- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2. Solution: You modify the Azure Active Directory (Azure AD) authentication policies.
Does this meet this goal?
Correct Answer:
B
Instead export the client certificate from Computer1 and install the certificate on Computer2. Note:
Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate is not installed, authentication fails.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
- (Exam Topic 5)
You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct Answer:
ABE
Create a Connection: You need to link the ExpressRoute gateway to the ExpressRoute circuit. After this step has been completed, the connection between your on-premises network and Azure through ExpressRoute will be established. Hence this is correct option.
Create a local site VPN gateway : This will allow you to provide the local gateway settings, for example public IP and the on-premises address space, so that the Azure VPN gateway can connect to it. Hence this is correct option.
Create a VPN gateway that uses the VpnGw1 SKU : The GatewaySku is only supported foVr pnGw1,
VpnGw2, VpnGw3, Standard, and HighPerformance
VPN gateways. ExpressRoute-VPN Gateway coexist
configurations are not supported on the Basic SKU. The VpnType must be RouteBased. Hence this is correct option.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-linkvnet-arm
- (Exam Topic 6)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Monitor, you create a metric on Network in and Network Out. Does this meet the goal?
Correct Answer:
B
You should use Azure Network Watcher. References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
- (Exam Topic 4)
You have an Azure subscription that contains a resource group named Test RG. You use TestRG to validate an Azure deployment.
TestRG contains the following resources:
You need to delete TestRG. What should you do first?
Correct Answer:
C
You can't delete a vault that contains backup data. You must remove the delete locks before trying to delete a resource group.When you delete a resource group, all of its resources are also deleted. Deleting a resource group deletes all of its template deployments and currently stored
operations.https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/delete-resource-group?t
- (Exam Topic 6)
You create an Azure web app named WebApp1. WebApp1 has the autoscale settings shown in the following exhibit.
The scale out and scale in rules are configured to have a duration of 10 minutes and a cool down time of five minutes.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: one instance
Refer to scaling condition provided in the question, August 8, 2018 is outside the schedule of the scale condition 1, and Default instance count is 1.
Box 2: two instances
The default instance count is important because autoscale scales your service to that count when metrics are not available. Therefore, select a default instance count that's safe for your workloads.
The Default instance count of scale condition 1 is 4, and the Scale in rule decreases the count with 1. So initial instance count before scale in condition met = 4
CPU utilization was at 15% for 60 mins so after first 10 mins ( The scale out and scale in rules are configured to have a duration of 10 minutes )instance count reduces by 1 hence after first 10 mins instance count is 4-1=3
Now cool down period is 5 mins , after first 15 mins instance count is 3 . After next 15 mins , instance count will be 3-1=2.
After next 15 mins , instance count will be =2 because minimum instance count must be 2 , it can't get reduced beyond 2.
So after 60 mins instance count will be at 2.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices
Does this meet the goal?
Correct Answer:
A
