Implementing Microsoft Azure Infrastructure Solutions v13.0
Question 1
You manage an application that has a front-end tier, a middle tier, and a back-end tier.
Each tier is located on a different subnet.
You need to apply access to and between the tiers as follows:
You need to apply this configuration to all virtual machines inside the subnets.
What should you do?
- A. Use a Network Security Group (NSG).
- B. Add a VPN gateway.
- C. Add a regional VNET.
- D. Add an Availability Set.
Answer : D
Explanation:
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows- infrastructure-availability-sets-guidelines
Question 2
You create a virtual machine (VM) in Azure. The VM runs an important line of business application.
Users report that the application is slow and unstable.
You need to enable diagnostics for the VM.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
Answer : 
Explanation:
References:
https://azure.microsoft.com/en-gb/documentation/articles/insights-how-to-use-diagnostics/
Question 3
You manage an Internet Information Services (IIS) 6 website named contososite1.
Contososite1 runs a legacy ASP.NET 1.1 application named LegacyApp1. LegacyApp1 does not contain any integration with any other systems or programming languages.
You deploy contososite1 to Azure Web Sites.
You need to create documentation for configuring the Azure Web Apps. You have the following requirements:
Which settings should you configure to meet the requirements? To answer, select the appropriate settings in the answer area.
Answer : 
Explanation:
* Managed Pipeline Mode: Classic.
Sets the IIS pipeline mode. Leave this set to Integrated (the default) unless you have a legacy website that requires an older version of IIS. In this case we have a legacy app
* Always on: ON
Always On. By default, websites are unloaded if they are idle for some period of time. This lets the system conserve resources. In Basic or Standard mode, you can enable Always
On to keep the site loaded all the time. If your site runs continuous web jobs, you should enable Always On, or the web jobs may not run reliably
References:
Question 4
You develop a Windows Store application that has a web service backend.
You plan to use the Azure Active Directory Authentication Library to authenticate users to
Azure Active Directory (Azure AD) and access directory data on behalf of the user.
You need to ensure that users can log in to the application by using their Azure AD credentials.
Which two actions should you perform? Each correct answer presents part of the solution.
- A. Create a native client application in Azure AD.
- B. Configure directory integration.
- C. Create a web application in Azure AD.
- D. Enable workspace join.
- E. Configure an Access Control namespace.
Answer : AB
Explanation:
A:
Windows Store application -
Add an application my organization is developing
In the Add Application Wizard, enter a Name for your application and click the Native
Client Application type -
B: An application that wants to outsource authentication to Azure AD must be registered in
Azure AD, which registers and uniquely identifies the app in the directory.
References:
https://azure.microsoft.com/en-us/documentation/articles/mobile-services-windows-store- dotnet-adal-sso-authentication/
Question 5
You administer an Azure solution that uses a virtual network named FabVNet. FabVNet has a single subnet named Subnet-1.
You discover a high volume of network traffic among four virtual machines (VMs) that are part of Subnet-1.
You need to isolate the network traffic among the four VMs. You want to achieve this goal with the least amount of downtime and impact on users.
What should you do?
- A. Create a new subnet in the existing virtual network and move the four VMs to the new subnet.
- B. Create a site-to-site virtual network and move the four VMs to your datacenter.
- C. Create a new virtual network and move the VMs to the new network.
- D. Create an availability set and associate the four VMs with that availability set.
Answer : C
Explanation:
To isolate the VMs, we could use Windows Firewall or Network Security Groups (NSG) but theyre not options here.
If we move the VMs to a new subnet in the same virtual network, traffic can still flow to VMs on the other subnet. We would still need additional security such as an NSG; therefore, answer A is incorrect.
The answer is to create a new virtual network and move the VMs to the new network. This would provide the required isolation without the need for additional security such as an
NSG.
Question 6
You have an existing classic virtual network.
You need to export the virtual network settings to an XML file to make modifications.
Which Azure PowerShell cmdlet should you use?
- A. Get-AzureVNetSite
- B. Get-AzureVNetConnection
- C. Get-AzureVNetGateway
- D. Get-AzureVNetConfig
Answer : D
Question 7
You administer an Azure Active Directory (Azure AD) tenant that has a SharePoint web application named TeamSite1. TeamSite1 accesses your Azure AD tenant for user information.
The application access key for TeamSite1 has been compromised.
You need to ensure that users can continue to use TeamSite1 and that the compromised key does not allow access to the data in your Azure AD tenant.
Which two actions should you perform? Each correct answer presents part of the solution.
- A. Remove the compromised key from the application definition for TeamSite1.
- B. Delete the application definition for TeamSite1.
- C. Generate a new application key for TeamSite1.
- D. Generate a new application definition for TeamSite1.
- E. Update the existing application key.
Answer : AC
Explanation:
One of the security aspects of Windows Azure storage is that all access is protected by access keys.
It is possible to change the access keys (e.g. if the keys become compromised), and if changed, wed need to update the application to have the new key.
References: https://azure.microsoft.com/en-us/documentation/articles/active-directory- integrating-applications/
Question 8
You manage an application deployed to virtual machines (VMs) on an Azure virtual network named corpVnet1.
You plan to hire several remote employees who will need access to the application on corpVnet1.
You need to ensure that new employees can access corpVnet1. You want to achieve this goal by using the most cost effective solution.
Which two actions should you perform? Each correct answer presents part of the solution.
- A. Create a VPN subnet.
- B. Enable point-to-point connectivity for corpVnet1.
- C. Enable point-to-site connectivity for corpVnet1.
- D. Create a gateway subnet.
- E. Enable site-to-site connectivity for corpVnet1.
- F. Convert corpVnet1 to a regional virtual network.
Answer : CD
Explanation:
You need a point to site and a gateway subnet.
References: https://azure.microsoft.com/en-us/documentation/articles/web-sites-integrate- with-vnet/
Question 9
You are the global administrator for a companys Azure subscription. The company uses
Azure Active Directory Premium and the Application Access Panel. You are configuring access to a Software as a Service (SaaS) application.
You need to ensure that the sales team lead is able to manage user access to the application but is unable to modify administrative access to the application.
In the Azure portal, what should you do?
- A. Create an Azure group and assign it to the SaaS application. Create an Azure user with the User Admin role, and assign the user as the owner of the new group.
- B. Create an Azure group and assign it to the SaaS application. Create an Azure user with the Service Admin role, and assign the user as the owner of the new group.
- C. Set the values of the Delegated group management and Users can create groups settings to Enabled.
- D. Create an Azure group and assign it to the SaaS application. Create an Azure user with the Global Admin role, and assign the user as the owner of the new group.
Answer : A
Question 10
You are designing a Windows Azure application that will use a worker role.
The worker role will create temporary files.
You need to recommend an approach for creating the temporary files that minimizes storage transactions.
What should you recommend?
- A. Create the files on a Windows Azure Drive.
- B. Create the files in Windows Azure local storage.
- C. Create the files in Windows Azure Storage page blobs.
- D. Create the files in Windows Azure Storage block blobs.
Answer : B
Question 11
You manage an application running on Azure web apps in a Standard tier. The application uses a substantial amount of large image files from a storage account and is used by people around the world.
Users from Europe report that the load time of the site is slow.
You need to implement a solution by using Azure services.
Which two actions will achieve the goal? Each correct answer presents a complete solution.
- A. Configure Azure web app auto-scaling to increase instances at high load.
- B. Configure Azure CDN to cache all responses from the application web endpoint.
- C. Configure Azure CDN to cache site images and content stored in Azure blob storage.
- D. Configure Azure blob storage with a custom domain.
Answer : BC
Explanation:
References:
http://blog.maartenballiauw.be/post/2013/08/20/Using-the-Windows-Azure-Content-
Delivery-Network-CDN.aspx -
Question 12
HOTSPOT -
You manage a web application named Contoso that is accessible from the URL http://www.contoso.com.
You need to view a live stream of log events for the web application.
How should you configure the Azure PowerShell command? To answer, select the appropriate Azure PowerShell segment from each list in the answer area.
Answer : 
Explanation:
References:
https://msdn.microsoft.com/en-us/library/azure/dn495187.aspx
Question 13
You manage an Azure Web Site named contosoweb. Logging is enabled for contosoweb.
You need to view only errors from your log files in a continuous stream as they occur.
Which Windows Power Shell command should you execute?
- A. Get-AzureWebSiteLog -Name contosoweb -OutBuffer Error
- B. Save-AzureWebSiteLog -Name contosoweb -Output Errors
- C. Get-AzureWebSiteLog -Name contosoweb -Tail –Message Error
- D. Get-AzureWebSiteLog -Name contosoweb -Message Error
Answer : C
Explanation:
Example -
This example starts log streaming and show error logs only.
Windows PowerShell -
C:\PS>Get-AzureWebsiteLog -Tail -Message Error
References:
http://msdn.microsoft.com/en-us/library/dn495187.aspx
Question 14
You administer an Azure Active Directory (Azure AD) tenant that hosts a Software as a
Service (SaaS) application named MyApp.
You control access to MyApp by using the following two Azure AD groups:
You need to revoke all access to MyApp for the SaaSApp by using the least administrative effort.
What should you do?
- A. Delete the tenant.
- B. Revoke access to MyApp.
- C. Delete the SaaSApp group from Azure AD.
- D. Revoke application access from users belonging to the SaaSApp group.
Answer : D
Explanation:
https://blogs.technet.microsoft.com/enterprisemobility/2014/05/21/identity-and-access- management-for-the-cloud/
Question 15
You are designing a Windows Azure application that will store data in two SQL Azure databases. The application will insert data in both databases as part of a single logical operation. You need to recommend an approach for maintaining data consistency across the databases.
What should you recommend?
- A. Execute database calls on parallel threads.
- B. Wrap the database calls in a single transaction scope.
- C. Use Microsoft Distributed Transaction Coordinator (MSDTC).
- D. Handle errors resulting from the database calls by using compensatory logic.
Answer : C