- (Exam Topic 6)
You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.
VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and Vnet2.
An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
You need to move the custom application to Vnet2. The solution must minimize administrative effort. Which two actions should you perform? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
We cannot just move a virtual machine between networks. What we need to do is identify the disk used by the VM, delete the VM itself while retaining the disk, and recreate the VM in the target virtual network and then attach the original disk to it.
First action: Delete VM1
Second action: Create a new virtual machine Reference:
https://docs.microsoft.com/en-us/archive/blogs/canitpro/step-by-step-move-a-vm-to-a-different-vnet-on-azure
https://4sysops.com/archives/move-an-azure-vm-to-another-virtual-network-vnet/#migrate-an-azure-vmbetween
Does this meet the goal?
Correct Answer:A
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.
Does this meet the goal?
Correct Answer:A
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default. References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
- (Exam Topic 6)
You have an Azure subscription that contains the resources in the following table.
Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1. You need to apply ASG1 to VM1.
What should you do?
Correct Answer:C
Application Security Group can be associated with NICs. References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#application-security-groups
- (Exam Topic 5)
You have an Azure subscription named Subscription1 that contains the virtual networks in the following table.
Subscripton1 contains the virtual machines in the following table.
In Subscription1, you create a load balancer that has the following configurations:
Name: LB1
SKU: Basic
Type: Internal
Subnet: Subnet12
Virtual network: VNET1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: each correct selection is worth one point.
Solution:
Statement 1 : Basic load balancer supports Virtual machine in a single Availability set or virtual machine scale set (VMSS) only . Hence this statement is correct.
Statement 2 : Basic load balancer supports Virtual machine in a single Availability set or virtual scale set only or one standalone VM. VM3 and VM4 are not part of any availability set or VMSS .Hence this statement is incorrect.
Statement 3 : Basic load balancer supports Virtual machine in a single Availability set or virtual scale set on or one standalone VM. VM5 and VM6 are not part of any availability set or VMSS .Hence this statement is incorrect.
References:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
Does this meet the goal?
Correct Answer:A
- (Exam Topic 6)
You have an Azure subscription.
You enable multi-factor authentication for all users.
Some users report that the email applications on their mobile device cannot connect to their Microsoft
Exchange Online mailbox. The users can access Exchange Online by using a web browser and from Microsoft Outlook 2016 on their computer.
You need to ensure that the users can use the email applications on their mobile device. What should you instruct the users to do?
Correct Answer:A
If you're enabled for multi-factor authentication, make sure that you have set up app passwords.
Note: During your initial two-factor verification registration process, you're provided with a single app password. If you require more than one, you'll have to create them yourself.
Go to the Additional security verification page. References:
https://docs.microsoft.com/en-us/office365/troubleshoot/sign-in/sign-in-to-office-365-azure-intune https://docs.microsoft.com/sv-se/azure/active-directory/user-help/multi-factor-authentication-end-user-app-pass
- (Exam Topic 4)
You have a hybrid infrastructure that contains an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The tenant contains the users shown in the following table.
You plan to share a cloud resource to the All Users group.
You need to ensure that User1, User2, User3, and User4 can connect successfully to the cloud resource. What should you do first?
Correct Answer:C
Ensure that "Enable an 'All Users' group in the directory" policy is set to "Yes" in your Azure Active Directory (AD) settings in order to enable the "All Users" group for centralized access administration. This group represents the entire collection of the Active Directory users, including guests and external users, that you can use to make the access permissions easier to manage within your directory.