Modify The Address Space of Vnet1.: Correto

SIMULADO 1
Pergunta 1:Correto
You have a virtual network named VNet1 as shown in the exhibit.
No devices are connected to VNet1.

You plan to peer VNet1 to another virtual network named VNet2. VNet2 has an address space of
10.2.0.0/16. You need to create the peering.
What should you do first?
 Modify the address space of VNet1.
Pergunta 2:Correto
You have an Azure App Service app.
You need to implement tracing for the app. The tracing information must include the following:
Usage trends
AJAX call responses
Page load speed by browser Server and browser exceptions
What should you do?
 Enable the Azure Application Insights site extension.
Pergunta 3:Correto
You have an Azure subscription that contains the storage accounts shown in the following table.
You enable Storage Advanced Threat Protection (ATP) for all the storage accounts. You need to
identify which storage accounts will generate Storage ATP alerts.
Which two storage accounts should you identify? Each correct answer presents part of the
solution.
NOTE: Each correct selection is worth one point.
 storagecontoso1
 storagecontoso2
Pergunta 4:Correto
You have an Azure virtual machine named VM1 and an Azure Active Directory (Azure AD) tenant
named adatum.com.
VM1 has the following settings:
IP address: 10.10.0.10
System-assigned managed identity: On

You need to create a script that will run from within VM1 to retrieve the authentication token of
VM1. Which address should you use in the script?
 169.254.169.254
Pergunta 5:Correto
You are designing an Azure solution.
The solution must meet the following requirements:
Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules. Provide
SSL offloading capabilities.
You need to recommend a solution to distribute network traffic. Which technology should you
recommend?
 Azure Application Gateway

Pergunta 6:Correto
You are implementing authentication for applications in your company. You plan to implement self-
service password reset (SSPR) and multifactor authentication (MFA) in Azure Active Directory
(Azure AD). You need to select authentication mechanisms that can be used for both MFA and
SSPR.
Which two authentication methods should you use? Each correct answer presents a complete
solution.
 Authenticator app
 Short Message Service (SMS) messages
Pergunta 7:Correto
You have an Azure subscription that contains 100 virtual machines.
You have a set of Pester tests in PowerShell that validate the virtual machine environment.
You need to run the tests whenever there is an operating system update on the virtual machines.
The solution must minimize implementation time and recurring costs. Which three resources
should you use to implement the tests? Each correct answer presents part of the solution.
 Azure Automation runbook
 an alert rule
 an alert action group
Pergunta 8:Correto
You have an Azure subscription.
You have 100 Azure virtual machines.
You need to quickly identify underutilized virtual machines that can have their service tier changed
to a less expensive offering. Which blade should you use?
 Advisor
Pergunta 9:Correto
Your company has the groups shown in the following table.
The company has an Azure subscription that contains an Azure Active Directory (Azure AD) tenant
named contoso.com.
An administrator named Admin1 attempts to enable Enterprise State Roaming for all the users in
the Managers groups. Admin1 reports that the options for Enterprise State Roaming are
unavailable from Azure AD.
You verify that Admin1 is assigned the Global administrator role.
You need to ensure that Admin1 can enable Enterprise State Roaming. What should you do?
 Purchase an Azure AD Premium P1 license for each user in the Managers group.
Pergunta 10:Correto
You have an Azure subscription that contains an Azure Log Analytics workspace.
You have a resource group that contains 100 virtual machines. The virtual machines run Linux.
You need to collect events from the virtual machines to the Log Analytics workspace.
Which type of data source should you configure in the workspace?
 Syslog
(Correto)
Pergunta 11:Correto
You have an application named App1 that does not support Azure Active Directory (Azure AD)
authentication.
You need to ensure that App1 can send messages to an Azure Service Bus queue. The solution
must prevent App1 from listening to the queue. What should you do?
 Add a shared access policy to the queue.
Pergunta 12:Correto
You have 10 Azure virtual machines on a subnet named Subnet1. Subnet1 is on a virtual network
named VNet1.
You plan to deploy a public Azure Standard Load Balancer named LB1 to the same Azure region as
the 10 virtual machines.
You need to ensure that traffic from all the virtual machines to the internet flows through LB1. The
solution must prevent the virtual machines from being accessible on the internet. Which three
actions should you perform? Each correct answer presents part of the solution.
 Add health probes to LB1.
 Add the network interfaces of the virtual machines to the backend pool of LB1.
 Add an outbound rule to LB1.
Pergunta 13:Correto
You have SQL Server on an Azure virtual machine named SQL1.
You need to automate the backup of the databases on SQL1 by using Automated Backup v2 for the
virtual machines. The backups must meet the following requirements: Meet a recovery point
objective (RPO) of 15 minutes.
Retain the backups for 30 days. Encrypt the backups at rest.

What should you provision as part of the backup solution?
 an Azure Storage account
Pergunta 14:Correto
You have an Azure subscription that contains 10 virtual machines on a virtual network.
You need to create a graph visualization to display the traffic flow between the virtual machines.
What should you do from Azure Monitor?
 From Logs, create a new query.
(Correto)
Pergunta 15:Correto
You have an Azure subscription that contains an Azure key vault named KeyVault1 and the virtual
machines shown in the following table.
KeyVault1 has an access policy that provides several users with Create Key permissions. You
need to ensure that the users can only register secrets in KeyVault1 from VM1.
What should you do?
 Modify the access policy for KeyVault1.
Pergunta 16:Correto
You have resources in three Azure regions. Each region contains two virtual machines. Each
virtual machine has a public IP address assigned to its network interface and a locally installed
application named App1. You plan to implement Azure Front Door-based load balancing across all
the virtual machines.
You need to ensure that App1 on the virtual machines will only accept traffic routed from Azure
Front Door. What should you implement?
 network security groups (NSGs) with service tags
Pergunta 17:Correto
You have an Azure key vault named KV1.
You need to ensure that applications can use KV1 to provision certificates automatically from an
external certification authority (CA). Which two actions should you perform? Each correct answer
presents part of the solution.
 Obtain the root CA certificate.
 From KV1, create a certificate signing request (CSR).
Pergunta 18:Correto
You create the following Azure role definition.
You need to create Role1 by using the role definition.
Which two values should you modify before you create Role1? Each correct answer presents part
of the solution.
 AssignableScopes
 IsCustom
Pergunta 19:Correto
Your company has an Azure subscription.
You enable multi-factor authentication (MFA) for all users.
The company’s help desk reports an increase in calls from users who receive MFA requests while
they work from the company’s main office. You need to prevent the users from receiving MFA
requests when they sign in from the main office.
What should you do?

 From the MFA service settings, create a trusted IP range.
Pergunta 20:Correto
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You
are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container
image. Solution: You add the following line to the Dockerfile.
COPY File1.txt /Folder1/
You then build the container image. Does this meet the goal?
 Yes
Pergunta 21:Correto
An administrator plans to create a function app in Azure that will have the following settings:
Runtime stack: .NET Core Operating System: Linux Plan type: Consumption
Enable Application Insights: Yes

You need to ensure that you can back up the function app.
Which settings should you recommend changing before creating the function app?
 Plan type
Pergunta 22:Correto
XCOPY File1.txt C:\Folder1\
 No
Pergunta 23:Correto
ADD File1.txt C:/Folder1/
 No
Pergunta 24:Correto
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin
center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all
the other identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator
roles. You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You purchase an Azure Directory Premium P2 license for contoso.com. Does this meet
the goal?
 No
Pergunta 25:Correto
Solution: You assign the Global administrator role to Admin1. Does this meet the goal?
 No
Pergunta 26:Correto
Your network contains an on-premises Active Directory domain named contoso.com that contains
a member server named Server1. You have the accounts shown in the following table.
You are installing Azure AD Connect on Server1.
You need to specify the account for Azure AD Connect synchronization. The solution must use the
principle of least privilege. Which account should you specify?
 CONTOSO\User2
Pergunta 27:Correto
You have an Azure subscription that contains the web apps shown in the following table.
For which web app can you configure a WebJob?
 WebApp4
Pergunta 28:Correto
The developers at your company request that you create databases in Azure Cosmos DB as shown
in the following table.
You need to create the Azure Cosmos DB databases to meet the developer request. The solution
must minimize costs. What are two possible ways to achieve the goal? Each correct answer
presents a complete solution.
 Create two Azure Cosmos DB accounts, one for CosmosDB2 and CosmosDB4 and
one for CosmosDB1 and CosmosDB3.
 Create three Azure Cosmos DB accounts, one for the databases that use the
MongoDB API, one for CosmosDB1, and one for CosmosDB3.
Pergunta 29:Correto
You have three Azure SQL Database servers shown in the following table.
You plan to specify sqlserver1 as the primary server in a failover group. Which servers can be
used as a secondary server?
 sqlserver2 and sqlserver4 only
Pergunta 30:Correto
You have two Azure SQL Database managed instances in different Azure regions.
You plan to configure the managed instances in an instance failover group.
What should you configure before you can add the managed instances to the instance failover
group?
 a Site-to-Site VPN between the virtual networks that contain the instances
Pergunta 31:Correto
Solution: You create an access package. Does this meet the goal?
 No
Pergunta 32:Correto
Case study
Overview
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner
organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and
maintains.
Existing Environment
Currently, Contoso uses multiple types of severs for business operations, including the following:
File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client
computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS
only.
Requirements
Planned Changes
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.
Technical Requirements
Contoso must meet the following technical requirements:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Prevent user passwords or hashes of passwords from being stored in Azure.
Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile
phone to verify their identity.
Minimize administrative effort whenever possible.
User Requirements
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service admin for the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.
QUESTION 1
You need to recommend an identity solution that meets the technical requirements.
What should you recommend?
 Pass-thorough Authentication and single sign-on (SSO)
SIMULADO 2
Pergunta 1:Correto
You have two subscriptions named Subscription1 and Subscription2. Each subscription is
associated to a different Azure AD tenant.
Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine
named VM1 and has an IP address space of 10.0.0.0/16.
Subscription2 contains a virtual network named VNet2. Vnet2 contains an Azure virtual machine
named VM2 and has an IP address space of 10.10.0.0/24.
You need to connect VNet1 to VNet2.
 Provision virtual network gateways.
Pergunta 2:Correto
You have an Azure Active Directory (Azure AD) tenant.
You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use
of Azure AD-joined devices when members of the Global Administrators group authenticate to
Azure AD from untrusted locations.
You need to ensure that members of the Global Administrators group will also be forced to use
multi-factor authentication when authenticating from untrusted locations.
What should you do?
 From the Azure portal, modify grant control of Policy1.
(Correto)
Pergunta 3:Correto
You have an Azure subscription named Subscription1 that contains an Azure virtual machine
named VM1. VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the
identity of VM1.
 From the Azure portal, modify the value of the Managed Service Identity option for
VM1.
Pergunta 4:Correto
You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD
Seamless SSO) for an on-premises network.
Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple
times to sign in and are forced to use an account name that ends with onmicrosoft.com.
You discover that there is a UPN mismatch between Azure AD and the on-premises Active
Directory.
You need to ensure that the users can use single-sign on (SSO) to access Azure resources.
 From Azure AD, add and verify a custom domain name.
Pergunta 5:Correto
You have an Active Directory forest named contoso.com.
You install and configure Azure AD Connect to use password hash synchronization as the single
sign-on(SSO) method. Staging mode is enabled.
You review the synchronization results and discover that the Synchronization Service Manager
does not display any sync jobs.
You need to ensure that the synchronization completes successfully.
What should you do?
 Run Azure AD Connect and disable staging mode.
Pergunta 6:Correto
You regularly create and delete virtual machines.
You need to identify unattached disks that can be deleted.
What should you do?
 From Azure Cost Management, open the Optimizer tab and create a report.
Pergunta 7:Correto
You need to ensure that you receive an email message when any virtual machines are powered off,
restarted, or deallocated.
What is the minimum number of rules and action groups that you require?
 three rules and one action group
Pergunta 8:Correto
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server
2016 Datacenter image.
You need to ensure that when the scale set virtual machines are provisioned, they have web server
components installed.
Which two actions should you perform? Each correct answer presents part of the solution.
 Create a new virtual machine scale set in the Azure portal.
 Modify the extensionProfile section of the Azure Resource Manager template.
Pergunta 9:Correto
You have 100 Azure virtual machines.
You need to quickly identify underutilized virtual machines that can have their service tier changed
to a less expensive offering.
Which blade should you use?
 Advisor
Pergunta 10:Correto
An app uses a virtual network with two subnets. One subnet is used for the application server. The
other subnet is used for a database server. A network virtual appliance (NVA) is used as a firewall.
Traffic destined for one specific address prefix is routed to the NVA and then to an on-premises
database server that stores sensitive data. A Border Gateway Protocol (BGP) route is used for the
traffic to the on-premises database server.
You need to recommend a method for creating the user-defined route.
Which two options should you recommend? Each correct answer presents a complete solution.
 For the virtual network configuration, use a VPN.
 For the next hop type, use a virtual network gateway.
(Correto)
Pergunta 11:Correto
Note: This question is part of series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might
have more than one correct solution, while others might not have a correct solution.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group
named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the RG1 blade, you click Automation script.
Does this meet the goal?
 No
Pergunta 12:Correto
You manage a solution in Azure that consists of a single application which runs on a virtual
machine (VM). Traffic to the application has increased dramatically.
The application must not experience any downtime and scaling must be dynamically defined.
You need to define an auto-scale strategy to ensure that the VM can handle the workload.
Which three options should you recommend? Each correct answer presents a complete solution.
 Create a VM scale set.
 Deploy application automatic horizontal scaling.
 Deploy a custom auto-scale implementation.
Pergunta 13:Correto
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted
in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between
the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription.
 No
Pergunta 14:Correto
Solution: From the Subscription blade, you select the subscription, and then click Resource
providers.
 No
Pergunta 15:Correto
Solution: From the RG1 blade, you click Deployments.
 Yes
Pergunta 16:Correto
You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each correct
answer presents part of the solution.
 a dataset CSV file
 a driveset CSV file
Pergunta 17:Correto
You create an Azure Storage account named contosostorage.
You plan to create a file share named data.
Users need to map a drive to the data file share from home computers that run Windows 10.
Which outbound port should you open between the home computers and the data file share?
 445
Pergunta 18:Correto
You have an Azure tenant that contains two subscriptions named Subscription1 and
Subscription2.
In Subscription1, you deploy a virtual machine named Server1 that runs Windows Server 2016.
Server1 uses managed disks.
You need to move Server1 to Subscription2. The solution must minimize administration effort.
 From Azure PowerShell, run the Move-AzureRmResource cmdlet
.com/en-in/azure/azure-resource-manager/resource-group-move-resources#move-resources
Pergunta 19:Correto
You have an Azure subscription named Subscription1 that is used by several departments at your
company. Subscription1 contains the resources in the following table.
Imagem maior
Another administrator deploys a virtual machine named VM1 and an Azure Storage account named
Storage2 by using a single Azure Resource Manager template.
You need to view the template used for the deployment.
From the Azure Portal, for which blade can you view the template that was used for the
deployment?
 RG1
Pergunta 20:Correto
You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the
exhibit.
Imagem maior
You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual
machines.
What should you modify on VM1?
 the hard drive
Pergunta 21:Correto
You have an Azure policy as shown in the following exhibit.
What is the effect of the policy?
 You can create Azure SQL servers in ContosoRG1 only.
Pergunta 22:Correto
You have an Azure subscription that contains a resource group named RG1. RG1 contains 100
virtual machines.
Your company has three cost centers named Manufacturing, Sales, and Finance.
You need to associate each virtual machine to a specific cost center.
What should you do?
 Assign tags to the virtual machines

Pergunta 23:Correto
You have an Azure subscription that contains two storage accounts named storagecontoso1 and
storagecontoso2. Each storage account contains a queue service, a table service, and a blob
service.
You develop two apps named App1 and App2. You need to configure the apps to store different
types of data to all the storage services on both the storage accounts.
How many endpoints should you configure for each app?
 2
Pergunta 24:Correto
You have an Azure subscription that contains three virtual networks named VNet1, VNet2, and
VNet3. VNet2 contains a virtual appliance named VM2 that operates as a router.
You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub
network.
You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3.
You need to provide connectivity between VNet1 and VNet3 through VNet2.
Which two configurations should you perform? Each correct answer presents part of the solution.
 On the peering connections, allow gateway transit
 On the peering connections, use remote gateways
Pergunta 25:Correto
You are planning to create a virtual network that has a scale set that contains six virtual machines
(VMs).
A monitoring solution on a different network will need access to the VMs inside the scale set.
You need to define public access to the VMs.
Solution: Deploy a standalone VM that has a public IP address to the virtual network.
Does the solution meet the goal?
 Yes
Pergunta 26:Correto
(VMs).
Solution: Implement an Azure Load Balancer.
 No
Pergunta 27:Correto
(VMs).
Solution: Design a scale set to automatically assign public IP addresses to all VMs.
 No
Pergunta 28:Correto
You have an Azure Kubernetes Service (AKS) cluster named Clus1 in a resource group named
RG1.
An administrator plans to manage Clus1 from an Azure AD-joined device.
You need to ensure that the administrator can deploy the YAML application manifest file for a
container application.
You install the Azure CLI on the device.
Which command should you run next?
 kubectl apply –f appl.yaml
Pergunta 29:Correto
(VMs).
Solution: Use Remote Desktop Protocol (RDP) to connect to the VM in the scale set.
 Yes
Pergunta 30:Correto
You have an Azure subscription that contains the virtual networks shown in the following table.
You need to recommend a connectivity solution that will enable the virtual machines on VNET1
and VNET2 to communicate through the Microsoft backbone infrastructure.
What should you include in the recommendation?
 peering
Pergunta 31:Correto
You create an Azure virtual machine named VM1 in a resource group named RG1.
You discover that VM1 performs slower than expected.
You need to capture a network trace on VM1.

What should you do?
 From the VM1 blade, install performance diagnostics and run advanced performance
analysis
Pergunta 32:Correto
A company plans to use third-party application software to perform complex data analysis
processes. The software will use up to 500 identical virtual machines (VMs) based on an Azure
Marketplace VM image.
You need to design the infrastructure for the third-party application server. The solution must meet
the following requirements:
The number of VMs that are running at any given point in time must change when the user
workload changes.
When a new version of the application is available in Azure Marketplace it must be deployed
without causing application downtime.
Use VM scale sets.
Minimize the need for ongoing maintenance.
Which two technologies should you recommend? Each correct answer presents part of the
solution.
autoscale
managed disks
Pergunta 33:Correto
You have an Azure subscription that contains the storage accounts shown in the following table.
Imagem maior
All storage accounts contain blobs only.
You need to implement several lifecycle management rules for all storage accounts.
 Upgrade contosostorage1 and contosostorage2 to General Purpose V2 accounts.
Pergunta 34:Correto
center and discovers that the Access reviews settings are
unavailable. Admin1 discovers that all the other Identity Governance settings are available.
roles.
You need to ensure that the Admin1 can create access reviews in contoso.com.
Solution: You consent to Azure AD Privileged Identity Management (PIM).
 Yes
Pergunta 35:Correto
You have a resource group named RG1 that contains the following:
A virtual network that contains two subnets named Subnet1 and Subnet2
An Azure Storage account named contososa1
An Azure firewall deployed to Subnet2
You need to ensure that contososa1 is accessible from Subnet1 over the Azure backbone network.
What should you do?
 Implement a virtual network service endpoint.
Pergunta 36:Correto
Your company has an office in Seattle.
You have an Azure subscription that contains a virtual network named VNET1.
You create a site-to-site VPN between the Seattle office and VNET1.
VNET1 contains the subnets shown in the following table.
You need to redirect all Internet-bound traffic from Subnet1 to the Seattle office.
What should you create?
 a route for Subnet1 that uses the virtual network gateway as the next hop
Pergunta 37:Correto
center and discovers that the Access reviews settings are
unavailable. Admin1 discovers that all the other Identity Governance settings are available.
roles.
You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You assign the Service administrator role to Admin1.
 No
Pergunta 38:Correto
You have an Azure subscription named Subscription1 that contains an Azure virtual network
named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution
must minimize cost.
Which three actions should you perform? Each correct answer presents part of the solution.
 Create a connection.
 Create a local site VPN gateway.
 Create a gateway subnet.
Pergunta 39:Correto
You have an Azure web app named App1 that is configured to run between two and five instances.
There are currently three instances of App1 running.
App1 has the following autoscale rules:
Increase the instance count by one when the CPU percentage is greater or equal to 80.
Decrease the instance count by one when the CPU percentage is less than or equal to 60.
You are evaluating the following CPU percentage of utilization for App1:
60%
55%
50%
45%
You need to identify which utilizations will cause App1 to scale in.
 45%, 50%, and 55% only
Pergunta 40:Correto
You monitor Azure virtual machines by using Azure Monitor.
You plan to restart the virtual machines when CPU usage exceeds 95 percent for more than 30
minutes.
You need to create an alert in Azure Monitor to restart the virtual machines. The solution must
minimize administrative effort.
Which type of action should you use in the alert?
 Automation Runbook
SIMULADO 3
Pergunta 1:Correto
You have an Azure subscription that contains a resource group named RG1. RG1 contains multiple
resources.
You need to trigger an alert when the resources in RG1 consume $1,000 USD.
What should you do?
 From Cost Management + Billing create a budget.
Pergunta 2:Correto
You develop an entertainment application where users can buy and trade virtual real estate. The
application must scale to support thousands of users.
The current architecture includes five Azure virtual machines (VM) that connect to an Azure SQL
Database for account information and Azure Table Storage for backend services. A user interacts
with these components in the cloud at any given time.
Routing Service – Routes a request to the appropriate service and must not persist data across
sessions.
Account Service – Stores and manages all account information and authentication and requires
data to persist across sessions
User Service – Stores and manages all user information and requires data to persist across
sessions.
Housing Network Service – Stores and manages the current real-estate economy and requires data
to persist across sessions.
Trade Service – Stores and manages virtual trade between accounts and requires data to persist
across sessions.
Due to volatile user traffic, a microservices solution is selected for scale agility.
You need to migrate to a distributed microservices solution on Azure Service Fabric.
Solution: Deploy a Windows container to Azure Service Fabric for each component.
 No
Pergunta 3:Correto
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription
named Subscription1. Adatum contains a group named Developers. Subscription1 contains a
resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev
resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.
 No
Pergunta 4:Correto
resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
 No
Pergunta 5:Correto
resource group.
Solution: On Dev, you assign the Contributor role to the Developers group.
 Yes
Pergunta 6:Correto
A company backs up data to on-premises servers at their main facility. The company currently has
30 TB of archived data that infrequently used. The facility has download speeds of 100 Mbps and
upload speeds of 20 Mbps.
You need to securely transfer all backups to Azure Blob Storage for long-term archival. All backup
data must be sent within seven days.
Solution: Create a file share in Azure Files. Mount the file share to the server and upload the files to
the file share. Transfer the files to Azure Blob Storage.
 No
Pergunta 7:Correto
Solution: Use the Set-AzureStorageBlobContent Azure PowerShell command to copy all backups
asynchronously to Azure Blob Storage.
 No
Pergunta 8:Correto
You have an on-premises network that contains a Hyper-V host named Host1. Host1 runs Windows
Server 2016 and hosts 10 virtual machines that run Windows Server 2016.
You plan to replicate the virtual machines to Azure by using Azure Site Recovery.
You create a Recovery Services vault named ASR1 and a Hyper-V site named Site1.
You need to add Host1 to ASR1.
What should you do?
 Download the installation file for the Azure Site Recovery Provider.
Download the vault registration key.

Install the Azure Site Recovery Provider on Host1 and register the server.
Pergunta 9:Correto
You plan to migrate an on-premises Hyper-V environment to Azure by using Azure Site Recovery.
The Hyper-V environment is managed by using Microsoft System Center Virtual Machine Manager
(VMM).
The Hyper-V environment contains the virtual machines in the following table:
Which virtual machine can be migrated by using Azure Site Recovery?
 SQL1
Pergunta 10:Correto
You have an Azure subscription named Subscription1 that contains two Azure networks named
VNet1 and VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is
a site-to-site VPN connection between your on-premises network and VNet1.
On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection
to VNet1.
You configure virtual network peering between VNet1 and VNet2. You verify that you can connect
to VNet2 from the on-premises network. Client1 is unable to connect to VNet2.
You need to ensure that you can connect Client1 to VNet2.
What should you do?
Download and re-install the VPN client configuration package on Client1.
Pergunta 11:Correto
You have a Microsoft SQL Server Always On availability group on Azure virtual machines.
You need to configure an Azure internal load balancer as a listener for the availability group.
What should you do?
 Enable Floating IP.
Pergunta 12:Correto
You set the multi-factor authentication status for a user named [email protected] to Enabled.
Admin1 accesses the Azure portal by using a web browser.
Which additional security verifications can Admin1 use when accessing the Azure portal?
 a phone call, a text message that contains a verification code, and a notification or a
verification code sent from the Microsoft Authenticator app
Pergunta 13:Correto
You have an Azure Active Directory (Azure AD) tenant.
All administrators must enter a verification code to access the Azure portal.
You need to ensure that the administrators can access the Azure portal only from your on-
premises network.
What should you configure?
 the multi-factor authentication service settings
Pergunta 14:Correto
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host.
You plan to create a container image.

You create the following instructions in a text editor.
FROM mcr.microsoft.com/windows/servercore:lts2019
LABEL maintainer="[email protected]"
RUN dism.exe /online /enable-feature /all /featurename:iis-webserver /NoRestart
RUN echo "Hello World!" > c:\inetpub\wwwroot\index.html
You need to be able to automate the container image creation by using the instructions.
To which file should you save the instructions?
 Dockerfile
Pergunta 15:Correto
You have an Azure subscription named Subscription1 that contains a virtual network named
VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
Reader
Security Admin
Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do?
 Assign User1 the Owner role for VNet1.
Pergunta 16: Correto

Solution: Backup data to local disks and use the Azure Import/Export service to send backups to
Azure Blob Storage.
 Yes
Pergunta 17:Correto
A company hosts virtual machines (VMs) in an on-premises datacenter and in Azure. The on-
premises and Azure-based VMs communicate using ExpressRoute. The company wants to be able
to continue regular operations if the ExpressRoute connection fails.
Failover connections must use the Internet and must not require Multiprotocol Label Switching
(MPLS) support.
You need to recommend a solution that provides continued operations.
 Set up a VPN connection.
Pergunta 18:Correto
You are building a custom Azure function app to connect to Azure Event Grid.
You need to ensure that resources are allocated dynamically to the function app. Billing must be
based on the executions of the app.
What should you configure when you create the function app?
 the Windows operating system and the Consumption plan hosting plan
Pergunta 19:Correto
You have an Azure Service Bus.
You need to implement a Service Bus queue that guarantees first-in-first-out (FIFO) delivery of
messages.
What should you do?
 Enable sessions

You have an Azure subscription that contains a policy-based virtual network gateway named GW1
and a virtual network named VNet1.
You need to ensure that you can configure a point-to-site connection from an on-premises
computer to VNet1.
Which two actions should you perform? Each correct answer presents part of the solution.
 Create a route-based virtual network gateway.
 Add a connection to GW1.
Pergunta 21:Correto
You create a new Azure subscription. You create a resource group named RG1. In RG1, you create
the resources shown in the following table.
Imagem maior
You need to configure an encrypted tunnel between your on-premises network and VNET1.
Which two additional resources should you create in Azure? Each correct answer presents part of
the solution.
 a VPN gateway
 a local network gateway
Pergunta 22:Correto
You have an on-premises file server named Server1 that runs Windows Server 2019.
You manage Server1 by using Windows Admin Center.
You need to ensure that if Server1 fails, you can recover the data from Azure.
Solution: From the Azure portal, you create a Recovery Services vault. On VM1, you install the
Azure Backup agent and you schedule a backup.

 No
Pergunta 23:Correto
You need to ensure that if Server1 fails, you can recover Server1 files from Azure.
Solution: You create a Recovery Services vault and configure a backup by using Windows Server
Backup.
 No

Solution: You create an Azure Storage account and an Azure Storage Sync service. You configure
Azure File Sync for Server1.
 Yes
Pergunta 25:Correto
Solution: You register Windows Admin Center in Azure and configure Azure Backup.
 No

You have a web app named WebApp1 that uses an Azure App Service plan named Plan1. Plan1
uses the D1 pricing tier and has an instance count of 1.
You need to ensure that all connections to WebApp1 use HTTPS.
 Scale up Plan1.
Pergunta 27:Correto
You have an Azure subscription that contains an Azure Service Fabric cluster and a Service Fabric
application named FabricApp.
You develop and package a Service Fabric application named AppPackage. AppPackage is saved
in a compressed folder named AppPackage.zip.
You upload AppPackage.zip to an external store.
You need to register AppPackage in the Azure subscription.
 Repackage the application in a file named App.sfpkg.
Pergunta 28:Correto
sessions.
sessions.
across sessions.
Solution: Create a Service Fabric Cluster with a stateful Reliable Service for each component.
 No
Pergunta 29:Correto
sessions.
sessions.
across sessions.
Solution: Create a Service Fabric Cluster with a stateless Reliable Service for Routing Service.
Create stateful Reliable Services for all other components.
 Yes
Pergunta 30:Correto
Database for account information and Azure Table Storage for
backend services. A user interacts with these components in the cloud at any given time.
sessions.
sessions.
across sessions.
Solution: Create a Service Fabric Cluster with a stateful Reliable Service for Routing Service.
Deploy a Guest Executable to Service Fabric for each component.
 No
Pergunta 31:Correto
You create an Azure Time Series Insights event handler. You need to send data over the network
as efficiently as possible and optimize query performance.
What should you do?
 Use reference data

You are creating an IoT solution using Azure Time Series Insights.
You configure the environment to ensure that all data for the current year is available.
What should you do?
 Create a reference data set.
Pergunta 33:Correto
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?

 Azure File Storage
Pergunta 34:Correto
You plan to back up an Azure virtual machine named VM1.
You discover that the Backup Pre-Check status displays a status of Warning.
What is a possible cause of the Warning status?
 VM1 does not have the latest version of WaAppAgent.exe installed
Pergunta 35:Correto
You need to ensure that if Server1 fails, you can recover the data from Azure.
Solution: From the Azure portal, you create a Recovery Services vault. On Server1, you install the
Azure Backup agent and you schedule a backup.
 No
Pergunta 36:Correto
You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1.
You need to enable multi-factor authentication (MFA) for the users in Group1 only.
Solution: From the Azure portal, you configure an authentication method policy.
 No
Pergunta 37:Correto
You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1.
You need to enable multi-factor authentication (MFA) for the users in Group1 only.
Solution: From Multi-Factor Authentication, you select Bulk update, and you provide a CSV file that
contains the members of Group1.
 No
Pergunta 38:Correto
You create a container image named Image1 on a developer workstation.
You plan to create an Azure Web App for Containers named WebAppContainer that will use
Image1.
You need to upload Image1 to Azure. The solution must ensure that WebAppContainer can use
Image1.
To which storage type should you upload Image1?
 Azure Container Registry
Pergunta 39:Correto
You have an Azure App Service named WebApp1.
You plan to add a WebJob named WebJob1 to WebApp1.
You need to ensure that WebJob1 is triggered every 15 minutes.
What should you do?
 From the properties of WebJob1, change the CRON expression to 0*/15****.
Pergunta 40:Correto
You have an Azure App Service API that allows users to upload documents to the cloud with a
mobile device. A mobile app connects to the service by using REST API calls.
When a new document is uploaded to the service, the service extracts the document metadata.
Usage statistics for the app show significant increases in app usage.
The extraction process is CPU-intensive. You plan to modify the API to use a queue.
You need to ensure that the solution scales, handles request spikes, and reduces costs between
request spikes.
What should you do?
 Move the extraction logic into an Azure Function. Create a queue triggered function to
process the queue
SIMULADO 4
Pergunta 1:Correto
You create a social media application that users can use to upload images and other content.
Users report that adult content is being posted in an area of the site that is accessible to and
intended for young children.
You need to automatically detect and flag potentially offensive content. The solution must not
require any custom coding other than code to scan and evaluate
images.
What should you implement?
 Computer Vision API
Pergunta 2: Correto
You have an Azure subscription named Subscription1. Subscription1 contains the resource
groups in the following table.
RG1 has a web app named WebApp1. WebApp1 is located in West Europe.
You move WebApp1 to RG2.
What is the effect of the move?
 The App Service plan for WebApp1 remains in West Europe. Policy2 applies to
WebApp1.
Pergunta 3: Correto
You have an Azure virtual machine named VM1 that you use for testing. VM1 is protected by Azure
Backup.
You delete VM1.

You need to remove the backup data stored for VM1.
 Modify the backup policy
Pergunta 4:Correto
Your network contains an Active Directory forest named fabrikam.com. The forest contains two
child domains named corp.fabrikam.com and
research.fabrikam.com.
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named
contoso.com.
You install Azure AD Connect and sync all the on-premises user accounts to the Azure AD tenant.
You implement seamless single sign-on (SSO).
You plan to change the source of authority for all the user accounts in research.fabrikam.com to
Azure AD.
You need to prevent research.fabrikam.com from resyncing to Azure AD.
Solution: You use Active Directory Domains and Trusts from a computer joined to fabrikam.com.
 No
Pergunta 5:Correto
Your network contains an on-premises Active Directory and an Azure Active Directory (Azure AD)
tenant.
You deploy Azure AD Connect and configure pass-through authentication?
Your Azure subscription contains several web apps that are accessed from the Internet.
You plan to use Azure Multi-Factor Authentication (MFA) with the Azure Active Directory tenant.
You need to recommend a solution to prevent users from being prompted for Azure MFA when
they access the web apps from the on-premises network.
 trusted IPs
Pergunta 6: Correto
You have two Azure virtual machines named VM1 and VM2.
You have two Recovery Services vaults named RSV1 and RSV2. VM2 is protected by RSV1.
You need to use RSV2 to protect VM2.
 From the VM2 blade, click Disaster recovery, click Replication settings, and then
select RSV2 as the Recovery Services vault
Pergunta 7:Correto
You have a resource group named RG1. RG1 contains an Azure Storage account named
storageaccount1 and a virtual machine named VM1 that runs Windows Server 2016.
Storageaccount1 contains the disk files for VM1.
You apply a ReadOnly lock to RG1.
What can you do from the Azure portal?

 View the keys of storageaccount1
Pergunta 8:Correto
child domains named corp.fabrikam.com and research.fabrikam.com.
contoso.com.
Azure AD.
Solution: You use the Synchronization Service Manager.
 No
Pergunta 9:Incorreto
You have an Azure SQL database named Db1 that runs on an Azure SQL server named
SQLserver1.
You need to ensure that you can use the query editor on the Azure portal to query Db1.
What should you do?
 Configure the Firewalls and virtual networks settings for SQLserver1
Pergunta 10:Correto
You are the global administrator for an Azure Active Directory (Azure AD) tenant named
adatum.com.
You need to enable two-step verification for Azure users.
What should you do?
 Create an Azure AD conditional access policy.
Pergunta 11:Correto
contoso.com.
Azure AD.
Solution: You use the Azure AD Connect wizard.
 No
Pergunta 12:Correto
You have a Recovery Service vault that you use to test backups. The test backups contain two
protected virtual machines.
You need to delete the Recovery Services vault.
 From the Recovery Service vault, stop the backup of each backup item
Pergunta 13:Correto
You have an Azure Active Directory (Azure AD) domain that contains 5,000 user accounts. You
create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?
 From the Directory role blade, modify the directory role

You have an Azure subscription that contains the Azure virtual machines shown in the following
table.
You create an Azure key vault named Vault1 in the East US location.
You need to identify which virtual machines can enable Azure Disk Encryption by using Vault1.
Which virtual machines should you identify?
 VM1, VM2, and VM4 only
Pergunta 15:Correto
You have two Azure Active Directory (Azure AD) tenants named contoso.com and fabrikam.com.
You have a Microsoft account that you use to sign in to both tenants.
You need to configure the default sign-in tenant for the Azure portal.
What should you do?
 From the Azure portal, change the directory
Pergunta 16:Correto
You have an Azure subscription that contains the resource groups shown in the following table.
You have the Azure SQL servers shown in the following table.
You create an Azure SQL database named DB1 on Sql1 in an elastic pool named Poo11.
You need to create an Azure SQL database named DB2 in Poo11.
Where should you deploy DB2?
 Sql1
Pergunta 17:Correto
You are developing an app that references data which is sharded across multiple Azure SQL
databases.
The app must guarantee transactional consistency for changes across several different sharding
key values.
You need to manage the transactions.
 Elastic database transactions with horizontal partitioning.
Pergunta 18:Correto
You are developing a speech-enabled home automation control bot.
The bot interprets some spoken words incorrectly.
You need to improve the spoken word recognition for the bot.
 The Web Chat Channel and Speech priming using a Bing Speech Service and LUIS
app.
Pergunta 19:Correto
You have an Azure subscription named Subscription1. You deploy a Linux virtual machine named
VM1 to Subscription1.
You need to monitor the metrics and the logs of VM1.
What should you use?
 the AzurePerformanceDiagnostics extension
Pergunta 20:Correto
A company is migrating an existing on-premises third-party website to Azure. The website is
stateless.
The company does not have access to the source code for the website. They do not have the
original installer.
The number of visitors at the website varies throughout the year. The on-premises infrastructure
was resized to accommodate peaks but the extra capacity was not used.
You need to implement a virtual machine scale set instance.
What should you do?
 Use Azure Monitor to create autoscale settings using custom metrics
Pergunta 21:Correto
You have an Azure Cosmos DB database that contains a container named Container1. The
partition key for Container1 is set to /day. Container1 contains the items shown in the following
table.
You need to programmatically query Azure Cosmos DB and retrieve Item1 and Item2 only.
Solution: You run the following query.
You set the EnableCrossPartitionQuery property to False.
 No

You download an Azure Resource Manager template based on an existing virtual machine. The
template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the
password from being stored in plain text.
What should you create to store the password?
 an Azure Key Vault and an access policy.
Pergunta 23:Correto
You are responsible for mobile app development for a company. The company develops apps on
IOS, and Android.
You plan to integrate push notifications into every app.
You need to be able to send users alerts from a backend server.
Which two options can you use to achieve this goal? Each correct answer presents a complete
solution.
 Azure Mobile App Service
 Azure Notification Hubs
Pergunta 24:Correto
contoso.com.
Azure AD.
Solution: From the Azure Active Directory admin center, you delete a custom domain.
 No
Pergunta 25:Correto
table.
You set the EnableCrossPartitionQuery property to True.
 No

You have an Azure solution that uses Multi-Factor Authentication for added security when users
are outside of the office. The usage model has been set to Per Authentication.
Your company acquires another company and adds the new staff to Azure Active Directory (Azure
AD). New staff members must use Multi-Factor Authentication.
You need to change the usage model to Per Enabled User.
 Create a new Multi-Factor Authentication provider with a backup from the current
Multi-Factor Authentication provider data.
(Correto)

You have an Azure subscription named Subscription1.
You create several Azure virtual machines in Subscription1. All of the virtual machines belong to
the same virtual network.
You have an on-premises Hyper-V server named Server1. Server1 hosts a virtual machine named
VM1.
You plan to replicate VM1 to Azure.
You need to create additional objects in Subscription1 to support the planned deployment.
Which three objects should you create? Each correct answer presents part of the solution.
 Hyper-V site
 Azure Recovery Services Vault
 replication policy

table.
You set the EnableCrossPartitionQuery property to True.
 Yes
Pergunta 29:Correto
Your company is developing an e-commerce Azure App Service Web App to support hundreds of
restaurant locations around the world.
You are designing the messaging solution architecture to support the e-commerce transactions
and messages. The e-commerce application has the following features and requirements:
Imagem maior
You need to choose the Azure messaging solution to support the Restaurant Telemetry feature.
Which Azure service should you use?
 Azure Event Hub
Pergunta 30:Correto
You sign up for Azure Active Directory (Azure AD) Premium.
You need to add a user named [email protected] ad an administrator on all the computers that
will be joined to the Azure AD domain.
What should you configure in Azure AD?
 User settings from the Users blade

You have an Azure subscription that contains the resources shown in the following table.
You plan to create an Azure event hub.
You need to retain the messages sent to the event hub for 30 days.
Which location should you use for storage?
 Datalake1

You have an Azure Cosmos DB account named Account1.
Account1 includes a database named DB1 that contains a container named Container1.
The partition key for Container1 is set to /city.
You plan to change the partition key for Container1.
 Create a new container in DB1.

Your company is developing an e-commerce Azure App Service Web App to support hundreds of
restaurant locations around the world.
You are designing the messaging solution architecture to support the e-commerce transactions
and messages. The solution will include the following features:
Imagem maior
You need to design a solution for the Inventory Distribution feature.
Which Azure service should you use?
 Azure Service Bus
SIMULADO 5
Pergunta 1:Correto
Case Study
Overview
Humongous Insurance is an insurance company that has three offices in Miami, Tokyo and
Bangkok. Each office has 5.000 users.
Active Directory Environment
Humongous Insurance has a single-domain Active Directory forest named

humongousinsurance.com. The functional level of the forest is Windows Server 2012.
You recently provisioned an Azure Active Directory (Azure AD) tenant.
Network Infrastructure
Each office has a local data center that contains all the servers for that office. Each office has a
dedicated connection to the Internet.
Each office has several link load balancers that provide access to the servers.
Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.
Licensing Issue
You attempt to assign a license in Azure to several users and receive the following error message:
"Licenses not assigned. License agreement failed for one user."
You verify that the Azure subscription has the available licenses.
Requirements
Planned Changes
Humongous Insurance plans to open a new office in Paris. The Paris office will contain 1,000 users
who will be hired during the next 12 months. All the resources
used by the Paris office users will be hosted in Azure.
Planned Azure AD Infrastructure
The on-premises Active Directory domain will be synchronized to Azure AD.
All client computers in the Paris office will be joined to an Azure AD domain.
Planned Azure Networking Infrastructure
You plan to create the following networking resources in a resource group named All_Resources:
- Default Azure system routes that will be the only routes used to route traffic
- A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2
- A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet
- A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and
Subnet4
You plan to enable peering between Paris-VNet and AllOffices-VNet. You will enable the Use
remote gateways setting for the Paris-VNet peerings.
You plan to create a private DNS zone named humongousinsurance.local and set the registration
network to the ClientResources-VNet virtual network.
Planned Azure Computer Infrastructure
Each subnet will contain several virtual machines that will run either Windows Server 2012 R2,
Windows Server 2016, or Red Hat Linux.
Department Requirements
Humongous Insurance identifies the following requirements for the company's departments:
- Web administrators will deploy Azure web apps for the marketing department. Each web app will
be added to a separate resource group. The initial configuration
of the web apps will be identical. The web administrators have permission to deploy web apps to
resource groups.
- During the testing phase, auditors in the finance department must be able to review all Azure
costs from the past week.
Authentication Requirements
Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD
Seamless SSO) when accessing resources in Azure.
QUESTION 1
You need to resolve the licensing issue before you attempt to assign the license again.
What should you do?
 From the Profile blade, modify the usage location
Pergunta 2:Correto
Case Study
Overview

