70-533 Exam Questions - Online Test
70-533 Premium VCE File
150 Lectures, 20 Hours
Q1. You manage a large datacenter that has limited physical space.
You plan to extend your datacenter to Azure.
You need to create a connection that supports a multiprotocol label switching (MPLS) virtual private network.
Which connection type should you use?
A. Site-to-site
B. VNet-VNet
C. ExpressRoute.
D. Site-to-peer
Answer: C
Explanation:
ExpressRoute provides even richer capabilities by allowing a dedicated MPLS connection to Azure. Reference:
ExpressRoute:
An MPLS Connection to Microsoft Azure
http://azure.microsoft.com/en-us/services/expressroute/
Q2. You manage a software-as-a-service application named SaasApp1 that provides user management features in a multi-directory environment.
You plan to offer SaasApp1 to other organizations that use Azure Active Directory.
You need to ensure that SaasApp1 can access directory objects.
What should you do?
A. Configure the Federation Metadata URL
B. Register SaasApp1 as a native client application.
C. Register SaasApp1 as a web application.
D. Configure the Graph API.
Answer: D
Explanation: The Azure Active Directory Graph API provides programmatic access to Azure AD through REST API endpoints. Applications can use the Graph API to perform create, read, update, and delete (CRUD) operations on directory data and objects. For example, the Graph API supports the following common operations for a user object: / Create a new user in a directory / Get a user’s detailed properties, such as their groups / Update a user’s properties, such as their location and phone number, or change their password / Check a user’s group membership for role-based access / Disable a user’s account or delete it entirely
Reference: Azure AD Graph API
URL: http://msdn.microsoft.com/en-us/library/azure/hh974476.aspx
Q3. DRAG DROP
You manage an Azure Web Site named salessite1. You notice some performance issues with salessite1. You create a new database for salessite1.
You need to update salessite1 with the following changes, in the order shown:
1. Display the list of current connection strings.
2. Create a new connection string named conn1 with a value of: Server=tcp:samplel.database.windows.net,1433;Database=NewDB;User
ID=User@samplel;Password=Passwordl;Trusted_Connection=False;Encrypt=True;Connec tion Timeout=30;.
3. Download the application logs for analysis.
Which three xplat-cli commands should you perform in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.
Answer:
Q4. You manage a collection of large video files that is stored in an Azure Storage account.
A user wants access to one of your video files within the next seven days.
You need to allow the user access only to the video file, and then revoke access once the user no longer needs it.
What should you do?
A. Give the user the secondary key for the storage account.
Once the user is done with the file, regenerate the secondary key.
B. Create an Ad-Hoc Shared Access Signature for the Blob resource.
Set the Shared Access Signature to expire in seven days.
C. Create an access policy on the container.
Give the external user a Shared Access Signature for the blob by using the policy.
Once the user is done with the file, delete the policy.
D. Create an access policy on the blob.
Give the external user access by using the policy.
Once the user is done with the file, delete the policy.
Answer: C
Explanation: See 3) below. By default, only the owner of the storage account may access blobs, tables, and queues within that account. If your service or application needs to make these resources available to other clients without sharing your access key, you have the following options for permitting access:
1.You can set a container's permissions to permit anonymous read access to the container and its blobs. This is not allowed for tables or queues.
2. You can expose a resource via a shared access signature, which enables you to delegate restricted access to a container, blob, table or queue resource by specifying the interval for which the resources are available and the permissions that a client will have to it.
3. You can use a stored access policy to manage shared access signatures for a container or its blobs, for a queue, or for a table. The stored access policy gives you an additional measure of control over your shared access signatures and also provides a straightforward means to revoke them.
Reference: Manage Access to Azure Storage Resources
Q5. DRAG DROP
You administer an Azure Virtual Machine (VM) named CON-CL1. CON-CL1 is in a cloud service named ContosoService1.
You want to create a new VM named MyApp that will have a fixed IP address and be hosted by an Azure Datacenter in the US West region.
You need to assign a fixed IP address to the MyApp VM.
Which Azure Power Shell cmdlets and values should you use? To answer, drag the appropriate cmdlet or value to the correct location in the PowerShell command. Each cmdlet or value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content
Answer:
Q6. You manage a cloud service named fabrikamReports that is deployed in an Azure data center.
You deploy a virtual machine (VM) named fabrikamSQL into a virtual network named fabrikamVNet.
FabrikamReports must communicate with fabrikamSQL.
You need to add fabrikam Reports to fabrikamVNet.
Which file should you modify?
A. the network configuration file for fabrikamVNet
B. the service definition file (.csdef) for fabrikamReports
C. the service definition file (.csdef) for fabrikamSQL
D. the service configuration file (.cscfg) for fabrikamReports
E. the service configuration file (.cscfg) fabrikamSQL
Answer: B
Explanation: Azure Service Definition Schema (.csdef File)
The service definition file defines the service model for an application. The file contains the
definitions for the roles that are available to a cloud service, specifies the service
endpoints, and establishes configuration settings for the service.
Incorrect:
not D, not E: The service configuration file (.cscfg) specifies the number of role instances to
deploy for each role in the service, the values of any configuration settings, and the
thumbprints for any certificates associated with a role.
Reference: Azure Service Definition Schema (.csdef File)
http://msdn.microsoft.com/en-us/library/azure/ee758711.aspx
Q7. You publish an application named MyApp to Azure Active Directory (Azure AD). You grant access to the web APIs through OAuth 2.0.
MyApp is generating numerous user consent prompts.
You need to reduce the amount of user consent prompts.
What should you do?
A. Enable Multi-resource refresh tokens.
B. Enable WS-federation access tokens.
C. Configure the Open Web Interface for .NET.
D. Configure SAML 2.0.
Answer: A
Explanation: When using the Authorization Code Grant Flow, you can configure the client to call multiple resources. Typically, this would require a call to the authorization endpoint for each target service. To avoid multiple calls and multiple user consent prompts, and reduce the number of refresh tokens the client needs to cache, Azure Active Directory (Azure AD) has implemented multi-resource refresh tokens. This feature allows you to use a single refresh token to request access tokens for multiple resources.
Reference:Azure, OAuth 2.0, Refresh Tokens for Multiple Resources
Q8. DRAG DROP
You manage an Azure Web Site in Standard mode at the following address: contoso.azurevvebsites.net.
Your company has a new domain for the site that needs to be accessible by Secure Socket Layer (SSL) encryption.
You need to be able to add a custom domain to the Azure Web Site and assign an SSL certificate.
Which three steps should you perform next in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. More than one order of answer choices may be correct You will receive credit for any of the correct orders you select
Answer:
Q9. HOTSPOT
You create a virtual network named fabVNet01.
You design the virtual network to include two subnets, one named DNS-subnet and one named Apps-subnet, as shown in the exhibit. (Click the Exhibits button.)
In the table below, identify the number of IP addresses that will be available for virtual machines (VMs) or cloud services in each subnet. Make only one selection in each column.
Answer:
Q10. You manage a cloud service that utilizes an Azure Service Bus queue. You need to ensure that messages that are never consumed are retained. What should you do?
A. Check the MOVE TO THE DEAD-LETTER SUBQUEUE option for Expired Messages in the Azure Portal.
B. From the Azure Management Portal, create a new queue and name it Dead-Letter.
C. Execute the Set-AzureServiceBus PowerShell cmdlet.
D. Execute the New-AzureSchedulerStorageQueueJob PowerShell cmdlet.
Answer: A
Explanation: The EnableDeadLetteringOnMessageExpiration property allows to enable\disable the dead-lettering on message expiration.
Reference: Azure, Managing and Testing Topics, Queues and Relay Services with the Service Bus Explorer Tool
- [2021-New] Microsoft 70-486 Dumps With Update Exam Questions (6-15)
- [2021-New] Microsoft 70-417 Dumps With Update Exam Questions (61-70)
- [2021-New] Microsoft 70-488 Dumps With Update Exam Questions (61-70)
- [2021-New] Microsoft 70-411 Dumps With Update Exam Questions (91-100)
- [2021-New] Microsoft 70-680 Dumps With Update Exam Questions (251-260)
- [2021-New] Microsoft 70-347 Dumps With Update Exam Questions (31-40)
- Microsoft MS-201 Discount Pack 2021
- [2021-New] Microsoft 70-483 Dumps With Update Exam Questions (51-60)
- [2021-New] Microsoft 70-487 Dumps With Update Exam Questions (1-10)
- Renew 70-464 Dumps 2021