Worng Answer

NO.30 **

You have an Azure subscription that contains a storage account. You have an on-premises server named Server1 that runs Windows Server 2016. Server1 has 2 TB of data. You need to transfer the data to the storage account by using the Azure Import/Export service.In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.Select and Place:

NO.35 *

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant contains 500 user accounts. You deploy Microsoft Office 365. You configure Office 365 to use the user accounts in adatum.com. You configure 60 users to connect to mailboxes in Microsoft Exchange Online. You need to ensure that the 60 users use Azure Multi-Factor Authentication (MFA) to connect to the Exchange Online mailboxes. The solution must only affect connections to the Exchange Online mailboxes. What should you do?

A. From the multi-factor authentication page, configure the Multi-Factor Auth status for each user

B. From Azure Active Directory admin center, create a conditional access policy

C. From the multi-factor authentication page, modify the verification options

D. From the Azure Active Directory admin center, configure an authentication method

NO.36*

You have an Azure subscription named Subscription1. You create an Azure Storage account named contosostorage, and then you create a file share named data. Which UNC path should you include in a script that references files from the data file share? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.Select and Place:

NO.39 *

You have an Azure subscription that contains a web app named webapp1. You need to add acustom domain named www.contoso.com to webapp1. What should you do first?

(A). Upload a certificate.(B). Add a connection string.(C). Stop webapp1.(D). Create a DNS record.

NO.42 **

You have an Azure subscription that contains the following resources:✑ a virtual network named VNet1✑ a replication policy named ReplPolicy1✑ a Recovery Services vault named Vault1✑ an Azure Storage account named Storage1You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows Server 2016. You need to migrate VM1 to VNet1 by using Azure Site Recovery. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:

NO.43 *

You have Azure subscription that includes following Azure file shares:

You have the following on-premises servers:

You create a Storage Sync Service named Sync1 and an Azure File Sync group named Group1. Group1 uses share1 as a cloud endpoint. You register Server1 and Server2 in Sync1. You add D:\Folder1 on Server1 as a server endpoint of Group1. For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area:

NO.45 *

You have an Azure subscription named Subscription1 that is used by several departments at your company. Subscription1 contains the resources in the following table:

Another administrator deploys a virtual machine named VM1 and an Azure Storage account named storage2 by using a single Azure Resource Manager template. You need to view the template used for the deployment. From which blade can you view the template that was used for the deployment?

A. VM1

B. RG1

C. storage2

D. container1

NO.48 *

You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant. Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24. You need to connect VNet1 to VNet2. What should you do first?

A. Move VM1 to Subscription2.

B. Modify the IP address space of VNet2.

C. Provision virtual network gateways.

D. Move VNet1 to Subscription2.

NO.50 *

You have an Azure subscription that contains several virtual machines and an Azure Log Analytics workspace named Workspace1.You create a log search query as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point.Hot Area:

NO.52 *

You plan to deploy 20 Azure virtual machines by using an Azure Resource Manager template. The virtual machines will run the latest version of Windows Server2016 Datacenter by using an Azure Marketplace image. You need to complete the storage profile section of the template. How should you complete the storage Profile section?  To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

NO.53 *

You have an Azure subscription that contains the public load balancers shown in the following table.

You plan to create six virtual machines and to load balance requests to the virtual machines. Each load balancer will load balance three virtual machines. You need to create the virtual machines for the planned solution. How should you create the virtual machines? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

NO.56 **

You have an Azure subscription that contains the hierarchy shown in the following exhibit.

You create an Azure Policy definition named Policy1. To which Azure resources can you assign Policy1 and which Azure resources can you specify as exclusions from Policy1?  To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

NO.61 **

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute. You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

(A). Create a local site VPN gateway.(B). Create a VPN gateway that uses the VpnGw1 SKU.(C). Create a VPN gateway that uses the Basic SKU.(D). Create a gateway subnet.(E). Create a connection.

NO.62 **

You have an Azure subscription named Subscription1 that contains two Azure virtual networks named VNet1 and VNet2. VNet1 contains a VPN gateway namedVPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1. On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1. You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2. You need to ensure that you can connect Client1 to VNet2. What should you do?

A. Select Use the remote virtual network's gateway or Route Server on VNet1 to VNet2 peering.

B. Select Use the remote virtual network s gateway or Route Server on VNet2 to VNet1 peering.

C. Download and re-install the VPN client configuration package on Client1.

D. Enable BGP on VPNGW1.

NO.63 *

You have an Azure subscription that contains the resources shown in the following table.

VM1 and VM2 run a website that is configured as shown in the following table.

LB1 is configured to balance requests to VM1 and VM2.You configure a health probe as shown in the exhibit. (Click the Exhibit tab.)

You need to ensure that the health probe functions correctly. What should you do?

(A). On LB1, change the Unhealthy threshold to 65536.(B). On LB1, change the port to 8080.(C). On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\Temp folder.(D). On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\SiteA\Tempfolder.

NO.64 *

Your company has 100 users located in an office in Paris. The on-premises network contains the servers shown in the following table.

You create a new subscription. You need to move all the servers to Azure.Solution: You use Azure Site Recovery. Does this meet the goal?

(A). Yes(B). No

NO.65 **

You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2. VM1 hosts a frontend application that connects to VM2 to retrieve data. Users report that the frontend application is slower than usual. You need to view the average round-trip time (RTT) of the packets from VM1 to VM2. Which Azure Network Watcher feature should you use?

A. IP flow verify

B. Connection troubleshoot

C. Connection monitor

D. NSG flow logs

NO.66 *

You are deploying a containerized web application in Azure.When deploying the web app, which of the following are valid container image sources?

(A). Virtual machine(B). Docker hub(C). ACR(D). On-premises

NO.70 *

You need to create a bar chart that shows the number of distinct computers that have sentheartbeats each week. How should you complete the Log Analytics query? To answer, select theappropriate options in the answer area. NOTE; Each correct selection is worth one point.

You have several Azure virtual machines that run Windows Server 2019. You need to identify the distinct event IDs of each virtual machine as shown in the following table.

How should you complete the Azure Monitor query? To answer, drag the appropriate values to the correct locations. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:

NO.71 **

You need to add VM1 and VM2 to the backend pool of LB1. What should you do first?

(A). Create a new NSG and associate the NSG to VNET1/Subnet1.(B). Connect VM2 to VNET1/Subnet1.(C). Redeploy VM1 and VM2 to the same availability zone.(D). Redeploy VM1 and VM2 to the same availability set.

NO.72 *

You have an Azure subscription that contains the virtual networks shown in the following table.

You have the virtual machines shown in the following table.

You have the virtual network interfaces shown in the following table.

Server1 is a DNS server that contains the resources shown in the following table.

You have an Azure private DNS zone named contoso.com that has a virtual network link to VNET2 and the records shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area:

NO.75 *

You have an Azure subscription. You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will be part of the same availability set. You need to ensure that as many virtual machines as possible are available if the fabric fails or during servicing. How should you configure the template? To answer, select the appropriate options in the answerarea. NOTE: Each correct selection is worth one point

NO.77 *

You have an Azure subscription that contains the following resources:100 Azure virtual machines, 20 Azure SQL databases, 50 Azure file shares You need to create a daily backup of all the resources by using Azure Backup. What is the minimum number of backup policies that you must create?

(A). 1(B). 2(C). 3(D). 150(E). 170

NO.81 *

You have an Azure Active Directory (Azure AD) tenant named contoso.com. Multi-factor authentication (MFA) is enabled for all users. You need to provide users with the ability to bypass MFA for 10 days on devices to which they have successfully signed in by using MFA. What should you do?

(A). From the multi-factor authentication page, configure the users' settings.(B). From Azure AD, create a conditional access policy.(C). From the multi-factor authentication page, configure the service settings.(D). From the MFA blade in Azure AD, configure the MFA Server settings.

NO.82 *

You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will bepart of the same availability set. You need to ensure that as many virtual machines as possible are available if the fabric fails or during servicing. How should you configure the template? To answer, select the appropriate options in the answerarea. NOTE: Each correct selection is worth one point.

NO.83 **

You have an Azure Active Directory (Azure AD) tenant that has the initial domain name. You have a domain name of contoso.com registered at a third-party registrar. You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com. Which three actions should you perform in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

Select and Place:

NO.88 **

Your company has offices in New York and Los Angeles.You have an Azure subscription that contains an Azure virtual network named VNet1. Each office has a site-to-site VPN connection to VNet1.Each network uses the address spaces shown in the following table:

You need to ensure that all Internet-bound traffic from VNet1 is routed through the New York office. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

NO.89 *

You have an Azure subscription that contains the resources shown in the following table.

LB1 is configured as shown in the following table.

You plan to create new inbound NAT rules that meet the following requirements:✑ Provide Remote Desktop access to VM1 from the internet by using port 3389.✑ Provide Remote Desktop access to VM2 from the internet by using port 3389.

What should you create on LB1 before you can create the new inbound NAT rules?

A. a frontend IP addressB. a load balancing ruleC. a health probeD. a backend pool

NO.91 **

You have an Azure subscription that contains an Azure virtual machine named VM1.  VM1 runs Windows Server 2016 and is part of an availability set. VM1 has virtual machine-level backup enabled. VM1 is deleted. You need to restore VM1 from the backup. VM1 must be part of the availability set. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:

NO.93 *

You have the Azure resources shown on the following exhibit.

You plan to track resource usage and prevent the deletion of resources. To which resources can you apply locks and tags? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

NO.101 *

You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines. You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text. What should you create to store the password?

(A). Azure Active Directory (AD) Identity Protection and an Azure policy(B). a Recovery Services vault and a backup policy(C). an Azure Key Vault and an access policy(D). an Azure Storage account and an access policy

NO.102 *

You have an Azure subscription that contains the following resources:A virtual network that has a subnet named Subnet1Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections.NSG-Subnet1 has the default inbound security rules only.NSG-VM1 has the default inbound security rules and the following custom inbound security rule:Priority: 100Source: Any Sourceport range: *Destination: *Destination port range: 3389Protocol: UDPAction: AllowVM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1. You need to be able to establish Remote Desktop connections from the internet to VM1.Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Any source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol. You remove NSG-VM1 from the network interface of VM1. Does this meet the goal?

(A). Yes(B). No

NO.106 *

You have two Azure Active Directory (Azure AD) tenants named contoso.com and fabrikam.com. You have a Microsoft account that you use to sign in to both tenants. You need to configure the default sign-in tenant for the Azure portal.What should you do?

A. From Azure Cloud Shell, run Set-AzureRmSubscription.

B. From Azure Cloud Shell, run Set-AzureRmContext.

C. From the Azure portal, configure the portal settings.

D. From the Azure portal, change the directory.

NO.110 *

You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1. You need to view the error events from a table named Event. Which query should you run in Workspace1?

A. Get-Event Event | where {$_.EventType ""eq "error"}

B. Get-Event Event | where {$_.EventType == "error"}

C. search in (Event) * | where EventType ""eq "error"

D. search in (Event) "error"

E. select *from Event where EventType == "error"

F. Event | where EventType is "error"

NO.112 **

You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains the users shown in the following table.

Adatum.com has the following configurations:✑ Users may join devices to Azure AD is set to User1.✑ Additional local administrators on Azure AD joined devices is set to None.You deploy Windows 10 to a computer named Computer1. User1 joins Computer1 to adatum.com. You need to identify the local Administrator group membership on Computer1. Which users are members of the local Administrators group?

A. User1 only

B. User2 only

C. User1 and User2 only

D. User1, User2, and User3 only

E. User1, User2, User3, and User4

NO.113 *

You have an Azure Active Directory (Azure AD) tenant. You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal. Which three settings should you configure? To answer, select the appropriate settings to the answer area. NOTE: Each correct selection is worth one point. Hot Area:

NO.116 *

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

The status of VM1 is Running. You assign an Azure policy as shown in the exhibit. (Click the Exhibit tab.)

You assign the policy by using the following parameters:

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.Hot Area:

NO.117 *

You create an Azure web app named WebApp1. WebApp1 has the autoscale settings shown in the following exhibit.

The scale out and scale in rules are configured to have a duration of 10 minutes and a cool down time of five minutes. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. Each correct selection is worth one point.

NO.118 *

You have an Azure web app named App1. You need to monitor the availability of App1 by using a multi-step web test. What should you use in Azure Monitor?

A. Azure Service Health

B. Azure Application Insights

C. the Diagnostic settings

D. metrics

NO.122 *

You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs WindowsServer 2016. Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1. What can you do from the Azure portal?

A. Generate an automation script for RG1.B. View the keys of storageaccount1.C. Start VM1.D. Upload a blob to storageaccount1.

NO.124 *

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The User administrator role is assigned to a user named Admin1. An external partner has a Microsoft account that uses the user1@outlook.com sign in. Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: Unable to invite user user1@outlook.com" Generic authorization exception. You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant. What should you do?

A. From the Users settings blade, modify the External collaboration settings.

B. From the Custom domain names blade, add a custom domain.

C. From the Organizational relationships blade, add an identity provider.

D. From the Roles and administrators blade, assign the Security administrator role to Admin1.

NO.126 *

You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements. Which storage account should you identify?

A. storage1

B. storage2

C. storage3

D. storage4

NO.128 *

You have an Azure subscription that contains 100 virtual machines. You regularly create and delete virtual machines. You need to identify unattached disks that can be deleted. What should you do?

A. From Azure Cost Management, view Cost Analysis

B. From Azure Advisor, modify the Advisor configuration

C. From Microsoft Azure Storage Explorer, view the Account Management properties

D. From Azure Cost Management, view Advisor Recommendations

NO.130 **

You need to ensure that User1 can create initiative definitions, and User4 can assign initiatives to RG2. The solution must meet the technical requirements. Which role should you assign to each user? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:

NO.131 *

You have a Basic App Service plan named ASP1 that hosts an Azure App Service named App1. You need to configure a custom domain and enable backups for App1. What should you do first?

(A). Configure a WebJob for App1.

(B). Scale up ASP1.

(C). Scale out ASP1.

(D). Configure the application settings for App1.

NO.132 *

You develop the following Azure Resource Manager (ARM) template to create a resource group and deploy an Azure Storage account to the resource group.

Which cmdlet should you run to deploy the template?

A. New-AzResource

B. New-AzResourceGroupDeployment

C. New-AzTenantDeployment

D. New-AzDeployment

NO.134 *

You have an Azure virtual machine that runs Windows Server 2019 and has the followingconfigurations:

Name: VM1Location: West USConnected to: VNET1Private IP address: 10.1.0.4Public IP address: 52.186.85.63DNS suffix in Windows Server: Adatum.comYou create the Azure DNS zones shown in the following table.

You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register.Which zones should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

NO.136 *

You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com. You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources. What should you do first?

A. From on-premises network, deploy Active Directory Federation Services (AD FS).

B. From Azure AD, add and verify a custom domain name.

C. From on-premises network, request a new certificate that contains the Active Directory domain name.

D. From the server that runs Azure AD Connect, modify the filtering options.

NO.137 **

You have an Azure subscription named Subscription1.  Subscription1 contains two Azure virtual machines named VM1 and VM2. VM1 and VM2 run Windows Server 2016. VM1 is backed up daily by Azure Backup without using the Azure Backup agent. VM1 is affected by ransomware that encrypts data. You need to restore the latest backup of VM1. To which location can you restore the backup?  To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

NO.140 **

You are configuring Azure Active Directory (AD) Privileged Identity Management.You need to provide a user named Admin1 with read access to a resource group named RG1 for only one month. The user role must be assigned immediately.What should you do?

A. Assign an active role.

B. Assign an eligible role.

C. Assign a permanently active role.

D. Create a custom role and a conditional access policy.

NO.143 *

You have an Azure subscription that contains an Azure file share. You have an on-premises server named Server1 that runs Windows Server 2016. You plan to set up Azure File Sync between Server1 and the Azure file share. You need to prepare the subscription for the planned Azure File Sync. Which two actions should you perform in the Azure subscription?

NO.146 **

You have an Azure tenant that contains two subscriptions named Subscription1 and Subscription2. In Subscription1, you deploy a virtual machine named Server1 that runs Windows Server 2016. Server1 uses managed disks. You need to move Server1 to Subscription2. The solution must minimize administration effort.What should you do first?

(A). In Subscription2, create a copy of the virtual disk.

(B). From Azure PowerShell, run the Move-AzureRmResource cmdlet.

(C). Create a snapshot of the virtual disk.

(D). Create a new virtual machine in Subscription2.

NO.150 **

You have an on-premises network that you plan to connect to Azure by using a site-to-site VPN. In Azure, you have an Azure virtual network named VNet1 that uses an address space of 10.0.0.0/16. VNet1 contains a subnet named Subnet1 that uses an address space of 10.0.0.0/24. You need to create a site-to-site VPN to Azure. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choice is correct. You will receive credit for any of the correct orders you select. Select and Place:

NO.154 **

You create an Azure subscription that is associated to a basic Azure Active Directory (AzureAD) tenant.You need to receive an email notification when any user activates an administrative role. What should you do?

(A). Purchase Azure AD Premium 92 and configure Azure AD Privileged Identity Management.

(B). Purchase Enterprise Mobility + Security E3 and configure conditional access policies.

(C). Purchase Enterprise Mobility + Security E5 and create a custom alert rule in Azure SecurityCenter.

(D). Purchase Azure AD Premium PI and enable Azure AD Identity Protection.

NO.156 *

You have an Azure subscription that contains a resource group named TestRG. You use TestRG to validate an Azure deployment. TestRG contains the following resources:

You need to delete TestRG.  What should you do first?

A. Modify the backup configurations of VM1 and modify the resource lock type of VNET1

B. Remove the resource lock from VNET1 and delete all data in Vault1

C. Turn off VM1 and remove the resource lock from VNET1

D. Turn off VM1 and delete all data in Vault1

NO.158 **

You are troubleshooting a performance issue for an Azure Application Gateway. You need to compare the total requests to the failed requests during the past six hours. What should you use?

(A). Metrics in Application Gateway

(B). Diagnostics logs in Application Gateway

(C). NSG flow logs in Azure Network Watcher

(D). Connection monitor in Azure Network Watcher

NO.162 *

You have an Azure Service Bus. You need to implement a Service Bus queue that guarantees first in first-out (FIFO) delivery of messages.What should you do?

(A). Set the Lock Duration setting to 10 seconds.

(B). Enable duplicate detection.

(C). Set the Max Size setting of the queue to 5 GB.

(D). Enable partitioning.

(E). Enable sessions.

NO.163 *

You have an Azure subscription that contains the resources shown in the following table.

All virtual machines run Windows Server 2016. On VM1, you back up a folder named Folder1 as shown in the following exhibit.

You plan to restore the backup to a different virtual machine. You need to restore the backup to VM2. What should you do first?

A. From VM1, install the Windows Server Backup feature.

B. From VM2, install the Microsoft Azure Recovery Services Agent.

C. From VM1, install the Microsoft Azure Recovery Services Agent.

D. From VM2, install the Windows Server Backup feature.

NO.165 *

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You create virtual machines in Subscription1 as shown in the following table.

You plan to use Vault1 for the backup of as many virtual machines as possible. Which virtual machines can be backed up to Vault1?

A. VM1 only

B. VM3 and VMC only

C. VM1, VM2, VM3, VMA, VMB, and VMC

D. VM1, VM3, VMA, and VMC only Most Voted

E. VM1 and VM3 only

NO.168 *

You have an Azure subscription that contains a storage account named storage1. The subscription is linked to an Azure Active Directory (Azure AD) tenant named contoso.com that syncs to an on-premises Active Directory domain. The domain contains the security principals shown in the following table.

In Azure AD, you create a user named User2. The storage1 account contains a file share named share1 and has the following configurations.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:

NO.170 *

You have an Azure subscription. You have 100 Azure virtual machines. You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering. Which blade should you use?

A. Metrics

B. Customer insights

C. Monitor

D. Advisor

NO.173 *

You have an Azure Kubernetes Service (AKS) cluster named AKS1 and a computer named Computer1 that runs Windows 10. Computer1 that has the Azure CLI installed. You need to install the kubectl client on Computer1. Which command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:

NO.174 **

You have an Azure subscription linked to an Azure Active Directory tenant. The tenant includes a user account named User1. You need to ensure that User1 can assign a policy to the tenant root management group. What should you do?

A. Assign the Owner role for the Azure Subscription to User1, and then modify the default conditional access policies.

B. Assign the Owner role for the Azure subscription to User1, and then instruct User1 to configure access management for Azure resources.

C. Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.

D. Create a new management group and delegate User1 as the owner of the new management group.

NO.175 *

You have an Azure subscription named Subscription1 that contains the virtual networks in the following table.

Subscription1 contains the virtual machines in the following table.

In Subscription1, you create a load balancer that has the following configurations:✑ Name: LB1✑ SKU: Basic✑ Type: Internal✑ Subnet: Subnet12✑ Virtual network: VNET1For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.Hot Area:

NO.176 **

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. Modify the extensionProfile section of the Azure Resource Manager template.

B. Create an automation account.

C. Upload a configuration script.

D. Create a new virtual machine scale set in the Azure portal.

E. Create an Azure policy.

NO.177 *

You have an Azure subscription that uses the public IP addresses shown in the following table.

You need to create a public Azure Standard Load Balancer. Which public IP addresses can you use?

A. IP1, IP2, and IP3

B. IP2 only

C. IP3 only

D. IP1 and IP3 only

NO.178 *

You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate. From Azure, you download and install the VPN client configuration package on a computer named Computer2. You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.Solution: You export the client certificate from Computer1 and install the certificate on Computer2. Does this meet the goal?

A. Yes

B. No

NO.182 *

You have an Azure subscription that contains the virtual machines shown in the following table.

You deploy a load balancer that has the following configurations:✑ Name: LB1✑ Type: Internal✑ SKU: Standard✑ Virtual network: VNET1You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.Solution: You create a Standard SKU public IP address, associate the address to the network interface of VM1, and then stop VM2. Does this meet the goal?

A. Yes

B. No

NO.183 **

You need to configure the alerts for VM1 and VM2 to meet the technical requirements. Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:

NO.185 **

You have an Azure Active Directory (Azure AD) tenant that contains three global administrators named Admin1, Admin2, and Admin3. The tenant is associated to an Azure subscription. Access control for the subscription is configured as shown in the Access control exhibit. (Click the AccessControl tab.)

You sign in to the Azure portal as Admin1 and configure the tenant as shown in the Tenant exhibit. (Click the Tenant tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Hot Area:

NO.186 **

You recently created a new Azure subscription that contains a user named Admin1. Admin1 attempts to deploy an Azure Marketplace resource by using an Azure Resource Manager template. Admin1 deploys the template by using AzurePowerShell and receives the following error message: User failed validation to purchase resources. Error message:Legal terms have not been accepted for this item on this subscription. To accept legal terms, please go to the Azure portal (http://go.microsoft.com/fwlink/?LinkId=534873) and configure programmatic deployment for the Marketplace item or create it there for the first time.`You need to ensure that Admin1 can deploy the Marketplace resource successfully. What should you do?

A. From Azure PowerShell, run the Set-AzApiManagementSubscription cmdlet

B. From the Azure portal, register the Microsoft.Marketplace resource provider

C. From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet

D. From the Azure portal, assign the Billing administrator role to Admin1

NO.191 *

You have an Active Directory forest named contoso.com. You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method.  Staging mode is enabled. You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs. You need to ensure that the synchronization completes successfully. What should you do?

A. Run Azure AD Connect and set the SSO method to Pass-through Authentication.

B. From Synchronization Service Manager, run a full import.

C. From Azure PowerShell, run Start-AdSyncSyncCycle ""PolicyType Initial.

D. Run Azure AD Connect and disable staging mode.

NO.192 **

A web developer creates a web application that you plan to deploy as an Azure web app. Users must enter credentials to access the web application. You create a new web app named WebApp1 and deploy the web application to WebApp1. You need to disable anonymous access to WebApp1. What should you configure?

A. Access control (IAM)

B. Advanced Tools

C. Deployment credentials

D. Authentication/Authorization

NO.195 *

You have an Azure subscription that contains the storage accounts shown in the following table.

You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting a live migration from Azure support. What should you identify?

A. storage1

B. storage2

C. storage3

D. storage4

NO.199 *

You have an Azure subscription that contains the resources shown in the following table.

You need to load balance HTTPS connections to vm1 and vm2 by using lb1. Which three actions should you perform in sequence?

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:

NO.202 **

You onboard 10 Azure virtual machines to Azure Automation State Configuration. You need to use Azure Automation State Configuration to manage the ongoing consistency of the virtual machine configurations. Which three actions should you perform in sequence?  To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.Select and Place:

NO.203 **

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.

From PIM, you assign the Security Administrator role to the following groups:✑ Group1: Active assignment type, permanently assigned✑ Group2: Eligible assignment type, permanently eligibleFor each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.Hot Area:

NO.204 **

Your company has an Azure subscription named Subscription1.  The company also has two on-premises servers named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a DNS server that has a primary DNS zone named adatum.com.  Adatum.com contains 1,000 DNS records. You manage Server1 and Subscription1 from Server2. Server2 has the following tools installed:✑ The DNS Manager console✑ Azure PowerShell✑ Azure CLI 2.0You need to move the adatum.com zone to an Azure DNS zone in Subscription1. The solution must minimize administrative effort. What should you use?

A. Azure CLI

B. Azure PowerShell

C. the Azure portal

D. the DNS Manager console

NO.205 **

You plan to use Azure Network Watcher to perform the following tasks:✑ Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine.✑ Task2: Validate outbound connectivity from an Azure virtual machine to an external host.Which feature should you use for each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

NO.206 **

You have an azure subscription named Subscription1 that has the following providers registered:✑ Authorization✑ Automation✑ Resources✑ Compute✑ KeyVault✑ Network✑ Storage✑ Billing✑ WebSubscription1 contains an Azure virtual machine named VM1 that has the following configurations:✑ Private IP address: 10.0.0.4 (dynamic)✑ Network security group (NSG): NSG1✑ Public IP address: None✑ Availability set: AVSet✑ Subnet: 10.0.0.0/24✑ Managed disks: No✑ Location: East USYou need to record all the successful and failed connection attempts to VM1. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

(A). Register the Microsoft.Insights resource provider(B). Add an Azure Network Watcher connection monitor(C). Register the Microsoft.LogAnalytics provider(D). Enable Azure Network Watcher in the East US Azure region(E). Create an Azure Storage account(F). Enable Azure Network Watcher flow logs

NO.209 **

You have a general purpose v1 storage account named storageaccount1 that has a private container named container1.You need to allow read access to the data inside container1, but only within a 14 day window. How do you accomplish this?

A. Create a stored access policy

B. Create a service SAS

C. Create a shared access signatures

D. Upgrade the storage account to general purpose v2

NO.210 **

You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com. You need to enable two-step verification for Azure users. What should you do?

(A). Create a sign-in risk policy in Azure AD Identity Protection

(B). Enable Azure AD Privileged Identity Management.

(C). Create and configure the Identity Hub.

(D). Configure a security policy in Azure Security Center.

NO.212 *

You plan to move a distributed on-premises app named App1 to an Azure subscription. After the planned move, App1 will be hosted on several Azure virtual machines. You need to ensure that App1 always runs on at least eight virtual machines during planned Azure maintenance. What should you create?

A. one virtual machine scale set that has 10 virtual machines instances.

B. one Availability Set that has three fault domains and one update domain

C. one Availability Set that has 10 update domains and one fault domain

D. one virtual machine scale set that has 12 virtual machines instances

NO.214 **

You have an Azure Active Directory (Azure AD) tenant that has Azure AD Privileged Identity Management configured. You have 10 users who are assigned the Security Administrator role for the tenant. You need the users to verify whether they still require the Security Administrator role.What should you do?

(A). From Azure AD Identity Protection, configure a user risk policy.

(B). From Azure AD Privileged Identity Management, create an access review.

(C). From Azure AD Identity Protection, configure the Weekly Digest.

(D). From Azure AD Privileged Identity Management, create a conditional access policy.

NO.215 *

You have an Azure Kubernetes Service (AKS) cluster named AKS1. You need to configure cluster autoscaler for AKS1. Which two tools should you use? Each correct answer presents a complete solution.  NOTE: Each correct selection is worth one point.

A. the kubectl command

B. the az aks command

C. the Set-AzVm cmdlet

D. the Azure portal

E. the Set-AzAks cmdlet

NO.225 **

You have an Azure subscription. You need to use an Azure Resource Manager (ARM) template to create a virtual machine that will have multiple data disks. How should you complete the template? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

NO.226*

You have an Azure subscription named Subscription1 and an on-premises deployment of Microsoft System Center Service Manager. Subscription1 contains a virtual machine named VM1. You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent. What should you do first?

A. Create an automation runbook

B. Deploy a function app

C. Deploy the IT Service Management Connector (ITSM)

D. Create a notification

NO.227*

You have an Azure Active Directory (Azure AD) tenant named contoso.com that is synced to an Active Directory domain. The tenant contains the users shown in the following table.

The users have the attribute shown in the following table.

You need to ensure that you can enable Azure Multi-Factor Authentication (MFA) for all four users.Solution: You add a mobile phone number for User2 and User4.Does this meet the Goal?

(A). Yes

(B). No

NO.230 *

You have an Azure web app named webapp1. Users report that they often experience HTTP 500 errors when they connect to webapp1. You need to provide the developers of webapp1 with real-time access to the connection errors. The solution must provide all the connection error details. What should you do first?

A. From webapp1, enable Web server logging

B. From Azure Monitor, create a workbook

C. From Azure Monitor, create a Service Health alert

D. From webapp1, turn on Application Logging

NO.231**

You need to ensure that you can grant Group4 Azure RBAC read only permissions to all the Azure file shares. What should you do?

(A). On storagel and storage4, change the Account kind type to StorageV2 (general purpose v2).

(B). Recreate storage2 and set Hierarchical namespace to Enabled.

(C). On storage2, enable identity-based access for the file shares.

(D). Create a shared access signature (SAS) for storagel, storage2, and storage4. Answer: A

A. On storage2, enable identity-based access for the file shares. Most Voted

B. Recreate storage2 and set Hierarchical namespace to Enabled.

C. On storage1 and storage4, change the Account kind type to StorageV2 (general purpose v2).

D. Create a shared access signature (SAS) for storage1, storage2, and storage4.

NO.233**

You have an Azure subscription that contains the virtual networks shown in the following table.

The subscription contains the private DNS zones shown in the following table.

You add virtual network links to the private DNS zones as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area:

NO.234**

You are building a custom Azure function app to connect to Azure Event Grid. You need to ensure that resources are allocated dynamically to the function app. Billing must be based on the executions of the app. What should you configure when you create the function app?

A. the Windows operating system and the App Service plan hosting plan

B. the Docker container and an App Service plan that uses the B1 pricing tier

C. the Windows operating system and the Consumption plan hosting plan

D. the Docker container and an App Service plan that uses the S1 pricing tier

NO.236*

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1. You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days. Which two groups should you create? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A. a Microsoft 365 group that uses the Assigned membership type

B. a Security group that uses the Assigned membership type

C. a Microsoft 365 group that uses the Dynamic User membership type

D. a Security group that uses the Dynamic User membership type

E. a Security group that uses the Dynamic Device membership type

NO.240*

You have a public load balancer that balances ports 80 and 443 across three virtualmachines. You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only. Whatshould you configure?

(A). a load balancing rule(B). a new public load balancer for VM3(C). an inbound NAT rule(D). a frontend IP configuration

NO.241 **

You need to deploy two Azure web apps named WebApp1 and WebApp2. The web apps have the following requirements:

✑ WebApp1 must be able to use staging slots✑ WebApp2 must be able to access the resources located on an Azure virtual network

What is the least costly plan that you can use to deploy each web app?To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:

NO.242*

You plan to move services from your on-premises network to Azure. You identify several virtual machines that you believe can be hosted in Azure. The virtual machines are shown in the following table.

Which two virtual machines can you access by using Azure migrate? Each correct answer presents a complete solution. Each correct selection is worth one point. NOTE:

A. Sea-CA01

B. Hou-NW01

C. NYC-FS01

D. Sea-DC01

E. BOS-DB01

NO.244**

You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table.

VNET1 contains a virtual network gateway named VNG1 that uses policy-based routing and has a single Site-to-Site VPN connection to an on-premises datacenter. You need to Implement ExpressRoute, The solution must include a Site-to-Site VPN as a backup. Which four actions should you perform in sequence?To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

NO.245*

You have an Azure subscription named Subscription1. In Subscription1, you create an alert rule named Alert1. The Alert1 action group is configured as shown in the following exhibit.

Alert1 alert criteria is triggered every minute. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.Hot Area:

NO.246 **

You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com.You need to enable two-step verification for Azure users. What should you do?

A. Create an Azure AD conditional access policy.

B. Configure a playbook in Azure Security Center.

C. Enable Azure AD Privileged Identity Management.

D. Install an MFA Server.

NO.248 **

You have Azure Storage accounts as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. Hot Area:

NO.249*

You have an Azure subscription that contains two virtual machines named VM1 and VM2. You create an Azure load balancer. You plan to create a load balancing rule that will load balance HTTPS traffic between VM1 and VM2. Which two additional load balancer resources should you create before you can create the load balancing rule? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. a frontend IP address

B. an inbound NAT rule

C. a virtual network

D. a backend pool

E. a health probe

NO.252 **

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

In storage1, you create a blob container named blob1 and a file share named share1.Which resources can be backed up to Vault1 and Vault2?To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Hot Area:

NO.254 **

You have an Azure subscription that contains a storage account named account1. You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of131.107.1.0/24. You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24. You need to configure account1 to meet the following requirements:✑ Ensure that you can upload the disk files to account1.✑ Ensure that you can attach the disks to VM1.✑ Prevent all other access to account1.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. From the Firewalls and virtual networks blade of account1, add VNet1.

B. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.

C. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.

D. From the Firewalls and virtual networks balde of account1, select Selected networks.

E. From the Service endpoints blade of VNet1, add a service endpoint.

NO.265 **

You have an on-premises file server named Server1 that runs Windows Server 2016. You have an Azure subscription that contains an Azure file share. You deploy an Azure File Sync Storage Sync Service, and you create a sync group. You need to synchronize files from Server1 to Azure. Which three actions should you perform in sequence?To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:

NO.267 *

You have an Azure Active Directory (Azure AD) tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users.Solution: From Azure AD in the Azure portal, you use the Bulk create user operation. Does this meet the goal?

A. Yes

B. No

NO.269 *

You have an Azure subscription linked to an Azure Active Directory tenant. The tenant includes a user account named User1. You need to ensure that User1 can assign a policy to the tenant root management group. What should you do?

A. Assign the Owner role for the Azure Subscription to User1, and then modify the default conditional access policies.

B. Assign the Owner role for the Azure subscription to User1, and then instruct User1 to configure access management for Azure resources.

C. Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.

D. Create a new management group and delegate User1 as the owner of the new management group.

NO.271 *

You have Azure subscriptions named Subscription1 and Subscription2. Subscription1 has following resource groups:

RG1 includes a web app named App1 in the West Europe location. Subscription2 contains the following resource groups:

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:

NO.272 *

You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.Solution: From Azure Network Watcher, you create a packet capture. Does this meet the goal?

A. Yes

B. No

NO.277 **

You have an Azure subscription named Subscription1. You plan to deploy an Ubuntu Server virtual machine named VM1 to Subscription1. You need to perform a custom deployment of the virtual machine. A specific trusted root certification authority (CA) must be added during the deployment. What should you do?To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:

NO.281 *

You have an Azure subscription that contains the resources shown in the following table.

In Azure Cloud Shell, you need to create a virtual machine by using an Azure Resource Manager (ARM) template. How should you complete the command?To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:

NO.282 **

You have an Azure subscription named AZPT1 that contains the resources shown in the following table:

You create a new Azure subscription named AZPT2. You need to identify which resources can be moved to AZPT2. Which resources should you identify?

A. VM1, storage1, VNET1, and VM1Managed only

B. VM1 and VM1Managed only

C. VM1, storage1, VNET1, VM1Managed, and RVAULT1

D. RVAULT1 only

NO.283 **

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains four subnets named Gateway, Perimeter, NVA, and Production. The NVA subnet contains two network virtual appliances (NVAs) that will perform network traffic inspection between the Perimeter subnet and the Production subnet. You need to implement an Azure load balancer for the NVAs.The solution must meet the following requirements:✑ The NVAs must run in an active-active configuration that uses automatic failover.✑ The NVAs / The load balancer must load balance traffic to two services on the Production subnet. The services have different IP addressesWhich three actions should you perform?Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

(A). Add two load balancing rules that have HA Ports enabled and Floating IP disabled.

(B). Deploy a standard load balancer.

(C). Add a frontend IP configuration, two backend pools, and a health prob.

(D). Add a frontend IP configuration, a backend pool, and a health probe.

(E). Add two load balancing rules that have HA Ports and Floating IP enabled.

NO.284 *

You have a deployment template named Template1 that is used to deploy 10 Azure web apps. You need to identify what to deploy before you deploy Template1. The solution must minimize Azure costs. What should you identify?

A. five Azure Application Gateways

B. one App Service plan

C. 10 App Service plans

D. one Azure Traffic Manager

E. one Azure Application Gateway

NO.286 *

You have an Azure App Service plan that hosts an Azure App Service named App1. You configure one production slot and four staging slots for App1. You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot. What should you add to App1?

A. slots to the Testing in production blade

B. a performance test

C. a WebJob

D. templates to the Automation script blade

NO.289 **

You are planning to deploy an Ubuntu Server virtual machine to your company's Azure subscription. You are required to implement a custom deployment that includes adding a particular trusted root certification authority (CA). Which of the following should you use to create the virtual machine?

A. The New-AzureRmVm cmdlet.

B. The New-AzVM cmdlet.

C. The Create-AzVM cmdlet.

D. The az vm create command.

NO.291 **

You plan to create an Azure virtual machine named VM1 that will be configured as shown in the following exhibit.

The planned disk configurations for VM1 are shown in the following exhibit.

You need to ensure that VM1 can be created in an Availability Zone. Which two settings should you modify?Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. Use managed disks

B. OS disk type

C. Availability options

D. Size

E. Image

NO.297 **

You need to create an Azure virtual machine named VM1 that requires a static private IP address configured inside the IP address space for the VNet in which the VM resides. How do you configure a static IP address for this Azure VM?

(A). After the VM has been created, create a new network interface and configure a static IP address for that network interface

(B). When creating a VM in the portal, select New next to private ip address and choose static after assigning the correct IP address

(C). When creating the VM in the portal, change the setting from dynamic to static on the networking tab under private IP address

(D). After the VM has been created, go to the network interface attached to the VM and change the IP configuration to static assignment

NO.298 *

You have an Azure Migrate project that has the following assessment properties:✑ Target location: East US✑ Storage redundancy: Locally redundant.✑ Comfort factor: 2.0✑ Performance history: 1 month✑ Percentile utilization: 95th✑ Pricing tier: Standard✑ Offer: Pay as you goYou discover the following two virtual machines:✑ A virtual machine named VM1 that runs Windows Server 2016 and has 10 CPU cores at 20 percent utilization✑ A virtual machine named VM2 that runs Windows Server 2012 and has 4 CPU cores at 50 percent utilizationHow many CPU cores will Azure Migrate recommend for each virtual machine?To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

NO.299 **

You have an on-premises network that includes a Microsoft SQL Server instance named SQL1. You create an Azure Logic App named App1. You need to ensure that App1 can query a database on SQL1. Which three actions should you perform in sequence?To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:

NO.300 *

You have an Azure Active Directory (Azure AD) tenant. You plan to delete multiple users by using Bulk delete in the Azure Active Directory admin center. You need to create and upload a file for the bulk delete. Which user attributes should you include in the file?

A. The user principal name and usage location of each user only

B. The user principal name of each user only

C. The display name of each user only

D. The display name and usage location of each user only

E. The display name and user principal name of each user only

NO.301 *

You have an Azure subscription that contains the file shares shown in the following table.

You have the on-premises file shares shown in the following table.

You create an Azure file sync group named Sync1 and perform the following actions:✑ Add share1 as the cloud endpoint for Sync1.✑ Add data1 as a server endpoint for Sync1.✑ Register Server1 and Server2 to Sync1.For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.Hot Area:

NO.306 **

You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a file share named share1. The subscription is linked to a hybrid Azure Active Directory (Azure AD) tenant that contains a security group named Group1. You need to grant Group1 the Storage File Data SMB Share Elevated Contributor role for share1. What should you do first?

A. Enable Active Directory Domain Service (AD DS) authentication for storage1.

B. Grant share-level permissions by using File Explorer.

C. Mount share1 by using File Explorer.

D. Create a private endpoint.

NO.309 **

You have an Azure Resource Manager template named Template1 that is used to deploy an Azure virtual machine. Template1 contains the following text:

The variables section in Template1 contains the following text:"location": "westeurope" The resources section in Template1 contains the following text:

You need to deploy the virtual machine to the West US location by using Template1.What should you do?

A. Modify the location in the resources section to westusB. Select West US during the deploymentC. Modify the location in the variables section to westus

NO.310 **

You have an Azure subscription named Subscription1. In Subscription1, you create an Azure web app named WebApp1. WebApp1 will access an external service that requires certificate authentication. You plan to require the use of HTTPS to access WebApp1. You need to upload certificates to WebApp1. In which formats should you upload the certificate?  To answer, select the appropriate options in the answer area.: Each correct selection is worth one point.

NOTE -Hot Area:

NO.351 *

You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines. You need to delete the Recovery Services vault. What should you do first?

A. From the Recovery Service vault, delete the backup data.

B. Modify the disaster recovery properties of each virtual machine.

C. Modify the locks of each virtual machine.

D. From the Recovery Service vault, stop the backup of each backup item.

NO.312 **

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VM1. VM1 is in a resource group named RG1. VM1 runs services that will be used to deploy resources to RG1. You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1. What should you do first?

A. From the Azure portal, modify the Access control (IAM) settings of RG1.

B. From the Azure portal, modify the Policies settings of RG1.

C. From the Azure portal, modify the Access control (IAM) settings of VM1.

D. From the Azure portal, modify the value of the Managed Service Identity option for VM1.

NO.313 **

You have an Azure subscription that contains the resources shown in the following table.

VMSS1 is set to VM (virtual machines) orchestration mode. You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1. Which resource group and location should you use to deploy VM1?

To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

NO.314 **

You have an Azure virtual machine named VM1 that runs Windows Server 2016. You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.

Solution: You create an Azure storage account and configure shared access signatures (SASs). You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the storage account as the source.

Does this meet the goal?(Question Series)

A. YesB. No

NO.319 **

Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy. Does the solution meet the goal?

A. Yes

B. No

NO.320 **

You have a deployment template named Template1 that is used to deploy 10 Azure web apps. You need to identify what to deploy before you deploy Template1. The solution must minimize Azure costs.What should you identify?

A. five Azure Application GatewaysB. one App Service planC. 10 App Service plansD. one Azure Traffic ManagerE. one Azure Application Gateway

NO.321 **

You onboard 10 Azure virtual machines to Azure Automation State Configuration. You need to use Azure Automation State Configuration to manage the ongoing consistency of the virtual machine configurations. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. sp

NO.324 **

You have an Azure subscription that contains the storage accounts shown in the following table.

You plan to manage the data stored in the accounts by using lifecycle management rules. To which storage accounts can you apply lifecycle management rules?

A. storage1 onlyB. storage1 and storage2 onlyC. storage3 and storage4 onlyD. storage1, storage2, and storage3 onlyE. storage1, storage2, storage3, and storage4

NO.325 **

You have two Azure virtual machines named VM1 and VM2.VM1 has a single data disk named Disk1. You need to attach Disk1 to VM2.The solution must minimize downtime for both virtual machines. Which four actions should you perform in sequence?To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:

NO.330 **

You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs a financial reporting app named App1 that does not support multiple active instances. At the end of each month, CPU usage for VM1 peaks when App1 runs.You need to create a scheduled runbook to increase the processor performance of VM1 at the end of each month.What task should you include in the runbook?

A. Add the Azure Performance Diagnostics agent to VM1.B. Modify the VM size property of VM1. C. Add VM1 to a scale set.D. Increase the vCPU quota for the subscription.E. Add a Desired State Configuration (DSC) extension to VM1.

NO.331 **

You have an Azure virtual machine named VM1 that connects to a virtual network named VNet1. VM1 has the following configurations:✑ Subnet: 10.0.0.0/24✑ Availability set: AVSet✑ Network security group (NSG): None✑ Private IP address: 10.0.0.4 (dynamic)✑ Public IP address: 40.90.219.6 (dynamic)You deploy a standard, Internet-facing load balancer named slb1. You need to configure slb1 to allow connectivity to VM1. Which changes should you apply to VM1 as you configure slb1?To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

NO.332 **

Your network contains an Active Directory domain that is synced to Azure Active Directory (Azure AD) as shown in the following exhibit.

You have a user account configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:

NO.333 **

You have a hybrid infrastructure that contains an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The tenant contains the users shown in the following table.

You plan to share a cloud resource to the All Users group. You need to ensure that User1, User2, User3, and User4 can connect successfully to the cloud resource.What should you do first?

(A). Create a user account of the member type for User4.

(B). Create a user account of the member type for User3.

(C). Modify the Directory-wide Groups settings.

(D). Modify the External collaboration settings.

NO.335 **

You are developing an Azure web app named WebApp1.WebApp1 uses an Azure App Service plan named Plan1 that uses the B1 pricing tier. You need to configure WebApp1 to add additional instances of the app when CPU usage exceeds 70 percent for 10 minutes. Which three actions should you perform in sequence?

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:

NO.336 **

You create an Azure Migrate project named TestMig in a resource group named test-migration. You need to discover which on-premises virtual machines to assess for migration. Which three actions should you perform in sequence? To answer, select the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:

NO.338 **

You plan to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template. You need to complete the template. What should you include in the template?To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:

NO.339 **

You have an Azure subscription that contains the storage accounts shown in the following table.

You plan to use AzCopy to copy a blob from container1 directly to share1. You need to identify which authentication method to use when you use AzCopy. What should you identify for each account?

To answer, drag the appropriate authentication methods to the correct accounts. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point.Select and Place:

NO.341 **

You have an Azure subscription that contains the resources shown in the following table.

VM1 connects to VNET1. You need to connect VM1 to VNET2. Solution: You delete VM1. You recreate VM1, and then you create a new network interface for VM1. Does this meet the goal?

A. Yes

B. No

NO.342 **

You have an Azure subscription. You enable multi-factor authentication for all users. Some users report that the email applications on their mobile device cannot connect to their Microsoft Exchange Online mailbox. The users can access Exchange Online by using a web browser and from Microsoft Outlook 2016 on their computer. You need to ensure that the users can use the email applications on their mobile device. What should you instruct the users to do?

A. Enable self-service password reset.

B. Create an app password.

C. Reset the Azure Active Directory (Azure AD) password.

D. Reinstall the Microsoft Authenticator app.

NO.344 **

You have an Azure subscription that contains a web app named webapp1. You need to add a custom domain named www.contoso.com to webapp1. What should you do first?

A. Create a DNS record

B. Add a connection string

C. Upload a certificate.

D. Stop webapp1.

NO.345 **

You have an Azure subscription. You need to transfer 34TB of data from an on-premise Windows 2016 server to your Azure storage account. You need to ensure that the data transfer has zero impact on the network, preserves your existing drives and is the fastest and most secure method.What should be your first step?

(A). Start an Import Job via the Azure Portal

(B). Order an Azure Databox via the Azure Portal

(C). Open a ticket with Microsoft Support

(D). Prepare your hard drives using the WAImportExport tool

NO.347 **

DRAG DROP -You have an Azure Linux virtual machine that is protected by Azure Backup.One week ago, two files were deleted from the virtual machine. You need to restore the deleted files to an on-premises computer as quickly as possible. Which four actions should you perform in sequence?

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:

NO.348 **

You have 100 Azure subscriptions. All the subscriptions are associated to the same Azure Active Directory (Azure AD) tenant named contoso.com. You are a global administrator. You plan to create a report that lists all the resources across all the subscriptions. You need to ensure that you can view all the resources in all the subscriptions. What should you do?

A. From the Azure portal, modify the profile settings of your account.

B. From Windows PowerShell, run the Add-AzureADAdministrativeUnitMember cmdlet.

C. From Windows PowerShell, run the New-AzureADUserAppRoleAssignment cmdlet.

D. From the Azure portal, modify the properties of the Azure AD tenant.

NO.353 *

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory domain. The domain contains the users shown in the following table.

You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:✑ Number of methods required to reset: 2✑ Methods available to users: Mobile phone, Security questions✑ Number of questions required to register: 3✑ Number of questions required to reset: 3You select the following security questions:✑ What is your favorite food?✑ In what city was your first job?✑ What was the name of your first pet?For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:

NO.358 *

You have an Azure subscription. You activate Enterprise Mobility + Security E5 licenses for all users. You need the users to request approval before they can create virtual machines. What should you configure first?

(A). Azure Active Directory (Azure AD) conditional access policies

(B). Azure Active Directory (Azure AD) Authentication methods

(C). Azure Active Directory (Azure AD) Privileged Identity Management for the Azure resource roles

(D). Azure Active Directory (Azure AD) Privileged Identity Management for the Azure AD directory roles

NO.361 *

You have an Azure subscription. The subscription includes a virtual network named VNet1. Currently, VNet1 does not contain any subnets. You plan to create subnets on VNet1 and to use application security groups to restrict the traffic between the subnets. You need to create the application security groups and to assign them to the subnets. Which four cmdlets should you run in sequence?To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.Select and Place:

NO.362 *

You have an on-premises network that contains a Hyper-V host named Host1. Host1 runs Windows Server 2016 and hosts 10 virtual machines that run WindowsServer 2016.You plan to replicate the virtual machines to Azure by using Azure Site Recovery. You create a Recovery Services vault named ASR1 and a Hyper-V site named Site1. You need to add Host1 to ASR1.What should you do?

(A). Download the installation file for the Azure Site Recovery Provider.Download the vault registration key.Install the Azure Site Recovery Provider on Host1 and register the server.(B). Download the installation file for the Azure Site Recovery Provider.Download the storage account key.Install the Azure Site Recovery Provider on Host1 and register the server.(C). Download the installation file for the Azure Site Recovery Provider.Download the vault registration key.Install the Azure Site Recovery Provider on each virtual machine and register the virtual machines.(D). Download the installation file for the Azure Site Recovery Provider.Download the storage account key.Install the Azure Site Recovery Provider on each virtual machine and register the virtual machines.

NO.363 **

You plan to migrate an on-premises Hyper-V environment to Azure by using Azure Site Recovery. The Hyper-V environment is managed by using MicrosoftSystem Center Virtual Machine Manager (VMM). The Hyper-V environment contains the virtual machines in the following table:

Which virtual machine can be migrated by using Azure Site Recovery?

A. FS1

B. CA1

C. DC1

D. SQL1

NO.364 *

You have an Azure web app named WebApp1. You need to provide developers with a copy of WebApp1 that they can modify without affecting the production WebApp1. When the developers finish testing their changes, you must be able to switch the current line version of WebApp1 to the new version.Which command should you run prepare the environment?To answer, select the appropriate options in the answer area.Each correct selection is worth one point. NOTE: Hot Area:

NO.367 *

Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com. Adatum.com contains the user accounts in the following table.

Adatum.onmicrosoft.com contains the user accounts in the following table.

You need to implement Azure AD Connect. The solution must follow the principle of least privilege. Which user accounts should you use in Adatum.com and Adatum.onmicrosoft.com to implement Azure AD Connect?

To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:

NO.368 **

You have an Azure subscription that contains the virtual machines shown in the following table:

VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections. Subnet1 and Subnet2 are in a virtual network named VNET1. The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules. NSG2 uses the default rules and the following custom incoming rule:✑ Priority: 100✑ Name: Rule1✑ Port: 3389✑ Protocol: TCP✑ Source: Any✑ Destination: Any✑ Action: AllowNSG1 is associated to Subnet1. NSG2 is associated to the network interface of VM2. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:

NO.373 **

You have an Azure subscription that contains the resources shown in the following table:

You assign a policy to RG6 as shown in the following table:

To RG6, you apply the tag: RGroup: RG6. You deploy a virtual network named VNET2 to RG6. Which tags apply to VNET1 and VNET2?To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:

NO.374 **

You have an Azure subscription that contains a virtual network named VNet1. VNet 1 has two subnets named Subnet1 and Subnet2. VNet1 is in the West Europe Azure region. The subscription contains the virtual machines in the following table.

You need to deploy an application gateway named AppGW1 to VNet1. What should you do first?

A. Add a service endpoint.

B. Add a virtual network.

C. Move VM3 to Subnet1.

D. Stop VM1 and VM2.

NO.376 **

You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File storage. You need to use AzCopy to copy data to the blob storage and file storage in storage1. Which authentication method should you use for each type of storage?To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

NO.377 **

You have an Azure subscription that contains a virtual machine scale set. The scale set contains four instances that have the following configurations:✑ Operating system: Windows Server 2016✑ Size: Standard_D1_v2You run the get-azvmss cmdlet as shown in the following exhibit:

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.Hot Area:

NO.378 *

You have an Azure App Services web app named App1. You plan to deploy App1 by using Web Deploy. You need to ensure that the developers of App1 can use their Azure AD credentials to deploy content to App1. The solution must use the principle of least privilege. What should you do?

A. Assign the Owner role to the developers

B. Configure app-level credentials for FTPS

C. Assign the Website Contributor role to the developers

D. Configure user-level credentials for FTPS

NO.379 *

You plan to back up an Azure virtual machine named VM1. You discover that the Backup Pre-Check status displays a status of Warning. What is a possible cause of the Warning status?

A. VM1 is stopped.

B. VM1 does not have the latest version of WaAppAgent.exe installed.

C. VM1 has an unmanaged disk.

D. A Recovery Services vault is unavailable.

NO.380 **

You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.

VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and VNet2. An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1. You need to move the custom application to VNet2. The solution must minimize administrative effort.Which two actions should you perform?To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:

NO.385 **

Your on-premises network contains a VPN gateway. You have an Azure subscription that contains the resources shown in the following table.

You need to ensure that all the traffic from VM1 to storage1 travels across the Microsoft backbone network.What should you configure?

(A). service endpoints(B). Azure Active Directory (Azure AD) Application Proxy(C). a network security group (NSG)(D). Azure Virtual WAN

NO.386 **

Your network is configured as shown in the following exhibit.

The firewalls are configured as shown in the following table.

Prod1 contains a vCenter server. You install an Azure Migrate Collector on Test1. You need to discover the virtual machines. Which TCP port should be allowed on each firewall?To answer, drag the appropriate ports to the correct firewalls. Each port may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.Select and Place:

NO.389 **

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1. An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com. You need to ensure that access to AKS1 can be granted to the contoso.com users. What should you do first?

A. From contoso.com, modify the Organization relationships settings.

B. From contoso.com, create an OAuth 2.0 authorization endpoint.

C. Recreate AKS1.

D. From AKS1, create a namespace.

NO.391 **

You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VNet1 contains one subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool. You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data. What should you do?To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:

NO.392 **

You plan to deploy route-based Site-to-Site VPN connections between several on-premises locations and an Azure virtual network. Which tunneling protocol should you use?

A. IKEv1

B. PPTP

C. IKEv2

D. L2TP

NO.395 **

You have an Azure subscription that contains two virtual machines as shown in the following table.

You perform a reverse DNS lookup for 10.0.0.4 from VM2. Which FQDN will be returned?

A. vm1.core.windows.net

B. vm1.azure.com

C. vm1.westeurope.cloudapp.azure.com

D. vm1.internal.cloudapp.net

NO.398 **

You have a hybrid deployment of Azure Active Directory (Azure AD) that contains the users shown in the following table.

You need to modify the JobTitle and UsageLocation attributes for the users. For which users can you modify the attributes from Azure AD? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:

NO.399 **

Your network contains an on-premises Active Directory forest named contoso.com that contains two domains named contoso.com and east.contoso.com. The forest contains the users shown in the following table.

You plan to sync east.contoso.com to an Azure Active Directory (Azure AD) tenant by using Azure AD Connect. You need to select an account for Azure AD Connect to use to connect to the forest. Which account should you select

(A). User1

(B). User2

(C). User3

(D). User4

NO.402 **

You have an Azure subscription named Subscription1 that has a subscription ID of c276fc76-9cd4-44c9-99a7-4fd71546436e. You need to create a custom RBAC role named CR1 that meets the following requirements:

✑ Can be assigned only to the resource groups in Subscription1✑ Prevents the management of the access permissions for the resource groups✑ Allows the viewing, creating, modifying, and deleting of resources within the resource groups

What should you specify in the assignable scopes and the permission elements of the definition of CR1?

To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:

NO.404 **

You have an Azure subscription that contains the resource groups shown in the following table.

RG1 contains the resources shown in the following table.

RG2 contains the resources shown in the following table.

You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1.Which resources should you identify?

To answer, select the appropriate options in the answer area.Hot Area:

NO.409 **

You have an Azure subscription that contains an Azure Storage account named storageaccount1. You export storageaccount1 as an Azure Resource Manager template. The template contains the following sections.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one pointHot Area:

NO.417 **

Your VMware vSphere on-premises infrastructure hosts 600 virtual machines (VMs). Your company is planning to move all of these VMs to Azure. You are asked to provide information about the resources that will be needed in Azure to host all of the VMs. All VMs hosted in your on-premise infrastructure are based on Windows Server 2012 R2 or newer and RedHat Enterprise Linux 7.0 or newer. You conduct the initial migration assessment and get a message that some virtual machines are conditionally ready for Azure. You need to find the cause of this message. What are two reasons why are you might get this message on some VMs? (Choose two) Each correct answer presents part of the solution.

A. The vCenter user does not have enough permissions on affected VMs.

B. The operating system is configured as Windows Server 2003 in vCenter Server.

C. The operating system is configured as Others in vCenter Server.

D. The VMs are configured with the BIOS boot type.

E. The VMs are configured with the UEFI boot type.

NO.418 *

You have an Azure subscription that contains the storage accounts shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Hot Area:

NO.419 *

You have an Azure virtual machine named VM1 that runs Windows Server 2016. You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour.Solution: You create an event subscription on VM1. You create an alert in Azure Monitor and specify VM1 as the source. Does this meet the goal?

A. Yes

B. No

NO.426 *

You have an Azure subscription that contains the resources in the following table.

Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1. You need to apply ASG1 to VM1. What should you do?

A. Associate NIC1 to ASG1

B. Modify the properties of ASG1

C. Modify the properties of NSG1

NO.428 *

You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.

RG1 has a web app named WebApp1. WebApp1 is located in West Europe. You move WebApp1 to RG2. What is the effect of the move?

A. The App Service plan for WebApp1 moves to North Europe. Policy2 applies to WebApp1.

B. The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.

C. The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1.

D. The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1.

NO.429 *

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure?

A. Idle Time-out (minutes) to 20

B. Floating IP (direct server return) to Disabled

C. Floating IP (direct server return) to Enabled

D. Session persistence to Client IP and protocol

NO.431 *

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription that contains the following resources:✑ A virtual network that has a subnet named Subnet1✑ Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1✑ A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connectionsNSG-Subnet1 has the default inbound security rules only.NSG-VM1 has the default inbound security rules and the following custom inbound security rule:✑ Priority: 100✑ Source: Any✑ Source port range: *✑ Destination: *✑ Destination port range: 3389✑ Protocol: UDP✑ Action: AllowVM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.You need to be able to establish Remote Desktop connections from the internet to VM1.Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol. Does this meet the goal?

A. Yes

B. No

NO.432 *

You have an Azure subscription.Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs. You have a line-of-business-app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016. You need to ensure that the connections to App1 are spread across all the virtual machines. What are two possible Azure services that you can use? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.

A. an internal load balancer

B. a public load balancer

C. an Azure Content Delivery Network (CDN)

D. Traffic Manager

E. an Azure Application Gateway

NO.435 *

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json. You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.Solution: From the Overview blade, you move the virtual machine to a different subscription.Does this meet the goal?

A. Yes

B. No

NO.436 *

You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.You install and configure a web server and a DNS server on VM1. VM1 has the effective network security rules shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented. NOTE: Each correct selection is worth one point.Hot Area:

NO.440 *

You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table.

Each virtual machine uses a static IP address. You need to create network security groups (NSGs) to meet following requirements:✑ Allow web requests from the internet to VM3, VM4, VM5, and VM6.✑ Allow all connections between VM1 and VM2.✑ Allow Remote Desktop connections to VM1.✑ Prevent all other network traffic to VNET1.What is the minimum number of NSGs you should create?

A. 1

B. 3

C. 4

D. 12

NO.443 *

You have the Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.The virtual machines host several applications that are accessible over port 443 to users on the Internet.Your on-premises network has a site-to-site VPN connection to VNet1.You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accessed by the Internet users.What should you do?

A. Modify the address space of the local network gateway

B. Create a deny rule in a network security group (NSG) that is linked to Subnet1

C. Remove the public IP addresses from the virtual machines

D. Modify the address space of Subnet1

NO.444 *

You plan to create the Azure web apps shown in the following table.

What is the minimum number of App Service plans you should create for the web apps?

A. 1

B. 2

C. 3

D. 4

NO.445 **

You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1. You need to ensure that you can configure a point-to-site connection from an on-premises computer to VNet1. Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. Add a service endpoint to VNet1

B. Reset GW1

C. Create a route-based virtual network gateway

D. Add a connection to GW1

E. Delete GW1

F. Add a public IP address space to VNet1

NO.452 **

You have a .NET Core application running in Azure App Services. You are expecting a huge influx of traffic to your application in the coming days. When your application experiences this spike in traffic, you want to detect any anomalies such as request errors or failed queries immediately. What service can you use to assure that you know about these types of errors related to your .NET application immediately?

A. Application Insights Search

B. Log analytics workspace

C. Client-side monitoring

D. Live Metrics Stream in Application Insights

NO.455 *

You have an Azure subscription named Subscription1. You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1. What should you use?

A. Azure HDInsight

B. Linux Diagnostic Extension (LAD) 3.0

C. the AzurePerformanceDiagnostics extension

D. Azure Analysis Services

NO.447 *

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.You need to ensure that NGINX is available on all the virtual machines after they are deployed.What should you use?

A. Deployment Center in Azure App Service

B. A Desired State Configuration (DSC) extension

C. the New-AzConfigurationAssignment cmdlet

D. a Microsoft Intune device configuration profile

NO.457 *

You have an Azure subscription that contains the Azure virtual machines shown in the following table.

You add inbound security rules to a network security group (NSG) named NSG1 as shown in the following table.

You run Azure Network Watcher as shown in the following exhibit.

You run Network Watcher again as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:

NO.459 **

You have an Azure subscription that contains two on-premises locations named site1 and site2. You need to connect site1 and site2 by using an Azure Virtual WAN. Which four actions should you perform in sequence?  To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:

NO.460 **

You need to configure Azure Backup to back up the file shares and virtual machines.

What is the minimum number of Recovery Services vaults and backup policies you should create? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:

NO.465 *

You have an Azure subscription. The subscription contains a virtual machine that runs Windows 10. You need to join the virtual machine to an Active Directory domain.How should you complete the Azure Resource Manager (ARM) template? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

NO.466 *

Your network contains an on-premises Active Directory domain named adatum.com.  The domain contains an organizational unit (OU) named OU1. OU1 contains the objects shown in the following table.

You sync OU1 to Azure Active Directory (Azure AD) by using Azure AD Connect. You need to identify which objects are synced to Azure AD. Which objects should you identify?

(A). User1 and Group1 only

(B). User1, Group1, and Group2 only

(C). User1, Group1, Group2, and Computer1

(D). Computer1 only

NO.470 **

You are configuring Azure Active Directory (Azure AD) authentication for an Azure Storage account named storage1. You need to ensure that the members of a group named Group1 can upload files by using the Azure portal. The solution must use the principle of least privilege. Which two roles should you configure for storage1? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. Storage Account Contributor

B. Storage Blob Data Contributor

C. Reader

D. Contributor

E. Storage Blob Data Reader

NO.473 **

You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1. You create a backup policy named Policy1 as shown in the exhibit. (Click the Exhibit tab.)

You configure the backup of VM1 to use Policy1 on Thursday, January 1 at 1:00 AM. You need to identify the number of available recovery points for VM1. How many recovery points are available on January 8 and January 15? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:

NO.474 *

You deploy an Azure Kubernetes Service (AKS) cluster named AKS1. You need to deploy a YAML file to AKS1.Solution: From Azure Cloud Shell, you run az aks. Does this meet the goal?

A. Yes

B. No

NO.477 **

You have an Azure subscription named Sub1 that contains the Azure resources shown in the following table.

You assign an Azure policy that has the following settings:✑ Scope: Sub1✑ Exclusions: Sub1/RG1/VNET1✑ Policy definition: Append a tag and its value to resources✑ Policy enforcement: Enabled✑ Tag name: Tag4✑ Tag value: value4You assign tags to the resources as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.Hot Area:

NO.479 **

You have an Azure web app named WebApp1 that runs in an Azure App Service plan named ASP1. ASP1 is based on the D1 pricing tier. You need to ensure that WebApp1 can be accessed only from computers on your on-premises network. The solution must minimize costs. What should you configure?

To answer, select the appropriate options in the answer area. Each correct selection is worth one point. NOTE:Hot Area:

NO.481 **

You have Azure Active Directory tenant named Contoso.com that includes following users:

Contoso.com includes following Windows 10 devices:

You create following security groups in Contoso.com:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area:

NO.482 *

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json. You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.Solution: From the Overview blade, you move the virtual machine to a different subscription. Does this meet the goal?

A. Yes

B. No

NO.484 **

You are creating an Azure load balancer. You need to add an IPv6 load balancing rule to the load balancer. How should you complete the Azure PowerShell script?

To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:

NO.485 *

You plan to use the Azure Import/Export service to copy files to a storage account. Which two files should you create before you prepare the drives for the import job?Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. a driveset CSV file

B. a JSON configuration file

C. a PowerShell PS1 file

D. an XML manifest file

E. a dataset CSV file

NO.486 *

You have an Azure subscription that has a Recovery Services vault named Vault1. The subscription contains the virtual machines shown in the following table:

You plan to schedule backups to occur every night at 23:00.Which virtual machines can you back up by using Azure Backup?

A. VM1 and VM3 only

B. VM1, VM2, VM3 and VM4

C. VM1 and VM2 only

D. VM1 only

NO.490 *

You have an Azure subscription that contains an Azure Storage account. You plan to create an Azure container instance named container1 that will use a Docker image named Image1. Image1 contains a Microsoft SQL Server instance that requires persistent storage. You need to configure a storage service for Container1. What should you use?

A. Azure Files

B. Azure Blob storage

C. Azure Queue storage

D. Azure Table storage

NO.491 **

You have an Azure subscription that contains a virtual network named VNet1. VNet1 uses an IP address space of 10.0.0.0/16 and contains the VPN Gateway and subnets in the following table:

Subnet1 contains a virtual appliance named VM1 that operates as a router. You create a routing table named RT1. You need to route all inbound traffic from the VPN gateway to VNet1 through VM1. How should you configure RT1?

To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:

NO.493 *

You have a sync group named Sync1 that has a cloud endpoint. The cloud endpoint includes a file named File1.txt. Your on-premises network contains servers that run Windows Server 2016. The servers are configured as shown in the following table.

You add Share1 as an endpoint for Sync1. One hour later, you add Share2 as an endpoint for Sync1.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Hot Area:

NO.494 **

You have an Azure subscription that contains the resources in the following table.

Store1 contains a file share named data. Data contains 5,000 files. You need to synchronize the files in the file share named data to an on-premises server named Server1. Which three actions should you perform?

Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. Create a container instance

B. Register Server1

C. Install the Azure File Sync agent on Server1

D. Download an automation script

E. Create a sync group