- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour.
Solution: You create an event subscription on VM1. You create an alert in Azure Monitor and specify VM1 as the source.
Does this meet the goal?
Correct Answer:B
Instead: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview
- (Exam Topic 1)
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs.
What should you use?
Correct Answer:E
Scenario: Litware must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
- (Exam Topic 6)
You have an Azure subscription that contains the resources shown in the following table.
VM1 connects to VNET1.
You need to connect VM1 to VNET2.
Solution: You turn off VM1, and then you add a new network interface to VM1. Does this meet the goal?
Correct Answer:B
Instead you should delete VM1. You recreate VM1, and then you add the network interface for VM1.
Note: When you create an Azure virtual machine (VM), you must create a virtual network (VNet) or use an existing VNet. You can change the subnet a VM is connected to after it's created, but you cannot change the VNet.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/network-overview
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com. Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name. Which type of DNS record should you create?
Correct Answer:B
TXT or MX : Correct
You can use either a TXT or MX record to verify the custom domain in the Azure AD. MX records can serve the purpose of TXT records
SRV : Incorrect
SRV records are used by various services to specify server locations. When specifying an SRV record in Azure DNS
DNSKEY : Incorrect Choice
This will verify that the records are originating from an authorized sender. NSEC : Incorrect Choice
This is Part of DNSSEC. This is used for explicit denial-of-existence of a DNS record. It is used to prove a name does not exist.
Reference:
https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain#verify-your-custom-d https://www.cloudflare.com/dns/dnssec/how-dnssec-works/#:~:text=DNSKEY - Contains a
- (Exam Topic 4)
You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct Answer:BC
B: Modify the driveset.csv file in the root folder where the tool resides.
C: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?
Correct Answer:A
The Contributor role can manage all resources (and add resources) in a Resource Group. Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview