- clex
- May 1, 2024
Welcome to the Cloud Technologies – D338 Pre-Assessments course! Here, you’ll find all the essential resources tailored to help you prepare for the WGU Cloud Technologies – D338 Pre-Assessment with confidence and ease. From comprehensive study materials to practice questions and answers, everything you need to excel in the objective assessment and smoothly navigate through your studies is readily available.
The Pre-Assessment of the Cloud Technologies WGU D338 module consists of total 60 MCQ questions. You will be given 120 minutes (2 hours) to answer all the questions and you are required to have more than 70% of the total allocated marks to pass the assessment.
Below we have provided you a complete rundown of the pre-assessment questions and answers with detailed information for each answer. Happy learning!
Question 01
A: Global administrator
B: Authentication administrator
C: Help desk administrator
D: License administrator
Correct answer:
A. Global administrator
Description:
Global administrators have the highest level of permissions in Azure Active Directory (Azure AD) and can perform all administrative actions, including creating users. Other roles like Authentication administrator, Help desk administrator, and License administrator have specific permissions but do not have the authority to create users in Azure AD. For instance, the Authentication administrator manages authentication methods, the Help desk administrator assists users with password resets, and the License administrator manages licenses for Azure services. However, none of these roles have the broad administrative capabilities of the Global administrator, making option A the correct choice.
Question 02
A. Azure AD Premium P1
B: Azure Blueprints
C: Azure management groups
D: Azure host groups
Correct answer:
A. Azure AD Premium P1
Description:
Implementing Azure administrative units requires Azure AD Premium P1 subscription. Azure AD Premium P1 offers advanced features for identity and access management, including administrative units that help organize and manage resources more effectively. Options B, C, and D are incorrect because Azure Blueprints are used for deploying and managing cloud environments, Azure management groups help manage access, policy, and compliance, and Azure host groups are used in Azure Automation for organizing resources, none of which are directly related to implementing Azure administrative units.
Question 03
A: Microsoft 365 applications are uninstalled.
B: BitLocker is disabled and the device is decrypted.
C: Resources are no longer accessible.
D: The device is recoverable with Azure Multi-Factor Authentication.
Correct answer:
C. Resources are no longer accessible.
Description: When a device is deleted from Azure Active Directory (AD), access to resources associated with that device is revoked. Option A is incorrect because uninstalling Microsoft 365 applications is not directly related to deleting a device from Azure AD. Option B is incorrect as deleting a device from Azure AD does not affect BitLocker encryption status. Option D is also incorrect as deleting a device does not involve Azure Multi-Factor Authentication for recovery purposes.
Question 04
A: Windows 8.1
B: Windows 10
C: Windows Server 2012 R2
D: Windows Server 2016
Correct answer:
B. Windows 10
Description:
Windows 10 supports Azure AD join, allowing devices to be registered with Azure Active Directory for centralized management and access control. Option A, Windows 8.1, does not fully support Azure AD join capabilities. Options C and D, Windows Server 2012 R2 and Windows Server 2016, are server operating systems primarily designed for different purposes and are not typically used for Azure AD join functionality in the same way as Windows 10.
Question 05
A: Security
B: Service support
C: Compliance
D: Global
Correct answer:
B. Service support
Description:
This role has the minimum permissions required for managing Azure health settings and requests for vendor assistance. Option A, Security, typically focuses on security-related tasks rather than service support. Option C, Compliance, deals with ensuring compliance with regulations and policies. Option D, Global, grants broad administrative privileges across the Azure environment, which may exceed the scope needed for managing health settings and vendor assistance requests.
Question 06
User | Role | Scope |
---|---|---|
User 1 | Reader and data access | Reader and data access Subscription |
User 2 | Reader and data access | Resource |
User 3 | Owner | Resource |
User 4 | Owner | Subscription |
Which user has the minimum privileges needed to manage and delete a storage account?
A: User1
B: User2
C: User3
D: User4
Correct answer:
C. User3
Description:
This user has the "Owner" role at the resource level, which grants them the necessary privileges to manage and delete a storage account. Option A, User1, has only "Reader and data access" at the subscription level, which does not provide sufficient permissions. Option B, User2, has "Reader and data access" at the resource level, which is also insufficient for managing and deleting resources. Option D, User4, has "Owner" role at the subscription level, which would allow managing the entire subscription but is not the minimum privilege needed for managing a storage account specifically.
Question 07
A: Reader role scoped to MGMT-Group
B: Contributor role scoped to MGMT-Group
C: Contributor role scoped to Prod-RG
D: Reader role scoped to Prod-RG
Correct answer:
D. Reader role scoped to Prod-RG
Description:
This configuration provides the user with the ability to view resources (Reader role), limits their access to only production Azure resources (scoped to Prod-RG), and ensures they have the least amount of privilege possible. Option A, Reader role scoped to MGMT-Group, would grant access to all resources within the management group, including development resources, which is more access than necessary. Option B, Contributor role scoped to MGMT-Group, grants more permissions than needed, allowing the user to make changes to all resources within the management group. Option C, Contributor role scoped to Prod-RG, gives the user more permissions than required by allowing them to modify production resources, which is beyond the stated requirement of only viewing resources.
Question 08
A: Subscription
B: Administrative unit
C: Resource group
D: Resource
Correct answer:
A. Subscription
Description:
Custom Azure role-based access control (RBAC) roles can be assigned to the largest scope of a subscription. This means that the custom role can be applied at the subscription level, granting permissions across all resources within that subscription. Options B, C, and D are all smaller scopes than a subscription, limiting the extent of the role's authority to specific administrative units, resource groups, or individual resources, respectively. Assigning a custom RBAC role at the subscription level allows for broader management and control over the Azure resources contained within that subscription.
Question 09
A: An Azure Policy definition with a required tag
B: An ARM template for virtual machine creation
C: An Azure Policy definition with a location restriction
D: An ARM template for resource group creation
Correct answer:
A. An Azure Policy definition with a required tag
Description:
Implementing an Azure Policy definition with a required tag ensures that all Azure resources created are identified with the appropriate cost center. This policy can enforce tagging rules, making it mandatory for users to assign specific tags (such as cost center) to resources during creation. Option B (ARM template for virtual machine creation) and Option D (ARM template for resource group creation) involve templates for resource deployment but do not directly enforce tagging requirements. Option C (Azure Policy definition with a location restriction) restricts resource deployment to specific locations but does not enforce tagging rules. Therefore, Option A is the most suitable for enforcing the tagging requirement.
Question 10
A: New-AzTag -Tag $tags
B: Update-AzTag -Operation Replace
C: Update-AzTag -Operation Merge
D: New-AzTag -Tag $update
Correct answer:
C. Update-AzTag -Operation Merge
Description:
This operation allows the manager to ensure that all resources are tagged according to the specified requirements. The Merge operation will ignore correct tags, update incorrect tags, and add nonexistent tags as needed, aligning the resource tags with the desired configuration. Options A and D involve creating new tags or updating tags without the specific requirements mentioned. Option B (Update-AzTag -Operation Replace) would replace all existing tags with the provided tags, which does not meet the requirement to ignore correct tags. Therefore, Option C is the most appropriate choice for the given scenario.
Question 11
A: Cost Management
B: Help and support
C: Analytics
D: Quotas
Correct answer:
A. Cost Management
Description:
Azure Cost Management is the service used to provide an overview of resource usage on a subscription. It allows users to monitor and analyze costs, optimize spending, and ensure that resources are being used efficiently. Option B (Help and support) is primarily used for accessing Azure support and assistance. Option C (Analytics) is a broad term and doesn't specifically refer to the service used for resource usage overview. Option D (Quotas) is related to setting limits on Azure resources and doesn't provide an overview of resource usage. Therefore, Option A is the correct choice for monitoring resource usage on an Azure subscription.
Question 12
A: Network security group
B: Management group
C: Resource group
D: Application security group
Correct answer:
C. Resource group
Description:
When the Azure Recovery Services vault is first created, it needs to be deployed to a resource group. A resource group is a logical container that holds related resources for an Azure solution. It allows for the organization and management of resources, including the Azure Recovery Services vault. Option A (Network security group) is used to manage network traffic to Azure resources. Option B (Management group) is a way to manage access, policies, and compliance for multiple subscriptions. Option D (Application security group) is used for grouping virtual machines to apply network security rules. Therefore, the correct choice is Option C, as the Azure Recovery Services vault needs to be deployed within a resource group.
Question 13
A: Every one hour
B: Every six hours
C: Daily
D: Weekly
Correct answer:
C. Daily
Description:
When virtual machines are configured using the Azure Backup policy, the maximum frequency for full backups is daily. This means that a full backup of the virtual machines will be taken once per day according to the backup policy configuration. Options A (Every one hour), B (Every six hours), and D (Weekly) exceed the maximum frequency specified by the Azure Backup policy, making them incorrect. Therefore, the correct choice is Option C, as it aligns with the maximum frequency allowed for full backups in Azure Backup policies.
Question 14
A: Download and run an executable
B: Download and run a script
C: Enable soft delete
D: Enable site recovery
Correct answer:
B. Download and run a script
Description:
When restoring an individual file from a backup created by Azure Backup to an Azure Virtual Machine (VM) running the Linux operating system, you need to download and run a script. This script will facilitate the restoration process by interacting with the Azure Backup service and retrieving the specified file from the backup. Options A (Download and run an executable), C (Enable soft delete), and D (Enable site recovery) are not directly related to restoring an individual file from an Azure Backup to a Linux VM, making them incorrect. Therefore, the correct choice is Option B, which outlines the necessary step for file restoration in this scenario.
Question 15
A: Restore a backup to a working server
B: Provision and start another server
C: Initiate and commit a failover
D: Wait until the original location is online
Correct answer:
C. Initiate and commit a failover
Description:
When the primary site experiences a power failure and site-to-site recovery is configured, the administrator should initiate and commit a failover. This action ensures continuity of operations by transitioning the workload to the secondary site, minimizing downtime. Option A (Restore a backup to a working server) may be time-consuming and less efficient compared to failover. Option B (Provision and start another server) may not address the immediate need for continued processing. Option D (Wait until the original location is online) would result in prolonged downtime, which is not desirable in this scenario. Therefore, option C is the most appropriate course of action for ensuring business continuity during a primary site failure.
Question 16
A: Storage firewall
B: Role-based access control
C: Blob storage access level set to private
D: Blob storage access level set to container
Correct answer:
A. Storage firewall
Description:
Implementing a storage firewall allows you to restrict access to a storage account, ensuring that only specified IP addresses or IP ranges, such as those used by internal devices, can access the storage account. Option B (Role-based access control) is more related to controlling access at a broader level within Azure, but it doesn't directly limit access to specific resources like a storage account. Options C and D (Blob storage access level set to private and Blob storage access level set to container) control the visibility of blobs within the storage account but do not restrict access to the entire storage account itself. Therefore, option A is the most appropriate choice for limiting storage account access to a blob shared with internal devices.
Question 17
A: Only lowercase characters
B: Only uppercase characters
C: Only lowercase characters and digits
D: Only uppercase characters and digits
Correct answer:
C. Only lowercase characters and digits
Description:
Storage account names can contain only lowercase letters and digits. Option A (Only lowercase characters) is incorrect because storage account names can include digits as well. Option B (Only uppercase characters) and Option D (Only uppercase characters and digits) are incorrect because uppercase characters are not allowed in storage account names. Therefore, the correct answer is option C.
Question 18
Correct answer:
C. Read
Description:
The shared access signature (SAS) token provided contains the permission sp=r, indicating read access. This means that the token allows users to only read or access resources but does not grant permissions to delete, create, or write. Option A, Delete, and option D, Write, are incorrect because the SAS token does not include permissions for these actions. Option B, Create, is also incorrect as the token specifically grants read access only. Therefore, the correct choice is option C, Read, as it aligns with the permissions specified in the SAS token.
Question 19
A: Soft delete
B: Object replication
C: Secure transfer
D: Public access
Correct answer:
A. Soft delete
Description:
Before enabling purge protection for Azure Blob storage, the soft delete feature must be active. Soft delete allows for the recovery of deleted data within a specified retention period, providing an added layer of protection against accidental deletion. Option B, Object replication, is unrelated to purge protection. Options C and D, Secure transfer and Public access, are also not prerequisites for enabling purge protection. Therefore, the correct choice is option A, Soft delete, as it aligns with the necessary prerequisite for enabling purge protection in Azure Blob storage.
Question 20
A: By attaching to a local emulator
B: By using a connection string
C: By using a shared access signature
D: By adding an Azure account
Correct answer:
C. By using a shared access signature
Description:
Storage Explorer can be connected to a storage account without using an account key by utilizing a shared access signature. This allows for temporary access to specific resources within the storage account, providing more secure and controlled access compared to using account keys. Options A and B are not relevant to connecting Storage Explorer without using an account key. Option D, adding an Azure account, is also not the correct method for connecting Storage Explorer to a storage account without using an account key. Therefore, the correct choice is option C, By using a shared access signature.
Question 21
A: Synchronous operations in a single thread
B: Synchronous operations in multiple threads
C: Asynchronous operations in a single thread
D: Asynchronous operations in multiple threads
Correct answer:
D. Asynchronous operations in multiple threads
Description:
AzCopy is a command-line utility used to copy data to and from Azure Blob, File, and Table storage, as well as Azure Data Lake Storage Gen2 and Azure Stack. It provides features for transferring large amounts of data efficiently, including support for asynchronous operations in multiple threads. This allows for faster data transfers by utilizing parallelism, making option D the correct choice. Options A, B, and C are incorrect because AzCopy primarily supports asynchronous operations and is designed to leverage multiple threads for improved performance.
Question 22
A: Page
B: Block
C: Append
D: Queue
Correct answer:
B. Block
Description:
Block Blob storage type is suitable for picture files because it allows for the storage of large binary objects, such as images, videos, and documents. Block blobs are optimized for streaming and storing files, making them ideal for scenarios where random read/write operations are common, as is often the case with picture files. Options A, C, and D are incorrect because they represent different types of Azure Blob storage that are not specifically designed for storing picture files.
Question 23
A: Storage account
B: Individual blob
C: Subscription
D: Container
Correct answer:
A. Storage account
Description:
When the access tier's inferred property is set to true, the access tier setting is applied at the storage account level. This means that the access tier for blobs within the storage account is automatically determined based on their usage patterns. Options B, C, and D are incorrect because the access tier setting is not applied at the individual blob, subscription, or container level when the inferred property is set to true.
Question 24
Blob Name | Access Tire |
---|---|
Blob 1 | Hot (inferred) |
Blob 2 | Hot |
Blob 3 | Cool |
Blob 4 | Archive |
Which Blob access tier will automatically change if an administrator changes the default access tier of storageacount1 to Cool?
A: Blob 1
B: Blob 2
C: Blob 3
D: Blob 4
Correct answer:
A. Blob 1
Description:
Blob 1's access tier is set as "Hot (inferred)," which means it inherits its access tier from the default access tier of the storage account. Since the default access tier of storageaccount1 is being changed to Cool, Blob 1's access tier will automatically change to Cool as well. Blobs 2, 3, and 4 have their access tiers explicitly defined and will not be affected by the change in the storage account's default access tier.
Question 25
A: YAML Ain’t Markup Language (YAML)
B: JavaScript Object Notation (JSON)
C: Comma-separated values (CSV)
D: Extensible Markup Language (XML)
Correct answer:
B. JavaScript Object Notation (JSON)
Description:
Azure Resource Manager (ARM) templates utilize JSON format for defining the infrastructure and configuration of Azure resources. JSON is a widely adopted and standardized format for representing structured data, making it ideal for describing the resources and their properties within an ARM template. YAML, CSV, and XML are not compatible formats for ARM templates and are not commonly used for this purpose. YAML is another structured data format, CSV is primarily used for tabular data, and XML is more commonly associated with document markup rather than infrastructure as code.
Question 26
A: Virtual hard disk (VHD)
B: Virtual hard disk v2 (VHDX)
C: Virtual disk image (VDI)
D: Virtual machine disk (VMDK)
Correct answer:
B. Virtual hard disk (VHD)
Description:
When creating a template for an Azure Virtual Machine hard disk file, VHDX format should be used. While VHD is a valid disk format, VHDX provides better performance, reliability, and features such as larger capacity support and improved protection against data corruption compared to VHD. VDI and VMDK are disk formats used by other virtualization platforms and are not compatible with Azure Virtual Machines. Therefore, option B is the correct choice for Azure VM hard disk templates.
Question 27
Correct answer:
A. offer
Description:
In an Azure Resource Manager template, the property "offer" identifies whether the deployment of an Azure Marketplace image will result in a virtual machine (VM) running Windows or Linux. This property specifies the type of operating system offered by the image. The other options, "apiVersion," "uri," and "version," are not related to determining the operating system of the deployed VM. Therefore, "offer" is the correct choice for this purpose.
Question 28
A: Export and redeploy from resource deployment history
B: Export and download from resource deployment history
C: Generate an automation script from the resource group
D: Generate a new deployment for the resource group
Correct answer:
B. Export and download from resource deployment history
Description:
To create a copy of the initial deployment template used for testing applications in Azure Resource Manager (ARM), the correct action is to "Export and download from resource deployment history." This allows the team to retrieve the original ARM template used for the initial deployment. Options A, C, and D do not specifically address the task of copying the original deployment template. Therefore, exporting and downloading from resource deployment history is the appropriate choice for obtaining a copy of the template.
Question 29
A: Memory-optimized
B: Compute-optimized
C: General purpose
D: High-performance compute
Correct answer:
B. Compute-optimized
Description:
For a CPU-intensive network appliance, the ideal choice of virtual machine (VM) type is "Compute-optimized." These VMs are designed to deliver high computational performance, making them suitable for workloads that require significant processing power, such as network appliances handling intensive CPU tasks. Memory-optimized VMs (Option A) prioritize memory capacity over CPU power, while general-purpose VMs (Option C) offer balanced resources for a variety of workloads. High-performance compute VMs (Option D) are geared towards specialized computing tasks but may not specifically cater to CPU-intensive network appliances like compute-optimized VMs do. Therefore, Option B is the most appropriate choice.
Question 30
A: The operating system is redeployed.
B: The VM is reimaged.
C: The VM is rebooted.
D: The availability set is redeployed.
Correct answer:
C. The VM is rebooted.
Description:
When a virtual machine (VM) is resized, the correct answer is C: "The VM is rebooted." Resizing a VM involves changing its size or configuration, such as increasing or decreasing the number of CPUs or memory allocated to it. During this process, the VM needs to be restarted to apply the new settings effectively. Options A and B, redeploying the operating system or reimaging the VM, are not necessary when resizing the VM; it retains its existing operating system and data. Similarly, option D, redeploying the availability set, is unrelated to VM resizing. Therefore, the correct answer is C.
Question 31
A: By providing unique names to each application tier
B: By providing unique IP addresses to each application tier
C: By placing each application tier into unique subnets
D: By placing each application tier into unique resource groups
Correct answer:
D. By placing each application tier into unique subnets
Description:
In an Azure Virtual Network (VNet), network flow and isolation for multi-tiered applications are controlled by organizing each application tier into separate subnets within the VNet. This approach allows for more granular control over network traffic and ensures that communication between different tiers can be regulated using network security groups and routing rules. Options A and B, providing unique names or IP addresses, do not inherently enforce network isolation. Option D, placing tiers into unique resource groups, is unrelated to network configuration and isolation within a VNet. Therefore, the correct answer is C.
Question 32
A: Update domain
B: Fault domain
C: Availability set
D: Scale set
Correct answer:
B. Fault domain
Description:
A fault domain is a unit of virtual machines (VMs) and physical hardware in Azure with a single power source and network switch. If you spread VMs across multiple fault domains within the same region, then it ensures that your applications are operational even if a hardware failure affects one of the fault domains. A, and C, and D are not directly connected to power, cooling, and networking sharing between VMs. Consequently, B is the right answer.
Question 33
A: 1 GB
B: 8 GB
C: 16 GB
D: 32 GB
Correct answer:
C. 16 GB
Description:
Azure Container Instances (ACI) allow a maximum of 16 GB of memory to be assigned to a single container instance. This limit ensures efficient resource utilization while accommodating a reasonable amount of memory for containerized applications. Options A, B, and D represent memory capacities that are either too low or higher than the maximum limit allowed for an ACI. Therefore, the correct answer is C.
Question 34
A: Amount of memory
B: Number of cores
C: Port
D: URL
Correct answer:
C. Port
Description:
Each container in the same Azure Container Instance container group must have a unique port configuration setting to ensure that they can communicate properly within the container group. Ports act as endpoints for network communication, allowing containers to send and receive data. Setting different port values for each container ensures that there are no conflicts or overlaps in network communication, enabling seamless interaction between containers in the same group. Options A, B, and D do not necessarily need to be unique for each container in the same container group, making them incorrect choices. Therefore, the correct answer is C.
Question 35
A: Pod
B: Volume
C: Disk
D: Kubelet
Correct answer:
A. Pod
Description:
In Kubernetes, a Pod is the smallest deployable unit and represents a single instance of a running process in your cluster. It encapsulates one or more containers, storage resources, a unique network IP, and configuration options. Pods are designed to be ephemeral and can be easily created, destroyed, or replicated by Kubernetes based on workload requirements. Options B, C, and D are not containers in Kubernetes but rather other Kubernetes concepts: Volume, Disk, and Kubelet, respectively. Therefore, the correct answer is A.
Question 36
A: Nodepool scaler
B: Cluster autoscaler
C: HorizontalPodAutoscaler
D: Scale-down Mode
Correct answer:
C. HorizontalPodAutoscaler
Description:
HorizontalPodAutoscaler is a Kubernetes feature that automatically scales the number of pods in a deployment or replica set based on observed CPU utilization or other application-provided metrics. When the system processing approaches maximum capacity, HorizontalPodAutoscaler adds more pods to handle increased demand, and when the load decreases, it removes excess pods to optimize resource utilization.
Options A, B, and D are not directly related to dynamically adjusting resources based on system load in Kubernetes. Therefore, the correct answer is C.
Question 37
A: Azure Marketplace
B: Azure Workbooks
C: Azure Enterprise applications
D: Azure Application Proxy
Correct answer:
A. Azure Marketplace
Description:
The App Service creation process can be initiated from the Azure Marketplace. This is where users can find and select the Azure App Service offering to create web apps, mobile back ends, and RESTful APIs. Azure Marketplace serves as a platform where users can discover, try, and deploy various Azure services and solutions from Microsoft and its partners.
Options B, C, and D are not relevant to initiating the creation process for an App Service. Therefore, the correct answer is A.
Question 38
A: Active Directory
B: App Service
C: Application Insights
D: Domain Registrar
Correct answer:
B. App Service
Description:
To configure a third-party identity provider for an Azure web app, you should use the App Service. Azure App Service provides built-in authentication and authorization support through its authentication/authorization feature, which allows integration with various identity providers. This feature enables you to configure authentication settings for your web app, including the ability to integrate with third-party identity providers such as social logins or enterprise identity providers.
Options A, C, and D are not specifically related to configuring third-party identity providers for Azure web apps. Therefore, the correct answer is B.
Question 39
A: Azure Active Directory
B: Azure App Service
C: Azure Key Vault
D: Azure security group
Correct answer:
C. Azure Key Vault
Description:
When setting up a third-party identity provider that utilizes the OAuth authentication, things like client IDs, client secrets, or certificates have to be securely kept. Azure Key Vault is a cloud-based system that has been developed to secure cryptographic keys, certificates, and secrets. It gives a secure vault to contain the sensitive information that is utilized by applications, secrets necessary to OAuth authenticate with third-party issuer for identity. When you keep secrets in Azure Key Vault, you guarantee that they are secure and accessed in a proper and controlled manner by your applications.Options A, B, and D are not designed specifically for securely storing secrets required for authentication purposes. Therefore, the correct answer is C.
Question 40
A: Changing IP address ranges of subnets on the virtual networks
B: Changing IP address space of the virtual networks
C: Deploying VPN gateways into the virtual networks
D: Deploying ExpressRoute gateways into the virtual networks
Correct answer:
B. Changing IP address space of the virtual networks
Description:
Once two virtual networks are connected via peering in Azure, the IP address space of the virtual networks cannot be changed. Virtual network peering establishes a connection between two virtual networks, allowing resources in both networks to communicate with each other securely. However, the IP address space defines the range of IP addresses that can be used within each virtual network, and once peering is established, changing this IP address space can disrupt network connectivity and cause configuration conflicts. Therefore, Azure blocks the operation of changing the IP address space of the virtual networks once they are connected via peering.
Options A, C, and D are not blocked by virtual network peering and can still be performed even after peering is established. Therefore, the correct answer is B.
Question 41
A: A virtual network
B: A subnet
C: A virtual machine
D: A network interface card
Correct answer:
A subnet
Description:
In Azure, the routing table is connected to subnet by associating the routing table with subnet. A route table has a set of rules, named routes, which instructs how the network traffic must be sent. By associating route tables to a subnet, you have a possibility to regulate the routing behaviour for all the resources located within that subnet. The ability to define custom routing configurations, such as routing traffic through a certain gateway or next hop, is also provided which sets it apart. Using a route table and applying it to a subnet will make it possible for you to be in control of the network traffic which is within that particular subnet according to your requirements. The options A, C, and D are wrong because the route table cannot be linked with a virtual network, a virtual machine, or a network interface card.
Question 42
A: /29
B: /30
C: /31
D: /32
Correct answer:
A. /29
Description:
In Azure virtual networking, the smallest supported subnet size is /29. This subnet size provides eight usable IP addresses, which are adequate for various networking configurations while still ensuring efficient use of IP address space. Options B, C, and D (/30, /31, and /32) are incorrect because they represent larger subnet sizes with fewer usable IP addresses, making them less suitable for accommodating multiple resources within a subnet.
Question 43
A: Virtual machine
B: Storage account
C: Container instance
D: Log Analytics workspace
Correct answer:
B. Storage account
Description:
Service endpoints can be configured for Azure Storage accounts, allowing traffic from a virtual network to reach the storage service without traversing the public internet. This enhances security by restricting access to resources within the virtual network. Options A, C, and D (Virtual machine, Container instance, and Log Analytics workspace) are incorrect because they do not directly support service endpoints; they may have other networking configurations or access controls in place but are not associated with service endpoints specifically.
Question 44
A: Keep the NSG1 association and associate NSG2
B: Associate NSG2 with a higher priority
C: Associate NSG2 with a lower priority
D: Remove the NSG1 association and associate NSG2
Correct answer:
D. Remove the NSG1 association and associate NSG2
Description:
NSG1 blocks port 80 traffic, while NSG2 allows it. To enable port 80 traffic to VNIC1 with the least administrative effort, NSG1, which blocks port 80 traffic, should be disassociated, and NSG2, which allows port 80 traffic, should be associated instead. This approach ensures that the desired port traffic is allowed without additional configuration complexity or rule adjustments within NSG1. Options A, B, and C would require additional steps or adjustments that are not necessary given the requirements of allowing port 80 traffic to VNIC1.
Question 45
A: The one associated with the VM
B: The one associated with the network adapter
C: The one associated with the subnet
D: The one associated with the virtual network
Correct answer:
B. The one associated with the network adapter
Description:
When determining the flow of traffic from a virtual machine (VM) to the internet, the network security group (NSG) associated with the network adapter should be evaluated first. This NSG is closest to the VM and governs its outgoing traffic. By examining the NSG at the network adapter level, any restrictions or allowances specific to that VM's network connection are considered first before traffic progresses further along the network path. Options A, C, and D represent NSGs associated with different network components but are not the initial point of control for outgoing traffic from the VM.
Question 46
Correct answer:
A. One
Description:
Azure allows only one network security group (NSG) to be associated with a network interface card (NIC) at a time. This restriction ensures that network traffic passing through the NIC is governed by a single set of security rules defined within the associated NSG. Associating multiple NSGs with a single NIC would introduce complexity and potential conflicts in managing network traffic rules. Therefore, Azure limits the association to one NSG per NIC for simplicity and consistency in network security management.
Question 47
A: High availability
B: Scalability
C: Disaster recovery
D: Account control
Correct answer:
A. High availability , B. Scalability
Description:
Azure Firewall offers high availability and scalability as key features. High availability ensures that Azure Firewall instances remain operational even in the event of a failure by deploying multiple instances across availability zones or regions. Scalability enables Azure Firewall to handle varying levels of network traffic efficiently by dynamically adjusting its capacity based on demand. Disaster recovery and account control are not directly provided features of Azure Firewall.
Question 48
A: TCP
B: UDP
C: ICMP
D: HTTP
Correct answer:
D. HTTP
Description:
The HTTP protocol is used in setting up routing rules for Azure Application Gateway such that incoming HTTP requests are routed to various backend pools or services based on defined criteria that could include URL path, host header, or request header. Even though TCP, UDP, and ICMP are network protocols, they are not routing rules per se in the context of Azure Application Gateway, which is mainly concerned with HTTP traffic oriented routing and load balancing.
Question 49
A: Alert event logs
B: Health probe logs
C: Packet count metrics
D: Byte count metrics
Correct answer:
B. Health probe logs
Description:
When troubleshooting a basic-tier load balancer where an endpoint closes a connection using a TCP reset, examining the health probe logs is the most appropriate diagnostic tool. Health probes are used to periodically check the health of backend endpoints, and their logs can provide insights into why a connection is being reset. Alert event logs may not provide specific details about TCP resets, while packet and byte count metrics are more general indicators of traffic volume rather than connection health.
Question 50
A: Application Gateway
B: Azure Monitor
C: Network Watcher
D: Log Analytics
Correct answer:
D. Log Analytics
Description:
Basic-tier load balancer diagnostic files can be sent to Log Analytics for offline troubleshooting. Log Analytics provides a centralized location for storing and analyzing log data from various Azure services, including load balancers. This allows administrators to review diagnostic information, identify issues, and troubleshoot load balancer-related problems effectively. While Azure Monitor also offers monitoring and diagnostic capabilities, Log Analytics is specifically designed for log management and analysis, making it the appropriate choice for troubleshooting load balancer issues.
Question 51
A: As one instance across all Azure regions
B: As one instance per Azure region
C: As one instance per Azure resource
D: As one instance across all Azure resources
Correct answer:
B. As one instance per Azure region
Description:
Azure Network Watcher is enabled as one instance per Azure region. Network Watcher provides tools to monitor, diagnose, and gain insights into network performance and health in Azure. By enabling Network Watcher in each Azure region, users can access region-specific network monitoring and diagnostic capabilities to optimize network performance and troubleshoot issues effectively. Enabling Network Watcher at the regional level ensures that users have access to the necessary network monitoring tools tailored to each Azure region's network environment.
Question 52
A: Next hop
B: IP flow verify
C: Network topology
D: VPN troubleshoot
Correct answer:
B. IP flow verify
Description:
IP flow verify is the tool used to test if packets are allowed into or out of a virtual machine (VM). It helps diagnose connectivity issues by verifying if traffic is permitted according to the network security rules and configurations. By simulating packet traffic, IP flow verify confirms whether network traffic is correctly allowed or denied by the network security groups, route tables, and other network-related configurations, providing insights into potential connectivity problems and aiding in troubleshooting efforts.
Question 53
A: Microsoft Sentinel
B: Load balancer
C: Operations Management Suite (OMS) workspace
D: Log Analytics workspace
Correct answer:
D. Log Analytics workspace
Description:
To deploy Connection Monitor, a Log Analytics workspace is required. Connection Monitor is a feature within Azure Network Watcher that helps monitor network connectivity between various endpoints, such as virtual machines, virtual networks, and internet resources. It collects and analyzes network connection data, providing insights into network performance, latency, and connectivity issues. By leveraging a Log Analytics workspace, Connection Monitor stores and processes the connection data, enabling users to monitor and troubleshoot network connectivity effectively.
Question 54
A: Network subnet
B: Network peering
C: Network interface
D: Network security group
Correct answer:
A. Network subnet
Description:
Before deploying a VPN gateway in Azure, a network subnet must be created. The VPN gateway requires a subnet within a virtual network to operate. This subnet serves as the gateway subnet, where the VPN gateway's virtual network gateway resides. It's essential for establishing secure connections between on-premises networks and Azure virtual networks, providing a means for extending on-premises networks to the cloud securely. Other options listed, such as network peering, network interface, and network security group, are essential components in Azure networking but not specifically required for deploying a VPN gateway.
Question 55
A: Point-to-site VPN
B: ExpressRoute
C: Site-to-site VPN
D: Virtual network
Correct answer:
B. ExpressRoute
Description:
ExpressRoute is the appropriate solution for creating a secure and reliable private connection between an on-premises network and all Microsoft cloud services without using the public internet. Unlike VPN options like point-to-site VPN and site-to-site VPN, ExpressRoute provides dedicated private connections that offer higher reliability, faster speeds, and lower latencies by bypassing the internet. Additionally, virtual networks (option D) are fundamental components within Azure for organizing and isolating resources but do not provide direct connectivity to on-premises networks.
Question 56
A: With a basic WAN type and client address pool of 10.12.0.0/9
B: With a standard WAN type and client address pool of 10.12.0.0/9
C: With a basic WAN type and client address pool of 10.12.0.0/23
D: With a standard WAN type and client address pool of 10.12.0.0/23
Correct answer:
D. With a standard WAN type and client address pool of 10.12.0.0/23
Description:
Configuring the Azure Virtual WAN with a standard WAN type allows for point-to-site VPN connectivity, which meets the requirement for VPN access. Additionally, selecting a client address pool of 10.12.0.0/23 ensures that there are enough IP addresses available to support up to 200 users while minimizing the IP address space required for client connections. This subnet provides 512 IP addresses, which is sufficient for accommodating the specified number of users and allows for future scalability if needed.
Question 57
A: Subscription
B: Resource group
C: Virtual machine
D: Application
Correct answer:
A. Subscription
Description:
Configuring an alert rule at the subscription level enables the analysis of logs across all available resources within that subscription. This approach ensures centralized monitoring and management of alerts for all resources, allowing for comprehensive visibility and efficient management of alerts at a higher level. Configuring alert rules at the subscription level facilitates a streamlined monitoring process, simplifying the management of alerts and enhancing the overall monitoring capabilities across the entire subscription.
Question 58
A: An action group
B: A signal logic
C: A workspace log
D: A resource group
Correct answer:
A. An action group
Description:
When configuring an alert rule at the "Subscription" level to analyze logs on all available resources, an action group is associated with the rule. An action group specifies the actions to be taken when the alert condition is met, such as sending notifications, executing Azure Functions, or initiating Azure Automation runbooks. It provides flexibility and customization in defining the response to alerts, ensuring appropriate actions are taken based on the alert criteria. This allows for effective management and response to alerts across the entire subscription, enhancing overall monitoring and alerting capabilities.
Question 59
A: Webhook
B: SMS
C: Email
D: Runbook
Correct answer:
A. Webhook
Description:
When routing an Azure alert notification to other systems for custom actions, a webhook is the appropriate type of action to use. A webhook allows you to trigger custom HTTP callbacks to external systems or services, enabling integration with various third-party applications, services, or automation platforms. By configuring a webhook action, you can send alert notifications to external systems, which can then perform custom actions based on the received data. This flexibility facilitates the integration of Azure alerts into broader monitoring and automation workflows, enhancing the overall effectiveness of alert management and response processes.
Question 60
A: By installing a software development kit (SDK) package for the application
B: By executing a runbook in Azure Automation
C: By writing Kusto queries for the application
D: By creating a JavaScript Object Notation (JSON) file for the application
Correct answer:
A. By installing a software development kit (SDK) package for the application
Description:
Configuring Application Insights for a custom application involves installing the appropriate SDK package provided by Application Insights. This SDK allows developers to instrument their applications to automatically collect telemetry data, including performance metrics, errors, and usage patterns. By integrating the SDK into the application's codebase, developers can gain insights into application behavior, diagnose issues, and optimize performance. This approach enables comprehensive monitoring and analysis of the custom application's performance and usage, facilitating effective troubleshooting and continuous improvement efforts.