- (Exam Topic 6)
You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com. You need to enable two-step verification for Azure users.
What should you do?
Correct Answer:
B
Conditional Access policies enforce registration, requiring unregistered users to complete registration at first sign-in, an important security consideration.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
- (Exam Topic 6)
You have an on-premises network that includes a Microsoft SQL Server instance named SQL1. You create an Azure Logic App named App1.
You need to ensure that App1 can query a database on SQL1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Solution:
To access data sources on premises from your logic apps, you can create a data gateway resource in Azure so that your logic apps can use the on-premises connectors.
Box 1: From an on-premises computer, install an on-premises data gateway.
Before you can connect to on-premises data sources from Azure Logic Apps, download and install the on-premises data gateway on a local computer.
Box 2: From the Azure portal, create an on-premises data gateway Create Azure resource for gateway
After you install the gateway on a local computer, you can then create an Azure resource for your gateway. This step also associates your gateway resource with your Azure subscription.
Sign in to the Azure portal. Make sure you use the same Azure work or school email address used to install the gateway.
On the main Azure menu, select Create a resource > Integration > On-premises data gateway.
On the Create connection gateway page, provide this information for your gateway resource.
To add the gateway resource to your Azure dashboard, select Pin to dashboard. When you're done, choose Create.
Box 3: From the Logic Apps Designer in the Azure portal, add a connector
After you create your gateway resource and associate your Azure subscription with this resource, you can now create a connection between your logic app and your on-premises data source by using the gateway.
In the Azure portal, create or open your logic app in the Logic App Designer.
Add a connector that supports on-premises connections, for example, SQL Server.
Set up your connection.
References:
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-gateway-connection
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 6)
You have an on premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
You need to create a site-to-site VPN. The solution must ensure that if a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: 4
Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET.
The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below.
Box 2: 2
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections.
Box 3: 2
Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 6)
You have an Azure subscription that contains two virtual machines as shown in the following table.
You perform a reverse DNS lookup for 10.0.0.4 from VM2. Which FQDN will be returned?
Correct Answer:
B
This is an excerpt from the official documentation in the section "Reverse DNS Considerations" Form : https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-insta [..." - All PTR queries for IP addresses of virtual machines will return FQDNs of form [vmname].internal.cloudapp.net - Forward lookup on FQDNs of form [vmname].internal.cloudapp.net will resolve to IP address assigned to the virtual machine. - If the virtual network is linked to an Azure DNS private zones as a registration virtual network, the reverse DNS queries will return two records. One record will be of the form [vmname].[privatednszonename] and the other will be of the form [vmname].internal.cloudapp.net
"...]
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-insta
- (Exam Topic 6)
You are planning to deploy an Ubuntu Server virtual machine to your company’s Azure subscription.
You are required to implement a custom deployment that includes adding a particular trusted root certification authority (CA).
Which of the following should you use to create the virtual machine?
Correct Answer:
D
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-automate-vm-deployment