.

Which statement is correct about Azure Storage encryption.

Data is automatically encrypted before written to Azure Managed Disks.

What's the default network rule when configuring network access to

an Azure storage account?

Allow all connections from all networks.

You want to give read access to image assets for a limited period of
time. What security option would be the best option to use?

Shared Access Signature

Which statement correctly describes cloud tiering?

Cloud tiering archives infrequently accessed files to free up space on the local file
share.

Which statement correctly describes soft delete?

Soft delete can be enabled on either new or existing file shares.

Which statement correctly describes file snapshots?

A share snapshot is a point-in-time, read-only copy of your data.

What are the two main types of monitoring data that Azure Monitor
collects for Azure VMs?

Metrics and logs.

What are the layers of a VM that need to be monitored?

VM host, guest OS, client workloads, and applications.

What do you need to do to enable recommended alert rules when
you create a VM?

Select Enable recommended alert rules on the Monitoring tab.

Which metrics graph isn't available by default on the Monitoring tab

when you create a VM?

Guest OS Available Memory

How do you add another metric to an existing Metrics Explorer

graph?

Select Add metric.

Which of these parameters isn't included in the dropdown fields

when you define a Metrics Explorer graph?

Time range

What capabilities does enabling VM insights provide?

Prebuilt client performance workbooks and guest OS metrics.

What's a quick way to install the Azure Monitor Agent to collect

guest OS metrics?

Select the Azure Monitor Agent when you enable VM insights.

How can you collect event log data from your VMs?

Create a DCR.

How can you view log data collected by a DCR?

By using a KQL query in your Log Analytics workspace.

How can you ensure more virtual machines are deployed for the
Admin team when the CPU is 75% consumed?

Enable the autoscale option.

Which Virtual Machine Scale Sets feature adds more virtual
machines and avoids the busy preparation times?

Schedule-based rules

What types of scaling can you use to increase the CPU capacity for
your existing Virtual Machine Scale Sets instances?

Horizontal scaling increases the number of instances within Azure

Virtual Machine Scale Sets.

Vertical scaling increases the capacity of existing instances within

Azure Virtual Machine Scale Sets.

Which App Service Plan can you implement to support the

Production team's requirements?

Premium

What scaling option provides more CPU, memory, or disk space

without adding more virtual machines?

Scale up

Triggering an event at 8:00 AM on Saturday is an example of what

type of rule?

A time-based rule.

Which of the security rules defined by the infrastructure team takes

precedence?

The deny rule takes precedence.

How do Application Security Groups (ASGs) enhance network

security within Azure Virtual Networks?

By grouping virtual machines according to their functions.

What happens to network traffic that doesn't match any NSG rules?

Network traffic is denied.

When virtual networks are successfully peered, what's the peering
status for both virtual networks in the peering?

Connected

What approach enables peered virtual networks to share the

gateway and get access to resources?

Gateway
Transit

How is Azure Virtual Network peering best described?

Traffic between virtual networks is kept on the Microsoft backbone network.

When you create a Windows virtual machine in Azure, which port

would you open using the INBOUND PORT RULES in order to allow
remote-desktop access?

RDP (3389)

uppose you have an application running on a Windows virtual

machine in Azure. What is the best-practice guidance on where the
app should store data files?

Attached data disk

What is the final rule that is applied in every Network Security

Group?

Deny All

Suppose you want to run a network appliance on a virtual machine.

Which workload option should you choose?

Compute optimized
Compute optimized virtual machines are designed to have a high CPU-to-
memory ratio. Suitable for medium traffic web servers, network
appliances, batch processes, and application servers.
True or false: Resource Manager templates are JSON files?

True

You have an Azure Resource Manager (ARM) template named deploy.json

that is stored in an Azure Blob storage container.

You plan to deploy the template by running the New-AzDeployment cmdlet.

Which parameter should you use to reference the template?

-TemplateUri

Your company plans to host an application on four Azure virtual machines.

You need to ensure that at least two virtual machines are available if a single
Azure datacenter fails.

Which availability option should you select for the virtual machine?

an availability zone

You have a Microsoft Entra tenant that uses Microsoft Entra Connect to sync
with an Active Directory Domain Services (AD DS) domain.

You need to ensure that users can reset their AD DS password from the
Azure portal. The users must be able to use two methods to reset their
password.

Which two actions should you perform? Each correct answer presents part of
the solution.

From Password reset in the Azure portal, configure the Authentication methods
settings.
Run Microsoft Entra Connect and select Password writeback.

