Q1.Your company network includes users in multiple directories. You plan to publish a software-as-a-serviceapplication named SaasApp1 to Azure Active Directory. You need to ensure that all users can accessSaasApp1. What should you do?
A. Configure the Federation Metadata URL
B. Register the application as a web application.
C. Configure the application as a multi-tenant.
D. Register the application as a native client application.
Option C is correct.
* When you get deeper into using Windows Azure Active Directory, you'll run into new terminology. Forinstance, is called "directory" is also referred to as a Windows Azure AD Tenant or simply as "tenant." Thisstems from the fact that WAAD ()Windows Azure Active Directory is a shared service for many clients. Inthis service, every client gets its own separate space for which the client is the tenant. In the case of WAADthis space is a directory. This might be a little confusing, because you can create multiple directories, inWAAD terminology multiple tenants, even though you are a single client.* Multitenant Applications in AzureA multitenant application is a shared resource that allows separate users, or "tenants," to view theapplication as though it was their own. A typical scenario that lends itself to a multitenant application is onein which all users of the application may wish to customize the user experience but otherwise have thesame basic business requirements. Examples of large multitenant applications are Office 365,Outlook.com, and visualstudio.com.http://msdn.microsoft.com/en-us/library/azure/dn151789.aspx
Q2.You manage a collection of large video files that is stored in an Azure Storage account. A user wantsaccess to one of your video files within the next seven days. You need to allow the user access only to thevideo file, and then revoke access once the user no longer needs it. What should you do?
A. Give the user the secondary key for the storage account.
Once the user is done with the file, regenerate the secondary key.
B. Create an Ad-Hoc Shared Access Signature for the Blob resource.
Set the Shared Access Signature to expire in seven days.
C. Create an access policy on the container.
Give the external user a Shared Access Signature for the blob by using the policy.Once the user is done with the file, delete the policy.
D. Create an access policy on the blob.
Give the external user access by using the policy.Once the user is done with the file, delete the policy.
Option C is correct.
See 3) below.By default, only the owner of the storage account may access blobs, tables, and queues within that account.If your service or application needs to make these resources available to other clients without sharing youraccess key, you have the following options for permitting access:1.You can set a container's permissions to permit anonymous read access to the container and its blobs.This is not allowed for tables or queues.2. You can expose a resource via a shared access signature, which enables you to delegate restrictedaccess to a container, blob, table or queue resource by specifying the interval for which the resources areavailable and the permissions that a client will have to it.3. You can use a stored access policy to manage shared access signatures for a container or its blobs, fora queue, or for a table. The stored access policy gives you an additional measure of control over yourshared access signatures and also provides a straightforward means to revoke them.
Q3.You are migrating a local virtual machine (VM) to an Azure VM. You upload the virtual hard disk (VHD) fileto Azure Blob storage as a Block Blob. You need to change the Block 8lob to a page blob. What should youdo?
A. Delete the Block Blob and re-upload the VHD as a page blob.
B. Update the type of the blob programmatically by using the Azure Storage .NET SDK.
C. Update the metadata of the current blob and set the Blob-Type key to Page.
D. Create a new empty page blob and use the Azure Blob Copy Power Shell cmdlet to copy the current
data to the new blob.
Option A is correct.
* To copy the data files to Windows Azure Storage by using one of the following methods: AzCopy Tool, PutBlob (REST API) and Put Page (REST API), or Windows Azure Storage Client Library for .NET or a third-party storage explorer tool. Important: When using this new enhancement, always make sure that you create a page blob not a blockblob.* Azure has two main files storage format:Page blob: mainly used for vhd's (CloudPageBlob) Block Blob: for other files (CloudBlockBlob)http://msdn.microsoft.com/en-us/library/dn466429.aspx
Q4.You administer a Microsoft Azure SQL Database data base in the US Central region named contosodb.Contosodb runs on a Standard tier within the SI performance level. You have multiple business-criticalapplications that use contosodb. You need to ensure that you can bring contosodb back online in the eventof a natural disaster in the US Central region. You want to achieve this goal with the least amount ofdowntime. Which two actions should you perform? Each correct answer presents part of the solution.
A. Upgrade to S2 performance level.
B. Use active geo-replication.
C. Use automated Export.
D. Upgrade to Premium tier.
E. Use point in time restore.
F. Downgrade to Basic tier.
Option B,D are correct.
B: The Active Geo-Replication feature implements a mechanism to provide database redundancy within thesame Microsoft Azure region or in different regions (geo- redundancy).One of the primary benefits of Active Geo-Replication is that it provides a database-level disaster recoverysolution. Using Active Geo-Replication, you can configure a user database in the Premium service tier toreplicate transactions to databases on different Microsoft Azure SQL Database servers within the same ordifferent regions. Cross-region redundancy enables applications to recover from a permanent loss of adatacenter caused by natural disasters, catastrophic human errors, or malicious acts.D: Active Geo-Replication is available for databases in the Premium service tier only.http://msdn.microsoft.com/en-us/library/azure/dn741339.aspx
Q5.You manage two datacenters in different geographic regions and one branch office. You plan to implementa geo-redundant backup solution. You need to ensure that each datacenter is a cold site for the other. Youcreate a recovery vault. What should you do next?
A. Install the provider.
B. Upload a certificate to the vault.
C. Generate a vault key.
D. Set all virtual machines to DHCP.
E. Prepare System Center Virtual Machine Manager (SCVMM) servers.
F. Create mappings between the virtual machine (VM) networks.
Option C is correct.
Within the Azure Portal screen, scroll down to Recovery Services (on the left menu), and click on "Create aNew Vault" (this is where your VMs will be replicated to) which will bring up a Data Services / RecoveryServices / Site Recovery Vault option, select Quick CreateFor the name of the Vault, give it something you'd remember, in my case, I'll call it RandsVault, and I'llchoose the Region West US since I'm in the Western United States, then click Create VaultOnce the Vault has been created, click on the Right Arrow next to the name of your vault. Under SetupRecovery, choose "Between an on-premise site and Microsoft Azure" so that you are telling theconfiguration settings that you are going to be replicating between your on-premise datacenter and Azure inthe cloud. You will now see a list of things you need to do which the first thing is to create a key exchange ofcertificates between Microsoft Azure and your VMM server.
Q6.Your network environment includes remote employees. You need to create a secure connection for theremote employees who require access to your Azure virtual network. What should you do?
A. Deploy Windows Server 2012 RRAS.
B. Configure a point-to-site VPN.
C. Configure an ExpressRoute.
D. Configure a site-to-site VPN.
Option B is correct.
New Point-To-Site ConnectivityWith today's release we've added an awesome new feature that allows you to setup VPN connectionsbetween individual computers and a Windows Azure virtual network without the need for a VPN device. Wecall this feature Point-to-Site Virtual Private Networking. This feature greatly simplifies setting up secureconnections between Windows Azure and client machines, whether from your office environment or fromremote locations. It is especially useful for developers who want to connect to a Windows Azure VirtualNetwork (and to the individual virtual machines within it) from either behind their corporate firewall or aremote location. Because it is point-to-site they do not need their IT staff to perform any activities to enableit, and no VPN hardware needs to be installed or configured. Instead you can just use the built-in WindowsVPN client to tunnel to your Virtual Network in Windows Azure.http://azure.microsoft.com/blog/2013/04/26/virtual-network-adds-new-capabilities-for-cross-premises-connectivity/
Q7.You administer an Azure Storage account named contoso storage. The account has queue containers withlogging enabled. You need to view all log files generated during the month of July 2014. Which URL shouldyou use to access the list?
Option D is correct.
All logs are stored in block blobs in a container named $logs, which is automatically created when StorageAnalytics is enabled for a storage account. The $logs container is located in the blob namespace of thestorage account, for example: http://.blob.core.windows.net/$logs. This container cannot be deleted onceStorage Analytics has been enabled, though its contents can be deleted.http://msdn.microsoft.com/library/azure/hh343262.aspx
Q8.You manage an Azure subscription with virtual machines (VMs) that are running in Standard mode. Youneed to reduce the storage costs associated with the VMs. What should you do?
A. Locate and remove orphaned disks.
B. Add the VMs to an affinity group.
C. Change VMs to the Basic tier.
D. Delete the VHD container.
Option A is correct.
Q9.You manage several Azure virtual machines (VMs). You create a custom image to be used by employeeson the development team. You need to ensure that the custom image is available when you deploy newservers. Which Azure Power Shell cmdlet should you use?
Option C is correct.
The Add-AzureVMImage cmdlet adds an operating system image to the image repository. The imageshould be a generalized operating system image, using either Sysprep for Windows or, for Linux, using theappropriate tool for the distribution.ExampleThis example adds an operating system image to the repository.Windows PowerShellC:\PS>Add-AzureVMImage -ImageName imageName -MediaLocation http://yourstorageaccount.blob.core.azure.com/container/sampleImage.vhd -Label
Q10.You manage an Azure virtual network that hosts 15 virtual machines (VMs) on a single subnet which isused for testing a line of business (LOB) application. The application is deployed to a VM namedTestWebServiceVM. You need to ensure that TestWebServiceVM always starts by using the same IPaddress. You need to achieve this goal by using the least amount of administrative effort. What should youdo?
A. Use the Management Portal to configure TestWebServiceVM.
B. Use RDP to configure TestWebServiceVM.
C. Run the Set-AzureStaticVNetIP PowerShell cmdlet.
D. Run the Get-AzureReservedIP PowerShell cmdlet.
Option C is correct.
Specify a static internal IP for a previously created VM. If you want to set a static IP address for a VM thatyou previously created, you can do so by using the following cmdlets. If you already set an IP address forthe VM and you want to change it to a different IP address, you'll need to remove the existing static IPaddress before running these cmdlets. See the instructions below to remove a static IP. For this procedure,you'll use the Update-AzureVM cmdlet. The Update-AzureVM cmdlet restarts the VM as part of the updateprocess. The DIP that you specify will be assigned after the VM restarts. In this example, we set the IPaddress for VM2, which is located in cloud service StaticDemo.Get-AzureVM -ServiceName StaticDemo -Name VM2 | Set-AzureStaticVNetIP -IPAddress 192.168.4.7 |Update-AzureVMhttp://msdn.microsoft.com/en-us/library/azure/dn630228.aspx