Licensing Issue
Requirements
Planned Changes
who will be hired during the next 12 months. All the resources
used by the Paris office users will be hosted in Azure.
- Default Azure system routes that will be the only routes used to route traffic
- A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2
- A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet
- A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and
Subnet4

- Web administrators will deploy Azure web apps for the marketing department. Each web app will
be added to a separate resource group. The initial configuration
of the web apps will be identical. The web administrators have permission to deploy web apps to
resource groups.
- During the testing phase, auditors in the finance department must be able to review all Azure
costs from the past week.
QUESTION 2
You need to define a custom domain name for Azure AD to support the planned infrastructure.
Which domain name should you use?
 humongousinsurance.com
Pergunta 3:Correto
Case Study
Overview
ADatum Corporation is a financial company that has two main offices in New York and Los
Angeles. ADatum has a subsidiary named Fabrikam, Inc. that shares the Los Angeles office.
ADatum is conducting an initial deployment of Azure services to host new line-of-business

applications and is preparing to migrate its existing on-premises workloads to Azure.
ADatum uses Microsoft Exchange Online for email.
On-Premises Environment
The on-premises workloads run on virtual machines hosted in a VMware vSphere 6 infrastructure.
All the virtual machines are members of an Active Directory forest named adatum.com and run
Windows Server 2016.
The New York office uses an IP address space of 10.0.0.0/16. The Los Angeles office uses an IP
address space of 10.10.0.0/16.
The offices connect by using a VPN provided by an ISP. Each office has one Azure ExpressRoute
circuit that provides access to Azure services and Microsoft Online Services. Routing is
implemented by using Microsoft peering.
The New York office has a virtual machine named VM1 that has the vSphere console installed.
Azure Environment
You provision the Azure infrastructure by using the Azure portal. The infrastructure contains the
resources shown in the following table.
AG1 has two backend pools named Pool11 and Pool12. AG2 has two backend pools named Pool21
and Pool22.
Requirements
Planned Changes
ADatum plans to migrate the virtual machines from the New York office to the East US Azure
region by using Azure Site Recovery.
Infrastructure Requirements
ADatum identifies the following infrastructure requirements:
- A new web app named App1 that will access third-parties for credit card processing must be
deployed.
- A newly developed API must be implemented as an Azure function named App2. App2 will use a
blob storage trigger. App2 must process new blobs immediately.
- The Azure infrastructure and the on-premises infrastructure must be prepared for the migration of
the VMware virtual machines to Azure.
- The sizes of the Azure virtual machines that will be used to migrate the on-premises workloads
must be identified.
- All migrated and newly deployed Azure virtual machines must be joined to the adatum.com
domain.
- AG1 must load balance incoming traffic in the following manner:
- http://corporate.adatum.com/video/* will be load balanced across Pool11.
- http://corporate.adatum.com/images/* will be load balanced across Pool12.
- AG2 must load balance incoming traffic in the following manner:
- http://www.adatum.com will be load balanced across Pool21.
- http://fabrikam.com will be load balanced across Pool22.
- ER1 must route traffic between the New York office and platform as a service (PaaS) services in
the East US Azure region, as long as ER1 is available.
- ER2 must route traffic between the Los Angeles office and the PaaS services in the West US
region, as long as ER2 is available.
- ER1 and ER2 must be configured to fail over automatically.
Application Requirements
App2 must be available to connect directly to the private IP addresses of the Azure virtual
machines. App2 will be deployed directly to an Azure virtual network.
Inbound and outbound communications to App1 must be controlled by using NSGs.
Pricing Requirements
ADatum identifies the following pricing requirements:
- The cost of App1 and App2 must be minimized
- The transactional charges of Azure Storage accounts must be minimized
QUESTION 1
What should you create to configure AG2?
 multi-site listeners
Pergunta 4:Correto
Case study
Overview
maintains.
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
A SQL database
A web front end
only.
Requirements
Planned Changes
Ensure that partner access to the blueprint files is secured and temporary.
User Requirements
QUESTION 1
You need to implement a backup solution for App1 after the application is moved.
What should you create first?
 a Recovery Services vault
Pergunta 5:Correto
Case study
Overview
maintains.
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
A SQL database
A web front end
only.
Requirements
Planned Changes
Ensure that partner access to the blueprint files is secured and temporary.
User Requirements
QUESTION 2
You need to move the blueprint files to Azure.
What should you do?
 Generate an access key. Map a drive, and then copy the files by using File Explorer.
Pergunta 6:Correto
Case study
Overview
ADatum Corporation is a financial company that has two main offices in New York and Los
Angeles. ADatum has a subsidiary named Fabrikam, Inc. that shares the Los Angeles office.
ADatum is conducting an initial deployment of Azure services to host new line-of-business
applications and is preparing to migrate its existing on-premises
workloads to Azure.
ADatum uses Microsoft Exchange Online for email.
On-Premises Environment
The on-premises workloads run on virtual machines hosted in a VMware vSphere 6 infrastructure.
All the virtual machines are members of an Active Directory forest named adatum.com and run
Windows Server 2016.
The New York office uses an IP address space of 10.0.0.0/16. The Los Angeles office uses an IP
address space of 10.10.0.0/16.
The offices connect by using a VPN provided by an ISP. Each office has one Azure ExpressRoute
circuit that provides access to Azure services and Microsoft Online Services. Routing is
implemented by using Microsoft peering.
The New York office has a virtual machine named VM1 that has the vSphere console installed.
Azure Environment
You provision the Azure infrastructure by using the Azure portal. The infrastructure contains the
resources shown in the following table.
AG1 has two backend pools named Pool11 and Pool12. AG2 has two backend pools named Pool21
and Pool22.
Requirements
Planned Changes
ADatum plans to migrate the virtual machines from the New York office to the East US Azure
region by using Azure Site Recovery.
Infrastructure Requirements
ADatum identifies the following infrastructure requirements:
A new web app named App1 that will access third-parties for credit card processing must be
deployed
A newly developed API must be implemented as an Azure function named App2. App2 will use a
blob storage trigger. App2 must process new blobs immediately.
The Azure infrastructure and the on-premises infrastructure must be prepared for the migration of
the VMware virtual machines to Azure.
The sizes of the Azure virtual machines that will be used to migrate the on-premises workloads
must be identified.
All migrated and newly deployed Azure virtual machines must be joined to the adatum.com
domain.
AG1 must load balance incoming traffic in the following manner:
1. http://corporate.adatum.com/video/* will be load balanced across Pool11
2. http://corporate.adatum.com/images/* will be load balanced across Pool12
AG2 must load balance incoming traffic in the following manner:
1. http://www.adatum.com will be load balanced across Pool21
2. http://www.fabrikam.com will be load balanced across Pool22
ER1 must route traffic between the New York office and the platform as a service (PaaS) services in
the East US Azure region, as long as ER1 is available.
ER2 must route traffic between the Los Angeles office and the PaaS services in the West US
region, as long as ER2 is available.
ER1 and ER2 must be configured to fail over automatically.
Application Requirements
App2 must be able to connect directly to the private IP addresses of the Azure virtual machines.
App2 will be deployed directly to an Azure virtual network.
Inbound and outbound communications to App1 must be controlled by using NSGs.

Pricing Requirements
ADatum identifies the following pricing requirements:
The cost of App1 and App2 must be minimized.
The transactional charges of Azure Storage accounts must be minimized.
QUESTION 1
You need to configure AG1.
What should you create?
 a URL path-based routing rule
Pergunta 7:Correto
Case study
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in
Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York
office has 200 employees.
All the resources used by Contoso are hosted on-premises.
Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a
domain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.
The network contains an Active Directory forest named contoso.com. All domain controllers are
configured as DNS servers and host the contoso.com DNS zone.
Contoso has finance, human resources, sales, research, and information technology departments.
Each department has an organizational unit (OU) that contains all the accounts of that respective
department. All the user accounts have the department attribute set to their respective department.
New users are added frequently.
Contoso.com contains a user named User1.
All the offices connect by using private links.
Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that
can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the
following table.
Contoso uses two web applications named App1 and App2. Each instance on each web application
requires 1GB of memory.
The Azure subscription contains the resources in the following table.
The network security team implements several network security groups (NSGs).
Planned Changes
Contoso plans to implement the following changes:
Deploy Azure ExpressRoute to the Montreal office.
Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.
Ensure that WebApp1 can adjust the number of instances automatically based on the load and can
scale up to five instances.
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications
servers in the Montreal office.
Ensure that routing information is exchanged automatically between Azure and the routers in the
Montreal office.
Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com
Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Create a workflow to send an email message when the settings of VM4 are modified.
Create a custom Azure role named Role1 that is based on the Reader role.
Minimize costs whenever possible.
QUESTION 1
You need to meet the technical requirement for VM4.
What should you create and configure?
 an Azure Event Hub
Pergunta 8:Correto
Case Study
Overview
Contoso created a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a
following table.
requires 1 GB of memory.
Requirements
Planned Changes
Deploy Azure ExpressRoute to the Montreal office
Migrate the virtual machine hosted on Server1 and Server2 to Azure
Synchronize on-premises Active Directory to Azure Active Directory (Azure AD)
scale up to five instances
servers in the Montreal office
Montreal office
Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only
Connect the New York office to VNet1 over the Internet by using an encrypted connection
Create a workflow to send an email message when the settings of VM4 are modified
Create a custom Azure role named Role1 that is based on the Reader role
Minimize costs whenever possible
QUESTION 1
You need to configure a host name for WebApp2.
 In Azure AD, add webapp2.azurewebsites.net as a custom domain name
Pergunta 9:Correto
Case Study
Overview
Contoso created a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a
following table.
requires 1 GB of memory.
Requirements
Planned Changes
Deploy Azure ExpressRoute to the Montreal office

Migrate the virtual machine hosted on Server1 and Server2 to Azure
Synchronize on-premises Active Directory to Azure Active Directory (Azure AD)
scale up to five instances
servers in the Montreal office
Montreal office
Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only
Connect the New York office to VNet1 over the Internet by using an encrypted connection
Create a workflow to send an email message when the settings of VM4 are modified
Create a custom Azure role named Role1 that is based on the Reader role
Minimize costs whenever possible
QUESTION 2
Which pricing tier should you recommend for WebApp1?
 S1
Pergunta 10:Correto
Case Study
Overview

Licensing Issue
Requirements
Planned Changes
who will be hired during the next 12 months. All the resources used by the Paris office users will
be hosted in Azure.
Default Azure system routes that will be the only routes used to route traffic
A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2
A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet
A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and Subnet4
Web administrators will deploy Azure web apps for the marketing department. Each web app will
be added to a separate resource group. The initial configuration of the web apps will be identical.
The web administrators have permission to deploy web apps to resource groups.
During the testing phase, auditors in the finance department must be able to review all Azure costs
from the past week.
QUESTION 1
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution
 Install Azure AD Connect on a server in the Miami office and enable Pass-through
Authentication
 Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client

computer in the Miami office.
Pergunta 11:Correto
Case Study
Overview

Licensing Issue
Requirements
Planned Changes
who will be hired during the next 12 months. All the resources used by the Paris office users will
be hosted in Azure.
Default Azure system routes that will be the only routes used to route traffic
A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2
A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet
A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and Subnet4
Web administrators will deploy Azure web apps for the marketing department. Each web app will
be added to a separate resource group. The initial configuration of the web apps will be identical.
The web administrators have permission to deploy web apps to resource groups.
During the testing phase, auditors in the finance department must be able to review all Azure costs
from the past week.
QUESTION 2
Which blade should you instruct the finance department auditors to use?
 Invoices
Pergunta 12:Correto
Case study
Overview
following table.
Planned Changes
Montreal office.
QUESTION 1
You need to recommend a solution to automate the configuration for the finance department users.
The solution must meet the technical requirements.

 dynamic groups and conditional access policies
Pergunta 13:Correto
Case study
Overview
following table.
Planned Changes
Montreal office.

QUESTION 2
You discover that VM3 does NOT meet the technical requirements.
You need to verify whether the issue relates to the NSGs.
What should you use?
 IP flow verify in Azure Network Watcher

Modify The Address Space of Vnet1.: Correto

Uploaded by

Copyright:

Available Formats

Modify The Address Space of Vnet1.: Correto

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Modify The Address Space of Vnet1.: Correto

Uploaded by

Copyright:

Available Formats

SIMULADO 1

No devices are connected to VNet1.

What should you do first?

 Modify the address space of VNet1.

AJAX call responses

Page load speed by browser Server and browser exceptions

What should you do?

 Enable the Azure Application Insights site extension.

NOTE: Each correct selection is worth one point.

VM1 has the following settings:

System-assigned managed identity: On

The solution must meet the following requirements:

 Azure Application Gateway

NOTE: Each correct selection is worth one point.

 Short Message Service (SMS) messages

NOTE: Each correct selection is worth one point.

 Azure Automation runbook

 an alert action group

You have 100 Azure virtual machines.

You verify that Admin1 is assigned the Global administrator role.

Which type of data source should you configure in the workspace?

 Add a shared access policy to the queue.

NOTE: Each correct selection is worth one point.

 Add health probes to LB1.

 Add an outbound rule to LB1.

Retain the backups for 30 days. Encrypt the backups at rest.

 an Azure Storage account

 From Logs, create a new query.

What should you do?

 Modify the access policy for KeyVault1.

 network security groups (NSGs) with service tags

NOTE: Each correct selection is worth one point.

 Obtain the root CA certificate.

 From KV1, create a certificate signing request (CSR).

You need to create Role1 by using the role definition.

NOTE: Each correct selection is worth one point.

You enable multi-factor authentication (MFA) for all users.

What should you do?

COPY File1.txt /Folder1/

Enable Application Insights: Yes

XCOPY File1.txt C:\Folder1\

You are installing Azure AD Connect on Server1.

For which web app can you configure a WebJob?

 sqlserver2 and sqlserver4 only

You plan to configure the managed instances in an instance failover group.

Microsoft SQL Server servers

A web front end

A processing middle tier

Contoso plans to implement the following changes to the infrastructure:

Move all the tiers of App1 to Azure.

Move the existing product blueprint files to Azure Blob storage.

Contoso must meet the following technical requirements:

Move all the virtual machines for App1 to Azure.

Minimize the number of open ports between the App1 tiers.

Copy the blueprint files to Azure over the Internet.

Prevent user passwords or hashes of passwords from being stored in Azure.

Minimize administrative effort whenever possible.

Contoso identifies the following requirements for users:

Admin1 must receive email alerts regarding service outages.