Microsoft AZ-300 Q & A
1) The DevOps manager asks you to ensure that a critical web application is monitored. She wants the DevOps engineers to receive emails when the web app stops for any reason. What should you configure to fulfil this requirement? Choose the best option.
Create Diagnostic Logs for the WebApp by configuring a resource, condition and action group.
Create an Alert for the WebApp by configuring a resource, condition, action group and alert details.
Create Resource Health for the WebApp by configuring a resource, condition and action group.
Create an Alert for the WebApp by configuring a resource, condition, alert group and alert details.
Create an Alert for the WebApp by configuring a resource, condition, action group and alert details.
2) You Lead is configuring Public Addresses for Virtual Machines in availability sets. As per client requirement , The Virtual Machine disks need to be redundant over different zones, but be located in the same Azure region. What solution best meets this requirement?
A Basic SKU Public IP Address needs to be configured
A Standard SKU Public IP Address needs to be configured
The correct answer is:
A Standard SKU Public IP Address needs to be configured
3) When adding a Route to an Azure Route Table which of the following are available Next Hop Types? Select all that apply.
Internet
Virtual Network Gateway
Storage Account
Network Security Gateway
Virtual Appliance
Virtual Network
The correct answers are:
Virtual Network Gateway
Virtual Network
Internet
Virtual Appliance
4) Which of the following cannot be configured as a valid IP address in Azure? Choose one or more answers.
255.255.255.255/32
224.0.0.0/4
10.2.0.0/16
The correct answers are:
224.0.0.0/4
255.255.255.255/32
5) Your Team Lead wants to enable Enterprise State Roaming.Where can you find this configuration option in the Azure portal?
Azure Active Directory > Devices > Enterprise State Roaming
Intune > Devices > Enterprise State Roaming
Azure Active Directory > App Registrations > Enterprise State Roaming
The correct answer is:
Azure Active Directory > Devices > Enterprise State Roaming
6) In Active Directory you want to ensure users will see relevant disclaimers for legal, or compliance requirements which you have received from the head of the Legal Team.Where should you configure this information?
Azure Active Directory > Identity Governance, then click Publish a Terms of use.
Azure Active Directory > Properties, then click Create a Company legal policy
The correct answer is:
Azure Active Directory > Identity Governance, then click Publish a Terms of use.
7) The Head of Security requires that users must logon securely at all times.Company security policy requires that users answer security questions as well as passwords when logging in from outside of the US. Specify the technologies that you should enable to meet company requirements.Choose two options from the possible answers.
Privileged Identity Management
Self-Service Password Reset
MFA
Conditional Access
The correct answers are:
MFA
Conditional Access
8) In a hybrid environment what is the requirement for client machines to use Azure Seamless Single Sign-On?
Azure AD Joined
Domain Joined
The correct answer is:
Domain Joined
9) Select the appropriate solution which would meet the following criteria: a) Ensure no password hashes are stored in the cloud. b)Enable my users to sign in and access cloud services using their on-premises password.c)Ensure no new on-premises servers are created.
Azure AD Connect with Connect Health
Pass-through authentication (PTA) and single sign-on
The correct answer is:
Pass-through authentication (PTA) and single sign-on
10) Which feature allows you to keep on-premises Active Directory passwords in-synch with passwords in the Cloud?
Password writeback
Password Synchronisation feature
The correct answer is:
Password writeback
11) You need to configure Azure MFA to set a time period to allow authentication attempts.What must you configure?
App Password
Caching Rule
The correct answer is:
Caching Rule
12) To access the application the client requests an OAuth 2.0 authentication token. To receive an OAuth 2.0 bearer token what does the client supply to the bearer?
Client Agent Type
Authorization code
Client_id
The correct answers are:
Client_id
Authorization code
12) Your Client has given requirement to protect confidential data which is as below:1) Encrypts data at rest 2) Data is protected in the Trusted Execution Environment enclave 3) Stops malicious insiders with administrative privilege, or direct access to hardware, from gaining access . Select the solution which meets your company requirements.
Encrypt data at rest using Azure Key Vault
Azure Confidential Computing
The correct answer is:
Azure Confidential Computing
13) You need to delete the certificate “cloud” from the “vikas”.
What is the correct REST API call that will perform this task successfully?
DELETE vikas.vault.azure.net/certificates/cloud?api-version=7.0
DELETE HTTPS://vikas.vault.azure.net/certificates/cloud?api-version=7.0
DELETE http://vikas.vault.azure.net/certificates/cloud?api-version=7.0
DELETE HTTPS://vikas.vault.azure.net/removecertificates/cloud?api-version=7.0
The correct answer is:
DELETE HTTPS://vikas.vault.azure.net/certificates/cloud?api-version=7.0
14) Choose the option that best describes the outcome of running the PowerShell script:
Set-AzStorageAccount -Name “cloudvikas” -ResourceGroupName “Store2RG” -EnableHttpsTrafficOnly $True
Enable “Secure transfer required” setting for the Storage Account named “cloudvikas”
Enable “Only HTTP traffic” setting for the Storage Account named “cloudvikas”
The correct answer is:
Enable “Secure transfer required” setting for the Storage Account named “cloudvikas”
15) You have a VM called ‘cloudvikas’ and you want to view resource usage for the VM for the last week. What should you configure to show you this? Select all that apply.
Azure Monitoring Alerts
Azure Monitoring Metrics
Azure Monitoring Insights
The correct answers are:
Azure Monitoring Metrics
Azure Monitoring Insights
16) You are configuring diagnostic logging in Azure for a VM called “application”.When you are configuring a sink, to which Azure service can configure?
Azure Security Centre
Storage Account
The correct answer is:
Storage Account
17) The business has a requirement to allow a remote office to write file data to a Storage Account called “cloudvikas” during a two week project.
It essential that you set this up quickly and in the most secure manner.
Apply your knowledge of Storage Accounts to select the correct answer that meets the requirements.
•
Provide the remote office the second shared access key that is configured when the storage account is setup.•
Provide the remote office the second shared access key that is configured when the storage account is setup.
Configure Shared access signature in “cloudvikas” with the following settings:
Allowed permissions = Write
Set an expiry date of two weeks.
•
Configure Shared access signature in “cloudvikas” with the following settings: Allowed permissions = “Write” Set the “Allowed IP addresses” to include the remote offices IP address
Set an expiry date of two weeks.
The correct answer is:
Configure Shared access signature in “cloudvikas” with the following settings: Allowed permissions = “Write” Set the “Allowed IP addresses” to include the remote offices IP address
Set an expiry date of two weeks.
18) You have been using a Storage Account called “cloud” for application data. You believe an ex-employee has saved the key 1 details. How should you secure the data and keep the application online?
Use key 2 for the application that uses the storage account and regenerate key 1
Regenerate key 1
The correct answer is:
Use key 2 for the application that uses the storage account and regenerate key 1
19) The junior team asks you for guidance in backing up a Storage Account. What solution would you suggest that would enable them to create the back-up?
Use WMI (Windows Management Instrumentation)
Use Storage Explorer to create a snapshot of the Blob Storage
The correct answer is:
Use Storage Explorer to create a snapshot of the Blob Storage
20) Your team lead has to select a Storage Account type to store addresses.The data will be structured and will need a key attribute. Choose the most appropriate Azure Storage Account type which best fits the scenario.
Blob Storage
Table Storage
The correct answer is:
Table Storage
21) In your project, You have a requirement to configure a solution to replace an on-premises device.The share is currently mapped to Windows 10 devices. Recommend a solution would best meet this requirement?
Azure Blob Storage with an CIFS Share
Azure File Storage with an SMB Share
The correct answer is:
Azure File Storage with an SMB Share
22) You want to examine whether any of the current Azure workloads are sized too large, or are not being utilized. What Azure tool could you run to achieve this?
Azure Sentinel
Azure Advisor
The correct answer is:
Azure Advisor
23) In defining “autoscaling rule sets” what is the “cooldown” parameter?
How often that the metrics are collected for analysis.
The amount of time to wait before the rule is applied again so that the autoscale actions have time to take effect.
The correct answer is:
The amount of time to wait before the rule is applied again so that the autoscale actions have time to take effect.
24) A recent security audit states that to be compliant you must configure an alternative method of authentication which does not utilize passwords. What you have to do?
Azure Key Vault Service
SSH Public Key Authentication
The correct answer is:
SSH Public Key Authentication
25) When configuring an Azure Application Gateway what criteria is supported for the configuration of custom Health probes?Select all that apply.
HTTP response status code match
SSH response status code match
HTTP response body match
The correct answers are:
HTTP response status code match
HTTP response body match
26) The DevOps Manager has tasked you with deploying a Linux VM. What Class in the JSON template would you configure the “Choose the Linux Distribution” option?
machineConfig
imageReference
The correct answer is:
imageReference
27) The Manager has tasked you with deploying a Linux VM. You decide to use an ARM template to achieve this. What value in the JSON template would you configure to lock down SSH access to the VM?
sshLockdown
adminPublicKey
The correct answer is:
adminPublicKey
28) Which script languages can you run to deploy ARM templates? Select all languages that apply.
C++
JavaScript
json
The correct answer are:
.json
29) What PowerShell cmdlet would you execute to deploy a Virtual Machine from the Azure Marketplace?
New-AzVm
New-AzResourceGroupDeployment
The correct answer is:
New-AzResourceGroupDeployment
30) Your DevOps Manager asks you to specify the viable platforms that allow you to deploy code to Azure. Choose all that apply.
CloudForge
Github
Bitbucket
The correct answers are:
Bitbucket
Github
Pages: 1 2