- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com. Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name. Which type of DNS record should you create?
Correct Answer:
B
TXT or MX : Correct
You can use either a TXT or MX record to verify the custom domain in the Azure AD. MX records can serve the purpose of TXT records
SRV : Incorrect
SRV records are used by various services to specify server locations. When specifying an SRV record in Azure DNS
DNSKEY : Incorrect Choice
This will verify that the records are originating from an authorized sender. NSEC : Incorrect Choice
This is Part of DNSSEC. This is used for explicit denial-of-existence of a DNS record. It is used to prove a name does not exist.
Reference:
https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain#verify-your-custom-d https://www.cloudflare.com/dns/dnssec/how-dnssec-works/#:~:text=DNSKEY - Contains a
- (Exam Topic 3)
You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Solution:
Statement 1: Yes
Contoso is moving the existing product blueprint files to Azure Blob storage which will ensure that the blueprint files are stored in the archive storage tier.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these. Statement 2: No
Azure Table storage stores large amounts of structured data. The service is a NoSQL datastore which accepts authenticated calls from inside and outside the Azure cloud. Azure tables are ideal for storing structured, non-relational data. Common uses of Table storage include:
* 1. Storing TBs of structured data capable of serving web scale applications
* 2. Storing datasets that don't require complex joins, foreign keys, or stored procedures and can be denormalized for fast access
* 3. Quickly querying data using a clustered index
* 4. Accessing data using the OData protocol and LINQ queries with WCF Data Service .NET Libraries Statement 3: No
File Storage can be used if your business use case needs to deal mostly with standard File extensions like
*.docx, *.png and *.bak then you should probably go with this storage option.
Reference:
https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science-process/move-data-to-azure-blob-us https://docs.microsoft.com/en-us/azure/storage/tables/table-storage-overview https://www.serverless360.com/blog/azure-blob-storage-vs-file-storage
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure subscription that contains the resources shown in the following table.
All virtual machines run Windows Server 2016.
On VM1, you back up a folder named Folder1 as shown in the following exhibit.
You plan to restore the backup to a different virtual machine. You need to restore the backup to VM2.
What should you do first?
Correct Answer:
A
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-windows-server
- (Exam Topic 4)
You plan to create an Azure virtual machine named VM1 that will be configured as shown in the following exhibit.
The planned disk configurations for VM1 are shown in the following exhibit.
The planned disk configurations for VM1 are shown in the following exhibit.
You need to ensure that VM1 can be created in an Availability Zone.
Which two settings should you modify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Correct Answer:
AC
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/move-azure-vms-avset-azone https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-portal-availability-zone
- (Exam Topic 6)
You have an Azure Active Directory (Azure AD) tenant that contains three global administrators named Admin1, Admin2, and Admin3.
The tenant is associated to an Azure subscription. Access control for the subscription is configured as shown in the Access control exhibit. (Click the Exhibit tab.)
You sign in to the Azure portal as Admin1 and configure the tenant as shown in the Tenant exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Solution:
They are all Global admins so they can all modify user permission. i.e add self as owner etc.
You can be GA in one of the subscription, it doesn't mean that you can create the resources in all subscription. As a Global Administrator in Azure Active Directory (Azure AD), you might not have access to all subscriptions and management groups in your directory. Azure AD and Azure resources are secured independently from one another. That is, Azure AD role assignments do not grant access to Azure resources, and Azure role assignments do not grant access to Azure AD.
However, if you are a Global Administrator in Azure AD, you can assign yourself access to all Azure subscriptions and management groups in your directory
Reference:
https://docs.microsoft.com/en-gb/azure/role-based-access-control/elevate-access-global-admin
Does this meet the goal?
Correct Answer:
A