70-533 Exam
Why You Need To 70 533 exam?
Act now and download your Microsoft exam ref 70 533 implementing microsoft azure infrastructure solutions pdf test today! Do not waste time for the worthless Microsoft microsoft azure 70 533 tutorials. Download Replace Microsoft Implementing Microsoft Azure Infrastructure Solutions exam with real questions and answers and begin to learn Microsoft 70 533 implementing microsoft azure infrastructure solutions with a classic professional.
Q1. You manage a software-as-a-service application named SaasApp1 that provides user management features in a multi-directory environment.
You plan to offer SaasApp1 to other organizations that use Azure Active Directory.
You need to ensure that SaasApp1 can access directory objects.
What should you do?
A. Configure the Federation Metadata URL
B. Register SaasApp1 as a native client application.
C. Register SaasApp1 as a web application.
D. Configure the Graph API.
Answer: D
Explanation: The Azure Active Directory Graph API provides programmatic access to Azure AD through REST API endpoints. Applications can use the Graph API to perform create, read, update, and delete (CRUD) operations on directory data and objects. For example, the Graph API supports the following common operations for a user object: / Create a new user in a directory / Get a user’s detailed properties, such as their groups / Update a user’s properties, such as their location and phone number, or change their password / Check a user’s group membership for role-based access / Disable a user’s account or delete it entirely
Reference: Azure AD Graph API
URL: http://msdn.microsoft.com/en-us/library/azure/hh974476.aspx
Q2. You manage a collection of large video files that is stored in an Azure Storage account.
A user wants access to one of your video files within the next seven days.
You need to allow the user access only to the video file, and then revoke access once the user no longer needs it.
What should you do?
A. Give the user the secondary key for the storage account.
Once the user is done with the file, regenerate the secondary key.
B. Create an Ad-Hoc Shared Access Signature for the Blob resource.
Set the Shared Access Signature to expire in seven days.
C. Create an access policy on the container.
Give the external user a Shared Access Signature for the blob by using the policy.
Once the user is done with the file, delete the policy.
D. Create an access policy on the blob.
Give the external user access by using the policy.
Once the user is done with the file, delete the policy.
Answer: C
Explanation: See 3) below. By default, only the owner of the storage account may access blobs, tables, and queues within that account. If your service or application needs to make these resources available to other clients without sharing your access key, you have the following options for permitting access:
1.You can set a container's permissions to permit anonymous read access to the container and its blobs. This is not allowed for tables or queues.
2. You can expose a resource via a shared access signature, which enables you to delegate restricted access to a container, blob, table or queue resource by specifying the interval for which the resources are available and the permissions that a client will have to it.
3. You can use a stored access policy to manage shared access signatures for a container or its blobs, for a queue, or for a table. The stored access policy gives you an additional measure of control over your shared access signatures and also provides a straightforward means to revoke them.
Reference: Manage Access to Azure Storage Resources
Q3. You manage a cloud service that supports features hosted by two instances of an Azure virtual machine (VM).
You discover that occasional outages cause your service to fail.
You need to minimize the impact of outages to your cloud service.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Deploy a third instance of the VM.
B. Configure Load Balancing on the VMs.
C. Redeploy the VMs to belong to an Affinity Group.
D. Configure the VMs to belong to an Availability Set.
Answer: B,D
Explanation: Adding your virtual machine to an availability set helps your application stay available during network failures, local disk hardware failures, and any planned downtime..
Combine the Azure Load Balancer with an Availability Set to get the most application resiliency. The Azure Load Balancer distributes traffic between multiple virtual machines..
http://azure.microsoft.com/en-gb/documentation/articles/virtual-machines-manage-availability/
Reference: Manage the availability of virtual machines, Understand planned versus unplanned maintenance
Q4. You manage a large datacenter that has limited physical space.
You plan to extend your datacenter to Azure.
You need to create a connection that supports a multiprotocol label switching (MPLS) virtual private network.
Which connection type should you use?
A. Site-to-site
B. VNet-VNet
C. ExpressRoute.
D. Site-to-peer
Answer: C
Explanation:
ExpressRoute provides even richer capabilities by allowing a dedicated MPLS connection to Azure. Reference:
ExpressRoute:
An MPLS Connection to Microsoft Azure
http://azure.microsoft.com/en-us/services/expressroute/
Q5. Your company has recently signed up for Azure.
You plan to register a Data Protection Manager (DPM) server with the Azure Backup service.
You need to recommend a method for registering the DPM server with the Azure Backup vault.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. Import a self-signed certificate created using the makecert tool.
B. Import a self-signed certificate created using the createcert tool.
C. Import an X.509 v3 certificate with valid clientauthentication EKU.
D. Import an X.509 v3 certificate with valid serverauthentication EKU.
Answer: A,C
Explanation: A: You can create a self-signed certificate using the makecert tool, or use any valid SSL certificate issued by a Certification Authority (CA) trusted by Microsoft, whose root certificates are distributed via the Microsoft Root Certificate Program.
C: The certificate must have a valid ClientAuthentication EKU.
Reference: Prerequisites for Azure Backup
URL: http://technet.microsoft.com/en-us/library/dn296608.aspx
Q6. You manage an Azure Web Site named contosoweb. Logging is enabled for contosoweb.
You need to view only errors from your log files in a continuous stream as they occur.
Which Windows Power Shell command should you execute?
A. Get-AzureWebSiteLog -Name contosoweb -OutBuffer Error
B. Save-AzureWebSiteLog -Name contosoweb -Output Errors
C. Get-AzureWebSiteLog -Name contosoweb -Tail –Message Error
D. Get-Azure WebSiteLog -Name contosoweb -Message Error
Answer: C
Explanation: Example
This example starts log streaming and show error logs only.
Windows PowerShell
C:\PS>Get-AzureWebsiteLog -Tail -Message Error
Reference: Get-AzureWebsiteLog
URL: http://msdn.microsoft.com/en-us/library/dn495187.aspx
Q7. Your company has two cloud services named CS01 and CS02. You create a virtual machine (VM) in CS02 named Accounts.
You need to ensure that users in CS01 can access the Accounts VM by using port 8080.
What should you do?
A. Create a firewall rule.
B. Configure load balancing.
C. Configure port redirection.
D. Configure port forwarding.
E. Create an end point.
Answer: E
Explanation: All virtual machines that you create in Azure can automatically communicate using a private network channel with other virtual machines in the same cloud service or virtual network. However, other resources on the Internet or other virtual networks require endpoints to handle the inbound network traffic to the virtual machine.
Reference: How to Set Up Endpoints to a Virtual Machine
URL: http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/
Q8. You administer a solution deployed to a virtual machine (VM) in Azure. The VM hosts a web service that is used by several applications. You are located in the US West region and have a worldwide user base.
Developers in Asia report that they experience significant delays when they execute the services.
You need to verify application performance from different locations.
Which type of monitoring should you configure?
A. Disk Read
B. Endpoint
C. Network Out
D. CPU
E. Average Response Time
Answer: E
Explanation:
Example:
Incorrect:
Not B: Health Endpoint Monitoring Pattern is used for checking the health of the program:
Implement functional checks within an application that external tools can access through
exposed endpoints at regular intervals. This pattern can help to verify that applications and
services are performing correctly.
Reference: How to Monitor and Analyze Performance of the Windows Azure Storage
Service
Q9. You publish an application named MyApp to Azure Active Directory (Azure AD). You grant access to the web APIs through OAuth 2.0.
MyApp is generating numerous user consent prompts.
You need to reduce the amount of user consent prompts.
What should you do?
A. Enable Multi-resource refresh tokens.
B. Enable WS-federation access tokens.
C. Configure the Open Web Interface for .NET.
D. Configure SAML 2.0.
Answer: A
Explanation: When using the Authorization Code Grant Flow, you can configure the client to call multiple resources. Typically, this would require a call to the authorization endpoint for each target service. To avoid multiple calls and multiple user consent prompts, and reduce the number of refresh tokens the client needs to cache, Azure Active Directory (Azure AD) has implemented multi-resource refresh tokens. This feature allows you to use a single refresh token to request access tokens for multiple resources.
Reference:Azure, OAuth 2.0, Refresh Tokens for Multiple Resources
Q10. DRAG DROP
You administer an Azure Virtual Machine (VM) named CON-CL1. CON-CL1 is in a cloud service named ContosoService1.
You discover unauthorized traffic to CON-CL1. You need to:
. Create a rule to limit access to CON-CL1.
. Ensure that the new rule has the highest precedence.
Which Azure Power Shell cmdlets and values should you use? To answer, drag the appropriate cmdlet or value to the correct location in the Power Shell command. Each cmdlet or value may be used once, more than once, or not at all. You may need to drag the split bat between panes or scroll to view content.
Answer: