- (Exam Topic 6)
Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com.
Adatum.com contains the user accounts in the following table.
Adatum.onmicrosoft.com contains the user accounts in the following table.
You need to implement Azure AD Connect. The solution must follow the principle of least privilege. Which user accounts should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Box 1: User5
In Express settings, the installation wizard asks for the following: AD DS Enterprise Administrator credentials
Azure AD Global Administrator credentials
The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in Active Directory can be set in all domains.
Box 2: UserA
Azure AD Global Admin credentials credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.
References:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissio
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 6)
You have a deployment template named Template1 that is used to deploy 10 Azure web apps.
You need to identify what to deploy before you deploy Template1. The solution must minimize Azure costs. What should you identify?
Correct Answer:
D
You create Azure web apps in an App Service plan. Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans
- (Exam Topic 5)
You have an Azure subscription that contains the resources shown in the following table.
The Not allowed resources types Azure policy is assigned to RG1 and uses the following parameters:
In RG1, you need to create a new virtual named VM2, and then connected VM2 to VNET1. What should you do first?
Correct Answer:
C
The Not allowed resource types Azure policy prohibits the deployment of specified resource types. You specify an array of the resource types to block.
Virtual Networks and Virtual Machines are prohibited. Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/samples/not-allowed-resource-types
- (Exam Topic 5)
You have an Azure web app named App1. App1 has the deployment slots shown in the following table:
In webapp1-test, you test several changes to App1. You back up App1.
You swap webapp1-test for webapp1-prod and discover that App1 is experiencing performance issues. You need to revert to the previous version of App1 as quickly as possible.
What should you do?
Correct Answer:
B
When you swap deployment slots, Azure swaps the Virtual IP addresses of the source and destination slots, thereby swapping the URLs of the slots. We can easily revert the deployment by swapping back.
You can validate app changes in a staging deployment slot before swapping it with the production slot. Deploying an app to a slot first and swapping it into production makes sure that all instances of the slot are warmed up before being swapped into production. This eliminates downtime when you deploy your app. The traffic redirection is seamless, and no requests are dropped because of swap operations. You can automate this entire workflow by configuring auto swap when pre-swap validation isn't needed.
After a swap, the slot with previously staged app now has the previous production app. If the changes swapped into the production slot aren't as you expect, you can perform the same swap immediately to get your "last known good site" back.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots
- (Exam Topic 6)
You have an Azure subscription that contains two virtual machines named VM1 and VM2 You create an Azure load balancer.
You plan to create a load balancing rule that will load balance HTTPS traffic between VM1 and VM2.
Which two additional load balance resources should you create before you can create the load balancing rule? Each correct answer presents part of the solution
MOTL Each correct selection 5 worth one point.
Correct Answer:
BC