- (Topic 5)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.
Solution: From the Redeploy blade, you click Redeploy. Does this meet the goal?
Correct Answer:
A
Redeploying the virtual machine moves it to a new host within the same region and availability set. This can help resolve any underlying issues with the current host. Redeploying the virtual machine does not affect the configuration or data on the virtual machine. Then, References: [Redeploy Windows VM to new Azure node]
- (Topic 5)
You develop the following Azure Resource Manager (ARM) template to create a resource group and deploy an Azure Storage account to the resource group.
Which cmdlet should you run to deploy the template?
Correct Answer:
B
The New-AzResourceGroupDeployment cmdlet deploys an Azure Resource Manager template to a resource group. You can use this cmdlet to create a new resource group or update an existing one with the resources defined in the template. The template can be a local file or a URI. Then, References: [New-AzResourceGroupDeployment]
- (Topic 3)
You are planning the move of App1 to Azure. You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1. What should you recommend?
Correct Answer:
C
As App1 is public-facing we need an incoming security rule, related to the access of the web servers.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier. Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
- (Topic 5)
You have an Azure virtual machine named VM1 and an Azure key vault named Vault1. On VM1, you plan to configure Azure Disk Encryption to use a key encryption key (KEK) You need to prepare Vault! for Azure Disk Encryption.
Which two actions should you perform on Vault1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct Answer:
AC
To prepare Vault1 for Azure Disk Encryption, you need to perform the following actions on Vault1:
✑ Create a new key. A key encryption key (KEK) is an encryption key that is used to
encrypt the encryption secrets before they are stored in the key vault. You can create a new KEK by using the Azure CLI, the Azure PowerShell, or the Azure portal1. You can also import an existing KEK from another source, such as a hardware security module (HSM)2. The KEK must be a 2048-bit RSA key or a 256-bit AES key3.
✑ Select Azure Disk Encryption for volume encryption. This is an advanced access
policy setting that enables Azure Disk Encryption to access the keys and secrets in the key vault. You can select this setting by using the Azure CLI, the Azure PowerShell, or the Azure portal4. You must also enable access to Microsoft Trusted Services if you have enabled the firewall on the key vault.
HOTSPOT - (Topic 1)
You implement the planned changes for NSG1 and NSG2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A
