Premium

Microsoft Certified: Azure Solutions Architect Expert Certification Questions and Answer (Dumps and Practice Questions)



Question : AcmeShell Inc plans to migrate from On-Premises Exchange to Office . The existing directory has numerous service accounts in your On-Premises Windows Active
Directory (AD), stored in separate AD Organizational Units (OU) for user accounts. You need to prevent the service accounts in Windows AD from syncing with Azure AD
What should you do?

: AcmeShell Inc plans to migrate from On-Premises Exchange to Office . The existing directory has numerous service accounts in your On-Premises Windows Active
1. Create an OU filter in the Azure AD Module for Windows PowerShell.

2. Configure directory partitions in miisclient.exe.

 3. Access Mostly Uused Products by 50000+ Subscribers

4. Create an OU filter in the Azure Management Portal.


Correct Answer : Get Lastest Questions and Answer : Exp: The Microsoft Office Server products listed in the "Applies to" section ships a version of the Forefront Identity Manager 2010 (FIM) product that is used to
synchronize user profile information between directory systems and SharePoint. FIM includes a client utility (MIISClient.exe) that can be used to view, monitor and alter the state
and progress of the user profile synchronization settings and process.






Question : You manage an Azure Active Directory (AD) tenant you plan to allow users to log in to a third-party application by using their Azure AD credentials. To access the
application, users will be prompted for their existing third-party user names and passwords. You need to add the application to Azure AD . Which type of application should you add?
: You manage an Azure Active Directory (AD) tenant you plan to allow users to log in to a third-party application by using their Azure AD credentials. To access the
1. Existing Single Sign-On with identity provisioning

2. Password Single Sign-On with identity provisioning

 3. Access Mostly Uused Products by 50000+ Subscribers

4. Password Single Sign-On without identity provisioning

Correct Answer : Get Lastest Questions and Answer :
Explanation: Single sign on:
For example, if there is an application that is configured to authenticate users using Active Directory Federation Services 2.0, an administrator can use the "Existing Single
Sign-On" Not, because of "By using their Azure AD credentials".

So is password Single Sign on.

Identity:
User provisioning enables automated user provisioning and deprovisioning of accounts in third-party SaaS applications from within the Azure Management Portal, using your Windows
Server Active Directory or Azure AD identity information.

They will use third-party user-names, so, no Prevising.

First you need to choose between an existing SSO solution or a password-based SSO. As it is a requirement to store the credentials in Azure AD, it has to be a password-based SSO.
There is no need for identity provisioning, thus the correct answer is D.

User provisioning enables automated user provisioning and deprovisioning of accounts in third-party SaaS applications from within the Azure Management Portal, using your Windows
Server Active Directory or Azure AD identity information. When a user is given permissions in Azure AD for one of these applications, an account can be automatically created
(provisioned) in the target SaaS application.

From the scenario - Users will be prompted for the EXISTING 3rd party credentials. No need to provision them then.

Configuring password-based single sign-on enables the users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account
information from the third-party SaaS application. When you enable this feature, Azure AD collects and securely stores the user account information and the related password.

Configuring password-based single sign-on enables the users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account
information from the third-party SaaS application

oPassword based SSO without identity provisioning - These are applications the Azure admin has added with the single sign-on mode set to 'Password based Single Sign-on'. It is
important to realize that all users authenticated to the Azure AD will see these applications. The first time a user clicks one of these apps they will be asked to install a
lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they navigate to that app they will be asked to enter the username and password combination
for that app. This is then securely stored in Azure AD and linked to their organization account. The next time the user clicks that app they will be automatically signed in with the
credentials they provided. Updating credentials in the third party app needs the user to update their Azure AD stored credentials from the context menu on the app tile.

oPassword based SSO with identity provisioning - These are applications the Azure admin has added with the single sign-on mode set to 'Password based Single Sign-on' as well as
identity provisioning. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the
next time they will be automatically signed in to the application





Question : You plan to use Password Sync on your DirSync Server with Azure Active Directory {Azure AD) on your company network. You configure the DirSync server and complete an
initial synchronization of the users.

Several remote users are unable to log in to Office 365. You discover multiple event log entries for "Event ID 611 Password synchronization failed for domain."
You need to resolve the password synchronization issue. Which two actions should you perform? Each correct answer presents part of the solution.

A.Restart Azure AD Sync Service.
B. Run the Set-FullPasswordSync Power Shell cmdlet.
C. Force a manual synchronization on the DirSync server.
D. Add the DirSync service account to the Schema Admins domain group.

: You plan to use Password Sync on your DirSync Server with Azure Active Directory {Azure AD) on your company network. You configure the DirSync server and complete an
1. A,B
2. B,C
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D
5. B,D

Correct Answer : Get Lastest Questions and Answer :
Explanation: Set-FullPasswordSync
Restart-Service FIMSynchronizationService -Force


A full Password Sync, and a full Directory Sync are two distinct activities. A full password sync will synchronize password hashes for all DirSync'ing users. A full Directory Sync
does not trigger a full password sync. By default, the only activity that will trigger a full password sync is completing the Windows Azure Active Directory Sync tool Configuration
Wizard.

Note You must have Directory Sync tool version 6438.0003 or greater installed in order to perform the process below.

To trigger a full password sync, perform the following steps:

Open PowerShell, and then type Import-Module DirSync
Type Set-FullPasswordSync, and then press Enter
Load Services.msc
Restart the Forefront Identity Manager Synchronization Service Service.
Once this is complete, you should see a series of EventId=656 (Password Sync Requests) and EventId=657 (Password Sync Results) indicating that your full password sync has kicked off.



Related Questions

Question : You are working in AcmeShell Inc. as a network Architect. You decided to extend your existing datacenter to Azure. Hence, you require to create a connection that
supports a multiprotocol label switching (MPLS) virtual private network. Which is the correct connection type you should you use
 : You are working in AcmeShell Inc. as a network Architect. You decided to extend your existing datacenter to Azure. Hence, you require to create a connection that
1. Site-to-Site

2. VNet-to-Vnet

3. Access Mostly Uused Products by 50000+ Subscribers

4. Site-to-Point


Question : You manage a cloud service named QuickReports that is deployed in an Azure data center.
You deploy a virtual machine (VM) named QuickVMSQL into a virtual network named QuickVNet.

QuickReports must communicate with QuickVMSQL. You need to add QuickReports to QuickVNet.
Which file should you modify?

 : You manage a cloud service named QuickReports that is deployed in an Azure data center.
1. the network configuration file for QuickVNet

2. the service definition file (.csdef) for QuickReports

 3. Access Mostly Uused Products by 50000+ Subscribers

4. the service configuration file (.cscfg) for QuickReports

5. the service configuration file (.cscfg) QuickVMSQL


Question : You manage an application deployed to virtual machines (VMs) on an Azure virtual network named corpVnet.
You plan to hire several remote employees who will need access to the application on corpVnet1.
You need to ensure that new employees can access corpVnet1. You want to achieve this goal by using the most cost effective solution.
Which two actions should you perform? Each correct answer presents part of the solution.

A. Create a VPN subnet.
B. Enable point-to-point connectivity for corpVnet1.
C. Enable point-to-site connectivity for corpVnet1.
D. Create a gateway subnet.
E. Enable site-to-site connectivity for corpVnet1.
F. Convert corpVnet1 to a regional virtual network.

 : You manage an application deployed to virtual machines (VMs) on an Azure virtual network named corpVnet.
1. A,B
2. C,D
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,E
5. C,F


Question : You are working in QuickTechie Inc , where you are managing VM as well as virtual network created in Azure for QuickTechie Inc.
Now there a virtual network named as QuickVNet , which has three subnets named as QuickSNet1, QuickSNet2 and QuickSNet3. There is a
virtual machine (VM) named QuickVM running in the QuickProd service. Now you wanted to modify QuickVM so it can be deployed into QuickSNet3
You want to achieve this goal by using the least amount of time and while causing the least amount of disruption to the existing deployment. Which of the following is a correct
cmdlet command.
 : You are working in QuickTechie Inc , where you are managing VM as well as virtual network created in Azure for QuickTechie Inc.
1. $VM = Get-AzureVM -ResourceGroupName "QuickProd" -Name "QuickVM" Set-AzureVNet "QuickSNet3" -VM $VM Update-AzureVM "QuickProd"

2. $VM = Set-AzureVM -ResourceGroupName "QuickProd" -Name "QuickVM" Set-AzureSubnet "QuickSNet3" -VM $VM Update-AzureVM "QuickProd"

 3. Access Mostly Uused Products by 50000+ Subscribers

4. $VM = Set-AzureVM -ResourceGroupName "QuickProd" -Name "QuickVM" Set-AzureVNet "QuickSNet3" -VM $VM Update-AzureVM "QuickProd"


Question : You are working in a company named as Acmeshell Inc. you are managing a solution which is deployed in two Azure Subscriptions one for testing and other for production.
Both subscription have virtual networks named AcmeVNet. Now you need to urgently add two more VMs in a new subnet with the following requirement
- Deploy the new VMs to the virtual network in the testing subscription.
- Minimize any errors in defining the network changes.
- Minimize the work that will be required when the change is made to the production virtual network.

Select the correct steps, which you need to implement, in correct sequence.

A. Add an accessibly group to the network configuration file.
B. Add a subnet to the virtual Network using the Management portal
C. Deploy the new VMs to the new Subnet
D. Add an accessibility group to the virtual Network using the Management portal.
E. Deploy the new VMs to the new accessibility group.
F. Export the network configuration
G. Add a subnet to the network configuration file
H. Import the network configuration.
 : You are working in a company named as Acmeshell Inc. you are managing a solution which is deployed in two Azure Subscriptions one for testing and other for production.
1. A,B,C
2. C,D,E
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,B,H
5. B,C,F


Question : Our website named QuickTechie.com is hosted in Azure, now while accessing this website some users are facing issues and getting following error.

"http Status 500.0 - Internal Server Error."

You need to view detailed diagnostic information in XML format. Which option should you enable?
: Our website named QuickTechie.com is hosted in Azure, now while accessing this website some users are facing issues and getting following error.
1. Application Logging in Application Diagnostics

2. WebServer Loggings in Site Diagnostics

 3. Access Mostly Uused Products by 50000+ Subscribers

4. FAILED REQUEST TRACING in Site Diagnostics