ExamGecko
Search Search Login
Home Home / Microsoft / AZ-600

Microsoft AZ-600 Practice Test - Questions Answers, Page 18

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have an Azure Stack Hub integrated system that is disconnected from the internet. The integrated system has an Azure App Service resource provider. You generate a new certificate. You need to rotate the certificate of the App Service identity application to use the new certificate. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
You have an Azure Stack Hub integrated system. You perform infrastructure backups twice daily. User workloads are protected by using Azure Site Recovery. The architect of the user workloads is planning a business continuity disaster recovery (BCDR) strategy. You need to recommend to the architect which resources to include in the BCDR strategy. Which two resources should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
You have an Azure Stack Hub integrated system that has the following configurations: A deployment prefix of AzS A physical prefix of AzP You need to renew the certificates for the integrated system. To which virtual machine should you establish a PowerShell session?
Topic 2, Northwind Traders Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided. To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study. At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section. To start the case study To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Qbutton to return to the question. Overview A company named Northwind Traders has a main office and a datacenter. All development occurs at the main office. Existing Environment Identity Environment The network contains an Active Directory forest named northwind.com. The forest and an Azure Active Directory (Azure AD) tenant named northwind.onmicrosoft.com are integrated by using Active Directory Federation Service (AD FS). All Azure subscriptions use the northwind.onmicrosoft.com Azure AD tenant. Northwind Traders uses an Enterprise Agreement (EA) subscription. All operators are global administrators in northwind.onmicrosoft.com. Azure Stack Hub Environment Northwind Traders has the following five Azure Stack Hub integrated systems: One integrated system that connects to an internet-facing network and has the following configurations: - The region name is int1. - The operators do not have access to the user subscriptions. - The integrated system is used for customer and partner applications. - The partners and customers of NorthWind Traders use guest user accounts to access various user resources. Two integrated systems that connect to a private network, are accessed only from inside the company, and have the following configurations: - The integrated systems are dedicated to research and development. - One integrated system has a region name of priv1, and the other has a region name of priv2. - The integrated systems are used for various data rendering, AI workloads, inference, and data visualization. Two integrated systems that are dedicated to application development and have the following configurations: - The integrated systems are disconnected from the Internet. The workloads in the user subscriptions have Internet access. - One integrated system has a region name of dev1, and the other has a region name of dev2. - Both regions are used only by developers at Northwind Traders. The external domain name of all the integrated systems is northwind.com. All the integrated systems have Azure App Service and the Azure Kubernetes Service (AKS) engine deployed. The computer of the operator in each region has all the prerequisite software installed for managing Azure Stack Hub. Current Problems You identify the following issues in the current environment: The priv2 region recently experienced a catastrophic failure. The developers report high chargeback costs for the dev1 region. The int1 region runs a high number of Windows virtual machines that use pay-as-you-use images. The Northwind Traders partners and customers report that use of the guest user accounts is too complex. Users in the priv1 region recently deployed NCas_v4 virtual machines for various AI workload. The users discover that the virtual machines do not use GPUs. Requirements Planned Changes Northwind Traders plans to implement the following changes: Remove all guest user accounts. Change the DNS forwarder of the priv1 region. Change the billing model and registration name of the int1 region. After the catastrophic failure, restore the priv2 region to its original state. Provide each partner with its own dedicated user subscription that will use its own dedicated Azure AD tenant. Technical Requirements Northwind Traders identifies the following technical requirements: Minimize hardware and software costs. Standardize all datacenter workloads on Azure Stack Hub. In the priv1 region, implement a disaster recovery plan for App Service. Whenever possible, implement solutions by using the minimum amount of administrative effort. In the dev2 region, update the AKS Base Ubuntu image to the latest version in Azure Stack Hub Marketplace. Whenever possible, implement solutions by using built-in tools, features, and services without acquiring additional third-party tools. For the users’ virtual machines and the associated resources in the dev1 and dev2 regions, implement a business continuity and disaster recovery plan that includes an automated failback process. If changes to the Azure Stack Hub infrastructure cause workload downtime outside of planned maintenance windows, notify all users in the region where the downtime occurred and schedule a maintenance window.
You plan to deploy an Azure Stack Hub integrate system. You need to configure network connectivity for datacenter network integration. Which two routing methods can you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
You plan to install an update to an Azure Stack Hub integrated system. You need to verify whether the integrated system is healthy, and whether you can apply the update. You must achieve the goal as quickly as possible. Solution: From a privileged endpoint (PEP) session, you run TesT-AzureStack -Group "Default". Does this meet the goal?
DRAG DROP You have an Azure Stack Hub integrated system that is enabled for mufti-tenancy. The integrated system is configured as shown in the following table. You need lo onboard fabrikam.com as a guest Azure AD tenant to the integrated system. How should you complete the Power Shell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. A. Answer: A
You have an Azure Stack Hub integrated system. You need to create a new offer that can be used only by an operator to provision user subscriptions. The solution must simplify the process for users to create resources. Which type of offer should you create?
You need to resolve the performance issue reported by the users in the priv1 region. What should you do?
You plan to install an update to an Azure Stack Hub integrated system. You need to verify whether the integrated system is healthy, and whether you can apply the update. You must achieve the goal as quickly as possible. Solution: From the administrator management endpoint, you run Test-AzureStack –Group "UpdateReadiness". Does this meet the goal?

