.
You need to ensure that the 60 users use Azure Multi-Factor Authentication (MFA) to connect
to the Exchange Online mailboxes. The solution must only affect
connections to the Exchange Online mailboxes.
What should you do?

You create an App Service plan named App1 and an Azure web app named webapp1. You
discover that the option to create a staging slot is unavailable. You
73
need to create a staging slot for App1.
What should you do first?

You have an Azure virtual machine named VM1. Azure collects events from VM1.
You are creating an alert rule in Azure Monitor to notify an administrator when an error is
74 logged in the System event log of VM1.
You need to specify which resource type to monitor.
What should you specify?

You need to resolve the licensing issue before you attempt to assign the license again. What
75
should you do?

76 You need to resolve the Active Directory issue. What should you do?

You have an Azure virtual machine named VM1.

The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)
You deploy a web server on VM1, and then create a secure website
77 that is accessible by using the
HTTPS protocol VM1 is used as a web server only.
You need to ensure that users can connect to the website from the Internet.
What should you do?

You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services
vaults named RSV1 and RSV2.
78
VM2 is protected by RSV1.
You need to use RSV2 to protect VM2. What should you do first?

You have an Azure virtual machine named VM1.

You use Azure Backup to create a backup of VM1 named Backup1. After creating Backup1, you
perform the following changes to VM1:
Modify the size of VM1.
82 Copy a file named Budget.xls to a folder named Data.
Reset the password for the built-in administrator account.
Add a data disk to VM1.
An administrator uses the Replace existing option to restore VM1 from Backup1. You need to
ensure that all the changes to VM1 are restored.
Which change should you perform again?
 You have an Azure Active Directory (Azure AD) tenant named rpsexample.com. Multi-factor
authentication (MFA) is enabled for all users.
83 You need to provide users with the ability to bypass MFA for 10 days on devices to which they
have successfully signed in by using MFA.
What should you do?
Option 1 Option 2 Option 3

From the Firewalls and virtual

From the Firewalls and virtual networks blade of account1, From the Firewalls and virtual
networks blade of account1, add
networks blade of account1, select Allow trusted Microsoft
the 131.107.1.0/24 IP address
select Selected networks. services to access this storage
range.
account.

an XML manifest file a dataset CSV file a JSON configuration file

From the Recovery Service vault, Modify the disaster recovery Modify the locks of each virtual
properties of each virtual
delete the backup data. machine. machine.

blob, file, table, and queue blob and file only file and table only

Azure Files Azure Blob storage Azure Queue storage

one update domain two fault domains one fault domain

an Azure Cosmos DB database Azure Blob storage Azure Data Lake Store

From rpsexample.com, modify  From rpsexample.com, create an

the Organization relationships OAuth 2.0 authorization Recreate AKS1.
settings endpoint.
 a Microsoft 365 group that uses
a Microsoft 365 group that uses a Security group that uses the
the Dynamic User membership
the Assigned membership type Assigned membership type
type

From Azure PowerShell, run the

From the Azure portal, register
Set- the Microsoft.Marketplace From Azure PowerShell, run the
AzApiManagementSubscription Set-AzMarketplaceTerms cmdlet
resource provider
cmdlet

Deploy the IT Service

Create an automation runbook Deploy a function app
Management Connector (ITSM)

Device settings from the Devices Providers from the MFA Server User settings from the Users
blade blade blade

Remove User1 from the Security

Reader role for Subscription1. Assign User1 the Owner role for Assign User1 the Network
Assign User1 the Contributor role VNet1. Contributor role for VNet1.
for Subscription1.

MX NSEC PTR

Get-Event Event | where select * from Event where

search in (Event) "error"
{$_.EventType == "error"} EventType == "error"
 an Azure Content Delivery
an internal load balancer a public load balancer
Network (CDN)

Monitor Advisor Metrics

From the Organizational

From the Users blade, modify the From the Custom domain names relationships blade, add an
External collaboration settings. blade, add a custom domain.
identity provider.

Assign the Owner role for the Assign the Global administrator
Assign the Owner role for the
Azure subscription to User1, and role to User1, and then instruct
Azure Subscription to User1, and then instruct User1 to configure User1 to configure access
then modify the default
access management for Azure management for Azure
conditional access policies.
resources. resources.

Owner Virtual Machine Contributor Contributor

From the Azure portal, modify From the Azure portal, modify From the Azure portal, modify
the Managed Identity settings of the Access control (IAM) settings the Access control (IAM) settings
VM1 of RG1 of VM1

Create an NS record named Create an PTR record named

Modify the SOA record of
research in the adatum.com research in the adatum.com
adatum.com.
zone. zone.

https:// azcopy sync D:\folder1 azcopy copy D:\folder1

contosodata.blob.core.windows. https://contosodata.blob.core.wi https://contosodata.blob.core.wi
net/public ndows.net/public --snapshot ndows.net/public --recursive
Advanced Tools Authentication/ Authorization Access control (IAM)

the Windows operating system the Windows operating system the Docker container and an App
and the Consumption plan and the App Service plan hosting Service plan that uses the Bl1
hosting plan plan pricing tier

80 443 445

URL path-based routing multi-site listeners basic routing

Configure a trusted IP address

with the value: c:[Type== Configure directory
Configure federation between "http://schemas.microsoft.com/ synchronization between the
your AD DS domain and the
ws/2012/01 Azure AD tenant and the AD DS
Azure AD tenant.
/insidecorporatenetwork'] => domain.
issue(claim = c);

Create a service endpoint

Configure the storage account to Require secure transfer for the
between the storage account and
store its keys in Azure Key Vault. storage account.
a virtual network (VNet).

Assign an active role. Assign an eligible role. Assign a permanently active role.

Purchase Enterprise Mobility +

Purchase Azure AD Premium 92 Purchase Enterprise Mobility +
Security E5 and create a custom
and configure Azure AD Security E3 and configure alert rule in Azure Security
Privileged Identity Management. conditional access policies.
Center.

Azure Active Directory (AD)

a Recovery Services vault and a an Azure Key Vault and an access
Identity Protection and an Azure
backup policy policy
policy
 Enable Azure Monitor resource
Use Azure Activity Logs. Use Azure Resource Health.
diagnostics logs on the loT Hub.

From rpsexample.com, modify From rpsexample.com, create an

the Organization relationships OAuth 2.0 authorization Recreate AKS1.
settings. endpoint.

an Office 365 group that uses the a Security group that uses the an Office 365 group that uses the
Assigned membership type Assigned membership type Dynamic User membership type

From the Licenses blade, assign a From the Directory role blade, From the Groups blade, invite the
new license modify the directory role user account to a new group

From the Licenses blade of Azure From the Groups blade of each From the Azure AD domain, add
AD, assign a license user, invite the users to a group an enterprise application

1 0  
Append  Disabled  Deny
30 days  60  90
NotActions are subtracted from  NotActions are consulted after NotActions allow you to specify a
the Actions to define the list of Actions to deny access to a single operation that is not
permissible operations. specific operation. allowed.
Co-administrator Owner User Access Administrator
1 0  
Yes No  
1 0  
Record Set A Record CNAME
Answer.ini cloudinit.txt unattended.conf
1 0  
Set-AzLocalNetworkGateway Set-AzNetworkInterface Add-
AzVirtualNetworkSubnetConfig
10 Years 365 Days 31 Days
a drive set CSV file a JSON configuration file a PowerShell PS1 file
az sec nsg update az nsg create az network nsg create

Global Administrator Password Administrator Security Administrator

Create a billing group for each

Create tags for each department department Create an Azure policy

A markdown document with a A JSON document with key-value A TXT document with key-value
pointer table pairs pairs

Add a PTR record to the DNS Add an MX record to the DNS

Add a TXT record to the DNS zone
zone zone

Create a virtual network gateway

Obtain a VPN device for the on- Obtain a VPN device for the
(VPN) and the local network
premises environment. Azure environment.
gateway in Azure

Distributes requests to each Distributes requests to the server Polls each server in the backend
pool in turn and sends the
available server in a backend in the backend pool with the
request to the first server that
pool, in turn, round-robin. lightest load.
responds.
the security recommendations in Diagnostic settings in Azure
Diagram in VNet1
Azure Advisor Monitor

an Azure Notification Hub an Azure Event Hub an Azure Logic App

an Azure logic app and the

Azure AD B2C Azure AD Identity Protection Microsoft Identity Management
(MIM) client
Addhttp://
Allow inbound TCP port 8080 to autogon.microsoftazuread-
Join the client computers in the
the domain controllers in the sso.com to the intranet zone of
Miami office to Azure AD.
Miami office each client computer in the
Miami office.

1 2 3
 Reset the password for the built-
Modify the size of VM1. Add a data disk.
in administrator account.

From the Groups blade, invite the From the Profile blade, modify From the Profile blade, modify
user accounts to a new group. the user account. the usage location.

Change the priority of Rule3 to Change the priority of Rule6 to

450. 100 DeleteRule1.

invoices partner information cost analysis

From the RSV1 blade, click From the Backup blade, select
From the RSV1 blade, click
Backup items and stop the VM2 the backup for the virtual
backup. Backup machine, and then click Backup.

From the multi-factor From the multi-factor

From Azure AD, create a
authentication page, configure authentication page, configure
the users’ settings. conditional access policy the service settings.

Azure Active Directory (AD)

a Recovery Services vault and a an Azure Key Vault and an access
Identity Protection and an Azure
backup policy policy
policy

the modified screen saver

the new desktop background the new files on drive
timeout
From the multi-factor
From Azure Active Directory From the multi-factor
authentication page, configure
the Multi-Factor Auth status for admin center, create a authentication page, modify the
conditional access policy verification options
each user

From webapp1, modify the From webapp1, add a custom From App1, scale up the App
Application settings. domain. Service plan.

metric alert Azure Log Analytics workspace virtual machine

From the Groups blade, invite the From the Profile blade, modify From the Directory role blade,
user accounts to a new group the usage location. modify the directory role.

From Active Directory Users and

From Active Directory Domains
Computers, select the user Run idfix.exe, and then use the
accounts, and then modify the Edit action. and Trusts, modify the list of UPN
suffixes.
User Principal Name value.

Change the priority of Rule3 to Change the priority of Rule6 to

DeleteRule1.
450 100

From the RSV1 blade, click From the RSV1 blade, click
Backup items and stop the VM2 Backup Jobs and export the VM2 From the RSV1 blade, click Backu
backup. backup.

Modify the size of VM1. Add a data disk. Reset the password for the built-
in administrator account.
From the multi-factor From Azure AD, create a From the multi-factor
authentication page, configure authentication page, configure
conditional access policy.
the users’ settings. the service settings
Option 4 Option 5 Option 6

From the Firewalls and virtual

From the Service endpoints blade
networks blade of account1, add  
of VNet1, add a service endpoint.
VNet1.

a PowerShell PS1 file a driveset CSV file  

From the Recovery Service vault,

stop the backup of each backup    
item.

file only blob, table, and queue only  

Azure Table storage    

two update domains    

the Azure File Sync Storage Sync

   
Service

From AKS1, create a namespace.    

 a Security group that uses the
a Security group that uses the
Dynamic Device membership  
Dynamic User membership type
type

From the Azure portal, assign the

Billing administrator role to    
Admin1

Create a notification    

General settings from the Groups  

 
blade

Assign User1 the Network    

Contributor role for RG1.

RRSIG    

Get-Event Event | where

   
{$_.EventTye ‫ג‬€"eq "error"}
Traffic Manager an Azure Application Gateway  

Customer insights    

From the Roles and

administrators blade, assign the
   
Security administrator role to
Admin1.

Create a new management group

and delegate User1 as the owner    
of the new management group.

Virtual Machine Administrator

   
Login

From the Azure portal, modify

   
the Policies settings of RG1

Create an A record named

*.research in the adatum.com    
zone.

az storage blob copy start-batch

D:\Folder1
https://contosodata.blob.core.wi    
ndows.net/public
Deployment credentials    

the Docker container and an App

Service plan that uses the SI    
pricing

3389    

SSL termination    

Configure a trusted IP address

with an entry for each subnet in    
the company's network.

Enable Storage Service

Encryption (SSE) on the storage    
account.

Create a custom role and a

   
conditional access policy.

Purchase Azure AD Premium PI

and enable Azure AD Identity    
Protection.

an Azure Storage account and an

   
access policy
Use Azure Application Insights
   
with the LOB application.

From AKS1, create a namespace.    

a Security group that uses the

a Security group that uses the
Dynamic User membership type Dynamic Device membership  
type

     

From the Directory role blade of

each user, modify the directory    
role

     
Audit    
Can't restore    

     

Contributor    
     
     
     
 AAA    
unattended.xml    
     
     
 120 Days    
an XML manifest file a dataset CSV file  
az security nsg create    

User Administrator    

Add the groups into a single Create a subscription account

resource group rule  

An XML document with element-

   
value pairs

Add d an SRV record to the DNS Add a CNAME record to the DNS
 
zone zone

Create a virtual network gateway Obtain a public IPv4 IP address Obtain a public IPv4 IP address
(ExpressRoute) in Azure without NAT for the VPN device behind NAT for the VPN device

Uses one server in the backend

pool until that server reaches
   
50% load, then moves to the next
server.
Diagnose and solve problems in IP flow verify in Azure Network
 
Traffic Manager Profiles Watcher

an Azure services Bus    

dynamic groups and conditional

   
access policies

Install the Active Directory Install Azure AD Connect on a

Federation Services (AD FS) role server in the Miami office and
 
on a domain controller in the enable Pass-through
Miami office. Authentication.

150 170  
Copy Budget.xls to Data.    

     

Create a new inbound rule that

allows TCP protocol 443 and
configure the protocol to have a    
priority of 501.

External services    
From the VM2 blade, click
Disaster recovery, click
Replication settings, and then  
select RSV2 as the Recovery
Services vault.

From the MFA blade in Azure AD,

configure the MFA Server    
settings.

an Azure Storage account and an

   
access policy

The new files on drive C    

From the Azure Active Directory
admin center, configure an    
authentication method

From App1, scale out the App

   
Service plan.

virtual machine extension    

     

From Azure AD Connect, modify

the outbound synchronization    
rule.

Create a new inbound rule that

allows TCP protocol 443 and
   
configure the protocol to have a
priority of 501

From the VM2 blade, click

From the Backup blade, select Disaster recovery, click
the backup for the virtual Replication settings, and then  
machine, and then click Backup. select RSV2 as the Recovery
Services vault.

Copy Budget.xls to Data    

From the MFA blade in Azure AD,
configure the MFA Server    
settings.
Correct Answer-1 Correct Answer-2 Correct Answer-3

From the Firewalls and virtual

From the Service endpoints blade
networks blade of account1,  
of VNet1, add a service endpoint.
select Selected networks.

a driveset CSV file a dataset CSV file  

From the Recovery Service vault,

stop the backup of each backup    
item.

blob and file only    

Azure Table storage    

two update domains    

Azure Blob storage    

 From rpsexample.com, create an

OAuth 2.0 authorization    
endpoint.
 a Microsoft 365 group that uses
a Microsoft 365 group that uses
the Dynamic User membership  
the Assigned membership type
type

From Azure PowerShell, run the    

Set-AzMarketplaceTerms cmdlet

Deploy the IT Service

   
Management Connector (ITSM)

Device settings from the Devices  

 
blade

Assign User1 the Owner role for    

VNet1.

MX    

search in (Event) "error"    

an internal load balancer an Azure Application Gateway  

Advisor    

From the Users blade, modify the  

 
External collaboration settings.

Assign the Owner role for the

Azure subscription to User1, and
then instruct User1 to configure    
access management for Azure
resources.

Virtual Machine Contributor    

From the Azure portal, modify

the Managed Identity settings of    
VM1

Create an NS record named

research in the adatum.com    
zone.

azcopy copy D:\folder1

https://contosodata.blob.core.wi    
ndows.net/public --recursive
Authentication/ Authorization    

the Windows operating system

and the Consumption plan    
hosting plan

445    

URL path-based routing    

Configure a trusted IP address

with the value: c:[Type==
Configure federation between "http://schemas.microsoft.com/
your AD DS domain and the  
ws/2012/01
Azure AD tenant.
/insidecorporatenetwork'] =>
issue(claim = c);

Configure the storage account to

   
store its keys in Azure Key Vault.

Assign an eligible role.    

Purchase Azure AD Premium 92

and configure Azure AD    
Privileged Identity Management.

an Azure Key Vault and an access

   
policy
Enable Azure Monitor resource
   
diagnostics logs on the loT Hub.

From rpsexample.com, create an

OAuth 2.0 authorization    
endpoint.

an Office 365 group that uses the an Office 365 group that uses the
Assigned membership type Dynamic User membership type  

From the Directory role blade,

   
modify the directory role

From the Licenses blade of Azure  

 
AD, assign a license

1    
 Disabled    
30 days    
NotActions are subtracted from
the Actions to define the list of    
permissible operations.
User Access Administrator    
1    
Yes    
0    
Record Set    
cloudinit.txt    
1    
Set-AzLocalNetworkGateway    
10 Years    
a drive set CSV file a dataset CSV file  
az network nsg create    

Global Administrator    

Create tags for each department Create an Azure policy  

An XML document with element-

   
value pairs

Add an MX record to the DNS

Add a TXT record to the DNS zone  
zone

Create a virtual network gateway

Obtain a VPN device for the on- Obtain a public IPv4 IP address
(VPN) and the local network
premises environment. without NAT for the VPN device
gateway in Azure

Distributes requests to each

available server in a backend    
pool, in turn, round-robin.

IP flow verify in Azure Network

   
Watcher

an Azure Event Hub    

dynamic groups and conditional

   
access policies

Addhttp:// Install Azure AD Connect on a

autogon.microsoftazuread-
server in the Miami office and
sso.com to the intranet zone of  
enable Pass-through
each client computer in the
Authentication.
Miami office.

3    
Copy Budget.xls to Data.    

From the Groups blade, invite the

   
user accounts to a new group.

Create a new inbound rule that

allows TCP protocol 443 and
configure the protocol to have a    
priority of 501.

invoices    

From the Backup blade, select

the backup for the virtual    
machine, and then click Backup.

From the multi-factor

authentication page, configure    
the service settings.

an Azure Key Vault and an access

   
policy

The new files on drive C    

From the multi-factor
authentication page, configure
the Multi-Factor Auth status for    
each user

From App1, scale up the App

   
Service plan.

virtual machine extension    

From the Groups blade, invite the  

 
user accounts to a new group

Run idfix.exe, and then use the

Edit action.    

Create a new inbound rule that

allows TCP protocol 443 and
   
configure the protocol to have a
priority of 501

From the Backup blade, select

the backup for the virtual    
machine, and then click Backup.

Copy Budget.xls to Data    

From the multi-factor
authentication page, configure    
the service settings