NEW QUESTION 1
You have an Azure subscription that contains a virtual network named VNet1. VNet 1 has two subnets named Subnet1 and Subnet2. VNet1 is in the West Europe Azure region.
The subscription contains the virtual machines in the following table.

You need to deploy an application gateway named AppGW1 to VNet1. What should you do first?

• A. Add a service endpoint.
• B. Add a virtual network.
• C. Move VM3 to Subnet1.
• D. Stop VM1 and VM2.

Answer: D

Explanation:
If you have an existing virtual network, either select an existing empty subnet or create a new subnet in your existing virtual network solely for use by the application gateway.
Verify that you have a working virtual network with a valid subnet. Make sure that no virtual machines or cloud deployments are using the subnet. The application gateway must be by itself in a virtual network subnet.
References:
https://social.msdn.microsoft.com/Forums/azure/en-US/b09367f9-5d01-4cda-9127- b7a506a0a151/cant-create-application-gateway?forum=WAVirtualMachinesVirtualNetwork https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-gateway

NEW QUESTION 2
You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com. You need to enable two-step verification for Azure users.
What should you do?

• A. Configure a playbook in Azure AD conditional access policy.
• B. Create an Azure AD conditional access policy.
• C. Create and configure the Identify Hub.
• D. Install and configure Azure AD Connect.

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

NEW QUESTION 3
HOTSPOT
You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table.

Subscription1 contains the virtual machines in the following table:

The firewalls on all the virtual machines are configured to allow all ICMP traffic. You add the peerings in the following table.

For each of the following statements, select Yest if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
Vnet1 and Vnet3 are peers. Box 2: Yes
Vnet2 and Vnet3 are peers. Box 3: No
Peering connections are non-transitive.
References: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid- networking/hub-spoke

NEW QUESTION 4
You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2.
VM2 is protected by RSV1.
You need to use RSV2 to protect VM2. What should you do first?

• A. From the RSV1 blade, click Backup items and stop the VM2 backup.
• B. From the RSV1 blade, click Backup Jobs and export the VM2 backup.
• C. From the RSV1 blade, click Backu
• D. From the Backup blade, select the backup for the virtual machine, and then click Backup.
• E. From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault.

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm

NEW QUESTION 5
Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Network Watcher, you create a connection monitor.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network.
The connection monitor capability monitors communication at a regular interval and informs you of reachability, latency, and network topology changes between the VM and the endpoint.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

NEW QUESTION 6
From the MFA Server blade, you open the Block/unblock users blade as shown in the exhibit.

What caused AlexW to be blocked?

• A. An administrator manually blocked the user.
• B. The user reports a fraud alert when prompted for additional authentication.
• C. The user account password expired.
• D. The user entered an incorrect PIN four times within 10 minutes.

Answer: B

NEW QUESTION 7
HOTSPOT
You have an Azure subscription named Subscrption1 that is associated to an Azure Active Directory (Azure AD) tenant named AAD1.
Subscription1 contains the objects in the following table:

You plan to create a single backup policy for Vault1. To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: RG1 only Box 2: 99 years
With the latest update to Azure Backup, customers can retain their data for up to 99 years in Azure. Note: A backup policy defines a matrix of when the data snapshots are taken, and how long those snapshots are retained.
The backup policy interface looks like this:

References: https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-
arm#defining-a-backup-policy
https://blogs.microsoft.com/firehose/2015/02/16/february-update-to-azure-backup-includes-data- retention-up-to-99-years-offline-backup-and-more/

NEW QUESTION 8
You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. an XML manifest file
• B. a driveset CSV file
• C. a dataset CSV file
• D. a PowerShell PS1 file
• E. a JSON configuration file

Answer: BC

Explanation:
B: Modify the driveset.csv file in the root folder where the tool resides.
C: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to- files

NEW QUESTION 9
You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com. From the Azure Active Directory blade, you assign the Conditional Access Administrator role to a user You need to ensure that Admin1 has just-in-time access as a conditional access administrator.
What should you do next?

• A. Enable Azure AD Multi-Factor Authentication (MFA).
• B. Set Admin1 as Eligible for the Privileged Role Administrator role.
• C. Admin1 as Eligible for the Conditional Access Administrator role.
• D. Enable Azure AD Identity Protection.

Answer: A

Explanation:
Require MFA for admins is a baseline policy that requires MFA for the following directory roles:
 Global administrator 
 SharePoint administrator 
 Exchange administrator 
 Conditional access administrator 
 Security administrator References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/baseline-protection

NEW QUESTION 10
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it As a result these questions will not appear in the review screen.
You have an Azure wet) app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day.
Solution: You change the pricing tier of Plan1 to Shared. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
You should switch to the Basic Tier.
The Free Tier provides 60 CPU minutes / day. This explains why App1 is stops. The Shared Tier provides 240 CPU minutes / day. The Basic tier has no such cap.
References:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/

NEW QUESTION 11
You have an Azure subscription that contains three virtual networks named VNet1, VNet2, VNet3.
VNet2
contains a virtual appliance named VM2 that operates as a router.
You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network.
You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3. You need to provide connectivity between VNet1 and VNet3 through VNet2.
Which two configurations should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. On the peering connections, allow forwarded traffic.
• B. On the peering connections, allow gateway transit.
• C. Create route tables and assign the table to subnets.
• D. Create a route filter.
• E. On the peering connections, use remote gateways.

Answer: BE

Explanation:
Allow gateway transit: Check this box if you have a virtual network gateway attached to this virtual network and want to allow traffic from the peered virtual network to flow through the gateway.
The peered virtual network must have the Use remote gateways checkbox checked when setting up the peering from the other virtual network to this virtual network.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage- peering#requirements-and-constraints

NEW QUESTION 12
HOTSPOT
You need to implement App2 to meet the application? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Standard
Not Shared: A Shared plan does not support Always on. Box 2: Always on
If your function app is on the Consumption plan, there can be up to a 10-minute delay in processing new blobs if a function app has gone idle. To avoid this cold-start delay, you can switch to an App Service plan with Always On enabled, or use a different trigger type.
Scenario: A newly developed API must be implemented as an Azure function named App2. App2 will use a blob storage trigger. App2 must process new blobs immediately.
App2 must be able to connect directly to the private IP addresses of the Azure virtual machines. App2
will be deployed directly to an Azure virtual network. The cost of App1 and App2 must be minimized. References:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-storage-blob https://azure.microsoft.com/en-us/pricing/details/app-service/plans/

NEW QUESTION 13
You have an Azure subscription that contains the resources in the following table.

Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1. You need to apply ASG1 to VM1.
What should you do?

• A. Modify the properties of NSG1.
• B. Modify the properties of ASG1.
• C. Associate NIC1 to ASG1.

Answer: B

Explanation:
When you deploy VMs, make them members of the appropriate ASGs. You associate the ASG with a subnet.
References: https://azure.microsoft.com/en-us/blog/applicationsecuritygroups/

NEW QUESTION 14
You are troubleshooting a performance issue for an Azure Application Gateway.
You need to compare the total requests to the failed requests during the past six hours. What should you use?

• A. Metrics in Application Gateway
• B. Diagnostics logs in Application Gateway
• C. NSG flow logs in Azure Network Watcher
• D. Connection monitor in Azure Network Watcher

Answer: A

Explanation:
Application Gateway currently has seven metrics to view performance counters.
Metrics are a feature for certain Azure resources where you can view performance counters in the portal. For
Application Gateway, the following metrics are available:
 Total Requests
 Failed Requests
 Current Connections
 Healthy Host Count
 Response Status
 Throughput
 Unhealthy Host count
You can filter on a per backend pool basis to show healthy/unhealthy hosts in a specific backend pool
References: https://docs.microsoft.com/en-us/azure/application-gateway/application- gatewaydiagnostics#
Metrics

NEW QUESTION 15
You plan to move services from your on-premises network to Azure.
You identify several virtual machines that you believe can be hosted in Azure. The virtual machines are shown in the following table.

Which two virtual machines can you access by using Azure migrate? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

• A. Sea-CA0l
• B. Hou-NW01
• C. NYC-FS01
• D. Sea-DC01
• E. BOS-DB01

Answer: CE

NEW QUESTION 16
You are planning the move of App1 to Azure. You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1. What should you recommend?

• A. Create an outgoing security rule for port 443 from the Interne
• B. Associate the NSG to all the subnets.
• C. Create an incoming security rule for port 443 from the Interne
• D. Associate the NSG to all the subnets.
• E. Create an incoming security rule for port 443 from the Interne
• F. Associate the NSG to the subnet thatcontains the web servers.
• G. Create an outgoing security rule for port 443 from the Interne
• H. Associate the NSG to the subnet thatcontains the web servers.

Answer: C

Explanation:
As App1 is public-facing we need an incoming security rule, related to the access of the web servers. Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier.
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

NEW QUESTION 17
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.






When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be
able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to deploy several Azure virtual machines and to connect them to a virtual network named VNET1007.
You need to ensure that future virtual machines in VNET1007 can register their name in an internal DNS zone named corp7523690.com. The zone must NOT be hosted on a virtual machine.
What should you do from Azure Cloud Shell?
To complete this task, start Azure Cloud Shell and select PowerShell(Linux). Click Show Advanced Settings, and then enter corp7523690n1 in the Storage account text box and File1 in the File share text box. Click Create storage, and then complete the task.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1: New-AzureRMResourceGroup -name MyResourceGroup
Before you create the DNS zone, create a resource group to contain the DNS zone.
Step 2: New-AzureRmDnsZone -Name corp7523690.com -ResourceGroupName MyResourceGroup A DNS zone is created by using the New-AzureRmDnsZone cmdlet. This creates a DNS zone called corp7523690.com in the resource group called MyResourceGroup.
References: https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-powershell

NEW QUESTION 18
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to these questions will not appear m the review screen.
You manage a virtual network named VNetl1 that is hosted in the West US Azure region.
VNetl1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Network Watcher, you create a packet capture. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network.
Capture packets to and from a VM
Advanced filtering options and fine-tuned controls, such as the ability to set time and size limitations, provide versatility. The capture can be stored in Azure Storage, on the VM's disk, or both. You can then analyze the capture file using several standard network capture analysis tools.
Network Watcher variable packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine. Packet capture helps to diagnose network anomalies both reactively and proactivity.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

NEW QUESTION 19
HOTSPOT
You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.

VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and Vnet2.
An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
You need to move the custom application to Vnet2. The solution must minimize administrative effort. Which two actions should you perform? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
You can move a VM and its associated resources to another resource group using the portal. References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/move-vm

NEW QUESTION 20
HOTSPOT
You need to implement App2 to meet the application requirements.
What should you include in the implementation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
 A newly developed API must be implemented as an Azure function named App2. App2 will use a blob storage trigger. App2 must process new blobs immediately.
 This requires “Always On”.
 The cost of App1 and App2 must be minimized
 The Standard pricing tier is the cheapest tier that supports Always On.

NEW QUESTION 21
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure web app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day.
Solution: You change the pricing tier of Plan1 to Basic. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
The Free Tier provides 60 CPU minutes / day. This explains why App1 is stops. The Basic tier has no such cap.
References:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/

NEW QUESTION 22
You have an Azure subscription that contains a resource group named RG1. RG1 contains 100 virtual machines.
Your company has three cost centers named Manufacturing, Sales, and Finance. You need to associate each virtual machine to a specific cost center.
What should you do?

• A. Add an extension to the virtual machines.
• B. Modify the inventory settings of the virtual machine.
• C. Assign tags to the virtual machines.
• D. Configure locks for the virtual machine.

Answer: C

Explanation:
References:
https://docs.microsoft.com/en-us/azure/billing/billing-getting-started https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

NEW QUESTION 23
HOTSPOT
You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL Server on Windows for the data tier.

Scenario: You have a public-facing application named App1. App1 is comprised of the following three
tiers:
 A SQL database
 A web front end
 A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
 Technical requirements include:
 Move all the virtual machines for App1 to Azure.
 Minimize the number of open ports between the App1 tiers.
References: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier- sql-server

NEW QUESTION 24
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.
You purchase 10 Azure AD Premium P2 licenses for the tenant.
You need to ensure that 10 users can use all the Azure AD Premium features. What should you do?

• A. From the Groups blade of each user, invite the users to a group.
• B. From the Licenses blade of Azure AD, assign a license.
• C. From the Directory role blade of each user, modify the directory role.
• D. From the Azure AD domain, add an enterprise application.

Answer: B

Explanation:
To assign a license, under Azure Active Directory > Licenses > All Products, select one or more products, and then select Assign on the command bar.
References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/license-users- groups

NEW QUESTION 25
You need to resolve the Active Directory issue. What should you do?

• A. From Active Directory Users and Computers, select the user accounts, and then modify the User PrincipalName value.
• B. Run idfix.exe, and then use the Edit action.
• C. From Active Directory Domains and Trusts, modify the list of UPN suffixes.
• D. From Azure AD Connect, modify the outbound synchronization rule.

Answer: B

Explanation:
IdFix is used to perform discovery and remediation of identity objects and their attributes in an on- premises Active Directory environment in preparation for migration to Azure Active Directory. IdFix is intended for the Active Directory administrators responsible for directory synchronization with Azure Active Directory.
Scenario: Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters. You suspect that some of the characters are unsupported in Azure AD.
References: https://www.microsoft.com/en-us/download/details.aspx?id=36832

NEW QUESTION 26
You have an Azure subscription named Subscription1.
You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1.
What should you use?

• A. LAD 3.0
• B. Azure Analysis Services
• C. the AzurePerformanceDiagnostics extension
• D. Azure HDInsight

Answer: C

Explanation:
You can use extensions to configure diagnostics on your VMs to collect additional metric data.
The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-monitoring

NEW QUESTION 27
......