- (Exam Topic 5)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy an Azure Kubernetes Service (AKS) cluster named AKS1. You need to deploy a YAML file to AKS1.
Solution: From the Azure CLI, you run the kubectl client. Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: B
Installing Azure CLI doesn't mean that Azure Kubernates client is installed. So before running kubectl client command, you have install kubectl, the Kubernetes command-line client.
First need to run az aks install-cli to install Kubernetes CLI, which is kubectl Reference:
https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest

- (Exam Topic 6)
You have an Azure subscription.
You need to deploy a virtual machine by using an Azure Resource Manager (ARM) template.
How should you complete the template? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 3)
You are planning the move of App1 to Azure. You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1. What should you recommend?

1. A. Create an outgoing security rule for port 443 from the Interne
2. B. Associate the NSG to all the subnets.
3. C. Create an incoming security rule for port 443 from the Interne
4. D. Associate the NSG to all the subnets.
5. E. Create an incoming security rule for port 443 from the Interne
6. F. Associate the NSG to the subnet that contains the web servers.
7. G. Create an outgoing security rule for port 443 from the Interne
8. H. Associate the NSG to the subnet that contains the web servers.

Correct Answer: C
As App1 is public-facing we need an incoming security rule, related to the access of the web servers.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier.
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

- (Exam Topic 6)
Your company has a main office in London that contains 100 client computers. Three years ago, you migrated to Azure Active Directory (Azure AD).
The company’s security policy states that all personal devices and corporate-owned devices must be registered or joined to Azure AD.
A remote user named User1 is unable to join a personal device to Azure AD from a home network. You verify that other users can join their devices to Azure AD.
You need to ensure that User1 can join the device to Azure AD. What should you do?

1. A. From the Device settings blade, modify the Users may join devices to Azure AD setting.
2. B. From the Device settings blade, modify the Maximum number of devices per user setting.
3. C. Create a point-to-site VPN from the home network of User1 to Azure.
4. D. Assign the User administrator role to User1.

Correct Answer: B
The Maximum number of devices setting enables you to select the maximum number of devices that a user can have in Azure AD. If a user reaches this quota, they will not be able to add additional devices until one or more of the existing devices are removed.

- (Exam Topic 6)
You plan to move services from your on-premises network to Azure.
You identify several virtual machines that you believe can be hosted in Azure. The virtual machines are shown in the following table.

Which two virtual machines can you access by using Azure migrate? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

1. A. Sea-CA0l
2. B. Hou-NW01
3. C. NYC-FS01
4. D. Sea-DC01
5. E. BOS-DB01

Correct Answer: CE
Azure Migrate provides a centralized hub to assess and migrate to Azure on-premises servers, infrastructure, applications, and data. It provides the following:
Unified migration platform: A single portal to start, run, and track your migration to Azure.
Range of tools: A range of tools for assessment and migration. Azure Migrate tools include Server Assessment and Azure Migrate: Server Migration. Azure Migrate also integrates with other Azure services and tools, and with independent software vendor (ISV) offerings.
Assessment and migration: In the Azure Migrate hub, you can assess and migrate:
Servers: Assess on-premises servers and migrate them to Azure virtual machines or Azure VMware Solution (AVS) (Preview).
Databases: Assess on-premises databases and migrate them to Azure SQL Database or to SQL Managed Instance.
Web applications: Assess on-premises web applications and migrate them to Azure App Service by using the Azure App Service Migration Assistant.
Virtual desktops: Assess your on-premises virtual desktop infrastructure (VDI) and migrate it to Windows Virtual Desktop in Azure.
Data: Migrate large amounts of data to Azure quickly and cost-effectively using Azure Data Box products. Based on this information let's analyze each option:
NYC-FS01 : Its role "Server" fall under above categories. Hence it can be accessed by using Azure migrat BOS-DB01 : Its role "server" fall under above categories. Hence it can be accessed by using Azure migrate
Sea-CA01 : Its role "CA" does not fall under above categories. Hence it can not be accessed by using Azure migrate.
Hou-NW01 : Its role "DNS" does not fall under above categories. Hence it can not be accessed by using Azure migrate.
Sea-DC01 : Its role "DC" does not fall under above categories. Hence it can not be accessed by using Azure migrate.
Reference:
https://docs.microsoft.com/en-us/azure/migrate/migrate-services-overview