- (Topic 5)
You have an Azure subscription that contains multiple virtual machines in the West US Azure region.
You need to use Traffic Analytics in Azure Network Watcher to monitor virtual machine traffic.
Which two resources should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Correct Answer:
BD
To use Traffic Analytics in Azure Network Watcher, you need to create a Log Analytics workspace and a storage account. A Log Analytics workspace is a cloud-based repository that collects and stores data from various sources, such as NSG flow logs. A storage account is a container that provides a unique namespace to store and access your data objects in Azure Storage. You need to enable NSG flow logs and configure them to send data to both the Log Analytics workspace and the storage account. Traffic Analytics analyzes the NSG flow logs and provides insights into traffic flow in your Azure cloud. References:
✑ Traffic analytics - Azure Network Watcher | Microsoft Learn
✑ Traffic analytics FAQ - Azure Network Watcher | Microsoft Learn
HOTSPOT - (Topic 5)
You have several Azure virtual machines on a virtual network named VNet1. You configure an Azure Storage account as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A
- (Topic 5)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Monitor, you create a metric on Network in and Network Out. Does this meet the goal?
Correct Answer:
B
HOTSPOT - (Topic 5)
You have an Azure subscription that contains the storage accounts shown in the following table.
You need to identify which storage accounts support lifecycle management, and which storage accounts support moving data to the Archive access tier. What should you identify for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.
Solution:
1) storage1, storage2, storage3
"Lifecycle management policies are supported for block blobs and append blobs in general- purpose v2, premium block blob, and Blob Storage accounts." https://learn.microsoft.com/en-us/azure/storage/blobs/lifecycle-management-overview
2) storage2
"The archive tier isn't supported for ZRS, GZRS, or RA-GZRS accounts." https://learn.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview#archive- access-tier
Does this meet the goal?
Correct Answer:
A
- (Topic 5)
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the virtual machines shown in the following table.
All The virtual machines have only private IP addresses.
You deploy an Azure Bastion host named Bastion1 to VNet1. To which virtual machines can you connect through Bastion1 ?
Correct Answer:
B
Azure Bastion is a service that provides secure and seamless RDP and SSH access to virtual machines directly from the Azure portal, without exposing them to the public internet1. To use Azure Bastion, you need to deploy it in the same virtual network as the virtual machines you want to connect to2.
According to the tables, you deployed an Azure Bastion host named Bastion1 to VNet1. Therefore, you can connect through Bastion1 to any virtual machine that is in VNet1 or a virtual network that is peered with VNet1. VM1 and VM3 are both in VNet1, so you can connect to them through Bastion1. VM2 is in VNet2, which is not peered with VNet1, so you cannot connect to it through Bastion1.