Ask Question
Microsoft AZ-600 Practice Test - Questions Answers, Page 12
List of questions
Question 111
DRAG DROP
You have an Azure subscription named sub1 linked to an Azure Active Directory (Azure AD) tenant named contoso.com You have an Azure Stack Hub integrated system that is registered to sub1. You need to delegate registering the Azure Stack Hub integrated system to an Azure Stack Hub operator. The solution must use the Principle of least privilege. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in correct order.
Explanation:
Step 1: Create a JSON file that contains the role definition.
Rather than using an account that has Owner permissions in the Azure subscription, you can create a custom role to assign permissions to a less-privileged user account. This account can then be used to register your Azure Stack Hub. Create a custom role using PowerShell
Use the following JSON template to simplify creation of the custom role. The template creates a custom role that allows the required read and write access for Azure Stack Hub registration. 1. Create a JSON file. For example, C:\CustomRoles\registrationrole.json.
2. Add the following JSON to the file. Replace <SubscriptionID> with your Azure subscription ID. {
"Name": "Azure Stack Hub registration role",
"Id": null,
"IsCustom": true,
"Description": "Allows access to register Azure Stack Hub",
"Actions": [
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.AzureStack/registrations/*",
"Microsoft.AzureStack/register/action",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/permissions/read",
"Microsoft.Authorization/locks/read",
"Microsoft.Authorization/locks/write"
],
"NotActions": [
],
"AssignableScopes": [
"/subscriptions/<SubscriptionID>"
]
}
3. In PowerShell, connect to Azure to use Azure Resource Manager. When prompted, authenticate using an account with sufficient permissions such as Owner or User Access Administrator. Connect-AzAccount
4. To create the custom role, use New-AzRoleDefinition specifying the JSON template file.
New-AzRoleDefinition -InputFile "C:\CustomRoles\registrationrole.json" Step 2: From Azure Cloud shell, run the New-AzRoleDefinition cmdlet. Step 3: From the Azure portal, add a role assignment to sub1.
Assign a user to registration role
After the registration custom role is created, assign the role to the user account that will be used for registering Azure Stack Hub. Sign in with the account with sufficient permission on the Azure subscription to delegate rights - such as Owner or User Access Administrator. In Subscriptions, select Access control (IAM) > Add role assignment.
In Role, choose the custom role you created: Azure Stack Hub registration role.
Select the users you want to assign to the role.
Select Save to assign the selected users to the role.
Reference: https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-registration-role
Question 112
DRAG DROP
You have an Azure Stack Hub integrated system linked to an Azure AD tenant named contoso.onmicrosoft.com. You need to allow users in an Azure AD tenant named adatum.onmicrosoft.com to access Azure Stack Hub resources. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Register a guest directory
To register a guest directory for multi-tenancy, you need to configure both the home Azure Stack Hub directory and the guest directory. Configure Azure Stack Hub directory
The first step is to make your Azure Stack Hub system aware of the guest directory. In this example, the directory from Mary's company, Adatum, is called adatum.onmicrosoft.com.
1. Sign in to the Azure Stack Hub administrator portal and go to All services - Directories.
2. Select Add to start the onboarding process. Enter the guest directory name "adatum.onmicrosoft.com", and then select Add. (Step 1)
3. The guest directory appears in the list view, with a status of unregistered.
4. Only Mary has the credentials to authenticate to the guest directory, so you must send her the link to complete the registration. Select the adatum.onmicrosoft.com checkbox, and then select Register. (Step 2)
5. A new browser tab opens. Select Copy link at the bottom of the page, and provide it to Mary. (Step 3) 6. If you have the credentials for the guest directory, you can complete the registration yourself by selecting Sign in.
Reference:
https://learn.microsoft.com/en-us/azure-stack/operator/enable-multitenancy
Question 113
DRAG DROP
You have an Azure Stack Hub integrated system that contains a guest Azure AD tenant named fabrikam.com. You need to unregister fabrikam.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Step 1: Connect to the Azure Resource Manager (ARM) endpoint
Compare to the steps in the note below.
Use https://adminmanagement.<region>.<domain>
Azure Resource Manager (administrator)
Adminmanagement.<region>.<fqdn>
Azure Resource Manager (user)
Management.<region>.<fqdn>
Step 2: Run the –Unregister-AzSGuestDirectoryTenant cmdlet.
Unregister a guest directory
If you no longer want to allow sign-ins to Azure Stack Hub services from a guest directory tenant, you can unregister the directory. Again, both the home Azure Stack Hub directory and guest directory need to be configured. Configure guest directory
Step 3: Instruct the global administrator of fabrikam.com to run the –unregister- AzsWithMyDirectoryTenant cmdlet.
Question 114
HOTSPOT
You have an Azure Stack Hub integrated system that is enabled for multitenancy.
The Directories list for the integrated system is shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: 3
3 registered, and one in need of an update.
Note: Update the Azure Stack Hub directories
When an Azure Stack Hub directory update is required, a status of Update Required is shown. For example:
To update the directory, select the Directory name checkbox, and then select Update.
Box 2: global administrator of ITHCSubAS2021.onmicrosoft.com
The guest directory ITHCSubAS2021.onmicrosoft.com needs an update.
Update the guest directory
An Azure Stack Hub operator should also inform the guest directory owner that they need to update their directory by using the URL shared for registration.
Reference:
https://learn.microsoft.com/en-us/azure-stack/operator/enable-multitenancy
Question 115
HOTSPOT
You have an Azure Stack Hub integrated system that is enabled for multi-tenancy and contains a tenant. The integrated system is configured as shown in the following table.
You need to configure the URI that will be used by the tenant to query the subscription usage.
How should you complete the URI? To answer, select the appropriate options in the answer area.
Explanation:
Box 1: https://management.contoso.com
Do not include the region1 in the URI.
Use management not adminmanagentment (see below).
Note: Tenant resource usage API reference
A tenant can use the tenant APIs to view the tenant's own resource usage dat a. These APIs are consistent with the Azure usage APIs. You can use the Windows PowerShell cmdlet Get-UsageAggregates to get usage data, just like in Azure.
API call
Request
The request gets consumption details for the requested subscriptions and for the requested time frame. There is no request body. Method Request URI
GET
https://{armendpoint}/subscriptions/{subId}/providers/Microsoft.Commerce/usageAggregates?reportedStartTime={reportedStartTime}&reportedEndTime={reportedEndTime}&aggregationGranularity ={granularity}&api-version=2015-06-01-preview&continuationToken={token-value}
Parameters
* Armendpoint
Azure Resource Manager endpoint of your Azure Stack Hub environment. The Azure Stack Hub convention is that the name of Azure Resource Manager endpoint is in the format https://management.{domain-name}. For example, for the development kit, the domain name is
local.azurestack.external, then the Resource Manager endpoint is https://management.local.azurestack.external. Box 2: 22f2d01-…
Use the tenant subscription identifier.
Parameters continued
* subId
Subscription ID of the user who is making the call. You can use this API only to query for a single subscription's usage. Providers can use the provider resource usage API to query usage for all tenants.
Reference:
https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-tenant-resource-usage-api Question No: 132
Question 116
HOTSPOT
You plan to deploy an Azure Stack Hub integrated system to a datacenter.
You need to connect the top-of-rack (ToR) switches to the existing border devices. The solution must ensure that routes propagate dynamically between the ToR switches and the border devices.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Box 1: BGP
BGP routing
Using a dynamic routing protocol like BGP guarantees that your system is always aware of network changes and facilitates administration. For enhanced security, a password may be set on the BGP peering between the TOR and the Border.
Box 2: Layer 3 uplinks with point-to-point connectivity
To integrate Azure Stack Hub to the network it requires uplinks from the Top-of-Rack switches (ToR) to the nearest switch or router, which on this documentation is referred as Border. The ToRs can be uplinked to a single or a pair of Borders.
The top of rack (TOR) switches require Layer 3 uplinks with Point-to-Point IPs (/30 networks) configured on the physical interfaces. Layer 2 uplinks with TOR switches supporting Azure Stack Hub operations isn't supported
Reference:
https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-border-connectivity
https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-network
Question 117
DRAG DROP
You have an Azure Stack Hub integrated system.
The retention period for storage accounts is set to 7 days.
A user reports that a storage account named hr12943 was deleted accidentally two days ago.
You need to restore hr12943.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Step 1: Connect to the administrator portal
Find a storage account
The list of storage accounts in the region can be viewed in Azure Stack Hub by following these steps:
1. Sign in to the administrator portal https://adminportal.local.azurestack.external.
2. Select All services > Storage > Storage accounts.
By default, the first 10 accounts are displayed. You can choose to fetch more by clicking the Load more link at the bottom of the list. Step 2: Open the Storage accounts blade.
Step 3: Select hr12943.
Once you've located the accounts you're interested in viewing, you can select the particular account to view certain details. A new pane opens with the account details. These details include the kind of account, creation time, location, and so on.
Step 4: Select Recover.
Recover a deleted account
You may be in a situation where you need to recover a deleted account.
In Azure Stack Hub, there's a simple way to do that:
Browse to the storage accounts list. For more information, see Find a storage account at the top of this article. Locate that particular account in the list. You may need to filter.
Check the state of the account. It should say Deleted.
