- (Exam Topic 6)
You have an Azure subscription that contains a user named User1.
You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege.
Which role-based access control (RBAC) role should you assign to User1?
Correct Answer:
D
- (Exam Topic 5)
You have an Azure virtual machine named VM1 that runs Windows Server 2019.
You save VM1 as a template named Template1 to the Azure Resource Manager library. You plan to deploy a virtual machine named VM2 from Template1.
What can you configure during the deployment of VM2?
Correct Answer:
C
When deploying a virtual machine from a template, you must specify: 
the Resource Group name and location for the VM the administrator username and password an unique DNS name for the public IP
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/ps-template
- (Exam Topic 5)
You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.
Subscription1 contains a virtual network named VNet1.VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.
Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24.
You need to connect VNet1 to VNet2. What should you do first?
Correct Answer:
C
The virtual networks can be in the same or different regions, and from the same or different subscriptions. When connecting VNets from different subscriptions, the subscriptions do not need to be associated with the same Active Directory tenant.
Configuring a VNet-to-VNet connection is a good way to easily connect VNets. Connecting a virtual network to another virtual network using the VNet-to-VNet connection type (VNet2VNet) is similar to creating a
Site-to-Site IPsec connection to an on-premises location. Both connectivity types use a VPN gateway to provide a secure tunnel using IPsec/IKE, and both function the same way when communicating.
The local network gateway for each VNet treats the other VNet as a local site. This lets you specify additional address space for the local network gateway in order to route traffic.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal
- (Exam Topic 5)
You have a public load balancer that balances ports 80 and 443 across three virtual machines. You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only. What should you configure?
Correct Answer:
C
To port forward traffic to a specific port on specific VMs use an inbound network address translation (NAT) rule.
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview an inbound NAT rule :
Create a load balancer inbound network address translation (NAT) rule to forward traffic from a specific port of the front-end IP address to a specific port of a back-end VM.
Hence this option is Correct
a load balancing rule : Incorrect Choice
A load balancer rule defines how traffic is distributed to the VMs. The rule defines the front-end IP configuration for incoming traffic, the back-end IP pool to receive the traffic, and the required source and destination ports.
a new public load balancer for VM3 : Incorrect Choice
This option will not help you since this will route all traffic to VM3 only. a frontend IP configuration : Incorrect Choice
When you define an Azure Load Balancer, a frontend and a backend pool configuration are connected with rules. The health probe referenced by the rule is used to determine how new flows are sent to a node in the backend pool. The frontend (aka VIP) is defined by a 3-tuple comprised of an IP address (public or internal), a transport protocol (UDP or TCP), and a port number from the load balancing rule. The backend pool is a collection of Virtual Machine IP configurations (part of the NIC resource) which reference the Load Balancer backend pool.
References:
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-portal https://pixelrobots.co.uk/2017/08/azure-load-balancer-for-rds/
- (Exam Topic 6)
You create the following resources in an Azure subscription:
• An Azure Container Registry instance named Registry1.
• An Azure Kubernetes Service (AKS) cluster named Cluster1.
You create a container image named App1 on your administrative workstation. You need to deploy App1 to Cluster1. What should you do first?
Correct Answer:
B
Run the az acr build command : Correct Choice
az acr build command queues a quick build, providing streaming logs for an Azure Container Registry az acr build --registry
[--agent-pool]
[--auth-mode {Default, None}] [--build-arg]
[--file]
[--image]
[--no-format]
[--no-logs]
[--no-push]
[--no-wait]
[--platform]
[--resource-group] [--secret-build-arg] [--subscription]
[--target]
[--timeout] [
Create a host pool on Cluster1 : Incorrect Choice
Host pools are a collection of one or more identical virtual machines (VMs) within Windows Virtual Desktop
environments. It won't deploy the app to the cluster. Run the docker push command : Incorrect Choice
Use docker push to share your images to the Docker Hub registry or to a self-hosted one. It won't deploy the app to the cluster.
Run the docker build command : Incorrect Choice
This command will build an image from a Dockerfile. But in the question it has been said that image file is already built and need to deploy. This command will not deploy the image.
Reference:
https://docs.microsoft.com/en-us/cli/azure/acr?view=azure-cli-latest#az-acr-build https://docs.docker.com/engine/reference/commandline/push/ https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace https://docs.docker.com/engine/reference/commandline/build/
