HOTSPOT - (Topic 5)
You have an Azure Storage accounts as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: storageaccount1 and storageaccount2 only Box 2: All the storage accounts
Note: The three different storage account options are: General-purpose v2 (GPv2) accounts, General-purpose v1 (GPv1) accounts, and Blob storage accounts.
✑ General-purpose v2 (GPv2) accounts are storage accounts that support all of the
latest features for blobs, files, queues, and tables.
✑ Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs.
✑ General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-account- options
Does this meet the goal?
Correct Answer:
A
DRAG DROP - (Topic 5)
You have an Azure subscription that contains the resources shown in the following table.
You need to load balance HTTPS connections to vm1 and vm2 by using Ib1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Solution:
https://learn.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard- public-portal
Does this meet the goal?
Correct Answer:
A
HOTSPOT - (Topic 5)
You have an Azure Storage account named storage1 that contains two containers named container 1 and container2. Blob versioning is enabled for both containers.
You periodically take blob snapshots of critical blobs. You create the following lifecycle management policy:
For each of the following statements, select Yes If the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Solution:
Based on the lifecycle management policy you created and the information from the web search results, here are the answers to your statements:
✑ A blob snapshot automatically moves to the Cool access tier after 15 days. = Yes
✑ A blob version in container2 automatically moves to the Archive access tier after 30 days. = No
✑ A rehydrated version automatically moves to the Archive access tier after 30 days.
= No
✑ The lifecycle management policy you created has two rules: one for container1 and one for container2. The rule for container1 has an action that moves blob snapshots to the Cool access tier if they are older than 15 days. Therefore, a blob snapshot in container1 will automatically move to the Cool access tier after 15 days, regardless of the access tier of the base blob.
✑ The rule for container2 has an action that moves blob versions to the Archive
access tier if they are older than 30 days and have a prefix match of “archive/”. Therefore, a blob version in container2 will only automatically move to the Archive access tier after 30 days if its name starts with “archive/”. Otherwise, it will remain in its current access tier.
✑ A rehydrated version is a blob version that was previously in the Archive access
tier and was restored to an online access tier (Hot or Cool) by using the rehydrate priority option1. A rehydrated version does not automatically move to the Archive access tier after 30 days, unless there is a lifecycle management policy rule that explicitly specifies this action. In your case, neither of the rules applies to rehydrated versions, so they will stay in their online access tiers until you manually change them or delete them.
Does this meet the goal?
Correct Answer:
A
- (Topic 5)
Your on-premises network contains a VPN gateway.
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that all the traffic from VM1 to storage! travels across the Microsoft backbone network.
What should you configure?
Correct Answer:
B
Per the MS documentation, private endpoint seems to be the proper choice: "You can use private endpoints for your Azure Storage accounts to allow clients on a virtual network (VNet) to securely access data over a Private Link. The private endpoint uses a separate IP address from the VNet address space for each storage account service. Network traffic between the clients on the VNet and the storage account traverses over the VNet and a private link on the Microsoft backbone network, eliminating exposure from the public internet." Link: https://learn.microsoft.com/en-us/azure/storage/common/storage-private- endpoints
- (Topic 1)
You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.
What should you include in the recommended?
Correct Answer:
D
Technically, The finance department needs to migrate their users from AD to AAD using AADC based on the finance OU, and need to enforce MFA use. This is conditional access policy. Employees also often get promotions and/or join other departments and when that occurs, the user's OU attribute will change when the admin puts the user in a new OU, and the dynamic group conditional access exception (OU= [Department Name Value]) will move the user to the appropriate dynamic group on next AADC delta sync.
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic- membership
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa- userstates
