Microsoft Certified: Azure Solutions Architect Expert Certification Questions and Answer (Dumps and Practice Questions)

Question : You manage an Azure Active Directory (AD) tenant You plan to allow users to log in to a third-party application by using their Azure AD credentials. To access the
application,
users will be prompted for their existing third-party user names and passwords. You need to add the application to Azure AD. Which type of application should you add?


1. Existing Single Sign-On with identity provisioning
2. Password Single Sign-On with identity provisioning
3. Access Mostly Uused Products by 50000+ Subscribers
4. Password Single Sign-On without identity provisioning




Correct Answer : Get Lastest Questions and Answer :
Explanation: https://msdn.microsoft.com/en-us/library/azure/dn308588.aspx
User provisioning enables automated user provisioning and deprovisioning of accounts in third-party SaaS applications from within the Azure Management Portal, using your Windows
Server Active Directory or Azure AD identity information. When a user is given permissions in Azure AD for one of these applications, an account can be automatically created
(provisioned) in the target SaaS application.

From the scenario - Users will be prompted for the EXISTING 3rd party credentials. No need to provision them then.

Configuring password-based single sign-on enables the users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account
information from the third-party SaaS application. When you enable this feature, Azure AD collects and securely stores the user account information and the related password.









Question : You plan to use Password Sync on your DirSync Server with Azure Active Directory {Azure AD) on your company network. You configure the DirSync server and complete an
initial synchronization of the users.

Several remote users are unable to log in to Office 365. You discover multiple event log entries for "Event ID 611 Password synchronization failed for domain. You need to resolve
the password synchronization issue. Which two actions should you perform? Each correct answer presents part of the solution.

A. Restart Azure AD Sync Service.

B. Run the Set-FullPasswordSync Power Shell cmdlet.

C. Force a manual synchronization on the DirSync server.

D. Add the DirSync service account to the Schema Admins domain group.



1. A,B
2. B,C
3. Access Mostly Uused Products by 50000+ Subscribers
4. D,E




Correct Answer : Get Lastest Questions and Answer :
http://roblavin.com/post/93976522843/dirsync-how-can-i-trigger-a-full-password-sync









Question : You administer an Access Control Service namespace named contosoACS that is used by a web application. ContosoACS currently utilizes Microsoft and Yahoo accounts.
Several users in your organization have Google accounts and would like to access the web application through ContosoACS.
You need to allow users to access the application by using their Google accounts. What should you do?



1. Register the application directly with Google.
2. Edit the existing Microsoft Account identity provider and update the realm to include Google.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Add a new WS-Federation identity provider and configure the WS-Federation metadata to point to the Google sign-in URL.





Correct Answer : Get Lastest Questions and Answer :
Explanation: Configuring Google as an identity provider eliminates the need to create and manage authentication and identity management mechanism. It helps the end user
experience if there are familiar authentication procedures.

Reference: How to: Configure Google as an Identity Provider URL: http://msdn.microsoft.com/en-us/library/azure/gg185976.aspx

Related Questions

---

Question : You work for a company named ABC.com. Your role as Cloud Administrator includes the management of the company's Microsoft Azure subscription.
The company has a virtual machines (VMs) hosted in Microsoft Azure. The VMs are located in a single Azure virtual network named TK-VNet1.
The company has users that work remotely. The remote workers require access to the VMs on TK-VNet1.

How can you provide access for the remote workers?


1. By configuring a Site-to-Site (S2S) VPN.
2. By configuring a VNet-toVNet VPN.
3. By configuring a Point-to-Site (P2S) VPN.
4. By configuring DirectAccess on a Windows Server 2012 server VM.





Question : You work as a network administrator at ABC.com. The corporate network consists of physical and virtual servers located in a
datacenter and virtual servers hosted on Microsoft Azure.
The company has servers that run Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012. You have a System Center 2012 SP1
infrastructure to manage the network. You
use System Center Data Protection Manager (DPM) to back up the servers. You want to store backup data in the Azure Backup service.
You need configure the DPM server to work with Azure Backup.
Which of the following steps are required as part of the configuration?

A. Upgrade System Center 2012 SP1 Data Protection Manager to System Center 2012 R2 Data Protection Manager/
B. Download and install the Azure Backup Agent on the DPM server.
C. Download and install the Azure Backup Agent on all servers that will be backed up by DPM.
D. Upload a public certificate to Azure.


1. A,B
2. B,D
3. D,E
4. A,E
5. C,E




Question : You work for a company named ABC.com. Your role as Cloud Administrator includes the management of the company's Microsoft Azure subscription.
The company has a corporate web application hosted in Azure. The web application uses files stored in a blob container in an Azure Storage account.
Users are able to upload, download and delete files in the blob container.
You enable Windows Azure Storage Logging to log READ, WRITE and DELETE operations on items in the blob container. You use the logs for analytics purposes.
You discover that the log data is using a large amount of storage space and the associated cost of the log storage is increasing. You need to reduce the
amount of storage space required for the logs.

Which of the following actions should you perform?


1. Configure and enable a retention policy.
2. Configure a separate blob container for the logs.
3. Rename the $Logs container.
4. Wait for the logs to expire.


Question : You work for a company named ABC.com. Your role as Cloud Administrator includes the management of the company's Microsoft Azure subscription.

You are configuring a web application hosted in Azure. The web application uses files stored in a blob container in an Azure Storage account.
The web application should enable authenticated users to upload files to the blob storage container and download any file in the blob storage container. You need to be able to
revoke access to the blob files for the authenticated users. Anonymous users should be able to download one specific file in the blob container only. For anonymous users,
you plan to make the blob container public. For authenticated users, you plan to create a stored access policy for each user and use Shared Access Signatures based on the
policy to provide read and write access to the blob files. Which of the following statements are true?

A. Anonymous users can download one specific file in the blob container only.
B. Anonymous users can download any file in the blob container.
C. Anonymous users can upload files to the blob container.
D. Authenticated users can upload files to the blob container.
E. You can revoke write access to the blob container for the authenticated users.



1. A,B,C
2. B,D,E
3. C,D,E
4. A,C,E
5. B,C,E



Question : You work for a company named ABC.com. Your role as Cloud Administrator includes the management of the company's public and private cloud infrastructure.
The company has an Azure Active Directory (Azure AD) tenant. The company has a development department. Developers have created a new application that will be used by company
employees and customers.
You plan to host the application in Azure. You need to ensure that the application can read and write data such as users and groups in the Azure AD.
Which of the following permissions should you assign to the application?


1. Enable sign-on and read users' profiles
2. Access your organization's directory.
3. Read directory data
4. Read and write directory data




Question : You work for a company named ABC.com. Your role as Systems Administrator includes the management of the company's public and private
cloud infrastructure and the company's Azure Active Directory (Azure AD).
Sales users and Customer Account Managers often work away from the office. All Sales users and Customer Account Managers use Concur and access the application through the end-user
access panel in Azure. A Customer Account Manager named Mia changes role within the company. Her new role means she is now office-based and does not need to travel to visit
customers.
You want to remove Mia's access to Concur in the end-user access panel in Azure without affecting her access to other applications.
Which of the following actions should you perform?



1. Remove Mia's Office 365 license.
2. Remove Mia's Concur assignment in the Azure Management Portal.
3. Modify Mia's Azure Active Directory account permissions.
4. Run the Set-MsolUserLicense PowerShell cmdlet.