NEW QUESTION 1
You have an on-premises network that uses on IP address space of 172.16.0.0/16 You plan to deploy 25 virtual machines to a new azure subscription.
You identity the following technical requirements.
All Azure virtual machines must be placed on the same subnet subnet1.
All the Azure virtual machines must be able to communicate with all on premises severs.
The servers must be able to communicate between the on-premises network and Azure by using a site to site VPN.
You need to recommend a subnet design that meets the technical requirements.
What should you include in the recommendation? To answer, drag the appropriate network addresses to the correct subnet. Each network address may be used once, more than once or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 2
Your network contains an on-premises Active Directory forest.
You discover that when users change jobs within your company, the membership of the user group are not updated. As a result the users can resources that are no longer relevant to their job.
You plan to integrate Active Directory and Azure Active Directory (Azure AD) by using Azure AD Connect
You need to recommend a solution to ensure that group owners are emailed monthly m** the group membership they manage.
What should you include in the recommendation?

• A. Azure AD Identify Protection
• B. Tenant Restrictions
• C. Azure AD access reviews
• D. conditional access policies

Answer: C

Explanation: References:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

NEW QUESTION 3
You are planning to deploy an application by using the Azure Kubermets Services (AKS)> the application will reedy on having access to an encryption key that will be used to ... transmit files
What should you use to provides the encryption key AKS security?

• A. secrets
• B. Azure Storage Service Encryption
• C. a Kubernetes deployment YAML file
• D. ConfigureMap

Answer: C

NEW QUESTION 4
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains a resource group named RG1.
You create an Azure Active Directory (Azure AD) group named ResearchUsers that contains the user accounts of all researchers.
You need to recommend a solution that meets the following requirements:
The researchers must be allowed to create Azure virtual machines.
The researchers must only be able to create Azure virtual machines by using specific Azure Resource Manager templates.
Solution: On RG1, assign the Contributor role to the ResearchUsers group. Create a custom Azure Policy definition and assign the policy to RG1.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 5
You have 20 Azure virtual machines that run windows Server 2021 based on a custom virtual machine image. Each virtual machine an instance of a VSS-capable app that was developed in-house. Each instance is accessed by public endpoint . Each instance separate database. The average database size is 200 GB.
You need to design a disaster recovery solution for individual instances.
• Provide a recovery objective time object (RTO] of six hours.
• Provide a recovery point objective (RPO) at eight hours.
• Support recovery to a different Azure region.
• Support VSS- based backups.
• Minimize VSS-based backups.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

Answer:

Explanation:

NEW QUESTION 6
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Project1. Only a group named Project1admins is assigned roles in the Project1 subscription. The Project1 subscription contains all the resources for an application named Application1.
Your company is developing a new application named Application2. The members of the Application2 development team belong to an Azure Active Directory (Azure AD) group named App2Dev.
You identify the following requirements for Application2:
The members of App2Dev must be prevented from changing the role assignments in Azure.
The members of App2Dev must be able to create new Azure resources required by Application2.
All the required role assignments for Application2 will be performed by the members of
Project1admins.
You need to recommend a solution for the role assignments of Application2.
Solution: In Project1, create a resource group named Application2RG. Assign Project1admins the Owner role for Application2RG. Assign App2Dev the Contributor role for Application2RG.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 7
You configure the Diagnostics settings for an Azure SQL database as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on The information presented in the graphic.
NOTE: Each coned selection is worth one point.

Answer:

Explanation:

NEW QUESTION 8
Your company has 300 virtual machines hosted in a VMWare environment. The virtual machines vary in size and have various utilization levels.
You plan to move all the virtual machines to Azure.
You need to recommend how many and what size Azure virtual machines will be required to move the current workloads to Azure. The solution must minimize administrative effort.
What should you use to make the recommendation?

• A. Azure Cost Management
• B. Azure Migrate
• C. Azure pricing calculator
• D. Azure Advisor recommendations

Answer: A

NEW QUESTION 9
You are designing an access policy for the sales department at your company.
Occasionally, the developers at the company must stop, start, and restart Azure virtual machines. The development team changes often.
You need to recommend a solution to provide the developers with the required access to the virtual machines. The solution must meet the following requirements:
Provide permissions only when needed.
Use the principle of least privilege.
Minimize costs.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 10
You plan to deploy logical Azure SQL Database servers to The East US Azure region and the Wen US Azure region. Each server will contain 20 database accessed by a different user who reads in a different on premises location. The databases will be configured to use active geo-replication.
You need to recommend a solution that meets the following requirement!;
• Restricts user access to each database
• Restricts network access to each database based on each user's respective location
• Ensures that the databases remain accessible from down applications if the local Azure region fails
What should you include in the recommendation? To answer, select the appropriate options m the answer area NOTE: Each correct selection is worth one point.

Answer:

Explanation:


Topic 3, Case Study B
Overview
Contoso,Ltd is a US-base finance service company that has a main office New York and an office in San Francisco.
Payment Processing Query System
Contoso hosts a business critical payment processing system in its New York data center. The system has three tiers a front-end web app a middle -tier API and a back end data store implemented as a Microsoft SQL Server 2014 database All servers run Windows Server 2012 R2.
The front -end and middle net components are hosted by using Microsoft Internet Inform-non Services (IK) The application rode is written in C# and middle- tier API uses the Entity framework to communicate the SQL Server database. Maintenance of the database e performed by using SQL Server Ago-
The database is currently J IB and is not expected to grow beyond 3 TB.
The payment processing system has the following compliance related requirement
• Encrypt data in transit and at test. Only the front-end and middle-tier components must be able to access the encryption keys that protect the date store.
• Keep backups of the two separate physical locations that are at last 200 miles apart and can be restored for op to seven years.
• Support blocking inbound and outbound traffic based on the source IP address, the description IP address, and the port number
• Collect Windows security logs from all the middle-tier servers and retain the log for a period of seven years,
• Inspect inbound and outbound traffic from the from-end tier by using highly available network appliances.
• Only allow all access to all the tiers from the internal network of Contoso.
Tape backups ate configured by using an on-premises deployment or Microsoft System Center Data protection Manager (DPMX and then shaped ofsite for long term storage
Historical Transaction Query System
Contoso recently migrate a business-Critical workload to Azure. The workload contains a NET web server for querying the historical transaction data residing in azure Table Storage. The NET service is accessible from a client app that was developed in-house and on the client computer in the New Your office. The data in the storage is 50 GB and is not except to increase.
Information Security Requirement
The IT security team wants to ensure that identity management n performed by using Active Directory. Password hashes must be stored on premises only.
Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger multi-factor authentication prompt automatically Legitimate users must be able to authenticate successfully by using multi-factor authentication.
Planned Changes
Contoso plans to implement the following changes:
* Migrate the payment processing system to Azure.
* Migrate the historical transaction data to Azure Cosmos DB to address the performance issues.
Migration Requirements
Contoso identifies the following general migration requirements:
Infrastructure services must remain available if a region or a data center fails. Failover must occur without any administrative intervention
• Whenever possible. Azure managed serves must be used to management overhead
• Whenever possible, costs must be minimized.
Contoso identifies the following requirements for the payment processing system:
• If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations-
• If that the number of compute nodes of the from -end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization.
• Ensure that each tier of the payment processing system is subject to a Service level Agreement (SLA) of 9959 percent availability
• Minimize the effort required to modify the middle tier API and the back-end tier of the payment processing system.
• Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines.
• Insure that the payment processing system preserves its current compliance status.
• Host the middle tier of the payment processing system on a virtual machine.
Contoso identifies the following requirements for the historical transaction query system:
• Minimize the use of on-premises infrastructure service.
• Minimize the effort required to modify the .NET web service querying Azure Cosmos DB.
• If a region fails, ensure that the historical transaction query system remains available without any administrative intervention.
Current Issue
The Contoso IT team discovers poor performance of the historical transaction query as the queries frequently cause table scans.
Information Security Requirements
The IT security team wants to ensure that identity management is performed by using Active Directory. Password hashes must be stored on-premises only.
Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically. legitimate users must be able to authenticate successfully by using multi-factor authentication.

NEW QUESTION 11
You need to recommend a solution for implementing the back-end tier of the payment processing system in Azure.
What should you include in the recommendation?

