1. A company currently has the following networks defined in Azure
Name Address space
techlab-vnet1 10.1.0.0/16
techlab-vnet2 10.2.0.0/16
techlab-vnet3 10.3.0.0/16
All virtual networks are hosting virtual machines with varying workloads. A virtual machine named “techlab-detect” hosted in techlab-vnet2. This virtual machine will have an intrusion detection software installed on it. All traffic on all virtual networks need to be routed via this virtual machine.
You need to complete the required steps for implementing this requirement
Which of the following needs to be enabled on the virtual machine “techlab-detect”?

2. A company currently has an Azure subscription named techsubscription. They have created a Log Analytics Workspace named techworkspace. They need to view all the error related events from a table named Events. Which of the following query could be used for this purpose?

3. A company has an Azure subscription that contains the following virtual networks
Virtual Network Name Subnet Name
techcertpro-vnet1 SubnetA
techcertpro-vnet2 SubnetB
techcertpro-vnet3 SubnetC
The networks contain the following virtual machines
Virtual Machine Name Belongs to subnet Availability Set
techcertprovm1 SubnetA techlabavail
techcertprovm2 SubnetA techlabavail
techcertprovm3 SubnetA Not applicable
techcertprovm4 SubnetA Not applicable
techcertprovm5 SubnetB Not applicable
techcertprovm6 SubnetB Not applicable
The following load balancer has been created
Name – techlabloadbalancer
SKU – Basic
Type – Internal
Subnet – SubnetA
Virtual Network – techcertpro-vnet1
Can the load balancer load balance traffic to Virtual machines techcertprovm1 and techcertprovm2?

4. An IT admin for a company’s Azure account needs to create an Azure Policy. The main purpose of the Azure policy is to ensure that only Load balancers of a certain SKU are allowed to be created in the company’s Azure subscription.
Below is the snippet of the Azure Policy

Which of the following would go into Slot3?

5. A company has setup a web application on a set of Azure virtual machines. The web application will be used by users across the world. The company is planning on setting up a Content Delivery profile to ensure that users get the ideal response times no matter where they are located.
Which of the following would they need to fill out additionally to complete the configuration of the CDN Endpoint?

6. View Case Study:

Overview:
techlabs is an online training provider.
Existing Environment:
The existing environment for techlabs currently consists of the following resources
• An on-premise data centre that hosts an Active Directory forest named techlabs.com
• The Active Directory contains users from different departments – IT, Finance, HR
• The following table shows the On-premise infrastructure. All servers are running in a virtualized environment
On-premise server name – Type of Virtualization – Virtual Machine name
techlabs-ser1 – VMware vCenter server – demovm
techlabs-ser2 – Hyper-V host – demovm-test
There are 2 web applications that are hosted on the On-premise environment. The overall details of the web applications are given below
• Programming Language – .Net
• Average memory used for each application – 1 GB
Proposed Environment:
• techlabs is looking towards purchasing an Azure subscription and setting up their environment in Azure
• The Virtual Machines need to have a central location for storage of files. They would connect to these file shares using SMB.
• All applications and Virtual Machines need to be migrated onto Azure
• One of the web applications which will be hosted in Azure Web Apps needs to be mapped to a custom domain of techlabs-quiz.com in Azure.
• Active Directory users need to be synched onto Azure AD
• The following Virtual Networks and subnets are going to be setup in Azure
Virtual Network name – Address space
techlabs-net1 – 10.0.0.0/16
techlabs-net2 – 20.0.0.0/16

Subnet name – Virtual Network name – Address space
SubnetA – techlabs-net1 – 10.0.1.0/24
SubnetB – techlabs-net2 – 20.0.1.0/24
Technical Requirements:
• The Instances for the underlying Web applications should be able to scale up to 5 instances
• Users from the Internet should be able to communicate with an Azure virtual machine named “techlabapi” on port 80
• A workflow should be in place for demovm when it is migrated onto Azure. The IT Administrative staff needs to be notified on any changes that occur on this Virtual Machine
• Minimize costs wherever possible
• There should be an encrypted connection between the On-premise data centre and the Virtual Network techlabs-net2
• A custom role needs to be defined known as techlabsrole which will be based on the reader role.

You need to ensure that users can communicate with the virtual machine “techlabapi” on port. You decide to add a service endpoint.
Would this fulfil the requirement?

7. An IT admin for a company’s Azure account needs to create an Azure Policy. The main purpose of the Azure policy is to ensure that only Load balancers of a certain SKU are allowed to be created in the company’s Azure subscription.
Below is the snippet of the Azure Policy

Which of the following would go into Slot1?

