Microsoft Certified: Azure Solutions Architect Expert Certification Questions and Answer (Dumps and Practice Questions)
Question : You manage an application deployed to a cloud service that utilizes an Azure Storage account.
The cloud service currently uses the primary access key.
Security policy requires that all shared access keys are changed without causing application downtime.
Which three steps should you perform in sequence?
A. Update the cloud service configuration with the primary access key
B. Regenerate the primary access key
C. Regenerate the secondary access key
D. Update the cloud service configuration with the secondary access key
1. A,B,C
2. A,B,D
3. Access Mostly Uused Products by 50000+ Subscribers
4. A,C,D
Correct Answer : Get Lastest Questions and Answer : Exp: The requirement is that ALL shared access keys need to be changed. To minimize downtime, you would first regenerate the second shared access key and use that
and then regenerate the first shared access key, so that both are changed.
Question : You manage two datacenters in different geographic regions and one branch office. You
plan to implement a geo-redundant backup solution. You need to ensure that each
datacenter is a cold site for the other. You create a recovery vault. What should you do next?
A. Install the provider.
B. Upload a certificate to the vault.
C. Generate a vault key.
D. Set all virtual machines to DHCP.
E. Prepare System Center Virtual Machine Manager (SCVMM) servers.
F. Create mappings between the virtual machine (VM) networks.
1. Install the provider.
2. Upload a certificate to the vault.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Set all virtual machines to DHCP.
5. Prepare System Center Virtual Machine Manager (SCVMM) servers.
Correct Answer : Get Lastest Questions and Answer : Exp: Configuring the agent with vault credentials is a relatively new process. Previous versions of the wizard prompted you to browse for a self-signed
certificate, which performed the same function (vault identification and authentication).
Question : You manage a collection of large video files that is stored in an Azure Storage account.
A user wants access to one of your video files within the next seven days.
You need to allow the user access only to the video file, and then revoke access once the
user no longer needs it.
What should you do?
1. Give the user the secondary key for the storage account. Once the user is done with the
file, regenerate the secondary key.
2. Create an Ad-Hoc Shared Access Signature for the Blob resource. Set the Shared
Access Signature to expire in seven days.
3. Access Mostly Uused Products by 50000+ Subscribers
Signature for the blob by using the policy. Once the user is done with the file, delete the
policy.
4. Create an access policy on the blob. Give the external user access by using the policy.
Once the user is done with the file, delete the policy.
Correct Answer : Get Lastest Questions and Answer : Exp: Shared Access Policy cannot be applied on Blob. It can only be applied on Container. (Probably a known fact here)
Adhoc SAS key should not be applied to container. To revoke, the storage account key will need to be changed. (Not needed here)
Between B and C:
B seems right because it is only needed for 7 days so it is safe to generate adhoc on blob and share SAS key. This poses one limitation. To manually revoke, you need to change the
Storage Account Key. There is no other way to "revoke access once user no longer needs it".
C sounds better because B has the revoke constraint. By generating Shared Access Policy, you can define constraints (read-only for Blob) and time limit. To revoke access, simply
delete the policy.
Related Questions
Question : While working in QuickTechie Inc , you publish an application named QuickApp to Azure Active Directory (Azure AD). You grant access to the web APIs through OAuth ..
QuickApp1 is generating numerous user consent prompts. You need to reduce the amount of user consent prompts. What should you do?
1. Enable Multi-resource refresh tokens.
2. Enable WS-federation access tokens.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Configure SAML 2.0.
Question : QuickTechie Inc. network includes users in multiple directories. You plan to publish a softwareas-a-service application named QuickApp to Azure Active Directory.
You need to ensure that all users can access QuickApp1. What should you do?
1. Configure the Federation Metadata URL
2. Register the application as a web application.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Register the application as a native client application.
Question : At AcmeShell Inc, you administer an Access Control Service namespace named AcmeACS that is used by a web application. AcmeACS currently utilizes Microsoft and Yahoo
accounts. Several users in your organization have Google accounts and would like to access the web application through AcmeACS. You need to allow users to access the application by
using their Google accounts. What should you do?
1. Register the application directly with Google.
2. Edit the existing Microsoft Account identity provider and update the realm to include Google.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Add a new WS-Federation identity provider and configure the WS-Federation metadata to point to the Google sign-in URL.
Question : You are working in QuickTechie Inc and you manage a SQL Database in Azure named QuickDB which is running in Standard/SI tier. Database is in a server named QuickSvr
, which is a main production env of QuickTechie Inc. You also have another server named QuickTestSvr . Both QuickSvr1 and QuickTestSvr in the same subscription and same region
deployed on different Physical Clusters. Now development team asked you to copy QuickDB to test environment.
Select the correct steps you need to follow.
A. Use DB copy to create a copy of database QuickDB in QuickTestSvr named QuickDB
B. Set Export Status to Automatic for QuickDB in QuickSvr1
C. Use DB copy to create a copy of database QuickDB in QuickSvr named QuickDBTemp
D. Scale QuickDB to QuickTestSvr to Standard/SI tier
E. Import BACPAC file to the QuickTestSvr as QuickDB
F. Export QuickDBTemp in QuickSvr1 to BACPAC file in Azure Blob storage
G. Rename QuickDBTemp to QuickDB in QuickSvr1
H. Use active Geo-Replication and replicate QuickDB to QuickTestSvr
1. A,B,C
2. C,D,E
3. Access Mostly Uused Products by 50000+ Subscribers
4. A,B,G
5. A,C,H
Question : You are working in a QuickTechie Inc, you are managing a local VM, which you need to an Azure VM. You upload the virtual hard
disk (VHD) file to Azure Blob storage as a Block Blob . You need to change the Block blob to a page blob .
What should you do?
1. Delete the Block Blob and re-upload the VHD as a page blob.
2. Update the type of the blob programmatically by using the Azure Storage .NET SDK.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Create a new empty page blob and use the Azure Blob Copy Power Shell cmdlet to copy the current data to the new blob.
Question : You administer a Microsoft Azure SQL Database data base in the US Central region named
contosodb. Contosodb runs on a Standard tier within the SI performance level.
You have multiple business-critical applications that use contosodb.
You need to ensure that you can bring contosodb back online in the event of a natural
disaster in the US Central region. You want to achieve this goal with the least amount of
downtime.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Upgrade to S2 performance level.
B. Use active geo-replication.
C. Use automated Export.
D. Upgrade to Premium tier.
E. Use point in time restore.
F. Downgrade to Basic tier.
1. B,D
2. C,E
3. Access Mostly Uused Products by 50000+ Subscribers
4. A,E
5. A,C