You have an Azure subscription.

From PowerShell, you run the Get-MgUser cmdlet for a user and receive the
following details:
  Id: 8755b347-3545-3876-3987-999999999999
 DisplayName: Ben Smith
 Mail: [email protected]
 UserPrincipalName: bsmith_contoso.com#EXT#@fabrikam.com

Which statement accurately describes the user?

For guest users, the user principal name (UPN) will contain the email of the guest
user (bsmith_contoso.com) followed by #EXT# followed by the domain name of the
tenant (@fabrikam.com). Regular Microsoft Entra users appear in a format of
[email protected].

You have a Microsoft Entra tenant.

You create a new user named User1.

You need to assign a Microsoft 365 E5 license to User1.

Which user attribute should be configured for User1 before you can assign
the license?

Select only one answer.

Usage location
Not all Microsoft 365 services are available in all locations. Before a license can be
assigned to a user, you must specify the Usage location. The attributes of First
name, Last name, Other email address, and User type are not mandatory for license
assignment.

You have an Azure subscription that contains several storage accounts.

You need to provide a user with the ability to perform the following tasks:

 Manage containers within the storage accounts.

 View storage account access keys.

The solution must use the principle of least privilege.

Which role should you assign to the user?

Select only one answer.

ou have an Azure subscription that contains a resource group named RG1.

RG1 contains a virtual machine that runs daily reports.
You need to ensure that the virtual machine shuts down when resource
group costs exceed 75 percent of the allocated budget.

Which two actions should you perform? Each correct answer presents part of
the solution.

Create an action group of type Runbook, and then select **Stop VM** as an action.
From Cost Management + Billing, modify the Budgets settings.

You are creating an Azure virtual machine that will run Windows Server.

You need to ensure that VM1 will be part of a virtual machine scale set.

Which setting should you configure during the creation of the virtual
machine?

Availability options

You have two Azure virtual machines named VM1 and VM2 that run Windows
Server.

VM1 has a single data disk that stores backup files.

You need to move the data disk from VM1 to VM2 as quickly as possible.

What should you do first?

Detach the data disk from VM1.

You can use delete locks to block the deletion of virtual machines, subscriptions,
and resource groups. You cannot use delete locks on management groups or
storage account data.

You need to create an Azure Storage account that supports the Azure Data
Lake Storage Gen2 capabilities.

Which two types of storage accounts can you use? Each correct answer
presents a complete solution.

premium block blobs

standard general-purpose v2

To support Data Lake Storage, the storage account must support blob storage,
which is available as standard general-purpose v2 and premium block blobs.
Additionally, when you create the storage account, you must enable the hierarchical
namespace.

Your need to create an Azure Storage account that meets the following
requirements:

 Stores data in a minimum of two availability zones

 Provides high availability

Which type of storage redundancy should you use?

Select only one answer.

Zone-redundant storage (ZRS) replicates a storage account synchronously across
three Azure availability zones in the primary region. For ensuring high availability,
Microsoft recommends using ZRS in the primary region and also replicating to a
secondary region.

Object replication can be used to replicate blobs between storage accounts. Before
configuring object replication, you must enable blob versioning for both storage
accounts, and you must enable the change feed for the source account.

File shares can be configured to use Microsoft Entra Kerberos to provide identity-
based access to data storage.

The Cool access tier is cost-effective for storing large amounts of data that is
infrequently accessed. The Hot access tier is more expensive and is optimized for
data that is accessed frequently. Object replication is not related to cost
optimization but rather to data availability and redundancy. Upgrading to a general-
purpose v2 storage account does not directly address the need for cost-effective
storage for infrequently accessed data.

Azure Bastion is a service that lets you connect to a virtual machine by using a
browser, without exposing RDP and SSH ports. Azure Monitor helps you maximize
the availability and performance of applications and services. Azure Network
Watcher provides tools to monitor, diagnose, view metrics, and enable or disable
logs for resources in an Azure virtual network. Remote Desktop is a feature of the
operating system, which exposes the RDP port to connect to a server from the
internet.

Must configure network security group (NSG) rules to allow TCP or ICMP traffic for
specific ports. Azure Firewall is a managed service that protects your Azure services
across multiple virtual networks. Load balancers are used to distribute incoming
traffic to available backend servers. Azure VPN is used to have a connection
establishment between on-premises and Azure.

ou must create an action group to set up an action and create an alert rule to set
the severity of the errors. A notification is only used to send email and you do not
need to call a webhook.