ExamGecko
Search Search Login
Home Home / Microsoft / AZ-600

Microsoft AZ-600 Practice Test - Questions Answers, Page 5

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You plan to deploy an Azure Stack Hub integrate system. You need to configure network connectivity for datacenter network integration. Which two routing methods can you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
You have an Azure Stack Hub integrated system that is disconnected from the internet. The integrated system has an Azure App Service resource provider. You generate a new certificate. You need to rotate the certificate of the App Service identity application to use the new certificate. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
You have an Azure Stack Hub integrated system. You perform infrastructure backups twice daily. User workloads are protected by using Azure Site Recovery. The architect of the user workloads is planning a business continuity disaster recovery (BCDR) strategy. You need to recommend to the architect which resources to include in the BCDR strategy. Which two resources should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
You have an Azure Stack Hub integrated system that has the following configurations: A deployment prefix of AzS A physical prefix of AzP You need to renew the certificates for the integrated system. To which virtual machine should you establish a PowerShell session?
You need to resolve the performance issue reported by the users in the priv1 region. What should you do?
Topic 2, Northwind Traders Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided. To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study. At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section. To start the case study To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Qbutton to return to the question. Overview A company named Northwind Traders has a main office and a datacenter. All development occurs at the main office. Existing Environment Identity Environment The network contains an Active Directory forest named northwind.com. The forest and an Azure Active Directory (Azure AD) tenant named northwind.onmicrosoft.com are integrated by using Active Directory Federation Service (AD FS). All Azure subscriptions use the northwind.onmicrosoft.com Azure AD tenant. Northwind Traders uses an Enterprise Agreement (EA) subscription. All operators are global administrators in northwind.onmicrosoft.com. Azure Stack Hub Environment Northwind Traders has the following five Azure Stack Hub integrated systems: One integrated system that connects to an internet-facing network and has the following configurations: - The region name is int1. - The operators do not have access to the user subscriptions. - The integrated system is used for customer and partner applications. - The partners and customers of NorthWind Traders use guest user accounts to access various user resources. Two integrated systems that connect to a private network, are accessed only from inside the company, and have the following configurations: - The integrated systems are dedicated to research and development. - One integrated system has a region name of priv1, and the other has a region name of priv2. - The integrated systems are used for various data rendering, AI workloads, inference, and data visualization. Two integrated systems that are dedicated to application development and have the following configurations: - The integrated systems are disconnected from the Internet. The workloads in the user subscriptions have Internet access. - One integrated system has a region name of dev1, and the other has a region name of dev2. - Both regions are used only by developers at Northwind Traders. The external domain name of all the integrated systems is northwind.com. All the integrated systems have Azure App Service and the Azure Kubernetes Service (AKS) engine deployed. The computer of the operator in each region has all the prerequisite software installed for managing Azure Stack Hub. Current Problems You identify the following issues in the current environment: The priv2 region recently experienced a catastrophic failure. The developers report high chargeback costs for the dev1 region. The int1 region runs a high number of Windows virtual machines that use pay-as-you-use images. The Northwind Traders partners and customers report that use of the guest user accounts is too complex. Users in the priv1 region recently deployed NCas_v4 virtual machines for various AI workload. The users discover that the virtual machines do not use GPUs. Requirements Planned Changes Northwind Traders plans to implement the following changes: Remove all guest user accounts. Change the DNS forwarder of the priv1 region. Change the billing model and registration name of the int1 region. After the catastrophic failure, restore the priv2 region to its original state. Provide each partner with its own dedicated user subscription that will use its own dedicated Azure AD tenant. Technical Requirements Northwind Traders identifies the following technical requirements: Minimize hardware and software costs. Standardize all datacenter workloads on Azure Stack Hub. In the priv1 region, implement a disaster recovery plan for App Service. Whenever possible, implement solutions by using the minimum amount of administrative effort. In the dev2 region, update the AKS Base Ubuntu image to the latest version in Azure Stack Hub Marketplace. Whenever possible, implement solutions by using built-in tools, features, and services without acquiring additional third-party tools. For the users’ virtual machines and the associated resources in the dev1 and dev2 regions, implement a business continuity and disaster recovery plan that includes an automated failback process. If changes to the Azure Stack Hub infrastructure cause workload downtime outside of planned maintenance windows, notify all users in the region where the downtime occurred and schedule a maintenance window.
You plan to install an update to an Azure Stack Hub integrated system. You need to verify whether the integrated system is healthy, and whether you can apply the update. You must achieve the goal as quickly as possible. Solution: From a privileged endpoint (PEP) session, you run TesT-AzureStack -Group "Default". Does this meet the goal?
DRAG DROP You have an Azure Stack Hub integrated system. You install the Azure Gallery Packager (.azpkg) tool on a management workstation. You need to define a custom Azure Stack Hub Marketplace item that will provision a virtual machine from a base image. Which file should you configure for each requirement? To answer, drag the appropriate files to the correct requirements. Each file may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
DRAG DROP You have an Azure Stack Hub integrated system that is enabled for mufti-tenancy. The integrated system is configured as shown in the following table. You need lo onboard fabrikam.com as a guest Azure AD tenant to the integrated system. How should you complete the Power Shell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. A. Answer: A
You have an Azure Stack Hub integrated system. You need to create a new offer that can be used only by an operator to provision user subscriptions. The solution must simplify the process for users to create resources. Which type of offer should you create?

Question 41

Report
Export
Collapse

You have a disconnected Azure Stack Hub integrated system.

You have a registered app named App1 that has a client ID of 2bbe67d8-3fdb-4b62-87cfcc41dd4344rf.

You plan to assign a role-based access control (RBAC) role to Appl.

You need to locate App1 in the Azure Stack Hub user portal by using the search feature.

Which prefix should you use?

A.
AzureStackHub-app1
A.
AzureStackHub-app1
Answers
B.
AxuraStack-appl
B.
AxuraStack-appl
Answers
C.
2bbe67d8-3fdb-4b62-87cf-cc41dd4344ff
C.
2bbe67d8-3fdb-4b62-87cf-cc41dd4344ff
Answers
D.
app1
D.
app1
Answers
Suggested answer: A

Explanation:

Under Select, search for your app using a full or partial Application Name. During registration, the Application Name is generated as Azurestack-<YourAppName>-<ClientId>. For example, if you used an application name of App2, and ClientId 2bbe67d8-3fdb-4b62-87cf-cc41dd4344ff was assigned during creation, the full name would be Azurestack-App2-2bbe67d8-3fdb-4b62-87cf-cc41dd4344ff. You can search for either the exact string, or a portion, like Azurestack or Azurestack-App2.

Note: An Application ID, sometimes referred to as a Client ID. A GUID that uniquely identifies the app's registration in your Active Directory tenant.

Reference: https://learn.microsoft.com/en-us/azure-stack/operator/give-app-access-to-resources

Question 42

Report
Export
Collapse

You have an Azure Stack Hub integrated system that is linked to an Azure AD tenant named contoso.onmicrosoft.com. The Azure Stack Hub portals are configured as shown in the following table.

You register a guest Azure AD tenant named adatum.onmicrosoft.com that contains a user named [email protected]. User1 needs to subscribe to art Azure Stack Hub integrated system offer. Which URL should User1 use?

A.
https://portal.eastus.contoso.com/
A.
https://portal.eastus.contoso.com/
Answers
B.
https://portal.eastus.contoso.com/fabrikam.com
B.
https://portal.eastus.contoso.com/fabrikam.com
Answers
C.
https://adminportal.eastus.contoso.com/fabnkam.com
C.
https://adminportal.eastus.contoso.com/fabnkam.com
Answers
D.
https //portal eastus.contoso.com/adatum.onmicrosoft.com
D.
https //portal eastus.contoso.com/adatum.onmicrosoft.com
Answers
Suggested answer: D

Explanation:

For multinode systems, the user portal URL is formatted as https://portal.<region>.<FQDN>. For anASDK deployment, the URL is https://portal.local.azurestack.external. In our case we must also direct any foreign principals (users in the Adatum directory without the suffix of adatum.onmicrosoft.com) to sign in using https://<user-portalurl>/ adatum.onmicrosoft.com. If they don't specify the / adatum.onmicrosoft.com directory tenant in the URL, they're sent to their default directory and receive an error that says their administrator hasn't consented.

Reference: https://learn.microsoft.com/en-us/azure-stack/operator/enable-multitenancy

Question 43

Report
Export
Collapse

You have an Azure Slack Hub integrated system.

You receive the following alert: "One or more guest Azure AD tenants must be configured." You need to identify which Azure AD tenants require configuration. Which PowerShell cmdlet should you run?

A.
Get-AzsDirectoryTenantidcntifier
A.
Get-AzsDirectoryTenantidcntifier
Answers
B.
Get-AzureADTenantDetail
B.
Get-AzureADTenantDetail
Answers
C.
Get-AzsHealthReport
C.
Get-AzsHealthReport
Answers
D.
Get-AzsAlerts
D.
Get-AzsAlerts
Answers
Suggested answer: C

Explanation:

.Synopsis

Gets the health report of identity application in the Azure Stack home and guest directories .DESCRIPTION Gets the health report for Azure Stack identity applications in the home directory as well as guest directories of Azure Stack. Any directories with an unhealthy status need to have their permissions updated.

.EXAMPLE

$adminResourceManagerEndpoint = "https://adminmanagement.local.azurestack.external"$homeDirectoryTenantName = "<homeDirectoryTenant>.onmicrosoft.com"Get-AzsHealthReport -AdminResourceManagerEndpoint $adminResourceManagerEndpoint `-DirectoryTenantName $homeDirectoryTenantName -Verbose

Reference: https://github.com/Azure/AzureStack-

Tools/blob/master/Identity/AzureStack.Identity.psm1

https://github.com/Azure/AzureStack-Tools/blob/master/Identity/README.md

Question 44

Report
Export
Collapse

You have a connected Azure Stack Hub integrated system that contains a user named User1.

You need to ensure that User1 can onboard a new guest tenant directory. The solution must use the principle of least privilege. Which role should you assign to User1?

A.
Owner
A.
Owner
Answers
B.
Global administrator
B.
Global administrator
Answers
C.
Hybrid identity administrator
C.
Hybrid identity administrator
Answers
D.
Domain name administrator
D.
Domain name administrator
Answers
Suggested answer: C

Explanation:

Hybrid Identity Administrator role is now available with Cloud Provisioning Type: New feature Service category: Azure AD Cloud Provisioning Product capability: Identity Lifecycle Management IT Admins can start using the new "Hybrid Admin" role as the least privileged role for setting up Azure AD Connect Cloud Provisioning. With this new role, you no longer have to use the Global Admin role to set up and configure Cloud Provisioning. Note: Hybrid Identity Administrator

Users in this role can create, manage and deploy provisioning configuration setup from AD to Azure AD using Cloud Provisioning as well as manage Azure AD Connect, Pass-through Authentication (PTA), Password hash synchronization (PHS), Seamless Single Sign-On (Seamless SSO), and federation settings. Users can also troubleshoot and monitor logs using this role.

Reference: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/whats-newarchive

https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#hybrididentity-administrator

Question 45

Report
Export
Collapse

You have an Azure Stack Hub integrated system.

You unlock the privileged endpoint (PEP).

How long will the PEP session remain unlocked?

A.
30 minutes
A.
30 minutes
Answers
B.
one hour
B.
one hour
Answers
C.
24 hours
C.
24 hours
Answers
D.
eight hours
D.
eight hours
Answers
Suggested answer: D

Explanation:

Unlocking the privileged endpoint for support scenarios

During a support scenario, the Microsoft support engineer might need to elevate the privileged endpoint PowerShell session to access the internals of the Azure Stack Hub infrastructure. This process is sometimes informally referred to as "break the glass" or "unlock the PEP".

An elevated PEP session has a validity of 8 hours, after which, if not terminated, the elevated PEP session will automatically lock back to a regular PEP session.

Reference: https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-privileged-endpoint

Question 46

Report
Export
Collapse

You are troubleshooting an Azure Stack Hub integrated system.

A Microsoft Support Engineer needs to review automatically uploaded logs.

What should you provide to the Microsoft Support Engineer?

A.
the Azure AD tenant ID
A.
the Azure AD tenant ID
Answers
B.
the metering subscription ID
B.
the metering subscription ID
Answers
C.
the Microsoft Partner Network (MPN) number
C.
the Microsoft Partner Network (MPN) number
Answers
D.
the Azure Stack Hub Cloud ID
D.
the Azure Stack Hub Cloud ID
Answers
E.
the default service provider subscription ID
E.
the default service provider subscription ID
Answers
Suggested answer: D

Explanation:

The Cloud ID is the unique ID for tracking support data uploaded from a specific scale unit. When diagnostic logs are uploaded for support analysis, the Cloud ID is how the logs are associated with that scale unit.

Reference: https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-find-cloud-id?

Question 47

Report
Export
Collapse

You are planning an Azure Slack Hub deployment for an enterprise customer.

You need to identify an appropriate identity model for the customer. The solution must use capacitybased billing. Which two identity providers can you use for the customer? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A.
Active Directory Federation Services (AD FS) in an Enterprise Agreement (EA)
A.
Active Directory Federation Services (AD FS) in an Enterprise Agreement (EA)
Answers
B.
Azure Active Directory (Azure AD) in a Cloud Solution Provider (CSP) subscription
B.
Azure Active Directory (Azure AD) in a Cloud Solution Provider (CSP) subscription
Answers
C.
Azure Active Directory (Azure AD) in an Enterprise Agreement (EA)
C.
Azure Active Directory (Azure AD) in an Enterprise Agreement (EA)
Answers
D.
Active Directory Federation Services (AD FS) in a Cloud Solution Provider (CSP) subscription
D.
Active Directory Federation Services (AD FS) in a Cloud Solution Provider (CSP) subscription
Answers
Suggested answer: A, C

Explanation:

Choose an identity store

With a connected deployment, you can choose between Azure AD or AD FS for your identity store. A disconnected deployment, with no internet connectivity, can only use AD FS. Capacity-based billing

If you decide to use the capacity billing model, you must purchase an Azure Stack Hub Capacity Plan SKU based on the capacity of your system. You need to know the number of physical cores in your Azure Stack Hub to purchase the correct quantity.

Capacity billing requires an Enterprise Agreement (EA) Azure subscription for registration. The reason is that registration sets up the availability of items in the Marketplace, which requires an Azure subscription. The subscription isn't used for Azure Stack Hub usage.

Reference: https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-connecteddeployment

Question 48

Report
Export
Collapse

You have an Azure Slack Hub integrated system that uses the latest version.

You discover an alert for an external certificate that will expire. You obtain new certificates.

You need to validate that all the components required to change the certificates are in a healthy state, and then renew the certificates. Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.
Run the Start -Sec ret Rot at Ion and specify the PfxFilePath parameter.
A.
Run the Start -Sec ret Rot at Ion and specify the PfxFilePath parameter.
Answers
B.
Copy the certificates to Azure Blob storage.
B.
Copy the certificates to Azure Blob storage.
Answers
C.
Copy the certificates to an SMB file share that is accessible from the privilege endpoint (PEP).
C.
Copy the certificates to an SMB file share that is accessible from the privilege endpoint (PEP).
Answers
D.
Run the Test-AzureStack cmdlet and Specify the -Group UpdateReadiness parameter.
D.
Run the Test-AzureStack cmdlet and Specify the -Group UpdateReadiness parameter.
Answers
E.
Run the Test-AzureStaek cmdlet and Specify the -Group SecretRotationReadiness parameter.
E.
Run the Test-AzureStaek cmdlet and Specify the -Group SecretRotationReadiness parameter.
Answers
F.
Run Start-SecretRotation cmdlet and Specify the Internal parameter.
F.
Run Start-SecretRotation cmdlet and Specify the Internal parameter.
Answers
Suggested answer: C, E, F

Explanation:

Reference: https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-rotate-secrets

Question 49

Report
Export
Collapse

You have 20 computers that run Linux.

You deploy a disconnected Azure Stack Hub integrated system.

You need to ensure that users on the Linux computers can manage their Azure Stack Hub resources by using Azure Command-Line Interface (CLI). What should you do first?

A.
Request a new certificate for the integrated system.
A.
Request a new certificate for the integrated system.
Answers
B.
For each Linux computer, request a certificate from the integrated system.
B.
For each Linux computer, request a certificate from the integrated system.
Answers
C.
Export the root certificate of the integrated system as a P7B file.
C.
Export the root certificate of the integrated system as a P7B file.
Answers
D.
Export the root certificate of the integrated system as a CER file.
D.
Export the root certificate of the integrated system as a CER file.
Answers
Suggested answer: D

Explanation:


Question 50

Report
Export
Collapse

You have an Azure Slack Hub integrated system and a computer named Computer1 that runs Windows 11. You need to deploy the Azure Stack Hub PowerShell tools to Computer1. What should you do first?

A.
Connect to the privileged endpoint (PEP).
A.
Connect to the privileged endpoint (PEP).
Answers
B.
Copy the AzureStack module from the Hardware Lifecycle Host (HLH).
B.
Copy the AzureStack module from the Hardware Lifecycle Host (HLH).
Answers
C.
Download AzureStack-Tools from the GitHub repository.
C.
Download AzureStack-Tools from the GitHub repository.
Answers
D.
Download the AzureStack module from PowerShell Gallery.
D.
Download the AzureStack module from PowerShell Gallery.
Answers
Suggested answer: C

Explanation:

Download Azure Stack Hub tools from GitHub

AzureStack-Tools is a GitHub repository that hosts PowerShell modules for managing and deploying resources to Azure Stack Hub. If you're planning to establish VPN connectivity, you can download these PowerShell modules to the Azure Stack Development Kit (ASDK), or to a Windows-based external client.

Reference: https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-powershelldownload

Total 179 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms