ExamGecko
Search Search Login
Home Home / Microsoft / AZ-600

Microsoft AZ-600 Practice Test - Questions Answers, Page 12

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have an Azure Stack Hub integrated system. You perform infrastructure backups twice daily. User workloads are protected by using Azure Site Recovery. The architect of the user workloads is planning a business continuity disaster recovery (BCDR) strategy. You need to recommend to the architect which resources to include in the BCDR strategy. Which two resources should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Topic 2, Northwind Traders Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided. To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study. At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section. To start the case study To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Qbutton to return to the question. Overview A company named Northwind Traders has a main office and a datacenter. All development occurs at the main office. Existing Environment Identity Environment The network contains an Active Directory forest named northwind.com. The forest and an Azure Active Directory (Azure AD) tenant named northwind.onmicrosoft.com are integrated by using Active Directory Federation Service (AD FS). All Azure subscriptions use the northwind.onmicrosoft.com Azure AD tenant. Northwind Traders uses an Enterprise Agreement (EA) subscription. All operators are global administrators in northwind.onmicrosoft.com. Azure Stack Hub Environment Northwind Traders has the following five Azure Stack Hub integrated systems: One integrated system that connects to an internet-facing network and has the following configurations: - The region name is int1. - The operators do not have access to the user subscriptions. - The integrated system is used for customer and partner applications. - The partners and customers of NorthWind Traders use guest user accounts to access various user resources. Two integrated systems that connect to a private network, are accessed only from inside the company, and have the following configurations: - The integrated systems are dedicated to research and development. - One integrated system has a region name of priv1, and the other has a region name of priv2. - The integrated systems are used for various data rendering, AI workloads, inference, and data visualization. Two integrated systems that are dedicated to application development and have the following configurations: - The integrated systems are disconnected from the Internet. The workloads in the user subscriptions have Internet access. - One integrated system has a region name of dev1, and the other has a region name of dev2. - Both regions are used only by developers at Northwind Traders. The external domain name of all the integrated systems is northwind.com. All the integrated systems have Azure App Service and the Azure Kubernetes Service (AKS) engine deployed. The computer of the operator in each region has all the prerequisite software installed for managing Azure Stack Hub. Current Problems You identify the following issues in the current environment: The priv2 region recently experienced a catastrophic failure. The developers report high chargeback costs for the dev1 region. The int1 region runs a high number of Windows virtual machines that use pay-as-you-use images. The Northwind Traders partners and customers report that use of the guest user accounts is too complex. Users in the priv1 region recently deployed NCas_v4 virtual machines for various AI workload. The users discover that the virtual machines do not use GPUs. Requirements Planned Changes Northwind Traders plans to implement the following changes: Remove all guest user accounts. Change the DNS forwarder of the priv1 region. Change the billing model and registration name of the int1 region. After the catastrophic failure, restore the priv2 region to its original state. Provide each partner with its own dedicated user subscription that will use its own dedicated Azure AD tenant. Technical Requirements Northwind Traders identifies the following technical requirements: Minimize hardware and software costs. Standardize all datacenter workloads on Azure Stack Hub. In the priv1 region, implement a disaster recovery plan for App Service. Whenever possible, implement solutions by using the minimum amount of administrative effort. In the dev2 region, update the AKS Base Ubuntu image to the latest version in Azure Stack Hub Marketplace. Whenever possible, implement solutions by using built-in tools, features, and services without acquiring additional third-party tools. For the users’ virtual machines and the associated resources in the dev1 and dev2 regions, implement a business continuity and disaster recovery plan that includes an automated failback process. If changes to the Azure Stack Hub infrastructure cause workload downtime outside of planned maintenance windows, notify all users in the region where the downtime occurred and schedule a maintenance window.
You plan to deploy an Azure Stack Hub integrate system. You need to configure network connectivity for datacenter network integration. Which two routing methods can you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
You have an Azure Stack Hub integrated system that is disconnected from the internet. The integrated system has an Azure App Service resource provider. You generate a new certificate. You need to rotate the certificate of the App Service identity application to use the new certificate. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
You have an Azure Stack Hub integrated system that has the following configurations: A deployment prefix of AzS A physical prefix of AzP You need to renew the certificates for the integrated system. To which virtual machine should you establish a PowerShell session?
You need to resolve the performance issue reported by the users in the priv1 region. What should you do?
You plan to install an update to an Azure Stack Hub integrated system. You need to verify whether the integrated system is healthy, and whether you can apply the update. You must achieve the goal as quickly as possible. Solution: From the administrator management endpoint, you run Test-AzureStack –Group "UpdateReadiness". Does this meet the goal?
You plan to install an update to an Azure Stack Hub integrated system. You need to verify whether the integrated system is healthy, and whether you can apply the update. You must achieve the goal as quickly as possible. Solution: From a privileged endpoint (PEP) session, you run TesT-AzureStack -Group "Default". Does this meet the goal?
DRAG DROP You have an Azure Stack Hub integrated system. You install the Azure Gallery Packager (.azpkg) tool on a management workstation. You need to define a custom Azure Stack Hub Marketplace item that will provision a virtual machine from a base image. Which file should you configure for each requirement? To answer, drag the appropriate files to the correct requirements. Each file may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
DRAG DROP You have an Azure Stack Hub integrated system that is enabled for mufti-tenancy. The integrated system is configured as shown in the following table. You need lo onboard fabrikam.com as a guest Azure AD tenant to the integrated system. How should you complete the Power Shell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. A. Answer: A

