Microsoft Azure Architect Technologies v1.0

Page:    1 / 23   
Exam contains 343 questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Cosmos DB database that contains a container named Container1. The partition key for Container1 is set to /day. Container1 contains the items shown in the following table.


You need to programmatically query Azure Cosmos DB and retrieve Item1 and Item2 only.
Solution: You run the following query.

You set the EnableCrossPartitionQuery property to True.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : A

Explanation:
Returns Item1 and Item2 only.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/sql-query-where https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.documents.client.feedoptions.enablecrosspartitionquery?view=azure-dotnet

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
Solution: You use the Synchronization Service Manager to modify the Metaverse Designer tab.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

Explanation:
Instead use Synchronization Rules Editor to create a synchronization rule.
Note: Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn't cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., [email protected] would be synced while [email protected] would not).
Filtering can be configured using either the GUI (Synchronization Rules Editor) or PowerShell.
Reference:
https://www.sidekicktech.com/blog/field-notes/2019/upn-suffix-filtering-ad-connect/

HOTSPOT -
You have an Azure subscription that contains a resource group named RG1.
You have a group named Group1 that is assigned the Contributor role for RG1.
You need to enhance security for the virtual machines in RG1 to meet the following requirements:
✑ Prevent Group1 from assigning external IP addresses to the virtual machines.
✑ Ensure that Group1 can establish a Remote Desktop connection to the virtual machines through a shared external IP address.
What should you use to meet each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:




Answer :

Explanation:

Box 1: Azure Policy -
There is a built-in policy in the Azure Policy service that allows you to block public IPs on all NICs of a VM.
Note: Azure Policy is a powerful tool in your Azure toolbox. It allows you to enforce specific governance principals you want to see implemented in your environment. Some key examples of what Azure Policy allows you to do is:

Automatically tag resources -


✑ Block VMs from having a public IP
✑ Enforce specific regions
✑ Enforce VM size

Box 2: Azure Bastion -
Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH access to your virtual machines directly through the Azure
Portal.
Azure Bastion is provisioned directly in your Virtual Network (VNet) and supports all VMs in your Virtual Network (VNet) using SSL without any exposure through public IP addresses.
Incorrect Answers:
Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network.
Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Service Endpoints enables private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address on the VNet.
Reference:
https://blog.nillsf.com/index.php/2019/11/02/using-azure-policy-to-deny-public-ips-on-specific-vnets/ https://azure.microsoft.com/en-us/services/azure-bastion/

You create a container image named Image1 on a developer workstation.
You plan to create an Azure Web App for Containers named WebAppContainer that will use Image1.
You need to upload Image1 to Azure. The solution must ensure that WebAppContainer can use Image1.
To which storage type should you upload Image1?

  • A. an Azure Storage account that contains a blob container
  • B. Azure Container Instances
  • C. Azure Container Registry
  • D. an Azure Storage account that contains a file share


Answer : C

Explanation:
Configure registry credentials in web app.
App Service needs information about your registry and image to pull the private image. In the Azure portal, go to Container settings from the web app and update the Image source, Registry and save.
Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/targets/webapp-on-container-linux

You have an Azure Service Bus and two clients named Client1 and Client2.
You create a Service Bus queue named Queue1 as shown in the exhibit. (Click the Exhibit tab.)


Client1 send messages to Queue1 as shown in the following table.

Client2 reads the messages from Queue1 at 12:01:05.
How will the messages be presented to Client2?

  • A. Client2 will read three messages in the following order: M1, M2, and then M3.
  • B. Client2 will read three messages in the following order: M3, M1, and then M2.
  • C. Client2 will read four messages in the following order: M3, M1, M2 and then M3.
  • D. Client2 will read four messages in the following order: M3, M2, M1 and then M3.


Answer : D

Explanation:
It should be M3, M2, M1 as duplicate detection is enabled, and the duplication detection window is set to 10 minutes. The second M3 message in the queue would be discarded.
Note 1: Duplicate detection enables the sender resend the same message, and the queue or topic discards any duplicate copies.
Note 2: Queues offer First In, First Out (FIFO) message delivery to one or more competing consumers. That is, receivers typically receive and process messages in the order in which they were added to the queue, and only one message consumer receives and processes each message.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-queues-topics-subscriptions https://docs.microsoft.com/en-us/azure/service-bus-messaging/duplicate-detection

You have an Azure Cosmos DB account named Account1. Account1 includes a database named DB1 that contains a container named Container1. The partition key for Container1 is set to /city.
You plan to change the partition key for Container1.
What should you do first?

  • A. Delete Container1.
  • B. Create a new container in DB1.
  • C. Implement the Azure Cosmos DB.NET.SDK.
  • D. Regenerate the keys for Account1.


Answer : B

Explanation:
The Change Feed Processor and Bulk Executor Library, in Azure Cosmos DB can be leveraged to achieve a live migration of your data from one container to another. This allows you to re-distribute your data to match the desired new partition key scheme, and make the relevant application changes afterwards, thus achieving the effect of ג€updating your partition keyג€.
Incorrect Answers:
A: It is not possible to ג€updateג€ your partition key in an existing container.
Reference:
https://devblogs.microsoft.com/cosmosdb/how-to-change-your-partition-key/

HOTSPOT -
You have an Azure subscription that contains the Azure SQL servers shown in the following table.


The subscription contains the elastic pools shown in the following table.

The subscription contains the Azure SQL databases shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Explanation:
Note: You cannot add databases from different servers into the same pool

Box 1: Yes -
Pool2 contains DB2 but DB1 and DB2 are on Sql1. DB1 can thus be added to Pool2.

Box 2: Yes -
Pool3 is empty.

Box 3: Yes -
Pool1 contains DB1 but DB3 and DB1 are on Sql1. DB3 can thus be added to Pool1.
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-elastic-pool

HOTSPOT -
You have an Azure subscription that contains the storage accounts shown in the following table.


For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Explanation:

Box 1: Yes -
General purpose version 2 (GPv2) storage accounts: GPv2 storage accounts allow you to deploy Azure file shares on standard/hard disk-based (HDD-based) hardware.

Box 2: No -
Four not six copies.
Geo-redundant storage (GRS) copies your data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in the secondary region.

Box 3: Yes -
You can switch a storage account from one type of replication to any other type.
To switch from LRS to GRS use Azure portal, PowerShell, or CLI to change the replication setting.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy https://docs.microsoft.com/en-us/azure/storage/common/redundancy-migration

You have an Azure subscription named Subscription1 that is used by several departments at your company. Subscription1 contains the resources in the following table.


Another administrator deploys a virtual machine named VM1 and an Azure Storage account named storage2 by using a single Azure Resource Manager template.
You need to view the template used for the deployment.
From the Azure Portal, for which blade can you view the template that was used for the deployment?

  • A. container1
  • B. VM1
  • C. RG1
  • D. storage2


Answer : C

Explanation:
You can verify the deployment by exploring the resource group from the Azure portal
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-manager-tutorial https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-first-template?tabs=azure-powershell

You have an Azure subscription that contains a resource group named RG1. RG1 contains multiple resources.
You need to trigger an alert when the resources in RG1 consume $1,000 USD.
What should you do?

  • A. From Cost Management + Billing, add a cloud connector.
  • B. From the subscription, create an event subscription.
  • C. From Cost Management + Billing, create a budget.
  • D. From RG1, create an event subscription.


Answer : C

Explanation:
Create budgets to manage costs and create alerts that automatically notify you are your stakeholders of spending anomalies and overspending.
To set it up, go to the Azure Portal, select 'Cost Management + Billing' -> 'Cost Management' -> 'Go to Cost Management'.


Note: Cost alerts are automatically generated based when Azure resources are consumed. Alerts show all active cost management and billing alerts together in one place. When your consumption reaches a given threshold, alerts are generated by Cost Management. There are three types of cost alerts: budget alerts, credit alerts, and department spending quota alerts.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/getting-started

HOTSPOT -
You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit.


Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Explanation:
Box 1:
The Autoscale scale out rule increases the number of VMs by 2 if the CPU threshold is 80% or higher. The initial instance count is 4 and rises to 6 when the 2 extra instances of VMs are added.
Box 2:
The Autoscale scale in rule decreases the number of VMs by 4 if the CPU threshold is 30% or lower. The initial instance count is 4 and thus cannot be reduced to
0 as the minimum instances is set to 2. Instances are only added when the CPU threshold reaches 80%.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-overview https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-common-scale-patterns

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.
You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Upload a configuration script.
  • B. Create an Azure policy.
  • C. Modify the extensionProfile section of the Azure Resource Manager template.
  • D. Create a new virtual machine scale set in the Azure portal.
  • E. Create an automation account.


Answer : CD

Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template

HOTSPOT -
You have several Azure virtual machines on a virtual network named VNet1. Vnet1 has two subnets that have 10.2.0.0/24 and 10.2.9.0/24 address spaces.
You configure an Azure Storage account as shown in the following exhibit.


Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Explanation:

Box 1: always -
Endpoint status is enabled.

Box 2: Never -
After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network restricted storage account.


Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-accounts-secured-with-azure-storage-firewalls-and-virtual-networks/

HOTSPOT -
You create and save an Azure Resource Manager template named Template1 that includes the following four sections.
Section1.


Section2.

Section3.

Section4.

You deploy Template1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

DRAG DROP -
You have virtual machines (VMs) that run a mission-critical application.
You need to ensure that the VMs never experience down time.
What should you recommend? To answer, drag the appropriate solutions to the correct scenarios. Each solution may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point
Select and Place:




Answer :

Explanation:

Box 1: Scale set -
A virtual machine scale set allows you to deploy and manage a set of identical, autoscaling virtual machines.

Box 2: Availability Set -
An Availability Set is a logical grouping capability for isolating VM resources from each other when they're deployed. Azure makes sure that the VMs you place within an Availability Set run across multiple physical servers, compute racks, storage units, and network switches. If a hardware or software failure happens, only a subset of your VMs are impacted and your overall solution stays operational. Availability Sets are essential for building reliable cloud solutions.

Box 3: Fault domain -
A fault domain is a logical group of underlying hardware that share a common power source and network switch, similar to a rack within an on-premises datacenter. As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these fault domains. This approach limits the impact of potential physical hardware failures, network outages, or power interruptions.
Incorrect Answers:
An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-create-vmss https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets

Page:    1 / 23   
Exam contains 343 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.