Question 171

Report
Export
Collapse

You need to configure the log forwarding. The solution must meet the Azure Stack Hub requirements.

What should you do?

A.
Connect to 192.168.101.101 and run the Set-EventLogLevel and Add-AzLogProfile cmdlets.
A.
Connect to 192.168.101.101 and run the Set-EventLogLevel and Add-AzLogProfile cmdlets.
Answers
B.
Connect to 192.168.100.224 and run the Set-SyslogServer and Set-SyslogClient cmdlets.
B.
Connect to 192.168.100.224 and run the Set-SyslogServer and Set-SyslogClient cmdlets.
Answers
C.
Connect to 192.168.100.224 and run the Set-EventLogLevel and Add-AzLogProfile cmdlets.
C.
Connect to 192.168.100.224 and run the Set-EventLogLevel and Add-AzLogProfile cmdlets.
Answers
D.
Connect to 192.168.101.101 and run the Set-SyslogServer and Set-SyslogClient cmdlets.
D.
Connect to 192.168.101.101 and run the Set-SyslogServer and Set-SyslogClient cmdlets.
Answers
Suggested answer: D

Explanation:

Integrate Azure Stack Hub with monitoring solutions using syslog forwarding The syslog channel exposes audits, alerts, and security logs from all the components of the Azure Stack Hub infrastructure. Use syslog forwarding to integrate with security monitoring solutions and to retrieve all audits, alerts, and security logs to store them for retention. Cmdlets to configure syslog forwarding

Configuring syslog forwarding requires access to the privileged endpoint (PEP). Two PowerShell cmdlets have been added to the PEP to configure the syslog forwarding:

### cmdlet to pass the syslog server information to the client and to configure the transport protocol, the encryption and the authentication between the client and the server Set-SyslogServer [-ServerName <String>] [-ServerPort <UInt16>] [-NoEncryption] [- SkipCertificateCheck] [-SkipCNCheck] [-UseUDP] [-Remove] ### cmdlet to configure the certificate for the syslog client to authenticate with the server Set-SyslogClient [-pfxBinary <Byte[]>] [-CertPassword <SecureString>]

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-integrate-security

Question 172

Report
Export
Collapse

You need to support the planned changes for User1.

Which service should you include?

A.
Microsoft.Subscriptions
A.
Microsoft.Subscriptions
Answers
B.
Microsoft.KeyVault
B.
Microsoft.KeyVault
Answers
C.
Microsoft.Storage
C.
Microsoft.Storage
Answers
D.
Microsoft.Compute
D.
Microsoft.Compute
Answers
Suggested answer: A

Explanation:

Assign the delegated provider role to User1.

Delegation steps

There are two steps to setting up delegation:

1. Create a delegated provider subscription: Subscribe a user to an offer containing only the subscription service. Users who subscribe to this offer can then extend the delegated offers to other users by signing them up for those offers.

2. Delegate an offer to the delegated provider: This offer enables the delegated provider to create subscriptions or to extend the offer to their users. The delegated provider can now take the offer and extend it to other users. Note:

Move subscriptions between delegated providers

If needed, a subscription can be moved between new or existing delegated provider subscriptions that belong to the same directory tenant. You can move them using the PowerShell cmdlet Move- AzsSubscription. Moving subscriptions is useful when:

* You onboard a new team member that will take on the delegated provider role and you want to assign to this team member user subscriptions that were previously created in the default provider subscription. * You have multiple delegated providers subscriptions in the same directory tenant (Azure AD) and need to move user subscriptions between them. This scenario could occur when a team member moves between teams and their subscription must be allocated to the new team.

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-delegated-provider

Question 173

Report
Export
Collapse

You need to configure name resolution to support the planned changes.

Which PowerShell cmdlet should you run?

A.
Sec-DnsServer
A.
Sec-DnsServer
Answers
B.
Regiscer-CuscomDnsServer
B.
Regiscer-CuscomDnsServer
Answers
C.
Set-AzSDnsForwarder
C.
Set-AzSDnsForwarder
Answers
D.
Set-DNSClientServerAddress
D.
Set-DNSClientServerAddress
Answers
Suggested answer: B

Explanation:

Configure the integrated system to resolve external names by using a DNS Server that has an IP address of 10.100.100.100. Resolving external DNS names from Azure Stack Hub

To resolve DNS names for endpoints outside Azure Stack Hub (for example: www.bing.com), you need to provide DNS servers that Azure Stack Hub can use to forward DNS requests for which Azure Stack Hub isn't authoritative. For deployment, DNS servers that Azure Stack Hub forwards requests to are required in the Deployment Worksheet (in the DNS Forwarder field). Provide at least two servers in this field for fault tolerance. Without these values, Azure Stack Hub deployment fails. You can edit the DNS Forwarder values with the Set-AzSDnsForwarder cmdlet after deployment. Configure conditional DNS forwarding

Important

This only applies to an AD FS deployment.

To enable name resolution with your existing DNS infrastructure, configure conditional forwarding.

To add a conditional forwarder, you must use the privileged endpoint.

For this procedure, use a computer in your datacenter network that can communicate with the privileged endpoint in Azure Stack Hub. 1. Open an elevated Windows PowerShell session (run as administrator), and connect to the IP address of the privileged endpoint. Use the credentials for CloudAdmin authentication. $cred=Get-Credential

Enter-PSSession -ComputerName <IP Address of ERCS> -ConfigurationName PrivilegedEndpoint - Credential $cred 2. After you connect to the privileged endpoint, run the following PowerShell command. Substitute the sample values provided with your domain name and IP addresses of the DNS servers you want to use.

Register-CustomDnsServer -CustomDomainName "contoso.com" -Custom

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-integrate-dns

Question 174

Report
Export
Collapse

You provision a new certificate to support the planned changes.

You need to validate the certificate.

Which PowerShell module should you install first?

A.
Az.Websites
A.
Az.Websites
Answers
B.
AzureRM.TemplateValidator
B.
AzureRM.TemplateValidator
Answers
C.
AzureStack
C.
AzureStack
Answers
D.
Microsoft.AzureStack.ReadinessChecker
D.
Microsoft.AzureStack.ReadinessChecker
Answers
Suggested answer: D

Explanation:

Use the Azure Stack Hub Readiness Checker tool to validate that generated public key infrastructure (PKI) certificates which are suitable for pre-deployment. Validate certificates by leaving enough time to test and reissue certificates if necessary.

The Readiness Checker tool performs the following certificate validations:

* Parse PFX

Checks for valid PFX file, correct password, and whether the public information is protected by the password. * Expiry Date

Checks for minimum validity of seven days.

* Signature algorithm

Checks that the signature algorithm isn't SHA1.

* Private Key

Checks that the private key is present and is exported with the local machine attribute.

* Etc.

Note: Perform core services certificate validation

Use these steps to validate the Azure Stack Hub PKI certificates for deployment and secret rotation:

1. Install AzsReadinessChecker from a PowerShell prompt (5.1 or above) by running the following cmdlet:

Install-Module Microsoft.AzureStack.ReadinessChecker -Force -AllowPrerelease 2. Create the certificate directory structure. 3. Etc.

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-validate-pki-certs

Topic 4, Misc. Questions

Question 175

Report
Export
Collapse

HOTSPOT

You need to create a certificate for the Event Hubs resource provider. The solution must support the planned changes. How should you configure the certificate? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Question 175
Correct answer: Question 175

Explanation:

Box 1: Subject Alternative Name

Implement the App Service resource provider and the Event Hubs resource provider on the integrated system/ Only the Subject Alternative Name is used.

Box 2: DNS Name = =*.eventhub.east.azurestack.treyresearch.net

Event Hubs prerequisites

Procure public key infrastructure (PKI) SSL certificates for Event Hubs. The Subject Alternative Name (SAN) must adhere to the following naming pattern: CN=*.eventhub.<region>.<fqdn>. Subject Name may be specified, but it's not used by Event Hubs when handling certificates. Only the Subject Alternative Name is used. See PKI certificate requirements for the full list of detailed requirements.

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/event-hubs-rp-prerequisites

Question 176

Report
Export
Collapse

HOTSPOT

You need to configure the Azure Stack Hub infrastructure backups. The solution must meet the Azure Stack Hub requirements. What should you do in the Azure Stack Hub administrator portal? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Question 176
Correct answer: Question 176

Explanation:

Box 1: 4

The infrastructure of the integrated system must be backed up as frequently as possible.

Enable backup for Azure Stack Hub from the administrator portal

The frequency in hours determines how often backups are created. The default value is 12. Scheduler supports a maximum of 12 and a minimum of 4. Box 2: Azure key vault

The integrated system backups must be retained for 28 days.

Online retention policy. This specifies the time period during which daily, weekly, monthly, and yearly backups are retained in the Azure Site Recovery vault that's associated with the local MABS instance.

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-backup-enable-backup-console

https://learn.microsoft.com/en-us/azure/architecture/hybrid/azure-stack-backup

Question 177

Report
Export
Collapse

DRAG DROP

You need to create the Linux virtual machine image. The solution must support the planned changes.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 177
Correct answer: Question 177

Explanation:

Step 1: Create a config.file and save the file as Sloud-init.txt file.

Publish a custom cloud-init built image of a Linux virtual machine to Azure Stack Hub Marketplace on the integrated system. Add Linux images to the Azure Stack Hub Marketplace

1: Create a cloud-init.txt file with your cloud-config

Step 2: Upload the file to Azure Stack Hub storage account.

2: Reference cloud-init.txt during the Linux VM deployment

Upload the file to an Azure storage account, Azure Stack Hub storage account, or GitHub repository reachable by your Azure Stack Hub Linux VM. Step 3: Provision on Azure Stack Hub virtual machine by using Az PowerShell moduel.

You can create an Ubuntu Server 16.04 LTS virtual machine (VM) by using Azure Stack Hub PowerShell. Make sure to reference the cloud-init.txt as a part of the -CustomData flag:

$VirtualMachine =Set-AzVMOperatingSystem -VM $VirtualMachine `

-Linux `

-ComputerName "MainComputer" `

-Credential $cred -CustomData "#include https://cloudinitstrg.blob.core.windows.net/strg/cloudinit.txt"

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-linux?

Question 178

Report
Export
Collapse

HOTSPOT

You need to create the planned changes and meet the business requirements.

Which subscription should you use to host the SQL Server instance, and what should you configure on the instance? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Question 178
Correct answer: Question 178

Explanation:

Box 1: The Default Provider Subscription

A default Microsoft SQL Server instance will host the database of the App Service resource provider. In Azure Stack Hub Subscriptions, select the Default Provider Subscription. Azure App Service on Azure Stack Hub must be deployed in the Default Provider Subscription. Box 2:

Enter the SQL Server details for the server instance used to host the App Service resource provider database and then select Next. The installer validates the SQL connection properties.

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-app-service-deploy

Question 179

Report
Export
Collapse

DRAG DROP

You need to update the Azure Stack Hub integrated system registration to support the planned changes. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 179
Correct answer: Question 179

Explanation:

Total 179 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms