Microsoft Certified: Azure Solutions Architect Expert Certification Questions and Answer (Dumps and Practice Questions)
Question : You work for a company named ABC.com. Your role as Cloud Administrator includes the management of the company's Microsoft Azure subscription.
The company has a virtual machines (VMs) hosted in Microsoft Azure. The VMs are located in a single Azure virtual network named TK-VNet1.
The company has users that work remotely. The remote workers require access to the VMs on TK-VNet1.
How can you provide access for the remote workers?
1. By configuring a Site-to-Site (S2S) VPN.
2. By configuring a VNet-toVNet VPN.
3. By configuring a Point-to-Site (P2S) VPN.
4. By configuring DirectAccess on a Windows Server 2012 server VM.
Correct Answer 3 :
Explanation: If you travel for work or work remotely, you likely use an agent that you run in order to connect to the corporate network. That agent establishes a secure
connection to the corporate network, enabling you to access resources even from public locations. That's exactly what a point-to-site network is, it includes an installer that will
add a VPN connection. Point-to-site connectivity allows you to connect an individual computer to an Azure virtual network using a secure VPN connection. A self-signed certificate is
used for authentication. Site-to-site connectivity allows you to create an industry standard IPSEC VPN connection between one or more networks and an Azure virtual network.
Question : You work as a network administrator at ABC.com. The corporate network consists of physical and virtual servers located in a
datacenter and virtual servers hosted on Microsoft Azure.
The company has servers that run Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012. You have a System Center 2012 SP1
infrastructure to manage the network. You
use System Center Data Protection Manager (DPM) to back up the servers. You want to store backup data in the Azure Backup service.
You need configure the DPM server to work with Azure Backup.
Which of the following steps are required as part of the configuration?
A. Upgrade System Center 2012 SP1 Data Protection Manager to System Center 2012 R2 Data Protection Manager/
B. Download and install the Azure Backup Agent on the DPM server.
C. Download and install the Azure Backup Agent on all servers that will be backed up by DPM.
D. Upload a public certificate to Azure.
1. A,B
2. B,D
3. D,E
4. A,E
5. C,E
Correct Answer 2 Exp: Azure Backup can integrate with the user interfaces for Data Protection Manager or Windows Server backup. Backups can be scheduled or on-demand.
Why should I use Azure Backup?
For on-premises DPM deployment, Azure Backup provides a simple method of offsite storage. You can store data with Azure up to 3360 days.
When DPM is deployed as an Azure virtual machine, you can offload storage to Azure Backup from the Azure disk, allowing you to scale up by storing older data in Azure Backup and new
data on disk.
Considerations for using Azure backup with your DPM server
The online protection will provide you a great possibility to place your production data in Azure meaning that you can securely and fully optimized provide an off-site replication
for the company production data.
There are some considerations that you must keep in mind:
The online protection is only available for primary DPM servers
The retention time for your production data in Azure is 120 days
You can place two recovery points per day in your backup vault provided in Azure
You can provide online protection for Hyper-V, SQL and File
You must have a DPM disk pool attached to the DPM server
Windows Azure Backup Agent will use Windows Identity Foundation 3.5 feature.
The certificate used for the backup vault in Azure must fulfill the following prerequisites:
To upload to the certificate to the vault, you must export it as a .cer format file that contains the public key.
The certificate should be an x.509 v3 certificate.
The key length should be at least 2048 bits.
The certificate must have a valid ClientAuthentication EKU.
The certificate should be currently valid with a validity period that does not exceed 3 years.
The certificate should reside in the Personal certificate store of your Local Computer.
The private key should be included during installation of the certificate.
You can create a self-signed certificate using the makecert tool, or use any valid SSL certificate issued by a Certification Authority (CA) trusted by Microsoft, whose root
certificates are distributed via the Microsoft Root Certificate Program.
Question : You work for a company named ABC.com. Your role as Cloud Administrator includes the management of the company's Microsoft Azure subscription.
The company has a corporate web application hosted in Azure. The web application uses files stored in a blob container in an Azure Storage account.
Users are able to upload, download and delete files in the blob container.
You enable Windows Azure Storage Logging to log READ, WRITE and DELETE operations on items in the blob container. You use the logs for analytics purposes.
You discover that the log data is using a large amount of storage space and the associated cost of the log storage is increasing. You need to reduce the
amount of storage space required for the logs.
Which of the following actions should you perform?
1. Configure and enable a retention policy.
2. Configure a separate blob container for the logs.
3. Rename the $Logs container.
4. Wait for the logs to expire.
Correct Answer 1 :
Explanation: By default, Storage Analytics will not delete any logging or metrics data. Blobs and table entities will continue to be written until the shared 20TB limit
is reached. Once the 20TB limit is reached, Storage Analytics will stop writing new data and will not resume until free space is available. This 20TB limit is independent of the
total limit for your storage account.
You can configure two data retention policies: one for logging and one for metrics. When enabled for both, Storage Analytics will delete logs and table entries older than the
specified number of days. The maximum retention period is 365 days (1 year).
You can also configure a retention policy that uses different periods for logging and metrics. To disable a retention policy in the future, call the Set Blob Service Properties
operation with the
Related Questions
Question : You work for a company named ABC.com. Your role as Cloud Administrator includes the management of the company's Microsoft Azure subscription.
You are configuring a web application hosted in Azure. The web application uses files stored in a blob container in an Azure Storage account.
The web application should enable authenticated users to upload files to the blob storage container and download any file in the blob storage container. You need to be able to
revoke access to the blob files for the authenticated users. Anonymous users should be able to download one specific file in the blob container only. For anonymous users,
you plan to make the blob container public. For authenticated users, you plan to create a stored access policy for each user and use Shared Access Signatures based on the
policy to provide read and write access to the blob files. Which of the following statements are true?
A. Anonymous users can download one specific file in the blob container only.
B. Anonymous users can download any file in the blob container.
C. Anonymous users can upload files to the blob container.
D. Authenticated users can upload files to the blob container.
E. You can revoke write access to the blob container for the authenticated users.
1. A,B,C
2. B,D,E
3. C,D,E
4. A,C,E
5. B,C,E
Question : You work for a company named ABC.com. Your role as Cloud Administrator includes the management of the company's public and private cloud infrastructure.
The company has an Azure Active Directory (Azure AD) tenant. The company has a development department. Developers have created a new application that will be used by company
employees and customers.
You plan to host the application in Azure. You need to ensure that the application can read and write data such as users and groups in the Azure AD.
Which of the following permissions should you assign to the application?
1. Enable sign-on and read users' profiles
2. Access your organization's directory.
3. Read directory data
4. Read and write directory data
Question : You work for a company named ABC.com. Your role as Systems Administrator includes the management of the company's public and private
cloud infrastructure and the company's Azure Active Directory (Azure AD).
Sales users and Customer Account Managers often work away from the office. All Sales users and Customer Account Managers use Concur and access the application through the end-user
access panel in Azure. A Customer Account Manager named Mia changes role within the company. Her new role means she is now office-based and does not need to travel to visit
customers.
You want to remove Mia's access to Concur in the end-user access panel in Azure without affecting her access to other applications.
Which of the following actions should you perform?
1. Remove Mia's Office 365 license.
2. Remove Mia's Concur assignment in the Azure Management Portal.
3. Modify Mia's Azure Active Directory account permissions.
4. Run the Set-MsolUserLicense PowerShell cmdlet.
Question : You work for a company named ABC.com. Your role as Cloud Administrator includes the management of the company's public and private cloud infrastructure. The company has
an Azure tenant.
The company has a development department. Developers are creating a new application that will be used by company employees and customers to manage users in Azure Active Directories.
The application must be able to perform the following actions on Azure Active Directory objects:
.Create new users.
.Delete users.
.Update user account properties.
.Change user account password.
You need to ensure that the application can perform the required operations. Which of the following actions should you perform?
1. You should configure Active Directory Federation Services 2.0 (AD FS).
2. You should configure the application to run on Azure a software-as-a-service (SaaS).
3. You should configure the Graph API.
4. You should configure the application as an Identity Provider.
Question : You work as a Messaging Administrator at ABC.com. The company has a single Active Directory Domain Services (AD DS) domain and has , employees.
The company currently has a Microsoft Exchange Server on-premises environment. The company plans to implement an Office 365 Exchange online environment in a hybrid configuration.
Some mailboxes will be hosted on Exchange online and some mailboxes will be hosted on Exchange on-premises for a period of time. Eventually, all mailboxes will be migrated to
Exchange online.
You want users to be able to log on the Azure Active Directory (AD) by using their current Active Directory Domain Services (AD DS) user names and passwords.
Which of the following services are the minimum system requirements to achieve this goal?
1. Active Directory Federation Services 2.0 (AD FS) and Directory Sync with Password Sync enabled.
2. Active Directory Domain Services (AD DS) domain controllers hosted on-premise and on Azure.
3. Directory Sync with Password Sync enabled.
4. Active Directory Federation Services Server 2.0 (AD FS), Active Directory Federation Services (AD FS) Proxy and Directory Sync with Password Sync enabled.
5. Active Directory Federation Services 2.0 (AD FS) and Directory Sync.
Question : You work for a company named ABC.com. Your role as Cloud Administrator includes the management of the company's public and private cloud infrastructure.
The company has an Azure Active Directory (Azure AD) tenant. All users have user accounts in Azure Active Directory (AD).
The company has an Intranet web application hosted in Azure. The web application can read and modify user account information in Azure AD.
You suspect that the application key has been compromised. You need to prevent access to the Azure AD by using the key. Users must continue to be able to use the web application.
Which of the following actions should you perform?
1. Modify the existing key in the application definition.
2. Remove the old key and generate a new key for the application.
3. Delete the web application and configure a new application.
4. Disable the graph API.