- (Exam Topic 6)
You have an Azure virtual machine named VM1 that connects to a virtual network named VNet1. VM1 has the following configurations:
Subnet: 10.0.0.0/24
Availability set: AVSet
Network security group (NSG): None
Private IP address: 10.0.0.4 (dynamic)
Public IP address: 40.90.219.6 (dynamic)
You deploy a standard, Internet-facing load balancer named slb1. You need to configure slb1 to allow connectivity to VM1.
Which changes should you apply to VM1 as you configure slb1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:
Box 1: Remove the public IP address from VM1
If the Public IP on VM1 is set to Dynamic, that means it is a Public IP with Basic SKU because Public IPs with Standard SKU have Static assignments by default, that cannot be changed. We cannot associate Basic SKUs IPs with Standard SKUs LBs. One cannot create a backend SLB pool if the VM to be associated has a Public IP. For Private IP it doesn't matter weather it is dynamic or static, still we can add the such VM into the SLB backend pool.
Box 2: Create and configure an NSG
Standard Load Balancer is built on the zero trust network security model at its core. Standard Load Balancer secure by default and is part of your virtual network. The virtual network is a private and isolated network. This means Standard Load Balancers and Standard Public IP addresses are closed to inbound flows unless opened by Network Security Groups. NSGs are used to explicitly permit allowed traffic. If you do not have an NSG on a subnet or NIC of your virtual machine resource, traffic is not allowed to reach this resource. To learn more about NSGs and how to apply them for your scenario, see Network Security Groups. Basic Load Balancer is open to the internet by default.
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-public-portal https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 6)
You have an Azure Kubernetes cluster in place.
You have to deploy an application using an Azure Container registry image. Which of the following command can be used for this requirement?

1. A. az kubernetes deploy
2. B. kubectl apply
3. C. New-AzKubernetes set
4. D. docker run

Correct Answer: B
kubectl apply : Correct Choice
The kubectl command can be used to deploy applications to a Kubernetes cluster. az kubernetes deploy : Incorrect Choice
This command is used to manage Azure Kubernetes Services. This is not used to deploy applications to a Kubernetes cluster.
New-AzKubernetes set : Incorrect Choice
This command is used to create a new managed Kubernetes cluster. This is not used to deploy applications to a Kubernetes cluster.
docker run : Incorrect Choice
This is run command in a new container. This is not used to deploy applications to a Kubernetes cluster. Reference:
https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest
https://docs.microsoft.com/en-us/powershell/module/az.aks/New-AzAks?view=azps-3.8.0&viewFallbackFrom= https://docs.docker.com/engine/reference/commandline/run/

- (Exam Topic 5)
You purchase a new Azure subscription named Subscription1.
You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.
You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days. What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:
Box 1: A Recovery Services vault
A Recovery Services vault is an entity that stores all the backups and recovery points you create over time. Box 2: A backup policy
What happens when I change my backup policy?
When a new policy is applied, schedule and retention of the new policy is followed. References:
https://docs.microsoft.com/en-us/azure/backup/backup-configure-vault https://docs.microsoft.com/en-us/azure/backup/backup-azure-backup-faq
A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases.
You can use backup policy to configure schedule.
https://docs.microsoft.com/en-us/azure/backup/backup-azure-recovery-services-vault-overviewhttps://docs.micr

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
Your network contains an on-premises Active Directory domain named adatum.com. The domain contains an organizational unit (OU) named OU1. OU1 contains the objects shown in the following table.

You sync OU1 to Azure Active Directory (Azure AD) by using Azure AD Connect. You need to identify which objects are synced to Azure AD.
Which objects should you identify?

1. A. User1 and Group1 only
2. B. User1, Group1, and Group2 only
3. C. User1, Group1, Group2, and Computer1
4. D. Computer1 only

Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization

- (Exam Topic 6)
You onboard 10 Azure virtual machines to Azure Automation State Configuration.
You need to use Azure Automation State Configuration to manage the ongoing consistency of the virtual machine configurations.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Solution:
Step 1: Upload a configuration to Azure Automation State Configuration. Import the configuration into the Automation account.
Step 2: Compile a configuration into a node configuration.
A DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.
Step 3: Assign the node configuration
Step 4: Check the compliance status of the node
Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that node.
On the blade for an individual report, you can see the following status information for the corresponding consistency check:
The report status — whether the node is "Compliant", the configuration "Failed", or the node is "Not
Compliant" Reference:
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A