8. A company has an Azure subscription that contains the following virtual networks
Virtual Network Name Subnet Name
techcertpro-vnet1 SubnetA
techcertpro-vnet2 SubnetB
techcertpro-vnet3 SubnetC
The networks contain the following virtual machines
Virtual Machine Name Belongs to subnet Availability Set
techcertprovm1 SubnetA techlabavail
techcertprovm2 SubnetA techlabavail
techcertprovm3 SubnetA Not applicable
techcertprovm4 SubnetA Not applicable
techcertprovm5 SubnetB Not applicable
techcertprovm6 SubnetB Not applicable
The following load balancer has been created
Name – techlabloadbalancer
SKU – Basic
Type – Internal
Subnet – SubnetA
Virtual Network – techcertpro-vnet1
Can the load balancer load balance traffic to Virtual machines techcertprovm3 and techcertprovm4?

9. A company currently has an Azure Web App in place located in the Central US region. After deployment of the application to users across the world, some of the users are complaining of slow response times. Which of the following can be done to improve the response times for the web application to users across the world?

10. View Case Study:

Overview:
techlabs is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment:
• Their existing environment consists of an Active Directory domain named techlabs.com. This is being hosted on a Windows Server.
• The company also has a set of web and application servers hosted on Windows Server 2016 servers.
• The company has also setup an Azure AD tenant
• Their subscription currently consists of Azure AD basic licences.
• Users currently store their files onto a shared file server. The file server is currently configured with 2 TB of storage
Proposed Environment:
• The company wants to migrate all of the web and application servers onto Azure
• Azure AD Connect will be used to synchronize objects from the on-premise Active Directory onto Azure AD
• The file store on Azure needs to be available even in the event of a data center failure
• The costs for hosting resources should be minimized.
• Policies need to be implemented to ensure all users with admin rights need to authenticate to Azure with the use of Multi-Factor Authentication
• A virtual network named techlabvnet1 would be setup in Azure
• One of the virtual machines would still need to access an API hosted on a server in the on-premise environment

An IT admin wants to ensure that the connectivity between the application hosted on the virtual machine in Azure and the API hosted on the on-premise server is possible. Which of the following needs to be implemented to fulfil this requirement?

11. View Case Study:

Overview:
techlabs is an online training provider.
Existing Environment:
The existing environment for techlabs currently consists of the following resources
• An on-premise data centre that hosts an Active Directory forest named techlabs.com
• The Active Directory contains users from different departments – IT, Finance, HR
• The following table shows the On-premise infrastructure. All servers are running in a virtualized environment
On-premise server name – Type of Virtualization – Virtual Machine name
techlabs-ser1 – VMware vCenter server – demovm
techlabs-ser2 – Hyper-V host – demovm-test
There are 2 web applications that are hosted on the On-premise environment. The overall details of the web applications are given below
• Programming Language – .Net
• Average memory used for each application – 1 GB
Proposed Environment:
• techlabs is looking towards purchasing an Azure subscription and setting up their environment in Azure
• The Virtual Machines need to have a central location for storage of files. They would connect to these file shares using SMB.
• All applications and Virtual Machines need to be migrated onto Azure
• One of the web applications which will be hosted in Azure Web Apps needs to be mapped to a custom domain of techlabs-quiz.com in Azure.
• Active Directory users need to be synched onto Azure AD
• The following Virtual Networks and subnets are going to be setup in Azure
Virtual Network name – Address space
techlabs-net1 – 10.0.0.0/16
techlabs-net2 – 20.0.0.0/16

Subnet name – Virtual Network name – Address space
SubnetA – techlabs-net1 – 10.0.1.0/24
SubnetB – techlabs-net2 – 20.0.1.0/24
Technical Requirements:
• The Instances for the underlying Web applications should be able to scale up to 5 instances
• Users from the Internet should be able to communicate with an Azure virtual machine named “techlabapi” on port 80
• A workflow should be in place for demovm when it is migrated onto Azure. The IT Administrative staff needs to be notified on any changes that occur on this Virtual Machine
• Minimize costs wherever possible
• There should be an encrypted connection between the On-premise data centre and the Virtual Network techlabs-net2
• A custom role needs to be defined known as techlabsrole which will be based on the reader role.

You need to ensure that users can communicate with the virtual machine “techlabapi” on port. You decide to an Inbound rule in the Network Security Group attached to the network interface of the virtual machine.
Would this fulfil the requirement?

