Q1. DRAG DROP
You plan to deploy a cloud service named contosoapp. The service includes a web role named contosowebrole. The web role has an endpoint named restrictedEndpoint.
You need to allow access to restricted Endpoint only from your office machine using the IP address 145.34.67.82.
Which values should you use within the service configuration file? To answer, drag the appropriate value to the correct location in the service configuration file. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q2. You manage a web application published to Azure Cloud Services.
Your service level agreement (SLA) requires that you are notified in the event of poor performance from customer locations in the US, Asia, and Europe.
You need to configure the Azure Management Portal to notify you when the SLA performance targets are not met.
What should you do?
A. Create an alert rule to monitor web endpoints.
B. Create a Notification Hub alert with response time metrics.
C. Add an endpoint monitor and alert rule to the Notification Hub.
D. Configure the performance counter on the cloud service.
Answer: A
Explanation: * An alert rule enables you to monitor an available metric within a supported Azure service. When the value of a specified metric violates the threshold assigned for a rule, the alert rule becomes active and registers an alert. When you create an alert rule, you can select options to send an email notification to the service administrator and co-administrators, or another administrator, when the rule becomes active, and when an alert condition is resolved.
* You can configure cloud service alert rules on:
Web endpoint status metrics Monitoring metrics from the cloud service host operating system Performance counters collected from the cloud service guest virtual machine
: Understanding Monitoring Alerts and Notifications in Azure
URL: http://msdn.microsoft.com/en-us/library/azure/dn306639.aspx
Q3. DRAG DROP
You administer a cloud service named contosoapp that has a web role and worker role.
Contosoapp requires you to perform an in-place upgrade to the service.
You need to ensure that at least six worker role instances and eight web role instances are available when you apply upgrades to the service. You also need to ensure that updates are completed for all instances by using the least amount of time.
Which value should you use with each configuration? To answer, drag the appropriate value to the correct configuration. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q4. You are the administrator for three Azure subscriptions named Dev, Test, and Prod.
Your Azure Power Shell profile is configured with the Dev subscription as the default.
You need to create a new virtual machine in the Test subscription by using the least
administrative effort.
Which Power Shell command should you use?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Explanation:
Example: Set the current subscription
This command makes "ContosoEngineering" the current subscription.
Windows PowerShell
C:\PS> Select-AzureSubscription -SubscriptionName ContosoEngineering -Current
Reference: Select-AzureSubscription
URL: http://msdn.microsoft.com/en-us/library/dn722499.aspx
Q5. You manage an Azure Active Directory (AD) tenant
You plan to allow users to log in to a third-party application by using their Azure AD credentials.
To access the application, users will be prompted for their existing third-party user names and passwords.
You need to add the application to Azure AD.
Which type of application should you add?
A. Existing Single Sign-On with identity provisioning
B. Password Single Sign-On with identity provisioning
C. Existing Single Sign-On without identity provisioning
D. Password Single Sign-On without identity provisioning
Answer: A
Explanation: * Azure AD supports two different modes for single sign-on: / Federation using standard protocols Configuring Federation-based single sign-on enables the users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account information from Azure AD. / Password-based single sign-on * Support for user provisioning
User provisioning enables automated user provisioning and deprovisioning of accounts in third-party SaaS applications from within the Azure Management Portal, using your Windows Server Active Directory or Azure AD identity information. When a user is given permissions in Azure AD for one of these applications, an account can be automatically created (provisioned) in the target SaaS application.
Reference: Application access enhancements for Azure AD
URL: http://msdn.microsoft.com/en-us/library/azure/dn308588.aspx
Q6. Your company plans to migrate from On-Premises Exchange to Office 365.
The existing directory has numerous service accounts in your On-Premises Windows Active Directory (AD), stored in separate AD Organizational Units (OU) for user accounts.
You need to prevent the service accounts in Windows AD from syncing with Azure AD.
What should you do?
A. Create an OU filter in the Azure AD Module for Windows PowerShell.
B. Configure directory partitions in miisclient.exe.
C. Set Active Directory ACLs to deny the DirSync Windows AD service account MSOL_AD_SYNC access to the service account OUs.
D. Create an OU filter in the Azure Management Portal.
Answer: B
Explanation: One customer, who was looking for OU level filtering to import selected users from On-Premises active directory to Office365.
Configure OU level filtering for Office365 directory synchronization.
1. Logged in to your Domain controller
2. Created an OU (Organisational Unit) from your AD (Active Directory)
a. In my case I named it “DirSync”
3. Move all those users you want to sync, to that.DirSync OU.
4. From your DirSync Server navigate to <Drive>\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell
5. Double click on.miisclient.exe
6. This opens a console something similar to the below screen capture
Identity Manager, click Management Agents, and then double-click SourceAD.
Q7. DRAG DROP
You manage an Azure Web Site in Standard mode at the following address: contoso.azurevvebsites.net.
Your company has a new domain for the site that needs to be accessible by Secure Socket Layer (SSL) encryption.
You need to be able to add a custom domain to the Azure Web Site and assign an SSL certificate.
Which three steps should you perform next in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. More than one order of answer choices may be correct You will receive credit for any of the correct orders you select
Answer:
Q8. You manage a cloud service that hosts a customer-facing application. The application allows users to upload images and create collages. The cloud service is running in two medium instances and utilizes Azure Queue storage for image processing. The storage account is configured to be locally redundant.
The sales department plans to send a newsletter to potential clients. As a result, you expect a significant increase in global traffic.
You need to recommend a solution that meets the following requirements:
. Configure the cloud service to ensure the application is responsive to the traffic increase. . Minimize hosting and administration costs.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. Configure the cloud service to run in two Large instances.
B. Configure the cloud service to auto-scale to three instances when processor utilization is above 80%.
C. Configure the storage account to be geo-redundant
D. Deploy a new cloud service in a separate data center. Use Azure Traffic Manager to load balance traffic between the cloud services.
E. Configure the cloud service to auto-scale when the queue exceeds 1000 entries per machine.
Answer: B,E
Explanation: * An autoscaling solution reduces the amount of manual work involved in dynamically scaling an application. It can do this in two different ways: either preemptively by setting constraints on the number of role instances based on a timetable, or reactively by adjusting the number of role instances in response to some counter(s) or measurement(s) that you can collect from your application or from the Azure environment.
Reference: Autoscaling and Microsoft Azure
Q9. You administer a cloud service.
You plan to host two web applications named contosoweb and contosowebsupport.
You need to ensure that you can host both applications and qualify for the Azure Service
Level Agreement. You want to achieve this goal while minimizing costs.
How should you host both applications?
A. in different web roles with two instances in each web role
B. in the same web role with two instances
C. in different web roles with one instance in each web role
D. in the same web role with one instance
Answer: B
Explanation: A cloud service must have at least two instances of every role to qualify for the Azure Service Level Agreement, which guarantees external connectivity to your Internet-facing roles at least 99.95 percent of the time.
Reference: Azure, What is a cloud service?
URL: http://azure.microsoft.com/en-us/documentation/articles/cloud-services-what-is/
Q10. Click OK on the SourceAD Properties page.
12. Perform a full sync: on the Management Agent tab, right-click SourceAD, click Run,
click Full Import Full Sync, and then click OK.
Etc. Reference: Installing and Configure DirSync with OU level filtering for Office365
URL: http://blogs.msdn.com/b/denotation/archive/2012/11/21/installing-and-configure-dirsync-with-ou-level-filtering-for-office365.aspx
Answer: