General

You sign up for Azure Active Directory (Azure AD) Premium. You need to add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain. What should you configure in Azure AD? Options are :

• A. Device settings from the Devices blade
• B. Providers from the MFA Server blade
• C. User settings from the Users blade
• D. General settings from the Groups blade

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1. Subscription1 has a user named User1. User1 has the following roles: Reader? Security Admin? Security Reader? You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do? Options are :

• A. Remove User1 from the Security Reader and Reader roles for Subscription1.
• B. Assign User1 the User Access Administrator role for VNet1.
• C. Assign User1 the Network Contributor role for VNet1.
• D. Assign User1 the Network Contributor role for RG1.

You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com. Your company has a public DNS zone for contoso.com. You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name. Which type of DNS record should you create? Options are :

• A. MX
• B. NSE
• C. PTR
• D. RRSIG

You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1. You need to view the error events from a table named Event. Which query should you run in Workspace1? Options are :

• A. Get-Event Event | where {$_.Event Type == "error"}
• B. Search in (Event) "error" (Correct)
• C. select * from Event where Event Type == "error"
• D. search in (Event) * | where Event Type -eq "error"

Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs. You have a line-of-business app named App1 that runs on several Azure virtual machines. The virtual machines run Windows Server 2016. You need to ensure that the connections to App1 are spread across all the virtual machines. What are two possible Azure services that you can use? Options are :

• A. an internal load balancer
• B. a public load balancer
• C. an Azure Content Delivery Network (CDN)
• D. Traffic Manager
• E. an Azure Application Gateway

You have an Azure subscription. You have 100 Azure virtual machines. You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering. Which blade should you use? Options are :

• A. Monitor
• B. Advisor
• C. Metrics
• D. Customer insights

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The User administrator role is assigned to a user named Admin1. An external partner has a Microsoft account that uses the user1@outlook.com sign in. Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: `Unable to invite user user1@outlook.com `" Generic authorization exception.` You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant. What should you do? Options are :

• A. From the Users blade, modify the External collaboration settings.
• B. From the Custom domain names blade, add a custom domain.
• C. From the Organizational relationships blade, add an identity provider.
• D. From the Roles and administrators blade, assign the Security administrator role to Admin1.

You have an Azure subscription linked to an Azure Active Directory tenant. The tenant includes a user account named User1. You need to ensure that User1 can assign a policy to the tenant root management group. What should you do? Options are :

• A. Assign the Owner role for the Azure Subscription to User1, and then modify the default conditional access policies.
• B. Assign the Owner role for the Azure subscription to User1, and then instruct User1 to configure access management for Azure resources.
• C. Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.
• D. Create a new management group and delegate User1 as the owner of the new management group.

You have an Azure subscription that contains a user named User1. You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege. Which role-based access control (RBAC) role should you assign to User1? Options are :

• A. Owner
• B. Virtual Machine Contributor
• C. Contributor
• D. Virtual Machine Administrator Login

You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1. VM1 runs services that will be used to deploy resources to RG1. You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1. What should you do first? Options are :

• A. From the Azure portal, modify the Managed Identity settings of VM1
• B. From the Azure portal, modify the Access control (IAM) settings of RG1
• C. From the Azure portal, modify the Access control (IAM) settings of VM1
• D. From the Azure portal, modify the Policies settings of RG1

You have an Azure DNS zone named adatum.com. You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure. What should you do? Options are :

• A. Create an NS record named research in the adatum.com zone.
• B. Create a PTR record named research in the adatum.com zone.
• C. Modify the SOA record of adatum.com.
• D. Create an A record named *.research in the adatum.com zone.

You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1. You need to view the error events from a table named Event. Which query should you run in Workspace1? Options are :

• A. Get-Event Event | where {$_. Event Type == "error"}
• B. Event | search "error"
• C. select * from Event where Event Type == "error"
• D. Event | where Event Type is "error"

You have a registered DNS domain named contoso.com. You create a public Azure DNS zone named contoso.com. You need to ensure that records created in the contoso.com zone are resolvable from the internet. What should you do? Options are :

• A. Create NS records in contoso.com.
• B. Modify the SOA record in the DNS domain registrar.
• C. Create the SOA record in contoso.com.
• D. Modify the NS records in the DNS domain registrar

You have an Azure Storage account named storage1 that contains a blob container named container1. You need to prevent new content added to container1 from being modified for one year. What should you configure? Options are :

• A. the access tiers
• B. an access policy
• C. the Access control (IAM) settings
• D. the access level

You have an on-premises server that contains a folder named D:\Folder1. You need to copy the contents of D:\Folder1 to the public container in an Azure Storage account named Contoso data. Which command should you run? Options are :

• A. https://contosodata.blob.core.windows.net/public
• B. AZ copy sync D:\folder1 https://contosodata.blob.core.windows.net/public --snapshot
• C. a copy D:\folder1 https://contosodata.blob.core.windows.net/public --recursive
• D. AZ storage blob copy start-batch D:\Folder1 https://contosodata.blob.core.windows.net/public