Q1. - (Topic 1)
You need to assign permissions for the Virtual Machine workloads that you migrate to Azure.
The solution must use the principal of least privileges.
What should you do?
A. Create all VMs in the cloud service named Groupl and then connect to the Azure
subscription. Run the following Windows PowerShell command:
New-AzureRoleAssignment -Mail user1@vanarsdelltd.com -RoleDefinitionName
Contributor -ResourceGroupName group1
B. In the Azure portal, select an individual virtual machine and add an owner.
C. In the Azure portal, assign read permission to the user at the subscription level.
D. Create each VM in a separate cloud service and then connect to the Azure subscription.
Run the following Windows PowerShell command:
Get-AzureVM | New-AzureRoleAssignment -Mail userl@vanarsdelltd.com -
RoleDefinitionName Contributor
Answer: A
Explanation: * Scenario: Permissions must be assigned by using Role Based Access Control (RBAC).
* Role-Based access control (RBAC) in the Azure Portal and Azure Resource Management API allows you to manage access to your subscription at a fine-grained level. With this feature, you can grant access for Active Directory users, groups, or service principals by assigning some roles to them at a particular scope.
Create a role assignment
Use New-AzureRoleAssignment to create a role assignment.
Example: This will create a role assignment for a group at a resource group level.
PS C:\> New-AzureRoleAssignment -ObjectID <group object ID> -RoleDefinitionName
Reader -ResourceGroupName group1
Reference: Managing Role-Based Access Control with Windows PowerShell
https://azure.microsoft.com/en-gb/documentation/articles/role-based-access-control-powershell/
Q2. - (Topic 6)
You are designing an Azure web application that includes many static content files.
The application is accessed from locations all over the world by using a custom domain name.
You need to recommend an approach for providing access to the static content with the least amount of latency.
Which two actions should you recommend? Each correct answer presents part of the solution.
A. Place the static content in Azure Table storage.
B. Configure a CNAME DNS record for the Azure Content Delivery Network (CDN) domain.
C. Place the static content in Azure Blob storage.
D. Configure a custom domain name that is an alias for the Azure Storage domain.
Answer: B,C
Explanation: B: There are two ways to map your custom domain to a CDN endpoint.
1.
Create a CNAME record with your domain registrar and map your custom domain and subdomain to the CDN endpoint
2.
Add an intermediate registration step with Azure cdnverify
C: The Azure Content Delivery Network (CDN) offers developers a global solution for delivering high-bandwidth content by caching blobs and static content of compute instances at physical nodes in the United States, Europe, Asia, Australia and South America. The benefits of using CDN to cache Azure data include: / Better performance and user experience for end users who are far from a content source, and are using applications where many 'internet trips' are required to load content / Large distributed scale to better handle instantaneous high load, say, at the start of an event such as a product launch
Reference: Using CDN for Azure https://azure.microsoft.com/en-gb/documentation/articles/cdn-how-to-use/
Reference: How to map Custom Domain to Content Delivery Network (CDN) endpoint
https://github.com/Azure/azure-content/blob/master/articles/cdn-map-content-to-custom-domain.md
https://github.com/Azure/azure-content/blob/master/articles/cdn-map-content-to-custom-domain.md
Q3. - (Topic 6)
You have business services that run on an on-premises mainframe server.
You must provide an intermediary configuration to support existing business services and Azure. The business services cannot be rewritten. The business services are not exposed externally.
You need to recommend an approach for accessing the business services.
What should you recommend?
A. Connect to the on-premises server by using a custom service in Azure.
B. Expose the business services to the Azure Service Bus by using a custom service that uses relay binding.
C. Expose the business services externally.
D. Move all business service functionality to Azure.
Answer: B
Explanation: The Service Bus relay service enables you to build hybrid applications that run in both an Azure datacenter and your own on-premises enterprise environment. The Service Bus relay facilitates this by enabling you to securely expose Windows Communication Foundation (WCF) services that reside within a corporate enterprise network to the public cloud, without having to open a firewall connection, or require intrusive changes to a corporate network infrastructure.
Reference: How to Use the Service Bus Relay Service
http://azure.microsoft.com/en-gb/documentation/articles/service-bus-dotnet-how-to-use-relay/
Q4. DRAG DROP - (Topic 6)
You have a web application on Azure.
The web application does not employ Secure Sockets Layer (SSL).
You need to enable SSL for your production deployment web application on Azure.
Which four actions should you perform in sequence? To answer, move the appropriate
actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q5. HOTSPOT - (Topic 4)
You need to recommend strategies for storing data.
Which services should you recommend? To answer, select the appropriate storage technology for each data type in the answer area.
Answer:
Q6. HOTSPOT - (Topic 6)
You have an Azure website that runs on several instances. You have a WebJob that provides additional functionality to the website.
The WebJob must run on all instances of the website.
You need to ensure that the WebJob runs even when the website is idle for long periods of time.
How should you create and configure the WebJob object? To answer, select the appropriate options in the answer area.
Answer:
Q7. - (Topic 6)
You are evaluating an Azure application. The application includes the following elements:
. A web role that provides the ASP.NET user interface and business logic
. A single SQL database that contains all application data
Each webpage must receive data from the business logic layer before returning results to the client. Traffic has increased significantly. The business logic is causing high CPU usage.
You need to recommend an approach for scaling the application.
What should you recommend?
A. Store the business logic results in Azure Table storage.
B. Vertically partition the SQL database.
C. Move the business logic to a worker role.
D. Store the business logic results in Azure local storage.
Answer: C
Explanation: For Cloud Services in Azure applications need both web and worker roles to scale well.
Reference: Application Patterns and Development Strategies for SQL Server in Azure Virtual Machines
https://msdn.microsoft.com/en-us/library/azure/dn574746.aspx
Q8. - (Topic 6)
You are designing a solution that will interact with non-Windows applications over unreliable network connections. You have a security token for each non-Windows application.
You need to ensure that non-Windows applications retrieve messages from the solution.
Where should you retrieve messages?
A. An Azure Queue
B. The Azure Service Bus Queue
C. An Azure blob storage container that has a private access policy
D. Azure Table storage
Answer: B
Explanation: Any Microsoft or non-Microsoft applications can use a Service Bus REST
API to manage and access messaging entities over HTTPS.
By using REST applications based on non-Microsoft technologies (e.g. Java, Ruby, etc.)
are allowed not only to send and receive messages from the Service Bus, but also to
create or delete queues, topics and subscription in a given namespace.
: Service Bus Explorer
https://code.msdn.microsoft.com/windowsazure/service-bus-explorer-f2abca5a
Q9. - (Topic 6)
A company has multiple Azure subscriptions. It plans to deploy a large number of virtual machines (VMs) into Azure.
You install the Azure PowerShell module, but you are unable connect to all of the company's Azure subscriptions.
You need to automate the management of the Azure subscriptions.
Which two Azure PowerShell cmdlets should you run?
A. Get-AzurePublishSettingsFile
B. Import-AzurePublishSettingsFile
C. Add-AzureSubscription
D. Import-AzureCertificate
E. Get-AzureCertificate
Answer: A,B
Explanation: Before you start using the Windows Azure cmdlets to automate deployments, you must configure connectivity between the provisioning computer and Windows Azure. You can do this automatically by downloading the PublishSettings file from Windows Azure and importing it.
To download and import publish settings and subscription information . At the Windows PowerShell command prompt, type the following command, and then press Enter. Get-AzurePublishSettingsFile
2.
Sign in to the Windows Azure Management Portal, and then follow the instructions to download your Windows Azure publishing settings. Save the file as a .publishsettings type file to your computer.
3.
In the Windows Azure PowerShell window, at the command prompt, type the following command, and then press Enter. Import-AzurePublishSettingsFile <mysettings>.publishsettings
Reference: How to: Download and Import Publish Settings and Subscription Information
https://msdn.microsoft.com/en-us/library/dn385850%28v=nav.70%29.aspx
Q10. - (Topic 6)
A company has a very large dataset that includes sensitive information. The dataset is over 30 TB in size.
You have a standard business-class ISP internet connection that is rated at 100 megabits/second.
You have 10 4-TB hard drives that are approved to work with the Azure Import/Export Service.
You need to migrate the dataset to Azure. The solution must meet the following requirements:
The dataset must be transmitted securely to Azure.
Network bandwidth must not increase.
Hardware costs must be minimized.
What should you do?
A. Prepare the drives with the Azure Import/Export tool and then create the import job. Ship the drives to Microsoft via a supported carrier service.
B. Create an export job and then encrypt the data on the drives by using the Advanced Encryption Standard (AES). Create a destination Blob to store the export data.
C. Create an import job and then encrypt the data on the drives by using the Advanced Encryption Standard (AES). Create a destination Blob to store the import data.
D. Prepare the drives by using Sysprep.exe and then create the import job. Ship the drives to Microsoft via a supported carrier service.
Answer: A
Explanation: You can use the Microsoft Azure Import/Export service to transfer large amounts of file data to Azure Blob storage in situations where uploading over the network is prohibitively expensive or not feasible.
Reference: Use the Microsoft Azure Import/Export Service to Transfer Data to Blob Storage
http://azure.microsoft.com/en-gb/documentation/articles/storage-import-export-service/