HOTSPOT -
You have an Azure subscription that contains 300 Azure virtual machines that run Windows Server 2019.
You need to centrally monitor all warning events in the System logs of the virtual machines.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows
You have an Azure SQL database named DB1 that contains multiple tables.
You need to improve the performance of DB1. The solution must minimize administrative effort.
What should you use?
Answer:
A
Azure SQL Database and Azure SQL Managed Instance automatic tuning provides peak performance and stable workloads through continuous performance tuning based on AI and machine learning.
Automatic tuning is a fully managed intelligent performance service that uses built-in intelligence to continuously monitor queries executed on a database, and it automatically improves their performance.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/automatic-tuning-overview
You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployments in your subscription.
What should you include in the recommendation?
Answer:
D
Log Analytics is a tool in the Azure portal used to edit and run log queries with data in Azure Monitor Logs. You may write a simple query that returns a set of records and then use features of Log Analytics to sort, filter, and analyze them. Or you may write a more advanced query to perform statistical analysis and visualize the results in a chart to identify a particular trend.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-overview
Your company provides customer support for multiple Azure subscriptions and third-party hosting providers.
You are designing a centralized monitoring solution. The solution must provide the following services:
✑ Collect log and diagnostic data from all the third-party hosting providers into a centralized repository.
✑ Collect log and diagnostic data from all the subscriptions into a centralized repository.
✑ Automatically analyze log data and detect threats.
✑ Provide automatic responses to known events.
Which Azure service should you include in the solution?
Answer:
C
The following diagram gives a high-level view of Azure Monitor. At the center of the diagram are the data stores for metrics and logs, which are the two fundamental types of data used by Azure Monitor. On the left are the sources of monitoring data that populate these data stores. On the right are the different functions that Azure Monitor performs with this collected data. This includes such actions as analysis, alerting, and streaming to external systems.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/overview
You are designing an Azure resource deployment that will use Azure Resource Manager templates. The deployment will use Azure Key Vault to store secrets.
You need to recommend a solution to meet the following requirements:
✑ Prevent the IT staff that will perform the deployment from retrieving the secrets directly from Key Vault.
✑ Use the principle of least privilege.
Which two actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer:
BD
B: To access a key vault during template deployment, set enabledForTemplateDeployment on the key vault to true.
D: The user who deploys the template must have the Microsoft.KeyVault/vaults/deploy/action permission for the scope of the resource group and key vault.
Incorrect Answers:
E: To grant access to a user to manage key vaults, you assign a predefined key vault Contributor role to the user at a specific scope.
If a user has Contributor permissions to a key vault management plane, the user can grant themselves access to the data plane by setting a Key Vault access policy. You should tightly control who has Contributor role access to your key vaults. Ensure that only authorized persons can access and manage your key vaults, keys, secrets, and certificates.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter https://docs.microsoft.com/en-us/azure/key-vault/general/overview-security
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux.
You plan to migrate the virtual machines to an Azure subscription.
You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks.
Solution: You recommend implementing an Azure Storage account, and then using Azure Migrate.
Does this meet the goal?
Answer:
B
To ensure that the virtual machines remain available during the migration, use Azure Site Recovery.
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
The accounting department at your company migrates to a new financial accounting software. The accounting department must keep file-based database backups for seven years for compliance purposes. It is unlikely that the backups will be used to recover data.
You need to move the backups to Azure. The solution must minimize costs.
Where should you store the backups?
Answer:
A
Azure Front Door enables you to define, manage, and monitor the global routing for your web traffic by optimizing for best performance and instant global failover for high availability. With Front Door, you can transform your global (multi-region) consumer and enterprise applications into robust, high-performance personalized modern applications, APIs, and content that reaches a global audience with Azure.
Front Door works at Layer 7 or HTTP/HTTPS layer and uses anycast protocol with split TCP and Microsoft's global network for improving global connectivity.
Incorrect Answers:
B: Azure Traffic Manager uses DNS (layer 3) to shape traffic. SSL works at Layer 6.
Azure Traffic Manager can direct customers to their closest AKS cluster and application instance. For the best performance and redundancy, direct all application traffic through Traffic Manager before it goes to your AKS cluster.
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overview
Your company has offices in the United States, Europe, Asia, and Australia.
You have an on-premises app named App1 that uses Azure Table storage. Each office hosts a local instance of App1.
You need to upgrade the storage for App1. The solution must meet the following requirements:
✑ Enable simultaneous write operations in multiple Azure regions.
✑ Ensure that write latency is less than 10 ms.
✑ Support indexing on all columns.
Minimize development effort.
Which data platform should you use?
Answer:
D
Azure Cosmos DB Table API has -
✑ Single-digit millisecond latency for reads and writes, backed with <10-ms latency reads and <15-ms latency writes at the 99th percentile, at any scale, anywhere in the world.
✑ Automatic and complete indexing on all properties, no index management.
✑ Turnkey global distribution from one to 30+ regions. Support for automatic and manual failovers at any time, anywhere in the world.
Incorrect Answers:
D: Azure Table storage, but has no upper bounds on latency.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/table-support
You plan to deploy 10 applications to Azure. The applications will be deployed to two Azure Kubernetes Service (AKS) clusters. Each cluster will be deployed to a separate Azure region.
The application deployment must meet the following requirements:
✑ Ensure that the applications remain available if a single AKS cluster fails.
✑ Ensure that the connection traffic over the internet is encrypted by using SSL without having to configure SSL on each container.
Which Azure service should you include in the recommendation?
Answer:
D
Azure Front Door enables you to define, manage, and monitor the global routing for your web traffic by optimizing for best performance and instant global failover for high availability. With Front Door, you can transform your global (multi-region) consumer and enterprise applications into robust, high-performance personalized modern applications, APIs, and content that reaches a global audience with Azure.
Front Door works at Layer 7 or HTTP/HTTPS layer and uses anycast protocol with split TCP and Microsoft's global network for improving global connectivity.
Incorrect Answers:
C: Azure Traffic Manager uses DNS (layer 3) to shape traffic. SSL works at Layer 6.
Azure Traffic Manager can direct customers to their closest AKS cluster and application instance. For the best performance and redundancy, direct all application traffic through Traffic Manager before it goes to your AKS cluster.
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overview
You have an Azure web app that uses an Azure key vault named KeyVault1 in the West US Azure region.
You are designing a disaster recovery plan for KeyVault1.
You plan to back up the keys in KeyVault1.
You need to identify to where you can restore the backup.
What should you identify?
Answer:
C
When you back up a key vault object, such as a secret, key, or certificate, the backup operation will download the object as an encrypted blob. This blob can't be decrypted outside of Azure. To get usable data from this blob, you must restore the blob into a key vault within the same Azure subscription and Azure geography.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/backup
