NEW QUESTION 1
Note: This question is part of a series of Questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.
Solution: From the Overview blade, you move the virtual machine to a different resource group. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 2
Note: This questions is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. After you answer a questions in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation: How can I freeze or lock my production/critical Azure resources from accidental deletion? There is way to do this with both ASM and ARM resources using Azure resource lock.
References: https://blogs.msdn.microsoft.com/azureedu/2021/04/27/using-azure-resourcemanager-policy-and-azure-lock-to-control-your-azure-resources/

NEW QUESTION 3
You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.
You need to delete the Recovery Services vault. What should you do first?

• A. From the Recovery Service vault, stop the backup of each backup item.
• B. From the Recovery Service vault, delete the backup data.
• C. Modify the disaster recovery properties of each virtual machine.
• D. Modify the locks of each virtual machin

Answer: A

Explanation: You can't delete a Recovery Services vault if it is registered to a server and holds backup data. If youtry to delete a vault, but can't, the vault is still configured to receive backup data. Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.

References: https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault

NEW QUESTION 4
You recently deployed a web app named homepagelod7509087.
You need to back up the code used for the web app and to store the code in the homepagelod7509Q87 storage account. The solution must ensure that a new backup is created daily. What should you do from the Azure portal?

Answer:

Explanation: Step 1:
Locate and select the web app homepagelod7509087, select Backups. The Backups page is displayed.

Step 2:
In the Backup page, Click Configure. Step 3:
In the Backup Configuration page, click Storage: Not configured to configure a storage account.

Step 4:
Choose your backup destination by selecting a Storage Account and Container. Select the homepagelod7509087 storage account.
Step 5:
In the Backup Configuration page that is still left open, select Scheduled backup On, and configure daily backups.

Step 6:
In the Backup Configuration page, click Save. Step 7:
In the Backups page, click Backup.
References:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-backup

NEW QUESTION 5
HOT SPOT
You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.

In Azure, you create a private DNS zone named adatum.com. You set the registration virtual network to VNet2. The adatum.com zone is configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: No
Azure DNS provides automatic registration of virtual machines from a single virtual network that's linked to a private zone as a registration virtual network. VM5 does not belong to the registration virtual network though.
Box 2: No
Forward DNS resolution is supported across virtual networks that are linked to the private zone as resolution virtual networks. VM5 does belong to a resolution virtual network.
Box 3: Yes
VM6 belongs to registration virtual network, and an A (Host) record exists for VM9 in the DNS zone. By default, registration virtual networks also act as resolution virtual networks, in the sense that DNS resolution against the zone works from any of the virtual machines within the registration virtual network.
References: https://docs.microsoft.com/en-us/azure/dns/private-dns-overview

NEW QUESTION 6
SIMULATION
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.



When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
Your on-premises network uses an IP address range of 131.107.2.0 to 131.107.2.255. You need to ensure that only devices from the on-premises network can connect to the rg1lod7523691n1 storage account.
What should you do from the Azure portal?

Answer:

Explanation: Step 1: Navigate to the rg1lod7523691n1 storage account.
Step 2: Click on the settings menu called Firewalls and virtual networks. Step 3: Ensure that you have elected to allow access from 'Selected networks'.
Step 4: To grant access to an internet IP range, enter the address range of 131.107.2.0 to 131.107.2.255 (in CIDR format) under Firewall, Address Ranges.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

NEW QUESTION 7
You plan to connect a virtual network named VNET1017 to your on-premises network by using both an Azure ExpressRoute and a site-to-site VPN connection.
You need to prepare the Azure environment for the planned deployment. The solution must maximize the IP address space available to Azure virtual machines.
What should you do from the Azure portal before you create the ExpressRoute are the VPN gateway?

Answer:

Explanation: We need to create a Gateway subnet Step 1:
Go to More Services > Virtual Networks Step 2:
Then click on the VNET1017, and click on subnets. Then click on gateway subnet.
Step 3:
In the next window define the subnet for the gateway and click OK

It is recommended to use /28 or /27 for gateway subnet.
As we want to maximize the IP address space we should use /27. References:
https://blogs.technet.microsoft.com/canitpro/2021/06/28/step-by-step-configuring-a-site-to-sitevpn- gateway-between-azure-and-on-premise/

NEW QUESTION 8
HOT SPOT
You plan to create a new Azure Active Directory (Azure AD) role.
You need to ensure that the new role can view all the resources in the Azure subscription and issue support requests to Microsoft. The solution must use the principle of least privilege.
How should you complete the JSON definition? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: "*/read",
*/read lets you view everything, but not make any changes. Box 2: " Microsoft.Support/*"
The action Microsoft.Support/* enables creating and management of support tickets. References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

NEW QUESTION 9
You create an Azure subscription that is associated to a basic Azure Active Directory (Azure AD) tenant. You need to receive an email notification when any user activates an administrative role. What should you do?

• A. Purchase Azure AD Premium 92 and configure Azure AD Privileged Identity Management,
• B. Purchase Enterprise Mobility + Security E3 and configure conditional access policies.
• C. Purchase Enterprise Mobility + Security E5 and create a custom alert rule in Azure Security Center.
• D. Purchase Azure AD Premium PI and enable Azure AD Identity Protectio

Answer: A

Explanation: When key events occur in Azure AD Privileged Identity Management (PIM), email notifications are sent. For example, PIM sends emails for the following events:
When a privileged role activation is pending approval When a privileged role activation request is completed When a privileged role is activated
When a privileged role is assigned When Azure AD PIM is enabled References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pimemail- notifications

NEW QUESTION 10
From the MFA Server blade, you open the Block/unblock users blade as shown in the exhibit.

What caused AlexW to be blocked?

• A. An administrator manually blocked the user.
• B. The user reports a fraud alert when prompted for additional authentication.
• C. The user account password expired.
• D. The user entered an incorrect PIN four times within 10 minute

Answer: B

NEW QUESTION 11
You are the global administrator for an Azure Active Directory (Azure AD) tenet named adatum.com. You need to enable two-step verification for Azure users.
What should you do?

• A. Create a sign-in risk policy in Azure AD Identity Protection
• B. Enable Azure AD Privileged Identity Management.
• C. Create and configure the Identity Hub.
• D. Configure a security policy in Azure Security Cente

Answer: A

Explanation: With Azure Active Directory Identity Protection, you can: require users to register for multi-factor authentication handle risky sign-ins and compromised users
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/flows

NEW QUESTION 12
You need to move the blueprint files to Azure. What should you do?

• A. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
• B. Use the Azure Import/Export service.
• C. Generate an access ke
• D. Map a drive, and then copy the files by using File Explorer.
• E. Use Azure Storage Explorer to copy the file

Answer: D

Explanation: Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can use it to upload and download data from Azure blob storage.
Scenario:
Planned Changes include: move the existing product blueprint files to Azure Blob storage. Technical Requirements include: Copy the blueprint files to Azure over the Internet.
References: https://docs.microsoft.com/en-us/azure/machine-learning/team-data-scienceprocess/move-data-to-azure-blob-using-azure-storage-explorer

NEW QUESTION 13
You have an Azure Logic App named App1. App1 provides a response when an HTTP POST request or an HTTP GET request is received.
During peak periods, App1 is expected to receive up to 200,000 requests in a five-minute period. You need to ensure that App1 can handle the expected load.
What should you configure?

• A. Access keys
• B. Access control (1AM)
• C. API connections
• D. Workflow settings

Answer: D

Explanation: Here are the limits for a single logic app definition:

References:
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-limits-and-config

NEW QUESTION 14
DRAG DROP
You have an on-premises network that includes a Microsoft SQL Server instance named SQL1. You create an Azure Logic App named App1.
You need to ensure that App1 can query a database on SQL1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation: To access data sources on premises from your logic apps, you can create a data gateway resource in Azure so that your logic apps can use the on-premises connectors.
Box 1: From an on-premises computer, install an on-premises data gateway.
Before you can connect to on-premises data sources from Azure Logic Apps, download and install the on-premises data gateway on a local computer.
Box 2: From the Azure portal, create an on-premises data gateway Create Azure resource for gateway
After you install the gateway on a local computer, you can then create an Azure resource for your gateway. This step also associates your gateway resource with your Azure subscription.
Sign in to the Azure portal. Make sure you use the same Azure work or school email address used to install the gateway.
On the main Azure menu, select Create a resource > Integration > On-premises data gateway.

On the Create connection gateway page, provide this information for your gateway resource.
To add the gateway resource to your Azure dashboard, select Pin to dashboard. When you're done, choose Create.
Box 3: From the Logic Apps Designer in the Azure portal, add a connector
After you create your gateway resource and associate your Azure subscription with this resource, you can now create a connection between your logic app and your on-premises data source by using the gateway.
In the Azure portal, create or open your logic app in the Logic App Designer. Add a connector that supports on-premises connections, for example, SQL Server. Set up your connection.
References:
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-gateway-connection

NEW QUESTION 15
You have an Azure Active Directory (Azure AD) domain that contains 5,000 user accounts. You create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1. What should you do from the user account properties?

• A. From the Directory role blade, modify the directory role.
• B. From the Groups blade, invite the user account to a new group.
• C. From the Licenses blade, assign a new licens

Answer: A

Explanation: Assign a role to a user
Sign in to the Azure portal with an account that's a global admin or privileged role admin for the directory.
Select Azure Active Directory, select Users, and then select a specific user from the list.
For the selected user, select Directory role, select Add role, and then pick the appropriate admin roles from the Directory roles list, such as Conditional access administrator.
Press Select to save.
References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/activedirectory-users-assign-role-azure-portal

NEW QUESTION 16
HOT SPOT
You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.
You install and configure a web server and a DNS server on VM1.
VM1 has the effective network security rules shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 17
HOT SPOT
You have an Azure subscription named Subscription1.
In Subscription1, you create an Azure file share named share1.
You create a shared access signature (SAS) named SAS1 as shown in the following exhibit.

To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: Will be prompted for credentials
Azure Storage Explorer is a standalone app that enables you to easily work with Azure Storage data on Windows, macOS, and Linux. It is used for connecting to and managing your Azure storage accounts.
Box 2: Will have read, write, and list access
The net use command is used to connect to file shares. References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signaturepart- https://docs.microsoft.com/en-us/azure/vs-azure-tools-storage-manage-with-storageexplorer? tabs=windows

NEW QUESTION 18
Note: This questions is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment.
Does this meet the goal?

• A. Yes
• B. No

Answer: B