NEW QUESTION 1
You need to deploy an Azure load balancer named Ib 1015 to your Azure subscription. The solution must meet the following requirements:
-Support the load balancing of IP traffic from the Internet to Azure virtual machines connected to VNET1016 subnet0.
-Prov.de 4 Service level Agreement (SWJ of 99.99 percent ability for the Azure virtual machines.
-Minimize Azure-related costs.
What should you do from the Azure portal?
To complete this task, you do NOT need to wait for the deployment to complete. Once the deployment start in Azure, you can move to the next task.

Answer:

Explanation: Step 1:
On the top left-hand side of the screen, click Create a resource > Networking > Load Balancer. Step 2:
In the Create a load balancer page enter these values for the load balancer: myLoadBalancer - for the name of the load balancer.
Internal - for the type of the load balancer. Basic - for SKU version.
Microsoft guarantees that apps running in a customer subscription will be available 99.99% of the time.
VNET1016subnet0 - for subnet that you choose from the list of existing subnets.
Step 3: Accept the default values for the other settings and click Create to create the load balancer.

NEW QUESTION 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Automation script.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 3
You have an Azure subscription that contains two resource groups named RG1 and RG2. RG2 does not contain any resources. RG1 contains the resources in the following table.

Which resource can you move to RG2?

• A. W10_OsDisk
• B. VNet1
• C. VNet3
• D. W10

Answer: B

Explanation: When moving a virtual network, you must also move its dependent resources. For example, you must move gateways with the virtual network. VM W10, which is in Vnet1, is not a dependent resource.
Incorrect Answers:
A: Managed disks don't support move.
C: Virtual networks (classic) can't be moved.
D: Virtual machines with the managed disks cannot be moved.
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-groupmove- resources#virtual-machines-limitations

NEW QUESTION 4
HOT SPOT
You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table.

Subscription1 contains the virtual machines in the following table:

The firewalls on all the virtual machines are configured to allow all ICMP traffic. You add the peerings in the following table.

For each of the following statements, select Yest if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: Yes
Vnet1 and Vnet3 are peers. Box 2: Yes
Vnet2 and Vnet3 are peers. Box 3: No
Peering connections are non-transitive.
References: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybridnetworking/ hub-spoke

NEW QUESTION 5
Note: This Questions is part of a series of Questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution.
After you answer a questions in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.
Solution: From the Overview blade, you move the virtual machine to a different resource group. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation: You should redeploy the VM.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-newnode

NEW QUESTION 6
Which blade should you instruct the finance department auditors to use?

• A. Cost analysis
• B. Usage + quotas
• C. External services
• D. Payment methods

Answer: B

Explanation: Subscription costs are based on usage. Microsoft Azure limits are also called quotas.
Scenario: During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.
Incorrect Answers:
C: External services are published by third party software vendors in the Azure marketplace. References: https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits

NEW QUESTION 7
You plan to move services from your on-premises network to Azure.
You identify several virtual machines that you believe can be hosted in Azure. The virtual machines are shown in the following table.

Which two virtual machines can you access by using Azure migrate? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

• A. Sea-CA0l
• B. Hou-NW01
• C. NYC-FS01
• D. Sea-DC01
• E. BOS-DB01

Answer: CE

NEW QUESTION 8
SIMULATION
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.






When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to create several virtual machines in different availability zones, and then to configure the virtual machines for load balanced connections from the Internet.
You need to create an IP address resource named ip1006 to support the planned load balancing solution. The solution must minimize costs.
What should you do from the Azure portal?

Answer:

Explanation: We should create a public IP address.
At the top, left corner of the portal, select + Create a resource.
Enter public ip address in the Search the Marketplace box. When Public IP address appears in the search results, select it.
Under Public IP address, select Create.
Enter, or select values for the following settings, under Create public IP address, then select Create: Name: ip1006
SKU: Basic SKU IP Version: IPv6
IP address assignment: Dynamic Subscription: Select appropriate Resource group: Select appropriate
References: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-public-ipaddress

NEW QUESTION 9
You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.
You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources.
What should you do first?

• A. From the on-premises network, deploy Active Directory Federation Services (AD FS).
• B. From Azure AD, add and verify a custom domain name.
• C. From the on-premises network, request a new certificate that contains the Active Directory domain name.
• D. From the server that runs Azure AD Connect, modify the filtering option

Answer: B

Explanation: Azure AD Connect lists the UPN suffixes that are defined for the domains and tries to match them
with a custom domain in Azure AD. Then it helps you with the appropriate action that needs to be taken. The Azure AD sign-in page lists the UPN suffixes that are defined for on-premises Active Directory and displays the corresponding status against each suffix. The status values can be one of the following:
State: Verified Azure AD Connect found a matching verified domain in Azure AD. All users for this domain can sign in by using their on-premises credentials.
State: Not verified Azure AD Connect found a matching custom domain in Azure AD, but it isn't verified. The UPN suffix of the users of this domain will be changed to the default .onmicrosoft.com suffix after synchronization if the domain isn't verified.
Action Required: Verify the custom domain in Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-userQuestions& Answers PDF P-80 signin

NEW QUESTION 10
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?

• A. Azure Active Directory (AD) Identity Protection and an Azure policy
• B. a Recovery Services vault and a backup policy
• C. an Azure Key Vault and an access policy
• D. an Azure Storage account and an access policy

Answer: C

Explanation: You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file.
References: https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/

NEW QUESTION 11
HOT SPOT
You need to configure the Device settings to meet the technical requirements and the user requirements.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.

Answer:

Explanation:
Box 1: Selected
Only selected users should be able to join devices Box 2: Yes
Require Multi-Factor Auth to join devices. From scenario:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.

NEW QUESTION 12
You have a virtual network named VNet1 as shown in the exhibit.

No devices are connected to VNet1.
You plan to peer VNet1 to another virtual network named Vnet2 in the same region. VNet2 has an address space of 10.2.0.0/16.
You need to create the peering. What should you do first?

• A. Modify the address space of VNet1.
• B. Configure a service endpoint on VNet2
• C. Add a gateway subnet to VNet1.
• D. Create a subnet on VNet1 and VNet2.

Answer: A

Explanation: The virtual networks you peer must have non-overlapping IP address spaces. References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-managepeering# requirements-and-constraints

NEW QUESTION 13
You need to meet the technical requirement for VM4. What should you create and configure?

• A. an Azure Notification Hub
• B. an Azure Event Hub
• C. an Azure Logic App
• D. an Azure services Bus

Answer: B

Explanation: Scenario: Create a workflow to send an email message when the settings of VM4 are modified. You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources. These resources can publish those events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without you writing any code.
References:
https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-gridlogic- app

NEW QUESTION 14
HOT SPOT
You have a virtual network named VNet1 that has the configuration shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: add a subnet
Your IaaS virtual machines (VMs) and PaaS role instances in a virtual network automatically receive a private IP address from a range that you specify, based on the subnet they are connected to. We
need to add the 192.168.1.0/24 subnet. Box 2: add a network interface
The 10.2.1.0/24 network exists. We need to add a network interface.
References: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-static-privateip- arm-pportal

NEW QUESTION 15
HOT SPOT
Your company has offices in New York and Los Angeles.
You have an Azure subscription that contains an Azure virtual network named VNet1. Each office has a site-to-site VPN connection to VNet1.
Each network uses the address spaces shown in the following table.

You need to ensure that all Internet-bound traffic from VNet1 is routed through the New York office. What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: Incorrect Answers:
Not: New-AzureRmVirtualNetworkGatewayConnection
This command creates the Site-to-Site VPN connection between the virtual network gateway and the on-prem VPN device. We already have Site-to-Site VPN connections.
Box 2: 192.168.0.0/20
Specify the VNET1 address. References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.network/setazurermvirtualnetworkgatewaydefaultsite

NEW QUESTION 16
DRAG DROP
You have an Azure subscription that is used by four departments in your company. The subscription contains 10 resource groups. Each department uses resources in several resource groups.
You need to send a report to the finance department. The report must detail the costs for each department. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation: Box 1: Assign a tag to each resource.
You apply tags to your Azure resources giving metadata to logically organize them into a taxonomy. After you apply tags, you can retrieve all the resources in your subscription with that tag name and value. Each resource or resource group can have a maximum of 15 tag name/value pairs. Tags applied to the resource group are not inherited by the resources in that resource group.
Box 2: From the Cost analysis blade, filter the view by tag
After you get your services running, regularly check how much they're costing you. You can see the current spend and burn rate in Azure portal.
Visit the Subscriptions blade in Azure portal and select a subscription. You should see the cost breakdown and burn rate in the popup blade.
Click Cost analysis in the list to the left to see the cost breakdown by resource. Wait 24 hours after you add a service for the data to populate.
You can filter by different properties like tags, resource group, and timespan. Click Apply to confirm the filters and Download if you want to export the view to a Comma-Separated Values (.csv) file. Box 3: Download the usage report
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags https://docs.microsoft.com/en-us/azure/billing/billing-getting-started

NEW QUESTION 17
You have an Azure subscription that contains 100 virtual machines. You regularly create and delete virtual machines.
You need to identify unused disks that can be deleted. What should you do?

• A. From Microsoft Azure Storage Explorer, view the Account Management properties.
• B. From the Azure portal, configure the Advisor recommendations.
• C. From Cloudyn, open the Optimizer tab and create a report.
• D. From Cloudyn, create a Cost Management repor

Answer: A

Explanation: You can find unused disks in the Azure Storage Explorer console. Once you drill down to the Blob containers under a storage account, you can see the lease state of the residing VHD (the lease state determines if the VHD is being used by any resource) and the VM to which it is leased out. If you find that the lease state and the VM fields are blank, it means that the VHD in question is unused.
Note: The ManagedBy property stores the Id of the VM to which Managed Disk is attached to. If the ManagedBy property is $null then it means that the Managed Disk is not attached to a VM References:
https://cloud.netapp.com/blog/reduce-azure-storage-costs

NEW QUESTION 18
Note: This questions is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. After you answer a questions in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You configure a custom policy definition, and then you assign the policy to the subscription. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources.
References: https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition

NEW QUESTION 19
You are planning the move of App1 to Azure. You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1. What should you recommend?

• A. Create an outgoing security rule for port 443 from the Interne
• B. Associate the NSG to all the subnets.
• C. Create an incoming security rule for port 443 from the Interne
• D. Associate the NSG to all the subnets.
• E. Create an incoming security rule for port 443 from the Interne
• F. Associate the NSG to the subnet thatcontains the web servers.
• G. Create an outgoing security rule for port 443 from the Interne
• H. Associate the NSG to the subnet thatcontains the web server

Answer: C

Explanation: As App1 is public-facing we need an incoming security rule, related to the access of the web servers. Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier.
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.