You have an on-premises Active Directory forest and an Azure Active Directory (Azure AD) tenant. All Azure AD users are
assigned an Azure AD Premium P1 license.
You deploy Azure AD Connect.
Which two features are available in this environment that can reduce operational overhead for your companys help desk?
Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
C E
You have an Azure subscription.
You need to deploy an Azure Kubernetes Service (AKS) solution that will use Linux nodes. The solution must meet the
following requirements:
Minimize the time it takes to provision compute resources during scale-out operations. Support autoscaling of Linux
containers. Minimize administrative effort.
Which scaling option should you recommend?
B
Explanation:
About the cluster autoscaler.
AKS clusters can scale in one of two ways:
The cluster autoscaler watches for pods that can't be scheduled on nodes because of resource constraints. The cluster
then automatically increases the number of nodes. The horizontal pod autoscaler uses the Metrics Server in a Kubernetes
cluster to monitor the resource demand of pods. Reference:
https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler
You have an Azure subscription that contains an Azure Blob storage account named store1.
You have an on-premises file server named Server1 that runs Windows Server 2016. Server1 stores 500 GB of company
files.
You need to store a copy of the company files from Server 1 in store1.
Which two possible Azure services achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
D E
You manage an on-premises network and Azure virtual networks.
You need to create a secure connection over a private network between the on-premises network and the Azure virtual
networks. The connection must offer a redundant pair of cross connections to provide high availability.
What should you recommend?
B
Explanation:
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or
unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
You manage an application instance. The application consumes data from multiple databases. Application code references
database tables using a combination of the server, database, and table name.
You need to migrate the application data to Azure.
To which two Azure services could you migrate the application to achieve the goal? Each correct answer presents a
complete solution.
NOTE: Each correct selection is worth one point.
A D
Explanation:
A: The managed instance deployment model is designed for customers looking to migrate a large number of apps from on-
premises or IaaS, self-built, or ISV provided environment to fully managed PaaS cloud environment, with as low migration
effort as possible. Using the fully automated Data Migration Service (DMS) in Azure, customers can lift and shift their on-
premises SQL Server to a managed instance that offers compatibility with SQL Server on-premises and complete isolation of
customer instances with native VNet support.
D: Access your SQL Server data seamlessly regardless of whether it's on-premises or stretched to the cloud. You set the
policy that determines where data is stored, and SQL Server handles the data movement in the background. The entire table
is always online and queryable. And, Stretch Database doesn't require any changes to existing queries or applications - the
location of the data is completely transparent to the application. Reference:
https://docs.microsoft.com/en-us/sql/sql-server/stretch-database/stretch-database https://docs.microsoft.com/en-
us/azure/sql-database/sql-database-managed-instance
HOTSPOT
You have an Azure subscription named Subscription1 that is linked to a hybrid Azure Active Directory (Azure AD) tenant.
You have an on-premises datacenter that does NOT have a VPN connection to Subscription1. The datacenter contains a
computer named Server1 that has Microsoft SQL Server 2016 installed. Server1 is prevented from accessing the internet.
An Azure logic app named LogicApp1 requires write access to a database on Server1.
You need to recommend a solution to provide LogicApp1 with the ability to access Server1.
What should you recommend deploying on-premises and in Azure? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.
Hot Area:
Explanation:
Box 1: An on-premises data gateway
For logic apps in global, multi-tenant Azure that connect to on-premises SQL Server, you need to have the on-premises data
gateway installed on a local computer and a data gateway resource that's already created in Azure.
Box 2: A connection gateway resource
Reference:
https://docs.microsoft.com/en-us/azure/connectors/connectors-create-api-sqlazure
HOTSPOT
You have the application architecture shown in the following exhibit:
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in
the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Explanation:
Box 1: Modify the Azure Traffic Manager routing
Azure Traffic Manager supports six traffic-routing methods to determine how to route network traffic to the various service
endpoints.
Box 2: Endpoint monitor settings in the Azure Traffic Manager
Azure Traffic Manager includes built-in endpoint monitoring and automatic endpoint failover. This feature helps you deliver
high-availability applications that are resilient to endpoint failure, including Azure region failures.
To configure endpoint monitoring, you must specify the following settings on your Traffic Manager profile: Protocol, Port,
Path, custom header settings, etc.
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods https://docs.microsoft.com/en-
us/azure/traffic-manager/traffic-manager-monitoring
HOTSPOT
You are designing an Azure web app.
You plan to deploy the web app to the North Europe Azure region and the West Europe Azure region.
You need to recommend a solution for the web app. The solution must meet the following requirements:
Users must always access the web app from the North Europe region, unless the region fails.
The web app must be available to users if an Azure region is unavailable. Deployment costs must be minimized.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
You plan to deploy an application that will run in a Linux-based Docker container.
You need to recommend a solution to host the application in Azure. The solution must meet the following requirements:
Support a custom domain name and an associated SSL certificate.
Scale-out automatically based on demand. Minimize administrative effort and costs.
What should you include in the recommendation?
A
Explanation:
App Service not only adds the power of Microsoft Azure to your application, such as security, load balancing, autoscaling,
and automated management. You can also take advantage of its DevOps capabilities, such as continuous deployment from
Azure DevOps, GitHub, Docker Hub, and other sources, package management, staging environments, custom domain, and
TLS/SSL certificates.
Key features of App Service include:
Containerization and Docker - Dockerize your app and host a custom Windows or Linux container in App Service.
Scale up or out manually or automatically. Host your apps anywhere in Microsoft's global datacenter infrastructure, and
the App Service SLA promises high availability.
App Service can also host web apps natively on Linux for supported application stacks. It can also run custom Linux
containers (also known as Web App for Containers).
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview
You have an Azure subscription.
You need to deploy an Azure Kubernetes Service (AKS) solution that will use Windows Server 2019 nodes. The solution
must meet the following requirements:
Minimize the time it takes to provision compute resources during scale-out operations. Support autoscaling of Windows
Server containers.
Which scaling option should you recommend?
A
Explanation:
Azure Container Instances (ACI) lets you quickly deploy container instances without additional infrastructure overhead.
When you connect with AKS, ACI becomes a secured, logical extension of your AKS cluster. The virtual nodes component,
which is based on Virtual Kubelet, is installed in your AKS cluster that presents ACI as a virtual Kubernetes node.
Kubernetes can then schedule pods that run as ACI instances through virtual nodes, not as pods on VM nodes directly in
your AKS cluster.
Your application requires no modification to use virtual nodes. Deployments can scale across AKS and ACI and with no
delay as cluster autoscaler deploys new nodes in your AKS cluster.
Note: AKS clusters can scale in one of two ways:
The cluster autoscaler watches for pods that can't be scheduled on nodes because of resource constraints. The cluster
then automatically increases the number of nodes.
The horizontal pod autoscaler uses the Metrics Server in a Kubernetes cluster to monitor the resource demand of pods. If
an application needs more resources, the number of pods is automatically increased to meet the demand.
Incorrect Answers:
B: To rapidly scale your AKS cluster, you can integrate with Azure Container Instances (ACI). Kubernetes has built-in
components to scale the replica and node count. However, if your application needs to rapidly scale, the horizontal pod
autoscaler may schedule more pods than can be provided by the existing compute resources in the node pool. If configured,
this scenario would then trigger the cluster autoscaler to deploy additional nodes in the node pool, but it may take a few
minutes for those nodes to successfully provision and allow the Kubernetes scheduler to run pods on them. Reference:
https://docs.microsoft.com/en-us/azure/aks/concepts-scale5
You have an Azure subscription that contains a Windows Virtual Desktop tenant.
You need to recommend a solution to meet the following requirements:
Start and stop Windows Virtual Desktop session hosts based on business hours. Scale out Windows Virtual Desktop
session hosts when required. Minimize compute costs.
What should you include in the recommendation?
C
Explanation:
Reference:
https://www.ciraltos.com/automatically-start-and-stop-wvd-vms-with-azure-automation/ https://wvdlogix.net/windows-virtual-
desktop-host-pool-automation-2 https://getnerdio.com/academy/how-to-optimize-windows-virtual-desktop-wvd-azure-costs-
with-event-based-autoscaling-and-azure-vm-scale-sets/
Your company, named Contoso, Ltd, implements several Azure logic apps that have HTTP triggers. The logic apps provide
access to an on-premises web service.
Contoso establishes a partnership with another company named Fabrikam, Inc.
Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity
management to authenticate its users.
Developers at Fabrikam plan to use a subset of the logic apps to build applications that will integrate with the on-premises
web service of Contoso.
You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the
following requirements:
Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at
Contoso. The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.
The solution must NOT require changes to the logic apps. The solution must NOT use Azure AD guest accounts.
What should you include in the solution?
C
Explanation:
API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of
their data and services. You can secure API Management using the OAuth 2.0 client credentials flow.
Incorrect Answers:
A: Azure Active Directory B2B uses guest users.
B: Azure Front Door is an Application Delivery Network (ADN) as a service, offering various layer 7 load-balancing
capabilities for your applications.
Azure Front Door supports HTTP, HTTPS and HTTP/2. Applications can be authorized through OAuth 2.0.
D: Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote
client. Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy
connector which runs on an on-premises server.
Application Proxy works with:
Web applications that use Integrated Windows Authentication for authentication Web applications that use form-based
or header-based access Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts
You are designing an Azure solution.
The network traffic for the solution must be securely distributed by providing the following features:
HTTPS protocol
Round robin routing SSL offloading
You need to recommend a load balancing option.
What should you recommend?
D
Explanation:
If you are looking for Transport Layer Security (TLS) protocol termination ("SSL offload") or per-HTTP/HTTPS request,
application-layer processing, review Application Gateway.
Application Gateway is a layer 7 load balancer, which means it works only with web traffic (HTTP, HTTPS, WebSocket, and
HTTP/2). It supports capabilities such as SSL termination, cookie-based session affinity, and round robin for load-balancing
traffic. Load Balancer load-balances traffic at layer 4 (TCP or UDP). Reference:
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq
DRAG DROP
You have an on-premises network that uses an IP address space of 172.16.0.0/16.
You plan to deploy 25 virtual machines to a new Azure subscription.
You identify the following technical requirements:
All Azure virtual machines must be placed on the same subnet named Subnet1.
All the Azure virtual machines must be able to communicate with all on-premises servers.
The servers must be able to communicate between the on-premises network and Azure by using a site-to-site VPN.
You need to recommend a subnet design that meets the technical requirements.
What should you include in the recommendation? To answer, drag the appropriate network addresses to the correct
subnets. Each network address may be used once, more than once, or not at all. You may need to drag the split bar
between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
You have an Azure subscription that contains a storage account.
An application sometimes writes duplicate files to the storage account.
You have a PowerShell script that identifies and deletes duplicate files in the storage account. Currently, the script is run
manually after approval from the operations manager.
You need to recommend a serverless solution that performs the following actions:
Runs the script once an hour to identify whether duplicate files exist
Sends an email notification to the operations manager requesting approval to delete the duplicate files
Processes an email response from the operations manager specifying whether the deletion was approved Runs the
script if the deletion was approved
What should you include in the recommendation?
A
Explanation:
You can schedule a powershell script with Azure Logic Apps.
When you want to run code that performs a specific job in your logic apps, you can create your own function by using Azure
Functions. This service helps you create Node.js, C#, and F# functions so you don't have to build a complete app or
infrastructure to run code. You can also call logic apps from inside Azure functions. Azure Functions provides serverless
computing in the cloud and is useful for performing tasks such as these examples: Reference:
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-azure-functions