- (Exam Topic 4)
You have an Azure subscription that contains the virtual machines shown in the following table.
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.
NSG2 uses the default and the following custom incoming rule:
Priority: 100
Name: Rule1
Port: 3389
Protocol: TCP
Source: Any
Destination: Any
Action: Allow
NSG1 connects to Subnet1. NSG2 connects to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Solution:
Box 1: No
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Box 2: Yes
NSG2 will allow this.
Box 3: Yes
NSG2 will allow this.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default. References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
Does this meet the goal?
Correct Answer:A
- (Exam Topic 5)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription. Does this meet the goal?
Correct Answer:B
How can I freeze or lock my production/critical Azure resources from accidental deletion? There is way to do this with both ASM and ARM resources using Azure resource lock.
References:
https://blogs.msdn.microsoft.com/azureedu/2016/04/27/using-azure-resource-manager-policy-and-azure-lock-to
- (Exam Topic 4)
You manage two Azure subscriptions named Subscription1 and Subscription2. Subscription1 has following virtual networks:
The virtual networks contain the following subnets:
Subscription2 contains the following virtual network:
Name: VNETA
Address space: 10.10.128.0/17
Location: Canada Central
VNETA contains the following subnets:
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Solution:
Box 1: Yes
With VNet-to-VNet you can connect Virtual Networks in Azure across Different regions. Box 2: Yes
Azure supports the following types of peering:
Virtual network peering: Connect virtual networks within the same Azure region. Global virtual network peering: Connecting virtual networks across Azure regions. Box 3: No
The virtual networks you peer must have non-overlapping IP address spaces. References:
https://azure.microsoft.com/en-us/blog/vnet-to-vnet-connecting-virtual-networks-in-azure-across-different-regio https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-cons
Does this meet the goal?
Correct Answer:A
- (Exam Topic 5)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You modify the priority of the Allow_131.107.100.50 inbound security rule. Does this meet the goal?
Correct Answer:A
- (Exam Topic 4)
You plan to deploy an Azure container instance by using the following Azure Resource Manager template.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the template.
Solution:
Box 1: can connect to the container from any device
In the policy "osType": "window" refer that it will create a container in a container group that runs Windows but it won't block access depending on device type.
Box 2: the container will restart automatically
Docker provides restart policies to control whether your containers start automatically when they exit, or wh Docker restarts. Restart policies ensure that linked containers are started in the correct order. Docker recommends that you use restart policies, and avoid using process managers to start containers.
on-failure : Restart the container if it exits due to an error, which manifests as a non-zero exit code. As the flag is mentioned as "on-failure" in the policy, so it will restart automatically
Reference:
https://docs.microsoft.com/en-us/cli/azure/container?view=azure-cli-latest https://docs.docker.com/config/containers/start-containers-automatically/
Does this meet the goal?
Correct Answer:A
- (Exam Topic 4)
You have a sync group that has the endpoints shown in the following table.
Cloud tiering is enabled for Endpoint3.
You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.
You need to identify on which endpoints File1 and File2 will be available within 24 hours of adding the files. What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
File1: Endpoint3 only
Cloud Tiering: A switch to enable or disable cloud tiering. When enabled, cloud tiering will tier files to your Azure file shares. This converts on-premises file shares into a cache, rather than a complete copy of the dataset, to help you manage space efficiency on your server. With cloud tiering, infrequently used or accessed files can be tiered to Azure Files.
File2: Endpoint1, Endpoint2, and Endpoint3 References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-cloud-tiering
Does this meet the goal?
Correct Answer:A