70-533 72 Q&S MCP Implementing Microsoft Azure Infrastructure Solutions by Lord Obsidian

Your company has a subscription to Azure.
You configure your contoso.com domain to use a private Certificate Authority. You deploy a web site named MyApp by using the Shared (Preview) web hosting plan.
You need to ensure that clients are able to access the MyApp website by using https.
What should you do?


A. Back up the Site and import into a new website.
B. Use the internal Certificate Authority and ensure that clients download the certificate chain.
C. Add custom domain SSL support to your current web hosting plan.
D. Change the web hosting plan to Standard.



Answer Clike
You administer a DirSync server configured with Azure Active Directory (Azure AD).
You need to provision a user in Azure AD without waiting for the default DirSync synchronization interval.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.


A. Restart the DirSync server.
B. Run the Start-OnlineCoexistenceSync PowerShell cmdlet.
C. Run the Enable-SyncShare PowerShell cmdlet.
D. Run the Azure AD Sync tool Configuration Wizard.
E. Replicate the Directory in Active Directory Sites and Services.



Answer Clike
You administer an Azure Active Directory (Azure AD) tenant where Box is configured for:
Application Access
Password Single Sign-on
An employee moves to an organizational unit that does not require access to Box through the Access Panel.
You need to remove only Box from the list of applications only for this user.
What should you do?


A. Delete the user from the Azure AD tenant.
B. Delete the Box Application definition from the Azure AD tenant.
C. From the Management Portal, remove the user’s assignment to the application.
D. Disable the user’s account in Windows AD.



Answer Clike
Your company is launching a public website that allows users to stream videos. You upload multiple video files to an Azure storage container.
You need to give anonymous users read access to all of the video files in the storage container. What should you do?


A. Edit each blob’s metadata and set the access policy to Public Blob.
B. Edit the container metadata and set the access policy to Public Container.
C. Move the files into a container sub-directory and set the directory access level to Public Blob.
D. Edit the container metadata and set the access policy to Public Blob.



Answer Clike
Your company has recently signed up for Azure.
You plan to register a Data Protection Manager (DPM) server with the Azure Backup service.
You need to recommend a method for registering the DPM server with the Azure Backup vault.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.


A. Import a self-signed certificate created using the makecert tool.
B. Import a self-signed certificate created using the createcert tool.
C. Import an X.509 v3 certificate with valid clientauthentication EKU.
D. Import an X.509 v3 certificate with valid serverauthentication EKU.



Answer Clike
You administer an Azure Storage account with a blob container. You enable Storage account logging for read, write and delete requests.
You need to reduce the costs associated with storing the logs.
What should you do?


A. Execute Delete Blob requests over https.
B. Create an export job for your container.
C. Set up a retention policy.
D. Execute Delete Blob requests over http.



Answer Clike
Your network environment includes remote employees.
You need to create a secure connection for the remote employees who require access to your Azure virtual network.
What should you do?


A. Deploy Windows Server 2012 RRAS.
B. Configure a point-to-site VPN.
C. Configure an ExpressRoute.
D. Configure a site-to-site VPN.



Answer Clike
You manage a cloud service that has a web role named fabWeb. You create a virtual network named fabVNet that has two subnets defined as Web and Apps.
You need to be able to deploy fabWeb into the Web subnet.
What should you do?


A. Modify the service definition (csdef) for the cloud service.
B. Run the Set-AzureSubnet PowerShell cmdlet.
C. Run the Set-AzureVNetConfig PowerShell cmdlet.
D. Modify the network configuration file.
E. Modify the service configuration (cscfg) for the fabWeb web role.



Answer Clike
Your company network includes two branch offices. Users at the company access internal virtual machines (VMs). You want to ensure secure communications between the branch offices and the internal VMs and network.
You need to create a site-to-site VPN connection.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.


A. a private IPv4 IP address and a compatible VPN device
B. a private IPv4 IP address and a RRAS running on Windows Server 2012
C. a public-facing IPv4 IP address and a compatible VPN device
D. a public-facing IPv4 IP address and a RRAS running on Windows Server 2012



Answer Clike
You manage a web application published to Azure Cloud Services.
Your service level agreement (SLA) requires that you are notified in the event of poor performance from customer locations in the US, Asia, and Europe.
You need to configure the Azure Management Portal to notify you when the SLA performance targets are not met.
What should you do?


A. Create an alert rule to monitor web endpoints.
B. Create a Notification Hub alert with response time metrics.
C. Add an endpoint monitor and alert rule to the Notification Hub.
D. Configure the performance counter on the cloud service.



Answer Clike
You manage a cloud service on two instances. The service name is Service1 and the role name is ServiceRole1. Service1 has performance issues during heavy traffic periods.
You need to increase the existing deployment of Service1 to three instances. Which Power Shell cmdlet should you use?


A. PS C:>Set-AzureService -ServiceName “Service1” -Label “ServiceRole1′ -Description “Instance count=3”
B. PS C:>Set-AzureRole -ServiceName “Service1” -Slot “Production” -RoleName “ServiceRole1” -Count 3
C. PS C:>Add-AzureWebRole -Name ‘ServiceRole1″ -Instances 3
D. PS C:> $instancecount = New-Object Hashtable$settings[‘INSTANCECOUNT=3] PS C:> Set-AzureWebsite -AppSettings $instancecount ServiceRole1



Answer Clike
You administer a cloud service.
You plan to host two web applications named contosoweb and contosowebsupport.
You need to ensure that you can host both applications and qualify for the Azure Service Level Agreement. You want to achieve this goal while minimizing costs.
How should you host both applications?


A. in different web roles with two instances in each web role
B. in the same web role with two instances
C. in different web roles with one instance in each web role
D. in the same web role with one instance



Answer Clike
You manage a cloud service that utilizes an Azure Service Bus queue.
You need to ensure that messages that are never consumed are retained.
What should you do?


A. Check the MOVE TO THE DEAD-LETTER SUBQUEUE option for Expired Messages in the Azure Portal.
B. From the Azure Management Portal, create a new queue and name it Dead-Letter.
C. Execute the Set-AzureServiceBus PowerShell cmdlet.
D. Execute the New-AzureSchedulerStorageQueueJob PowerShell cmdlet.



Answer Clike
You manage an Azure subscription with virtual machines (VMs) that are running in Standard mode.
You need to reduce the storage costs associated with the VMs.
What should you do?


A. Locate and remove orphaned disks.
B. Add the VMs to an affinity group.
C. Change VMs to the Basic tier.
D. Delete the VHD container.



Answer Clike
You develop a set of Power Shell scripts that will run when you deploy new virtual machines (VMs).
You need to ensure that the scripts are executed on new VMs. You want to achieve this goal by using the least amount of administrative effort.
What should you do?


A. Create a new GPO to execute the scripts as a logon script.
B. Create a SetupComplete.cmd batch file to call the scripts after the VM starts.
C. Create a new virtual hard disk (VHD) that contains the scripts.
D. Load the scripts to a common file share accessible by the VMs.
E. Set the VMs to execute a custom script extension.



Answer Clike
You administer an Azure Storage account named contoso storage. The account has queue containers with logging enabled.
You need to view all log files generated during the month of July 2014.
Which URL should you use to access the list?


A. http://contosostorage.queue.core.windows.net/$logs? restype=container&comp=list&prefix=queue/2014/07
B. http://contosostorage.queue.core.windows.net/$files? restype=container&comp=list&prefix=queue/2014/07
C. http://contosostorage.blob.core.windows.net/$files? restype=container&comp=list&prefix=blob/2014/07
D. http://contosostorage.blob.core.windows.net/$logs? restype=container&comp=list&prefix=blob/2014/07



Answer Clike
You manage an application running on Azure Web Sites Standard tier. The application uses a substantial amount of large image files and is used by people around the world.
Users from Europe report that the load time of the site is slow. You need to implement a solution by using Azure services.
What should you do?


A. Configure Azure blob storage with a custom domain.
B. Configure Azure CDN to cache all responses from the application web endpoint.
C. Configure Azure Web Site auto-scaling to increase instances at high load.
D. Configure Azure CDN to cache site images and content stored in Azure blob storage.



Answer Clike
You manage two datacenters in different geographic regions and one branch office. You plan to implement a geo-redundant backup solution.
You need to ensure that each datacenter is a cold site for the other.
You create a recovery vault.
What should you do next?


A. Install the provider.
B. Upload a certificate to the vault.
C. Generate a vault key.
D. Set all virtual machines to DHCP.
E. Prepare System Center Virtual Machine Manager (SCVMM) servers.
F. Create mappings between the virtual machine (VM) networks.



Answer Clike
You manage a collection of large video files that is stored in an Azure Storage account. A user wants access to one of your video files within the next seven days.
You need to allow the user access only to the video file, and then revoke access once the user no longer needs it.
What should you do?


A. Give the user the secondary key for the storage account.
Once the user is done with the file, regenerate the secondary key.
B. Create an Ad-Hoc Shared Access Signature for the Blob resource. Set the Shared Access Signature to expire in seven days.
C. Create an access policy on the container.
Give the external user a Shared Access Signature for the blob by using the policy. Once the user is done with the file, delete the policy.
D. Create an access policy on the blob.
Give the external user access by using the policy.
Once the user is done with the file, delete the policy.



Answer Clike
You are migrating a local virtual machine (VM) to an Azure VM. You upload the virtual hard disk (VHD) file to Azure Blob storage as a Block Blob.
You need to change the Block blob to a page blob.
What should you do?


A. Delete the Block Blob and re-upload the VHD as a page blob.
B. Update the type of the blob programmatically by using the Azure Storage .NET SDK.
C. Update the metadata of the current blob and set the Blob-Type key to Page.
D. Create a new empty page blob and use the Azure Blob Copy Power Shell cmdlet to copy the current data to the new blob.



Answer Clike
Your company network includes users in multiple directories.
You plan to publish a software-as-a-service application named SaasApp1 to Azure Active Directory.
You need to ensure that all users can access SaasApp1.
What should you do?


A. Configure the Federation Metadata URL
B. Register the application as a web application.
C. Configure the application as a multi-tenant.
D. Register the application as a native client application.



Answer Clike
You administer an Access Control Service namespace named contosoACS that is used by a web application. ContosoACS currently utilizes Microsoft and Yahoo accounts.
Several users in your organization have Google accounts and would like to access the web application through ContosoACS.
You need to allow users to access the application by using their Google accounts.
What should you do?


A. Register the application directly with Google.
B. Edit the existing Microsoft Account identity provider and update the realm to include Google.
C. Add a new Google identity provider.
D. Add a new WS-Federation identity provider and configure the WS-Federation metadata to point to the Google sign-in URL.



Answer Clike
Your company plans to migrate from On-Premises Exchange to Office 365.
The existing directory has numerous service accounts in your On-Premises Windows Active Directory (AD), stored in separate AD Organizational Units (OU) for user accounts.
You need to prevent the service accounts in Windows AD from syncing with Azure AD.
What should you do?


A. Create an OU filter in the Azure AD Module for Windows PowerShell.
B. Configure directory partitions in miisclient.exe.
C. Set Active Directory ACLs to deny the DirSync Windows AD service account MSOL_AD_SYNC access to the service account OUs.
D. Create an OU filter in the Azure Management Portal.



Answer Clike
You manage an Azure Web Site named contosoweb. Logging is enabled for contosoweb.
You need to view only errors from your log files in a continuous stream as they occur.
Which Windows Power Shell command should you execute?


A. Get-AzureWebSiteLog -Name contosoweb -OutBuffer Error
B. Save-AzureWebSiteLog -Name contosoweb -Output Errors
C. Get-AzureWebSiteLog -Name contosoweb -Tail Message Error
D. Get-Azure WebSiteLog -Name contosoweb -Message Error



Answer Clike
You administer an Azure Web Site named contoso. You create a job named Cleanlogs.cmd that will be executed manually, twice a week.
You need to deploy the job.
To which folder location should you deploy CleanLogs.cmd?


A. ./App_Code/jobs/triggered/cleanLogs/CleanLogs.cmd
B. ./App_Data/jobs/triggered/clean Logs/CleanLogs.cmd
C. ./App_Code/jobs/continuous/cleanLogs/CleanLogs.cmd
D. ./App_Data/jobs/continuous/cleanLogs/CleanLogs.cmd



Answer Clike
Your company network includes an On-Premises Windows Active Directory (AD) that has a DNS domain named contoso.local and an email domain named contoso.com. You plan to migrate from On-Premises Exchange to Office 365.
You configure DirSync and set all Azure Active Directory {Azure AD) usernames as %username [email protected]
You need to ensure that each user is able to log on by using the email domain as the username.
Which two actions should you perform? Each correct answer presents part of the solution.


A. Verify the email domain in Azure AD domains.
B. Run the Set-MsolUserPrincipalName -UserPrincipalName %username [email protected] -NewUserPrincipalName %usemame [email protected] Power Shell cmdlet.
C. Edit the ProxyAddress attribute on the On-Premises Windows AD user account.
D. Verify the Windows AD DNS domain in Azure AD domains.
E. Update the On-Premises Windows AD user account UPN to match the email address.



Answer Clike
You manage an Azure Web Site that is running in Shared mode.
You discover that the website is experiencing increased average response time during periods of heavy user activity.
You need to update the website configuration to address the performance issues as they occur.
What should you do?


A. Set the website to Standard mode and configure automatic scaling based on CPU utilization.
B. Configure automatic seating during specific dates.
C. Modify the website instance size.
D. Configure automatic scaling based on memory utilization.
E. Set the website to Basic mode and configure automatic scaling based on CPU utilization.



Answer Clike
You administer an Azure Web Site named contoso. The development team has implemented changes to the website that need to be validated.
You need to validate and deploy the changes with minimum downtime to users.
What should you do first?


A. Create a new Linked Resource.
B. Configure Remote Debugging on contoso.
C. Create a new website named contosoStaging.
D. Create a deployment slot named contosoStaging.
E. Back up the contoso website to a deployment slot.



Answer Clike
You administer an Azure virtual network named fabrikamVNet.
You need to deploy a virtual machine (VM) and ensure that it is a member of the fabrikamVNet virtual network.
What should you do?


A. Run the New-AzureVM Power Shell cmdlet.
B. Run the New-AzureQuickVM Power Shell cmdlet.
C. Run the New-AzureAfhnityGroup Power Shell cmdlet.
D. Update fabrikamVNet’s existing Availability Set.



Answer Clike
You manage a cloud service named fabrikamReports that is deployed in an Azure data center. You deploy a virtual machine (VM) named fabrikamSQL into a virtual network named fabrikamVNet.
FabrikamReports must communicate with fabrikamSQL.
You need to add fabrikam Reports to fabrikamVNet.
Which file should you modify?


A. the network configuration file for fabrikamVNet
B. the service definition file (.csdef) for fabrikamReports
C. the service definition file (.csdef) for fabrikamSQL
D. the service configuration file (.cscfg) for fabrikamReports
E. the service configuration file (.cscfg) fabrikamSQL



Answer Clike
You administer an Azure solution that uses a virtual network named fabVNet. FabVNet has a single subnet named Subnet-1.
You discover a high volume of network traffic among four virtual machines (VMs) that are part of Subnet-1.
You need to isolate the network traffic among the four VMs.
You want to achieve this goal with the least amount of downtime and impact on users.
What should you do?


A. Create a new subnet in the existing virtual network and move the four VMs to the new subnet.
B. Create a site-to-site virtual network and move the four VMs to your datacenter.
C. Create a new virtual network and move the VMs to the new network.
D. Create an availability set and associate the four VMs with that availability set.



Answer Clike
You manage a cloud service that utilizes data encryption.
You need to ensure that the certificate used to encrypt data can be accessed by the cloud service application.
What should you do?


A. Upload the certificate referenced in the application package.
B. Deploy the certificate as part of the application package.
C. Upload the certificate’s public key referenced in the application package.
D. Use RDP to install the certificate.



Answer Clike
You administer a Windows Server virtual machine (VM). You upload the VM to Azure.
You need to ensure that you are able to deploy the BGInfo and VMAccess extensions.
What should you do?


A. Select the Install the VM Agent checkbox while provisioning a VM based on your uploaded VHD.
B. Select the Enable the VM Extensions checkbox while provisioning a VM based on your uploaded VHD.
C. Install the VM Agent MSI and execute the following Power Shell commands:
$vm = Get-AzureVM -serviceName $svc -Name $name
$vm.VM.ProvisionGuestAgent = $true
Update-AzureVM -Name Sname -VM $vm.VM -ServiceName $svc
D. Install the VM Agent MSI and execute the following Power Shell commands:
$vm = Get-AzureVM -serviceName $svc -Name $name Set-AzureVMBGInfoExtension -VM $vm.VM
Set-AzureVM Access Extension -VM $vm.VM
Update-AzureVM -Name Sname -VM $vm.VM -ServiceName $svc



Answer Clike
You manage a cloud service that has a web application named WebRole1. WebRole1 writes error messages to the Windows Event Log.
Users report receiving an error page with the following message: “Event 26 has occurred. Contact your system administrator.”
You need to access the WebRole1 event log.
Which three actions should you perform? Each correct answer presents part of the solution.


A. Enable verbose monitoring.
B. Update the WebRole1 web.config file.
C. Update the cloud service definition file and the service configuration file.
D. Run the Set-AzureVMDiagnosticsExtension PowerShell cmdlet.
E. Run the Enable-AzureWebsiteApplicationDiagnostic PowerShell cmdlet.
F. Create a storage account.



Answer Clike
Your network includes a legacy application named LegacyApp1. The application only runs in the Microsoft .NET 3.5 Framework on Windows Server 2008.
You plan to deploy to Azure Cloud Services.
You need to ensure that LegacyApp1 will run correctly in the new environment.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.


A. Upload a VHD with Windows Server 2008 installed.
B. Deploy LegacyApp1 to a cloud service instance configured with Guest OS Family 2.
C. Deploy LegacyApp1 to a cloud service instance configured with Guest OS Family 1.
D. Deploy LegacyApp1 to a cloud service instance configured with Guest OS Family 3.


Answer Clike
You migrate a Windows Server .NET web application to Azure Cloud Services.
You need enable trace logging for the application.
Which two actions should you perform? Each correct answer presents part of the solution.


A. Update the service definition file.
B. Update the Azure diagnostics configuration.
C. Update the service configuration file.
D. Enable verbose monitoring.
E. Update the application web.config file.


Answer Clike