• A. an Azure SQL Database managed instance
• B. a SQL Server database on an Azure virtual machine
• C. an Azure SQL Database single database
• D. an Azure SQL Database elastic pool

Answer: C

NEW QUESTION 12
You have an on-premises deployment of MongoDB.
You plan to migrate MongoDB to an Azure Cosmos DB account that uses the MongoDB API. You need to recommend a solution for migrating MongoDB to Azure Cosmos DB.
What should you include in the recommendation?

• A. mongorestore
• B. Data Migration Assistant
• C. Azure Storage Explorer
• D. Azure Cosmos DB Data Migration Tool

Answer: A

Explanation: References:
https://docs.microsoft.com/en-us/azure/cosmos-db/mongodb-migrate

NEW QUESTION 13
You have standard Load balancer configured to support three virtual machines on the same subnet. You need to recommend a solution to notify administrators when the load balancer fails.
Which metrics should you recommend using to test the load balancer? To answer, drag the appropriate metrics to the correct conditions. Each metric may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOT: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 14
Your development team plans to use an Azure subcription to test new applications. The application will reside on Azure virtual machines. The developers will be responsible for managing the subscription shared resources will be used by more than one appliacation.
You need to recommend a deplyment solution that meets the following requirements: Minimize administration effort for the develops
Ensures that the testing environment can be recreated consistently
Ensures that the testing cycle is complete, all the resources, except for the shared resources associated to each application are deleted
What should you include in the recommendation?

• A. Use JSON templates to create the resource
• B. Place the shared resources in one resource group, the application-specific resources in separate resource group.
• C. Use JSON templates to create the resource
• D. Place the shared resources in one resource group- Place all the application -.pacific in a resources in second resource group
• E. Use an Azure PowerShell script lo create the resource
• F. Place the shared resources .and the application-specific resources in the resources group.
• G. Use an Azure PowerShell script to create the resource
• H. Place the shared resources in one resource group Place the application-specific resources in separate resources groups.

Answer: B

NEW QUESTION 15
Your company has an on-premises Windows HPC cluster. The cluster runs an intrinsically parallel, compute-intensive workload that performs financial risk modelling.
You plan to migrate the workload to Azure Batch.
You need to design a solution that will support the workload. The solution must meet the following requirements:
Support the large-scale parallel execution of Azure Batch jobs.
Minimize cost.
What should you include in the solution?

• A. Basic A-series virtual machines
• B. low-priority virtual machines
• C. burstable virtual machines
• D. Azure virtual machine sizes that support the Message Passing Interface (MPI) API

Answer: B

Explanation: References:
https://docs.microsoft.com/en-us/azure/batch/batch-technical-overview

NEW QUESTION 16
You have an Azure Active Directory (Azure AD) tenant. All user accounts are syncrhonized from an onpermises Directory and are configured for federated authentication. Active Directopry Federation Services (AD FS) servers are published for external connnection by using a farm Application proxy servers.
You need to recommend a solution to monitor the servers that integrate with Azure AD. The solution must meet the following requirements:
Identify any AD FS issue and their potential resolutions.
Identify any directory synchronization configuration issues and their potential resolutions.
Notify administrations when there are any issue affecting directory synchronization or AD FS operations. Which monitoring solution should you recommend for each server type? To answer, drag the appropriate
monitoring solution to the correct types. Each monitoring solution may be used once, than once, or not at all.
You may need to drag the split bar between panes scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 17
You deploy Azure service by using Azure Resources Manager templates. The template reference secrets are stored in Azure key Vault.
You need to recommend a solution for accessing the secrets during deployments. The solution must prevent the users who are performing the deployments from accessing the secrets in the key vault directly.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 18
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions with not appear in the review screen.
You need to deploy resources to host a stateless web app in an Azure subscription The solution must meet the following requirements:
• Provide access to the full .NET framework.
• Provide redundancy it an Azure region fails.
• Grant administrators access to the operating system to install custom application dependencies. Solution: You deploy an Azure virtual machine to two Azure regions, and you create a Traffic Manager
profile.
Does this meet the goal?

• A. Yes
• B. No

Answer: A