Select the account, which opens the account details pane. (Step 3 above) On top of this pane, locate the Recover button and select it. (Step 4) Select Yes to confirm.
Reference:
https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-manage-storage-accounts
Question 118
DRAG DROP
You have an Azure Stack Hub integrated system. The current VIP pool uses a subnet of 192.168.203.0/24 and has routing configured to use BGP. In the administrator portal, you receive an alert that the public IP addresses are at 95 percent utilization. You need to add 192.168.204.0/24 to the public IP address pool.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Add public IP addresses
Add the IP address range to Azure Stack Hub
In a browser, go to your administrator portal dashboard. For this example, we'll use
https://adminportal.local.azurestack.external.
Sign in to the Azure Stack Hub administrator portal as a cloud operator. (Step 1) On the default dashboard, find the Region management list and select the region you want to manage. For this example, we use local. Find the Resource providers tile and click on the network resource provider. (Step 2) Click on the Public IP pools usage tile. (Step 2) Click on the Add IP pool button. (Step 3) Provide a name for the IP pool. The name you choose helps you easily identify the IP pool. You can't use a special character like "/" in this field. It's a good practice to make the name the same as the address range, but that isn't required. Enter the address block you want to add in CIDR notation. For example: 192.168.203.0/24 When you provide a valid CIDR range in the Address range (CIDR block) field the Start IP address, End IP address and Available IP addresses fields will automatically populate. They're read-only and automatically generated so you can't change these fields without modifying the value in the Address range field. After you review the info on the blade and confirm that everything looks correct, select Ok to commit the change and add the address range to Azure Stack Hub.
Reference:
https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-add-ips
Question 119
HOTSPOT
You have an Azure Stack Hub integrated system that is linked to an Active Directory domain named fabrikam.com by using Active Directory Federation Services (AD FS). You have the resources shown in the following table.
You need to ensure that the integrated system can resolve DNS queries for fabrikam.com.
How should you complete the PowerShell script? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Register-CustomDnsServer
Resolving external DNS names from Azure Stack Hub
To resolve DNS names for endpoints outside Azure Stack Hub (for example: www.bing.com), you need to provide DNS servers that Azure Stack Hub can use to forward DNS requests for which Azure Stack Hub isn't authoritative. For deployment, DNS servers that Azure Stack Hub forwards requests to are required in the Deployment Worksheet (in the DNS Forwarder field). Provide at least two servers in this field for fault tolerance. Without these values, Azure Stack Hub deployment fails.
Configure conditional DNS forwarding
Important
This only applies to an AD FS deployment.
To enable name resolution with your existing DNS infrastructure, configure conditional forwarding.
To add a conditional forwarder, you must use the privileged endpoint.
For this procedure, use a computer in your datacenter network that can communicate with the privileged endpoint in Azure Stack Hub. 1. Open an elevated Windows PowerShell session (run as administrator), and connect to the IP address of the privileged endpoint. Use the credentials for CloudAdmin authentication.
$cred=Get-Credential
Enter-PSSession -ComputerName <IP Address of ERCS> -ConfigurationName PrivilegedEndpoint - Credential $cred 2. After you connect to the privileged endpoint, run the following PowerShell command. Substitute the sample values provided with your domain name and IP addresses of the DNS servers you want to use.
Register-CustomDnsServer -CustomDomainName "contoso.com" -CustomDnsIPAddresses "192.168.1.1","192.168.1.2" Box 2: fabrikam.com The external DNS zone.
Box 3: “192.160.20.1”, “192.160.20.2”,
The IP addresses for the DNS servers in External DNS zone.
Reference:
https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-integrate-dns
Question 120
HOTSPOT
You have a Windows Server-based certification authority (CA) and a disconnected Azure Stack Hub integrated system. You need to issue a certificate that will be used to authenticate a service principal when the service principal accesses Azure Stack Hub resources. How should you configure the certificate? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Microsoft legacy Cryptographic Service Provider (CSP) key provider Give an app access to Azure Stack Hub resources An application that deploys or configures resources through Azure Resource Manager must be represented by its own identity, known as a security principal. Just as a user is represented by a user principal, an app is represented by a service principal. Create an app registration that uses a certificate credential
When creating a certificate credential, the following requirements must be met:
* The cryptographic provider must be specified as a Microsoft legacy Cryptographic Service Provider (CSP) key provider. * The certificate format must be in PFX file, as both the public and private keys are required.
Windows servers use .pfx files that contain the public key file (TLS/SSL certificate file) and the associated private key file. * Etc.
Box 2: .pfx
Reference: https://learn.microsoft.com/en-us/azure-stack/operator/give-app-access-to-resources
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
.png)
Question