- (Exam Topic 6)
You have an Azure subscription that contains the virtual machines shown in the following table.
[removed]void(0)
You deploy a load balancer that has the following configurations:
• Name: LB1
• Type internal
• SKU: Standard
• Virtual network VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1.
Does this meet the goal?
Correct Answer:
B
A Backend Pool configured by IP address has the following limitations:
Standard load balancer only
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/backend-pool-management
You can only attach virtual machines in the same region and that have a standard SKU public IP configuration or no public IP configuration. All IP configurations must be on the same virtual network.
- (Exam Topic 5)
You recently created a new Azure subscription that contains a user named Admin1.
Admin1 attempts to deploy an Azure Marketplace resource by using an Azure Resource Manager template. Admin1 deploys the template by using Azure PowerShell and receives the following error message: “User failed validation to purchase resources. Error message: “Legal terms have not been accepted for this item on this subscription. To accept legal terms, please go to the Azure portal (http://go.microsoft.com/fwlink/?LinkId=534873) and configure programmatic deployment for the Marketplace item or create it there for the first time.”
You need to ensure that Admin1 can deploy the Marketplace resource successfully. What should you do?
Correct Answer:
C
The Set-AzMarketplaceTerms cmdlet saves the terms object for given publisher id(Publisher), offer id(Product) and plan id(Name) tuple.
Reference:
https://docs.microsoft.com/en-us/powershell/module/az.marketplaceordering/set-azmarketplaceterms?view=azps
- (Exam Topic 6)
You have a hybrid deployment of Azure Active Directory (Azure AD) that contains the users shown in the following table.
You need to modify the JobTitle and UsageLocation attributes for the users.
For which users can you modify the- attributes from Azure AD? To answer, select the appropriate options in the answer area.
Solution:
Box 1: User1 and User3 only
You must use Windows Server Active Directory to update the identity, contact info, or job info for users whose source of authority is Windows Server Active Directory.
Box 2: User1, User2, and User3 Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 6)
You have an Azure subscription.
You plan to deploy a storage account named storage1 by using the following Azure Resource Manager (ARM) template.
Solution:
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You create an Azure subscription named Subscription1 and an associated Azure Active Directory (Azure AD) tenant named Tenant1. Tenant1 contains the users in the following table.
You need to add an Azure AD Privileged Identity Management application to Tenant1. Which account can you use?
Correct Answer:
B
For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged role administrator or Global administrator role can manage assignments for other administrators. You can grant access to other administrators to manage Privileged Identity Management. Global Administrators, Security Administrators, Global readers, and Security Readers can also view assignments to Azure AD roles in Privileged Identity Management.
Only owner can create an subscription and only global administrator can perform Privileged Identity Management changes. So you can create subscription with external user and then promote him to global administrator to get things done.
As it is mentioned as it is associated with azure tenant so that tenant has an AD domain. So in azure AD the default domain ends with onmicrosoft.com. So you can't have Hotmail IDs there. Moreover always remember the principle of least privileges, when you can get your job done with Global Administrator then you should not look for owner for security purpose.
Admin1@contoso.onmicorosft.com : Correct Choice
As Admin1 is Global Administrator and part of default AD domain so Admin1 can add an Azure AD Privileged Identity Management application to Tenant1
Admin3@contoso.onmicrosoft.com : Incorrect Choice
As per the above explanation Admin3 is not Global Administrator, so this option is incorrect. Admin2@contoso.onmicorosft.com : Incorrect Choice
As per the above explanation Admin2 is not Global Administrator, so this option is incorrect. ContosoAdmin1@hotmail.com : Incorrect Choice
Although this user is Global Administrator but referring to the least privileges principal and default domain consideration this option is incorrect.
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance