Microsoft Certified: Azure Solutions Architect Expert Certification Questions and Answer (Dumps and Practice Questions)
Question : You work for a company named ABC.com. Your role as Cloud Administrator includes the management of the company's Microsoft Azure subscription.
You are configuring a web application hosted in Azure. The web application uses files stored in a blob container in an Azure Storage account.
The web application should enable authenticated users to upload files to the blob storage container and download any file in the blob storage container. You need to be able to
revoke access to the blob files for the authenticated users. Anonymous users should be able to download one specific file in the blob container only. For anonymous users,
you plan to make the blob container public. For authenticated users, you plan to create a stored access policy for each user and use Shared Access Signatures based on the
policy to provide read and write access to the blob files. Which of the following statements are true?
A. Anonymous users can download one specific file in the blob container only.
B. Anonymous users can download any file in the blob container.
C. Anonymous users can upload files to the blob container.
D. Authenticated users can upload files to the blob container.
E. You can revoke write access to the blob container for the authenticated users.
1. A,B,C
2. B,D,E
3. C,D,E
4. A,C,E
5. B,C,E
Correct Answer : 2
Explanation: By default, only the owner of the storage account may access storage resources within that account. If your service or application needs to make these
resources available to other clients without sharing your access key, you have the following options for permitting access:
You can set a container's permissions to permit anonymous read access to the container and its blobs. Anonymous read access is available only for containers and blobs.
You can expose a resource via a shared access signature, which enables you to delegate restricted access to a container, blob, table, queue, file share, or file by specifying the
interval for which the resources are available and the permissions that a client will have to it.
You can use a stored access policy to manage shared access signatures for a container or its blobs, for a queue, for a table, or for a file share or its files. The stored access
policy gives you an additional measure of control over your shared access signatures and also provides a straightforward means to revoke them.
Restrict Access to Containers and Blobs
By default, a container and any blobs within it may be accessed only by the owner of the storage account. To give anonymous users read permissions to a container and its blobs, you
can set the container permissions to allow public access. Anonymous users can read blobs within a publicly accessible container without authenticating the request.
Containers provide the following options for managing container access:
Full public read access: Container and blob data can be read via anonymous request. Clients can enumerate blobs within the container via anonymous request, but cannot enumerate
containers within the storage account.
Public read access for blobs only: Blob data within this container can be read via anonymous request, but container data is not available. Clients cannot enumerate blobs within the
container via anonymous request.
No public read access: Container and blob data can be read by the account owner only.
Read More : https://azure.microsoft.com/en-us/documentation/articles/storage-manage-access-to-resources/
Question : You work for a company named ABC.com. Your role as Cloud Administrator includes the management of the company's public and private cloud infrastructure.
The company has an Azure Active Directory (Azure AD) tenant. The company has a development department. Developers have created a new application that will be used by company
employees and customers.
You plan to host the application in Azure. You need to ensure that the application can read and write data such as users and groups in the Azure AD.
Which of the following permissions should you assign to the application?
1. Enable sign-on and read users' profiles
2. Access your organization's directory.
3. Read directory data
4. Read and write directory data
Correct Answer : 4
Explanation: Azure Active Directory is a comprehensive identity and access management cloud solution that provides a robust set of capabilities to manage users and
groups. It helps secure access to on-premises and cloud applications, including Microsoft online services like Office 365 and many non-Microsoft SaaS applications
Read directory data Allow the application to read data in your organization's directory, such as users, groups and applications. Delegation and application permission. Must be
consented by an administrator.
Read and write directory data Allow the application to read and write data in your organization's directory, such as users and groups. Delegation and application permission.
Must be consented by an administrator.
Question : You work for a company named ABC.com. Your role as Systems Administrator includes the management of the company's public and private
cloud infrastructure and the company's Azure Active Directory (Azure AD).
Sales users and Customer Account Managers often work away from the office. All Sales users and Customer Account Managers use Concur and access the application through the end-user
access panel in Azure. A Customer Account Manager named Mia changes role within the company. Her new role means she is now office-based and does not need to travel to visit
customers.
You want to remove Mia's access to Concur in the end-user access panel in Azure without affecting her access to other applications.
Which of the following actions should you perform?
1. Remove Mia's Office 365 license.
2. Remove Mia's Concur assignment in the Azure Management Portal.
3. Modify Mia's Azure Active Directory account permissions.
4. Run the Set-MsolUserLicense PowerShell cmdlet.
Correct Answer : 2
Explanation:
Related Questions
Question : You work for a company named ABC.com. The company has a single Active Directory Domain Services (AD DS) domain and an Azure Tenant.
Your role as Systems Administrator includes the management of the Azure Active Directory (Azure AD). A server named TK-DirSync1 is configured as a DirSync server.
You need to create a new user in Azure AD. You create the user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD.
Which two of the following actions could you take to force DirSync synchronization?
A. Use Active Directory Sites and Services to force replication of the Global Catalog on a domain controller.
B. Restart the NetLogon service on a domain controller.
C. Run the Microsoft Online Services Directory Synchronization Configuration Wizard and select the Synchronize directories now option.
D. Restart TK-DirSync1.
E. Run the Start-OnlineCoexistenceSync PowerShell cmdlet.
1. A,B
2. B,C
3. C,D
4. C,E
Question : You work for a company named ABC.com. Your role as Cloud Administrator includes the management of the company's Microsoft Azure subscription.
The company has a Development department. Developers have created a new corporate website. Part of the website will be secured using SSL.
You plan to host the website on Azure. You need to determine which Azure web tier plan to host the website. The web tier plan must meet the following requirements:
.The website will use custom a domain.
.The website will require 8 GB of storage.
.The websites must have custom domain SSL support.
.The website must support Auto-Scaling in times of high usage.
.Staged publishing must be supported
.Costs must be minimized.
Which web tier plan should you use?
1. Standard
2. Basic
3. Free
4. Shared
Question : You work as a network administrator at ABC.com. The corporate network consists of physical and virtual servers located in a datacenter and virtual servers hosted on
Microsoft Azure.
The company has servers that run Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012. A server named TK-App1 runs Windows Server 2008 R2 SP1 and Microsoft .NET 3.5
Framework. TK-App1 hosts a custom application named ProductionApp. All users in the Production department use ProductionApp. You want to run ProductionApp as a cloud service on
Microsoft Azure. The server operating system and .NET framework version that ProductionApp runs under cannot be changed. Which guest OS family version should you select for the Azure
Cloud Services instance?
1. Family 1
2. Family 2
3. Family 3
4. Family 4
Question : Your role of Systems Administrator at ABC.com includes the management of the company's private and public clouds. The private clouds are hosted in a data center at the
company's headquarters. A physical server named TK-SQL1 runs Windows Server 2012 and SQL Server 2012. TK-SQL1 is hosted in the datacenter.
You have an application that runs in Azure Cloud Services. The cloud service consists of two A1 virtual machine instances.
The application copies data to a SQL Server database hosted on TK-SQL1. Users complain that the application runs slowly when it is copying data to TK-SQL1. You want to reduce the
time it takes the application to copy data to TK-SQL1. Which of the following actions should you perform?
1. Allocate additional processors to the virtual machines.
2. Deploy the application as two A3 instances.
3. Deploy the application as two A0 instances.
4. Deploy a third A1 instance of the application.
Question : You work as a network administrator at ABC.com. The corporate network consists of physical and virtual servers located in a datacenter and a public cloud hosted on
Microsoft Azure.The company has a Development department. Users in the Development department develop custom applications that are used within the company. One custom application is
named CorpApp1. The application is hosted in Azure Cloud Services. The developers release an updated version of CorpApp1. You need to deploy the updated version of CorpApp1 to Azure
cloud services for a period of time to allow for testing. During testing, the current version of CorpApp1 must remain online. After testing, the new version must replace the current
version as the live version with the minimum amount of downtime. When the new version is live, the old version must remain available for a period of time to be redeployed in the
event of problems with the new version. The solution must minimize costs, administrative effort and application downtime. Which of the following actions should you perform? (Choose
all that apply)
A. Deploy the new application to a new cloud service.
B. Deploy the new application to the production area.
C. Deploy the new application to the staging area.
D. Move the old version of the application to a new cloud service.
E. Perform a Virtual IP swap.
1. A,B
2. B,C
3. C,D
4. D,E
5. C,E
Question : You work as a network administrator at ABC.com. The corporate network consists of physical and virtual servers located in a datacenter and applications running in
Microsoft Azure Cloud Services.
One new cloud services application has an HTTPS endpoint to provide encrypted access for users.
You need to provide an x.509 certificate to be used by the application for SSL access. How can you ensure that the certificate can be accessed by the application?
1. Redeploy the application package to include the certificate.
2. Upload the certificate to the staging area.
3. Use the management portal to upload the certificate.
4. Use the management portal to upload the public key of the certificate.