Premium

Microsoft Certified: Azure Solutions Architect Expert Certification Questions and Answer (Dumps and Practice Questions)



Question : You are managing a virtual macine on Azure Cloud Service, name of the VM is QuickVM. You have created an application which help user to quickly upload the files
(Similar to Google Drive). You need to ensure that the VM sends notification in the event that avaerage response time for the web service exceeds 10 mins (Pre-defined). Select the
steps from below which you need to accomplish in sequence.

A. From the Configuration page, add a monitoring endpoint for the virtual machine
B. From the Monitor page add a Metric for response time for endpoint
C. From monitoring page, add a rule for the response time of the end point
D. From the Dashboard page, add a rule for the endpoint status.
E. From the Configuration page, add a rule for the response time of the endpoint.
: You are managing a virtual macine on Azure Cloud Service, name of the VM is QuickVM. You have created an application which help user to quickly upload the files
1. A,B,C
2. B,C,D
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D,E
5. A,C,E

Correct Answer : Get Lastest Questions and Answer : Exp: You have to ping the site from different places to check if your website is returning "200" as its status code. You have a series of option from free to paid
service. System Center Global Service Monitor in System Center 2012 Operations Manager is another good option to monitor availability, performance and reliability of your website.

But If you are using azure then you are lucky to have everything right at home. All the features that you might need are probably already in Azure. Website endpoint monitoring is one
of them. Endpoint monitoring lets you monitor the availability of HTTP or HTTPS endpoints from geo-distributed locations.

The monitoring section allows you to add up to two URLs for monitoring. Add a friendly name for each URL and select the locations around the world from where you wish to monitor
your sites availability. Each of the provided URL can be ping from up to 3 test locations. After you have saved the configuration, the Web Site's URL will be tested periodically
(in every 5 minutes) from each of the configured locations.

To see the results of the tests select your website from the new portal and you will see a nice visualization on the dashboard.

Availability is monitored using HTTP response codes, and response time. A monitoring test fails if the HTTP response code is greater than or equal to 400 or if the response takes
more than 30 seconds. An endpoint is considered available if its monitoring tests succeed from all the specified locations.

The dashboard will periodically update the status of monitoring result that you can drill into for further investigation. This is indeed good to have some live status of your ping
result but this is not feasible to monitor this dashboard 24x7. One thing that you are probably saying is "What good it could be if it can't notify in extreme failure?"

Well, in the world of azure you are blessed with enormous feature. You can certainly create a rule to send you notification if certain threshold meets the bar. For example you can
add rule to send you mail if the uptime is greater than a value % you expected, or when your visitor getting a certain HTTP status code as response.

To do so, click the Add alert option from the Metric blade.

Clicking the Add alert option will open up a new blade from where you can set the limits (with condition) and the email address where you expecting to get alert notification.

End point monitoring is one of the cool feature that you should implement in order to make sure you site is accessible from around the world and even if its get down for any
particular reason, you get the alert notification on your email asap so that you can take steps to fix it for the production site.





Question : You are managing a virtual machine on Azure Cloud Service, name of the VM is QuickVM inside QuickCloudService.
By looking at the logs you found unauthorized traffic to QuickVM. You need to Create a rule to limit access to QuickVM,
Also make sure that the new rule has the highest precedence. Which Azure Power Shell cmdlets and values should you use?

A. acl1 = New-AzureAclConfig Set-AzureAclConfig -AddRule -ACL $acl1 -Order 0 -Action permit -RemoteSubnet "192.168.11.0/24" -Description "Remote Desktop ACL config"
B. acl1 = New-AzureAclConfig Set-AzureAclConfig -AddRule -ACL $acl1 -Order 100 -Action permit -RemoteSubnet "192.168.11.0/24" -Description "Remote Desktop ACL config"
C. acl1 = New-AzureAclConfig Set-AzureAclConfig -AddRule -ACL $acl1 -Order 300 -Action permit -RemoteSubnet "192.168.11.0/24" -Description "Remote Desktop ACL config"
D. acl1 = New-AzureAclConfig Set-AzureAclConfig -AddRule -ACL $acl1 -Order 0 -Action allow -RemoteSubnet "192.168.11.0/24" -Description "Remote Desktop ACL config"
: You are managing a virtual machine on Azure Cloud Service, name of the VM is QuickVM inside QuickCloudService.
1. acl1 = New-AzureAclConfig Set-AzureAclConfig -AddRule -ACL $acl1 -Order 0 -Action permit -RemoteSubnet "192.168.11.0/24" -Description "Remote Desktop ACL config"

2. acl1 = New-AzureAclConfig Set-AzureAclConfig -AddRule -ACL $acl1 -Order 100 -Action permit -RemoteSubnet "192.168.11.0/24" -Description "Remote Desktop ACL config"

 3. Access Mostly Uused Products by 50000+ Subscribers

4. acl1 = New-AzureAclConfig Set-AzureAclConfig -AddRule -ACL $acl1 -Order 0 -Action allow -RemoteSubnet "192.168.11.0/24" -Description "Remote Desktop ACL config"

Correct Answer : Get Lastest Questions and Answer : Exp: To retrieve a complete list of the ACL PowerShell cmdlets, you can use either of the following:

get-help *-AzureACL*

get-command -module azure -name *ACL*

Here we will look at how we create a new ACL that contains rules. This ACL will be applied to a virtual machine endpoint (in our case endpoint on our AZR-DC2 virtual machine).

he ACL rules will allow access from our on premise subnet only. To create a new Network ACL with permit rules for a remote subnet, open a Windows Azure PowerShell ISE and use the
following command to build your script and once completed, execute it.

first line we will create the new network ACL object.

$acl1 = New-AzureAclConfig

Set a rule that permits access from our on premise network. you set rule 100 (which has priority over rule 200 and higher) to allow the remote subnet 192.168.11.0/24 access to the
virtual machine endpoint. Replace the values with your own configuration requirements. The name "Remote Desktop ACL Config" can be replaced with any friendly name that you want to
call this rule.

Set-AzureAclConfig -AddRule -ACL $acl1 -Order 100 -Action permit -RemoteSubnet "192.168.11.0/24" -Description "Remote Desktop ACL config"

For additional rules, repeat the cmdlet, replacing the values with your own configuration requirements. Be sure to change the rule number Order to reflect the order in which you want
the rules to be applied. The lower rule number takes precedence over the higher number.

Next, you can either create a new endpoint (Add) or set the ACL for an existing endpoint (Set). for us, we will set an existing endpoint called "RDP" and update the virtual machine
endpoint with the ACL settings.

Get-AzureVM -ServiceName AZR-Lab -Name AZR-DC2 | Set-AzureEndpoint -Name "RDP" -Protocol tcp -Localport 3389 -PublicPort 3389 -ACL $acl1 | Update-AzureVM

Set-AzureAclConfig
Sets an access control list (ACL) configuration.
This cmdlets sets the ACL configuration object for an existing virtual machine configuration.

-ACL
Specifies the ACL object that you want to modify.

-Action
Specifies whether the rule will permit or deny incoming network traffic from the specified remote subnet. The value must be either Permit or Deny.

-AddRule
Updates the ACL object by adding a rule.

-Description
Provides a description of the rule.

-Order
Specifies the relative order in which this rule should be processed compared to the other rules applied to the ACL object. The lowest order takes precedence.

-RemoteSubnet
Specifies the remote subnet address to which this rule applies. The address must be a valid Classless Inter-Domain Routing (CIDR) address. For example, 10.0.0.0/8.

-RemoveRule
Updates the ACL object by removing a rule.

-RuleId
Provides an ID number for the rule.

-SetRule
Updates the ACL object by modifying an existing ACL rule.

Example 1
This example uses two commands:
The first command creates a new ACL object and stores it in a variable named $acl1.
The second command updates the ACL object with a rule that permits incoming network traffic only from remote subnet 10.0.0.0/8.

Windows PowerShell
PS C:\> $acl1 = New-AzureAclConfigC:\PS> Set-AzureAclConfig -AddRule -ACL $acl1 -Order 100 -Action permit -RemoteSubnet "10.0.0.0/8" -Description "Sharepoint ACL config"
Example 2
This example uses three commands:
The first command get an object for a virtual machine named MyVM, passes it through the pipeline to get the ACL configuration for one of the endpoints of the virtual machine, and
stores this in a variable named $acl.
The second command updates the ACL object by modifying an existing rule with an ID, order, and description.
The third command updates the virtual machine.

Windows PowerShell
PS C:\> $acl = Get-AzureVM -ServiceName "MyService" -Name "MyVM" | Get-AzureAclConfig -EndpointName "Web"C:\PS> Set-AzureAclConfig -SetRule -ID 0 -ACL $acl -Order 102 -Description
"New Description"C:\PS> Get-AzureVM -ServiceName "MyService" -Name "MyVM" | Set-AzureEndpoint -ACL $acl -Name "Web" | Update-AzureVM
Example 3
This example uses three commands:
The first command get an object for a virtual machine named MyVM, passes it through the pipeline to get the ACL configuration for one of the endpoints of the virtual machine, and
stores this in a variable named $acl.
The second command updates the ACL object by removing a rule.
The third command updates the virtual machine.

Windows PowerShell
PS C:\> $acl = Get-AzureVM -ServiceName "MyService" -Name "MyVM" | Get-AzureAclConfig -EndpointName "Web"C:\PS> Set-AzureAclConfig -RemoveRule -ID 0 -ACL $aclC:\PS> Get-AzureVM
-ServiceName "MyService" -Name "MyVM" | Set-AzureEndpoint -ACL $acl -Name "Web" | Update-AzureVM





Question : Recently below two compnies got merged

Acmeshell Inc. (Mumbai)
QuickTechie Inc. (Banglore)

Both have their virtual machine hosted in Azure cloud. You have been given to maintain virtual networks as well azure environment. Now you are done with network merge and related
stuff. Now some of the employees do work from remote location as well as from public locations. All users required from both companies require to access virtual networks. Select
which
secure cross premise connectivity option is needed for each type of user.


: Recently below two compnies got merged
1. Backoffice User : Site to Site, Remote Users : Point to Site

2. Backoffice User : Multi Site, Remote Users : Point to Site

 3. Access Mostly Uused Products by 50000+ Subscribers

4. Backoffice User : Multi Site, Remote Users : Multi Site

Correct Answer : Get Lastest Questions and Answer : Exp: Site-to-Site connections can be used for cross-premises and hybrid configurations.
Site-to-site VPNs connect entire networks to each other -- for example, connecting a branch office network to a company headquarters network. In a site-to-site VPN, hosts do not have
VPN client software; they send and receive normal TCP/IP traffic through a VPN gateway.


A Point-to-Site (P2S) configuration lets you create a secure connection from an individual client computer to a virtual network. A P2S connection is useful when you want to connect
to your VNet from a remote location, such as from home or a conference, or when you only have a few clients that need to connect to a virtual network.




Related Questions

Question : Your network environment includes remote employees. You need to create a secure connection for the remote employees who require access to
your Azure virtual network. What should you do?

 : Your network environment includes remote employees. You need to create a secure connection for the remote employees who require access to
1. Deploy Windows Server 2012 RRAS.
2. Configure a point-to-site VPN.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Configure a site-to-site VPN.




Question : You manage a cloud service that has a web role named fabWeb. You create a virtual network named fabVNet that has two subnets defined as Web and Apps.
You need to be able to deploy fabWeb into the Web subnet. What should you do?
 : You manage a cloud service that has a web role named fabWeb. You create a virtual network named fabVNet that has two subnets defined as Web and Apps.
1. Modify the service definition (csdef) for the cloud service.
2. Run the Set-AzureSubnet PowerShell cmdlet.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Modify the network configuration file.
5. Modify the service configuration (cscfg) for the fabWeb web role.






Question : Your company has recently signed up for Azure. You plan to register a Data Protection Manager (DPM) server with the Azure Backup service. You need to recommend a
method for registering the DPM server with the Azure Backup vault. What are two possible ways to achieve this goal? Each correct answer presents a complete solution.

A. Import a self-signed certificate created using the makecert tool.

B. Import a self-signed certificate created using the createcert tool.

C. Import an X.509 v3 certificate with valid clientauthentication EKU.

D. Import an X.509 v3 certificate with valid serverauthentication EKU.

 : Your company has recently signed up for Azure. You plan to register a Data Protection Manager (DPM) server with the Azure Backup service. You need to recommend a
1. A,C
2. B,D
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D




Question : You administer an Azure Storage account with a blob container. You enable Storage account logging for read, write and delete requests. You need to reduce the costs
associated with storing the logs. What should you do?

 : You administer an Azure Storage account with a blob container. You enable Storage account logging for read, write and delete requests. You need to reduce the costs
1. Execute Delete Blob requests over https.
2. Create an export job for your container.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Execute Delete Blob requests over http.




Question : Your company is launching a public website that allows users to stream videos. You upload multiple video files to an Azure storage container.
You need to give anonymous users read access to all of the video files in the storage container. What should you do?
 : Your company is launching a public website that allows users to stream videos. You upload multiple video files to an Azure storage container.
1. Edit each blob's metadata and set the access policy to Public Blob.
2. Edit the container metadata and set the access policy to Public Container.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Edit the container metadata and set the access policy to Public Blob.




Question : Your company plans to migrate from On-Premises Exchange to Exchange Online in Office . You plan to integrate your existing Active Directory Domain Services (AD DS)
infrastructure with Azure AD.
You need to ensure that users can log in by using their existing AD DS accounts and passwords. You need to achieve this goal by using minimal additional systems.
Which two actions should you perform? Each answer presents part of the solution.

A. Configure Password Sync.

B. Set up a DirSync Server.

C. Set up an Active Directory Federation Services Server.

D. Set up an Active Directory Federation Services Proxy Server.
 : Your company plans to migrate from On-Premises Exchange to Exchange Online in Office . You plan to integrate your existing Active Directory Domain Services (AD DS)
1. A,B
2. B,C
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D