Question 111

Report
Export
Collapse

DRAG DROP

You have an Azure subscription named sub1 linked to an Azure Active Directory (Azure AD) tenant named contoso.com You have an Azure Stack Hub integrated system that is registered to sub1. You need to delegate registering the Azure Stack Hub integrated system to an Azure Stack Hub operator. The solution must use the Principle of least privilege. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in correct order.


Question 111
Correct answer: Question 111

Explanation:

Step 1: Create a JSON file that contains the role definition.

Rather than using an account that has Owner permissions in the Azure subscription, you can create a custom role to assign permissions to a less-privileged user account. This account can then be used to register your Azure Stack Hub. Create a custom role using PowerShell

Use the following JSON template to simplify creation of the custom role. The template creates a custom role that allows the required read and write access for Azure Stack Hub registration. 1. Create a JSON file. For example, C:\CustomRoles\registrationrole.json.

2. Add the following JSON to the file. Replace <SubscriptionID> with your Azure subscription ID. {

"Name": "Azure Stack Hub registration role",

"Id": null,

"IsCustom": true,

"Description": "Allows access to register Azure Stack Hub",

"Actions": [

"Microsoft.Resources/subscriptions/resourceGroups/write",

"Microsoft.Resources/subscriptions/resourceGroups/read",

"Microsoft.AzureStack/registrations/*",

"Microsoft.AzureStack/register/action",

"Microsoft.Authorization/roleAssignments/read",

"Microsoft.Authorization/roleAssignments/write",

"Microsoft.Authorization/roleAssignments/delete",

"Microsoft.Authorization/permissions/read",

"Microsoft.Authorization/locks/read",

"Microsoft.Authorization/locks/write"

],

"NotActions": [

],

"AssignableScopes": [

"/subscriptions/<SubscriptionID>"

]

}

3. In PowerShell, connect to Azure to use Azure Resource Manager. When prompted, authenticate using an account with sufficient permissions such as Owner or User Access Administrator. Connect-AzAccount

4. To create the custom role, use New-AzRoleDefinition specifying the JSON template file.

New-AzRoleDefinition -InputFile "C:\CustomRoles\registrationrole.json" Step 2: From Azure Cloud shell, run the New-AzRoleDefinition cmdlet. Step 3: From the Azure portal, add a role assignment to sub1.

Assign a user to registration role

After the registration custom role is created, assign the role to the user account that will be used for registering Azure Stack Hub. Sign in with the account with sufficient permission on the Azure subscription to delegate rights - such as Owner or User Access Administrator. In Subscriptions, select Access control (IAM) > Add role assignment.

In Role, choose the custom role you created: Azure Stack Hub registration role.

Select the users you want to assign to the role.

Select Save to assign the selected users to the role.

Reference: https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-registration-role

Question 112

Report
Export
Collapse

DRAG DROP

You have an Azure Stack Hub integrated system linked to an Azure AD tenant named contoso.onmicrosoft.com. You need to allow users in an Azure AD tenant named adatum.onmicrosoft.com to access Azure Stack Hub resources. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 112
Correct answer: Question 112

Explanation:

Register a guest directory

To register a guest directory for multi-tenancy, you need to configure both the home Azure Stack Hub directory and the guest directory. Configure Azure Stack Hub directory

The first step is to make your Azure Stack Hub system aware of the guest directory. In this example, the directory from Mary's company, Adatum, is called adatum.onmicrosoft.com.

1. Sign in to the Azure Stack Hub administrator portal and go to All services - Directories.

2. Select Add to start the onboarding process. Enter the guest directory name "adatum.onmicrosoft.com", and then select Add. (Step 1)

3. The guest directory appears in the list view, with a status of unregistered.

4. Only Mary has the credentials to authenticate to the guest directory, so you must send her the link to complete the registration. Select the adatum.onmicrosoft.com checkbox, and then select Register. (Step 2)

5. A new browser tab opens. Select Copy link at the bottom of the page, and provide it to Mary. (Step 3) 6. If you have the credentials for the guest directory, you can complete the registration yourself by selecting Sign in.

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/enable-multitenancy

Question 113

Report
Export
Collapse

DRAG DROP

You have an Azure Stack Hub integrated system that contains a guest Azure AD tenant named fabrikam.com. You need to unregister fabrikam.com.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 113
Correct answer: Question 113

Explanation:

Step 1: Connect to the Azure Resource Manager (ARM) endpoint

Compare to the steps in the note below.

Use https://adminmanagement.<region>.<domain>

Azure Resource Manager (administrator)

Adminmanagement.<region>.<fqdn>

Azure Resource Manager (user)

Management.<region>.<fqdn>

Step 2: Run the –Unregister-AzSGuestDirectoryTenant cmdlet.

Unregister a guest directory

If you no longer want to allow sign-ins to Azure Stack Hub services from a guest directory tenant, you can unregister the directory. Again, both the home Azure Stack Hub directory and guest directory need to be configured. Configure guest directory

Step 3: Instruct the global administrator of fabrikam.com to run the –unregister- AzsWithMyDirectoryTenant cmdlet.

Question 114

Report
Export
Collapse

HOTSPOT

You have an Azure Stack Hub integrated system that is enabled for multitenancy.

The Directories list for the integrated system is shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.


Question 114
Correct answer: Question 114

Explanation:

Box 1: 3

3 registered, and one in need of an update.

Note: Update the Azure Stack Hub directories

When an Azure Stack Hub directory update is required, a status of Update Required is shown. For example:

To update the directory, select the Directory name checkbox, and then select Update.

Box 2: global administrator of ITHCSubAS2021.onmicrosoft.com

The guest directory ITHCSubAS2021.onmicrosoft.com needs an update.

Update the guest directory

An Azure Stack Hub operator should also inform the guest directory owner that they need to update their directory by using the URL shared for registration.

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/enable-multitenancy

Question 115

Report
Export
Collapse

HOTSPOT

You have an Azure Stack Hub integrated system that is enabled for multi-tenancy and contains a tenant. The integrated system is configured as shown in the following table.

You need to configure the URI that will be used by the tenant to query the subscription usage.

How should you complete the URI? To answer, select the appropriate options in the answer area.


Question 115
Correct answer: Question 115

Explanation:

Box 1: https://management.contoso.com

Do not include the region1 in the URI.

Use management not adminmanagentment (see below).

Note: Tenant resource usage API reference

A tenant can use the tenant APIs to view the tenant's own resource usage dat a. These APIs are consistent with the Azure usage APIs. You can use the Windows PowerShell cmdlet Get-UsageAggregates to get usage data, just like in Azure.

API call

Request

The request gets consumption details for the requested subscriptions and for the requested time frame. There is no request body. Method Request URI

GET

https://{armendpoint}/subscriptions/{subId}/providers/Microsoft.Commerce/usageAggregates?reportedStartTime={reportedStartTime}&reportedEndTime={reportedEndTime}&aggregationGranularity ={granularity}&api-version=2015-06-01-preview&continuationToken={token-value}

Parameters

* Armendpoint

Azure Resource Manager endpoint of your Azure Stack Hub environment. The Azure Stack Hub convention is that the name of Azure Resource Manager endpoint is in the format https://management.{domain-name}. For example, for the development kit, the domain name is

local.azurestack.external, then the Resource Manager endpoint is https://management.local.azurestack.external. Box 2: 22f2d01-…

Use the tenant subscription identifier.

Parameters continued

* subId

Subscription ID of the user who is making the call. You can use this API only to query for a single subscription's usage. Providers can use the provider resource usage API to query usage for all tenants.

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-tenant-resource-usage-api Question No: 132

Question 116

Report
Export
Collapse

HOTSPOT

You plan to deploy an Azure Stack Hub integrated system to a datacenter.

You need to connect the top-of-rack (ToR) switches to the existing border devices. The solution must ensure that routes propagate dynamically between the ToR switches and the border devices.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 116
Correct answer: Question 116

Explanation:

Box 1: BGP

BGP routing

Using a dynamic routing protocol like BGP guarantees that your system is always aware of network changes and facilitates administration. For enhanced security, a password may be set on the BGP peering between the TOR and the Border.

Box 2: Layer 3 uplinks with point-to-point connectivity

To integrate Azure Stack Hub to the network it requires uplinks from the Top-of-Rack switches (ToR) to the nearest switch or router, which on this documentation is referred as Border. The ToRs can be uplinked to a single or a pair of Borders.

The top of rack (TOR) switches require Layer 3 uplinks with Point-to-Point IPs (/30 networks) configured on the physical interfaces. Layer 2 uplinks with TOR switches supporting Azure Stack Hub operations isn't supported

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-border-connectivity

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-network

Question 117

Report
Export
Collapse

DRAG DROP

You have an Azure Stack Hub integrated system.

The retention period for storage accounts is set to 7 days.

A user reports that a storage account named hr12943 was deleted accidentally two days ago.

You need to restore hr12943.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 117
Correct answer: Question 117

Explanation:

Step 1: Connect to the administrator portal

Find a storage account

The list of storage accounts in the region can be viewed in Azure Stack Hub by following these steps:

1. Sign in to the administrator portal https://adminportal.local.azurestack.external.

2. Select All services > Storage > Storage accounts.

By default, the first 10 accounts are displayed. You can choose to fetch more by clicking the Load more link at the bottom of the list. Step 2: Open the Storage accounts blade.

Step 3: Select hr12943.

Once you've located the accounts you're interested in viewing, you can select the particular account to view certain details. A new pane opens with the account details. These details include the kind of account, creation time, location, and so on.

Step 4: Select Recover.

Recover a deleted account

You may be in a situation where you need to recover a deleted account.

In Azure Stack Hub, there's a simple way to do that:

Browse to the storage accounts list. For more information, see Find a storage account at the top of this article. Locate that particular account in the list. You may need to filter.

Check the state of the account. It should say Deleted.

Select the account, which opens the account details pane. (Step 3 above) On top of this pane, locate the Recover button and select it. (Step 4) Select Yes to confirm.

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-manage-storage-accounts

Question 118

Report
Export
Collapse

DRAG DROP

You have an Azure Stack Hub integrated system. The current VIP pool uses a subnet of 192.168.203.0/24 and has routing configured to use BGP. In the administrator portal, you receive an alert that the public IP addresses are at 95 percent utilization. You need to add 192.168.204.0/24 to the public IP address pool.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 118
Correct answer: Question 118

Explanation:

Add public IP addresses

Add the IP address range to Azure Stack Hub

In a browser, go to your administrator portal dashboard. For this example, we'll use

https://adminportal.local.azurestack.external.

Sign in to the Azure Stack Hub administrator portal as a cloud operator. (Step 1) On the default dashboard, find the Region management list and select the region you want to manage. For this example, we use local. Find the Resource providers tile and click on the network resource provider. (Step 2) Click on the Public IP pools usage tile. (Step 2) Click on the Add IP pool button. (Step 3) Provide a name for the IP pool. The name you choose helps you easily identify the IP pool. You can't use a special character like "/" in this field. It's a good practice to make the name the same as the address range, but that isn't required. Enter the address block you want to add in CIDR notation. For example: 192.168.203.0/24 When you provide a valid CIDR range in the Address range (CIDR block) field the Start IP address, End IP address and Available IP addresses fields will automatically populate. They're read-only and automatically generated so you can't change these fields without modifying the value in the Address range field. After you review the info on the blade and confirm that everything looks correct, select Ok to commit the change and add the address range to Azure Stack Hub.

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-add-ips

Question 119

Report
Export
Collapse

HOTSPOT

You have an Azure Stack Hub integrated system that is linked to an Active Directory domain named fabrikam.com by using Active Directory Federation Services (AD FS). You have the resources shown in the following table.

You need to ensure that the integrated system can resolve DNS queries for fabrikam.com.

How should you complete the PowerShell script? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Question 119
Correct answer: Question 119

Explanation:

Box 1: Register-CustomDnsServer

Resolving external DNS names from Azure Stack Hub

To resolve DNS names for endpoints outside Azure Stack Hub (for example: www.bing.com), you need to provide DNS servers that Azure Stack Hub can use to forward DNS requests for which Azure Stack Hub isn't authoritative. For deployment, DNS servers that Azure Stack Hub forwards requests to are required in the Deployment Worksheet (in the DNS Forwarder field). Provide at least two servers in this field for fault tolerance. Without these values, Azure Stack Hub deployment fails.

Configure conditional DNS forwarding

Important

This only applies to an AD FS deployment.

To enable name resolution with your existing DNS infrastructure, configure conditional forwarding.

To add a conditional forwarder, you must use the privileged endpoint.

For this procedure, use a computer in your datacenter network that can communicate with the privileged endpoint in Azure Stack Hub. 1. Open an elevated Windows PowerShell session (run as administrator), and connect to the IP address of the privileged endpoint. Use the credentials for CloudAdmin authentication.

$cred=Get-Credential

Enter-PSSession -ComputerName <IP Address of ERCS> -ConfigurationName PrivilegedEndpoint - Credential $cred 2. After you connect to the privileged endpoint, run the following PowerShell command. Substitute the sample values provided with your domain name and IP addresses of the DNS servers you want to use.

Register-CustomDnsServer -CustomDomainName "contoso.com" -CustomDnsIPAddresses "192.168.1.1","192.168.1.2" Box 2: fabrikam.com The external DNS zone.

Box 3: “192.160.20.1”, “192.160.20.2”,

The IP addresses for the DNS servers in External DNS zone.

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-integrate-dns

Question 120

Report
Export
Collapse

HOTSPOT

You have a Windows Server-based certification authority (CA) and a disconnected Azure Stack Hub integrated system. You need to issue a certificate that will be used to authenticate a service principal when the service principal accesses Azure Stack Hub resources. How should you configure the certificate? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Question 120
Correct answer: Question 120

Explanation:

Box 1: Microsoft legacy Cryptographic Service Provider (CSP) key provider Give an app access to Azure Stack Hub resources An application that deploys or configures resources through Azure Resource Manager must be represented by its own identity, known as a security principal. Just as a user is represented by a user principal, an app is represented by a service principal. Create an app registration that uses a certificate credential

When creating a certificate credential, the following requirements must be met:

* The cryptographic provider must be specified as a Microsoft legacy Cryptographic Service Provider (CSP) key provider. * The certificate format must be in PFX file, as both the public and private keys are required.

Windows servers use .pfx files that contain the public key file (TLS/SSL certificate file) and the associated private key file. * Etc.

Box 2: .pfx

Reference: https://learn.microsoft.com/en-us/azure-stack/operator/give-app-access-to-resources

Total 179 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms