HOTSPOT -
A company plans to implement an HTTP-based API to support a web app. The web app allows customers to check the status of their orders.
The API must meet the following requirements:
✑ Implement Azure Functions
✑ Provide public read-only operations
✑ Do not allow write operations
You need to recommend configuration options.
What should you recommend? To answer, configure the appropriate options in the dialog box in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

A partner manages on-premises and Azure environments. The partner deploys an on-premises solution that needs to use Azure services. The partner deploys a virtual appliance.
All network traffic that is directed to a specific subnet must flow through the virtual appliance.
You need to recommend solutions to manage network traffic.
Which two options should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Configure Azure Traffic Manager

B. Implement an Azure virtual network

C. Configure a routing table with forced tunneling

D. Implement Azure ExpressRoute

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are migrating an on-premises application to Azure. One component of the application is a legacy Windows native executable that performs image processing.
The image processing application must run every hour. During times that the image processing application is not running, it should not be consuming any Azure compute resources.
You need to ensure that the image processing application runs correctly every hour.
Solution: Create an Azure Function to run the image processing application every hour.
Does the solution meet the goal?

A. Yes

B. No

HOTSPOT -
You are building an application that will run in a virtual machine (VM). The application will use Managed Service Identity (MSI).
The application uses Azure Key Vault, Azure SQL Database, and Azure Cosmos DB.
You need to ensure the application can use secure credentials to access these services.
Which authorization methods should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have an Azure subscription.
Your on-premises network contains a file server named Server1. Server1 stores 5 TB of company files that are accessed rarely.
You plan to copy the files to Azure Storage.
You need to implement a storage solution for the files that meets the following requirements:
✑ The files must be available within 24 hours of being requested.
✑ Storage costs must be minimized.
Which two possible storage solutions achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Create a general-purpose v2 storage account that is set to the Cool access tier. Create a file share in the storage account and copy the files to the file share.

B. Create a general-purpose v2 storage account that is set to the Hot access tier. Create a blob container, copy the files to the blob container, and set each file to the Archive access tier.

C. Create a general-purpose v1 storage account. Create a file share in the storage account and copy the files to the file share.

D. Create an Azure Blob storage account that is set to the Cool access tier. Create a blob container, copy the files to the blob container, and set each file to the Archive access tier.

E. Create a general-purpose v1 storage account. Create a blob container and copy the files to the blob container.

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains a resource group named RG1.
You create an Azure Active Directory (Azure AD) group named ResearchUsers that contains the user accounts of all researchers.
You need to recommend a solution that meets the following requirements:
✑ The researchers must be allowed to create Azure virtual machines.
The researchers must only be able to create Azure virtual machines by using specific Azure Resource Manager templates.
 
Solution: Create a lab in Azure DevTest Lab. Configure the DevTest Labs settings. Assign the DevTest Labs User role to the ResearchUsers group.
Does this meet the goal?

A. Yes

B. No

HOTSPOT -
You are designing an access policy for the sales department at your company.
Occasionally, the developers at the company must stop, start, and restart Azure virtual machines. The development team changes often.
You need to recommend a solution to provide the developers with the required access to the virtual machines. The solution must meet the following requirements:
✑ Provide permissions only when needed.
✑ Use the principle of least privilege.
✑ Minimize costs.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You plan to move a web application named App1 from an on-premises data center to Azure.
App1 depends on a custom COM component that is installed on the host server.
You need to recommend a solution to host App1 in Azure. The solution must meet the following requirements:
✑ App1 must be available to users if an Azure data center becomes unavailable.
✑ Costs must be minimized.
What should you include in the recommendation?

A. In two Azure regions, deploy a Traffic Manager profile and a web app.

B. In two Azure regions, deploy a load balancer and a virtual machine scale set.

C. Deploy a load balancer and a virtual machine scale set across two availability zones.

D. In two Azure regions, deploy a load balancer and a web app.

You develop a new Azure Web App that uses multiple Azure blobs and static content. The Web App uses a large number of JavaScript files and cascading style sheets. Some of these files contain references to other files. Users are geographically dispersed.
You need to minimize the time to load individual pages.
What should you do?

A. Migrate the Web App to Azure Service Fabric

B. Use an Azure Content Delivery Network (CDN)

C. Implement an Azure Redis Cache

D. Create a services layer by using an Azure-hosted ASP.NET web API

E. Enable the Always On feature of the Web App

You are designing an Azure solution.
The network traffic for the solution must be securely distributed by providing the following features:
✑ HTTPS protocol
✑ Round robin routing
✑ SSL offloading
You need to recommend a load balancing option.
What should you recommend?

A. Azure Load Balancer

B. Azure Traffic Manager

C. Azure Internal Load Balancer (ILB)

D. Azure Application Gateway

HOTSPOT -
You have the network topology shown in the following exhibit.
 
You have a user-defined route that has a default route of 0.0.0.0/0 and the next hop set to the network virtual appliance.
You configure the Azure Storage account to use virtual network service endpoints.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployments in your subscription.
What should you include in the recommendation?

A. the Change Tracking management solution

B. Azure Activity Log

C. Azure Monitor action groups

D. Azure Advisor

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing an Azure solution for a company that wants to move a .NET Core web application from an on-premises data center to Azure. The web application relies on a Microsoft SQL Server 2016 database on Windows Server 2016. The database server will not move to Azure.
A separate networking team is responsible for configuring network permissions.
The company uses Azure ExpressRoute and has an ExpressRoute gateway connected to an Azure virtual network named VNET1.
You need to recommend a solution for deploying the web application.
Solution: Deploy the web application by using an Azure Kubernetes Service (AKS) container on VNET1.
Does this meet the goal?

A. Yes

B. No

You need to recommend a data storage solution that meets the following requirements:
✑ Ensures that application can access the data by using a REST connection
Hosts 20 independent tables of varying sizes and usage patterns
 
✑ Automatically replicates the data to a second Azure region
✑ Minimizes costs
What should you recommend?

A. an Azure SQL Database elastic database pool that uses active geo-replication

B. tables in an Azure Storage account that uses geo-redundant storage (GRS)

C. tables in an Azure Storage account that use read-access geo-redundant storage (RA-GR)

D. an Azure SQL database that uses active geo-replication

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM).
Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant.
The company is developing an application named Application1. Application1 will be hosted in Azure by using 10 virtual machines that run Windows Server 2016.
Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks.
You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption (BitLocker).
Solution: Export a security key from the on-premises HSM. Create one Azure AD service principal. Configure the virtual machines to use Azure Storage Service
Encryption.
Does this meet the goal?

A. Yes

B. No

HOTSPOT -
Your company has three branch offices and an Azure subscription. Each branch office contains a Hyper-V host that hosts application servers.
You need to recommend a storage solution for the branch offices. The solution must ensure that the application servers can connect to a central storage device by using iSCSI connections. Data saved to the iSCSI storage device from the application servers must be uploaded to Azure automatically.
Which components should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have an on-premises network and an Azure subscription. The on-premises network has several branch offices.
A branch office in Toronto contains a virtual machine named VM1 that is configured as a file server. Users access the shared files on VM1 from all the offices.
You need to recommend a solution to ensure that the users can access the shares files as quickly as possible if the Toronto branch office is inaccessible.
What should you include in the recommendation?

A. a Recovery Services vault and Azure Backup

B. an Azure file share and Azure File Sync

C. Azure blob containers and Azure File Sync

D. a Recovery Services vault and Windows Server Backup

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A company has custom ASP.NET and Java applications that run old versions of Windows and Linux. The company plans to place applications in containers.
You need to design a solution that includes networking, service discovery, and load balancing for the applications. The solution must support storage orchestration.
Solution: You create an Azure virtual network, public IP address, and load balancer. Then add virtual machines (VMs) to the solution and deploy individual containers on them.
Does the solution meet the goal?

A. Yes

B. No

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises Hyper-V clusters that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux.
You plan to migrate the virtual machines to an Azure subscription.
You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks.
Solution: You recommend implementing an Azure Storage account, and then running AzCopy.
Does this meet the goal?

A. Yes

B. No

HOTSPOT -
You need to design a solution for securing access to the historical transaction data.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A company has custom ASP.NET and Java applications that run old versions of Windows and Linux. The company plans to place applications in containers.
You need to design a solution that includes networking, service discovery, and load balancing for the applications. The solution must support storage orchestration.
Solution: You deploy each application to an Azure Container instance.
Does the solution meet the goal?

A. Yes

B. No

DRAG DROP -
You manage a solution in Azure.
The solution is performing poorly.
You need to recommend tools to determine causes for the performance issues.
What should you recommend? To answer, drag the appropriate monitoring solutions to the correct scenarios. Each monitoring solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
 

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.
Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.
You need to enable single sign-on (SSO) for company users.
Solution: Install and configure an Azure AD Connect server to use password hash synchronization and select the Enable single sign-on option.
Does the solution meet the goal?

A. Yes

B. No

Your company has the offices shown in the following table.
 
The network contains an Active Directory domain named contoso.com that is synced to Azure Active Directory (Azure AD).
All users connect to an application hosted in Microsoft 365.
You need to recommend a solution to ensure that all the users use Azure Multi-Factor Authentication (MFA) to connect to the application from one of the offices.
What should you include in the recommendation?

A. a named location and two Microsoft Cloud App Security policies

B. a conditional access policy and two virtual networks

C. a virtual network and two Microsoft Cloud App Security policies

D. a conditional access policy and two named locations

HOTSPOT -
Your company develops a web service that is deployed to an Azure virtual machine named VM1. The web service allows an API to access real-time data from
VM1.
The current virtual machine deployment is shown in the Deployment exhibit. (Click the Deployment tab).
 
The chief technology officer (CTO) sends you the following email message: "Our developers have deployed the web service to a virtual machine named VM1.
Testing has shown that the APIs is accessible from VM1 and VM2. Our partners must be able to connect to the API over the Internet. Partners will use this data in application that they develop".
You deploy an Azure API Management (APIM) service. The relevant API Management configuration is shown in the API exhibit. (Click the API tab).
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM).
Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant.
The company is developing an application named Application1. Application1 will be hosted in Azure by using 10 virtual machines that run Windows Server 2016.
Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks.
You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption (BitLocker).
Solution:
✑ Deploy one Azure key vault to each region
✑ Export two security keys from the on-premises HSM
✑ Import the security keys from the HSM into each Azure key vault
Create two Azure AD service principals
 
✑ Configure the virtual machines to use Azure Disk Encryption
✑ Specify a different service principal for the virtual machines in each region
Does this meet the goal?

A. Yes

B. No

DRAG DROP -
You plan to import data from your on-premises environment into Azure. The data is shown in the following table.
 
What should you recommend using to migrate the data? To answer, drag the appropriate tools to the correct data sources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
 

You have data files in Azure Blob storage.
You plan to transform the files and move them to Azure Data Lake Storage.
You need to transform the data by using mapping data flow.
Which Azure service should you use?

A. Azure Storage Sync

B. Azure Databricks

C. Azure Data Box Gateway

D. Azure Data Factory

A company named Contoso, Ltd. has an Azure Active Directory (Azure AD) tenant that is integrated with Microsoft Office 365 and an Azure subscription.
Contoso has an on-premises identity infrastructure. The infrastructure includes servers that run Active Directory Domain Services (AD DS), Active Directory
Federation Services (AD FS), Azure AD Connect, and Microsoft Identity Manager (MIM).
Contoso has a partnership with a company named Fabrikam, Inc. Fabrikam has an Active Directory forest and an Office 365 tenant. Fabrikam has the same on- premises identity infrastructure as Contoso.
A team of 10 developers from Fabrikam will work on an Azure solution that will be hosted in the Azure subscription of Contoso. The developers must be added to the Contributor role for a resource in the Contoso subscription.
You need to recommend a solution to ensure that Contoso can assign the role to the 10 Fabrikam developers. The solution must ensure that the Fabrikam developers use their existing credentials to access resources.
What should you recommend?

A. Configure a forest trust between the on-premises Active Directory forests of Contoso and Fabrikam.

B. Configure an organization relationship between the Office 365 tenants of Fabrikam and Contoso.

C. In the Azure AD tenant of Contoso, enable Azure Active Directory Domain Services (Azure AD DS). Create a one-way forest trust that uses selective authentication between the Active Directory forests of Contoso and Fabrikam.

D. In the Azure AD tenant of Contoso, create guest accounts for the Fabrikam developers.

Your network contains an Active Directory domain named contoso.com that is federated to an Azure Active Directory (Azure AD) tenant. The on-premises domain contains a VPN server named Server1 that runs Windows Server 2016.
You have a single on-premises location that uses an address space of 172.16.0.0/16.
You need to implement two-factor authentication for users who establish VPN connections to Server1.
What should you include in the implementation?

A. In Azure AD, create a conditional access policy and a trusted named location

B. Install and configure Azure MFA Server on-premises

C. Configure an Active Directory Federation Services (AD FS) server on-premises

D. In Azure AD, configure the authentication methods. From the multi-factor authentication (MFA) service settings, create a trusted IP range

You need to recommend a solution for the network configuration of the front-end tier of the payment processing.
What should you include in the recommendation?

A. Azure Application Gateway

B. Traffic Manager

C. a Standard Load Balancer

D. a Basic load Balancer

HOTSPOT -
Your company has two on-premises sites in New York and Los Angeles and Azure virtual networks in the East US Azure region and the West US Azure region.
Each on-premises site has Azure ExpressRoute circuits to both regions.
You need to recommend a solution that meets the following requirements:
✑ Outbound traffic to the Internet from workloads hosted on the virtual networks must be routed through the closest available on-premises site.
✑ If an on-premises site fails, traffic from the workloads on the virtual networks to the Internet must reroute automatically to the other site.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT -
Your company deploys several Linux and Windows virtual machines (VMs) to Azure. The VMs are deployed with the Microsoft Dependency Agent and the Log
Analytics Agent installed by using Azure VM extensions. On-premises connectivity has been enabled by using Azure ExpressRoute.
You need to design a solution to monitor the VMs.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named storage1.
You plan to archive data to storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create a file share, and you configure an access policy.
Does this meet the goal?

A. Yes

B. No

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are migrating an on-premises application to Azure. One component of the application is a legacy Windows native executable that performs image processing.
The image processing application must run every hour. During times that the image processing application is not running, it should not be consuming any Azure compute resources.
You need to ensure that the image processing application runs correctly every hour.
Solution: Create an Azure WebJob that runs the image processing application every hour.
Does the solution meet the goal?

A. Yes

B. No

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AZD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts.
You discover several login attempts to the Azure portal from countries where administrative users do NOT work.
You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA).
Solution: Implement Azure AD Privileged Identity Management.
Does this solution meet the goal?

A. Yes

B. No

Your company plans to migrate its on-premises data to Azure.
You need to recommend which Azure services can be used to store the data. The solution must meet the following requirements:
✑ Encrypt all data while at rest.
✑ Encrypt data only by using a key generated by the company.
Which two possible services can you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Azure Table storage

B. Azure Backup

C. Azure Blob storage

D. Azure Queue storage

E. Azure Files

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AZD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts.
You discover several login attempts to the Azure portal from countries where administrative users do NOT work.
You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA).
Solution: You implement an access package.
Does this solution meet the goal?

A. Yes

B. No

You are designing a microservices architecture that will support a web application.
The solution must meet the following requirements:
✑ Allow independent upgrades to each microservice
✑ Deploy the solution on-premises and to Azure
✑ Set policies for performing automatic repairs to the microservices
✑ Support low-latency and hyper-scale operations
You need to recommend a technology.
What should you recommend?

A. Azure Service Fabric

B. Azure Container Service

C. Azure Container Instance

D. Azure Virtual Machine Scale Set

You have an Azure subscription that contains an Azure Cosmos DB account.
You need to recommend a solution to generate an alert from Azure Log Analytics when a request charge for a query exceeds 50 request units more than 20 times within a 15-minute window.
What should you recommend?

A. Create a search query to identify when requestCharge_s exceeds 50. Configure an alert threshold of 20 and a period of 15.

B. Create a search query to identify when duration_s exceeds 20 and requestCharge_s exceeds 50. Configure a period of 15.

C. Create a search query to identify when requestCharge_s exceeds 20. Configure a period of 15 and a frequency of 20.

D. Create a search query to identify when duration_s exceeds 20. Configure a period of 15.

You are developing a sales application that will contain several Azure cloud services and will handle different components of a transactions. Different cloud services will process customer orders, billing, payment, inventory, and shipping.
You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using REST messages.
What would you include in the recommendation?

A. Traffic Manager

B. Azure Notification Hubs

C. Azure Blob storage

D. Azure Queue storage

You need to recommend a disaster recovery solution for the back-end tier of the payment processing system.
What should you include in the recommendation?

A. Always On Failover Cluster Instances

B. active geo-replication

C. Azure Site Recovery

D. an auto-failover group

HOTSPOT -
You have five .NET Core applications that run on 10 Azure virtual machines in the same subscription.
You need to recommend a solution to ensure that the applications can authenticate by using the same Azure Active Directory (Azure AD) identity. The solution must meet the following requirements:
✑ Ensure that the applications can authenticate only when running on the 10 virtual machines.
✑ Minimize administrative effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

DRAG DROP -
You plan to move several apps that handle critical line-of-business (LOB) services to Azure.
Appropriate personnel must be notified if any critical resources become degraded or unavailable.
You need to design a monitoring and notification strategy that can handle up to 100 notifications per hour.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place:
 

You are designing a solution that will host 20 different web applications.
You need to recommend a solution to secure the web applications with a firewall that protects against common web-based attacks including SQL injection, cross- site scripting attacks, and session hijacks. The solution must minimize costs.
Which three Azure features should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. VPN Gateway

B. URL-based content routing

C. Multi-site routing

D. Web Application Firewall (WAF)

E. Azure ExpressRoute

F. Azure Application Gateway

You manage on-premises networks and Azure virtual networks.
You need a secure private connection between the on-premises networks and the Azure virtual networks. The connection must offer a redundant pair of cross connections to provide high availability.
What should you recommend?

A. ExpressRoute

B. Azure Load Balancer

C. virtual network peering

D. VPN Gateway

You plan to create an Azure Cosmos DB account that uses the SQL API. The account will contain data added by a web application. The web application will send data daily.
You need to recommend a notification solution that meets the following requirements:
✑ Sends email notification when data is received from IoT devices.
✑ Minimizes compute cost.
What should you include in the recommendation?

A. Deploy an Azure logic app that has the Azure Cosmos DB connector configured to use a SendGrid action.

B. Deploy a function app that is configured to use the Consumption plan and a SendGrid binding.

C. Deploy an Azure logic app that has a SendGrid connector configured to use an Azure Cosmos DB action.

D. Deploy a function app that is configured to use the Consumption plan and an Azure Event Hubs binding.

You have Azure virtual machines that run a custom line-of-business web application.
You plan to use a third-party solution to parse event logs from the virtual machines stored in an Azure storage account.
You need to recommend a solution to save the event logs from the virtual machines to the Azure Storage account. The solution must minimize costs and complexity.
What should you include in the recommendation?

A. Azure VM Diagnostics Extension

B. Azure Monitor

C. event log subscriptions

D. Azure Log Analytics

You have an on-premises Active Directory forest and an Azure Active Directory (Azure AD) tenant. All Azure AD users are assigned a Premium P1 license.
You deploy Azure AD Connect.
Which two features are available in this environment that can reduce operational overhead for your company's help desk? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Azure AD Privileged Identity Management policies

B. access reviews

C. self-service password reset

D. Microsoft Cloud App Security Conditional Access App Control

E. password writeback

You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2012 R2 instances. The instances host databases that have the following characteristics:
✑ The largest database is currently 3 TB. None of the databases will ever exceed 4 TB.
✑ Stored procedures are implemented by using CLR.
You plan to move all the data from SQL Server to Azure.
You need to recommend an Azure service to host the databases. The solution must meet the following requirements:
✑ Whenever possible, minimize management overhead for the migrated databases.
✑ Minimize the number of database changes required to facilitate the migration.
Ensure that users can authenticate by using their Active Directory credentials.
 
What should you include in the recommendation?

A. Azure SQL Database single databases

B. Azure SQL Database Managed Instance

C. Azure SQL Database elastic pools

D. SQL Server 2016 on Azure virtual machines