12. View Case Study:

Overview:
techlabs is an online training provider.
Existing Environment:
The existing environment for techlabs currently consists of the following resources
• An on-premise data centre that hosts an Active Directory forest named techlabs.com
• The Active Directory contains users from different departments – IT, Finance, HR
• The following table shows the On-premise infrastructure. All servers are running in a virtualized environment
On-premise server name – Type of Virtualization – Virtual Machine name
techlabs-ser1 – VMware vCenter server – demovm
techlabs-ser2 – Hyper-V host – demovm-test
There are 2 web applications that are hosted on the On-premise environment. The overall details of the web applications are given below
• Programming Language – .Net
• Average memory used for each application – 1 GB
Proposed Environment:
• techlabs is looking towards purchasing an Azure subscription and setting up their environment in Azure
• The Virtual Machines need to have a central location for storage of files. They would connect to these file shares using SMB.
• All applications and Virtual Machines need to be migrated onto Azure
• One of the web applications which will be hosted in Azure Web Apps needs to be mapped to a custom domain of techlabs-quiz.com in Azure.
• Active Directory users need to be synched onto Azure AD
• The following Virtual Networks and subnets are going to be setup in Azure
Virtual Network name – Address space
techlabs-net1 – 10.0.0.0/16
techlabs-net2 – 20.0.0.0/16

Subnet name – Virtual Network name – Address space
SubnetA – techlabs-net1 – 10.0.1.0/24
SubnetB – techlabs-net2 – 20.0.1.0/24
Technical Requirements:
• The Instances for the underlying Web applications should be able to scale up to 5 instances
• Users from the Internet should be able to communicate with an Azure virtual machine named “techlabapi” on port 80
• A workflow should be in place for demovm when it is migrated onto Azure. The IT Administrative staff needs to be notified on any changes that occur on this Virtual Machine
• Minimize costs wherever possible
• There should be an encrypted connection between the On-premise data centre and the Virtual Network techlabs-net2
• A custom role needs to be defined known as techlabsrole which will be based on the reader role.

You need to configure a VPN connection for techcertpro-net2. Which of the following would you need to configure in the virtual network?

13. You are the Global IT Administrator for your company’s Azure account. You need to ensure that whenever other administrators try to login to the Azure portal from the on-premise network, they have to enter a verification code. Which of the following can be done to fulfil this requirement?

14. A company has an Azure subscription that contains the following virtual networks
Virtual Network Name Subnet Name
techcertpro-vnet1 SubnetA
techcertpro-vnet2 SubnetB
techcertpro-vnet3 SubnetC
The networks contain the following virtual machines
Virtual Machine Name Belongs to subnet Availability Set
techcertprovm1 SubnetA techlabavail
techcertprovm2 SubnetA techlabavail
techcertprovm3 SubnetA Not applicable
techcertprovm4 SubnetA Not applicable
techcertprovm5 SubnetB Not applicable
techcertprovm6 SubnetB Not applicable
The following load balancer has been created
Name – techlabloadbalancer
SKU – Basic
Type – Internal
Subnet – SubnetA
Virtual Network – techcertpro-vnet1
Can the load balancer load balance traffic to Virtual machines techcertprovm5 and techcertprovm6?

15. A team is preparing to deploy the Azure File Sync service. They have created an Azure storage account and a file share using the file service. They have also created a sync group. They have a set of Windows Server 2016 machines located in their on-premise network. Which of the following are steps that need to be followed to complete the implementation? Choose 4 answers from the options given below

16. A company has currently setup a sync process between their on-premise Active Directory named techlab.com and their Azure AD Tenant techlab.onmicrosoft.com. The on-premise domain contains the following users
Name Distinguished Name
techlabusr1 CN=techlabusr1, DC=techlab, DC=com
techlabusr2 CN=techlabusr2, DC=techlab, DC=com
techlabusr3 CN=techlabusr3, DC=techlab, DC=com
The users have the following details set for their accounts
Name Home number Mobile phone
techlabusr1 879908776 18906754
techlabusr2 Null Null
techlabusr3 899076576 18904657
Azure Multi-Factor Authentication is going to be enabled for the users via a bulk update with the following file contents
Username, MFA Status
CN=techlabusr1, DC=techlab, DC=com, Enabled
techlabusr2@techlab.com, Enabled
techlabusr3@techlab.com, Enabled
In order for Azure MFA to be successfully applied for techlabusr2, you need to add a mobile phone number to user account for techlabusr2?

17. A company has decided to use Privileged Identity Management. They have configured the following role settings for the Owner role.

From Privileged Identity Management, you then assign the Owner role to a user named techlabusr1 and set the Assignment type as Active.
For how long with the user be able to use the Owner role?

18. A company is planning on using Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure role-based access control to separate the bills department wise.
Would this fulfil the requirement?

19. A company is planning on using Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure resource tags to separate the bills department wise.
Would this fulfil the requirement?

20. A team has enabled multi-factor authentication for 3 users as shown below
User name Multi-factor authentication status
techlabuser1 Disabled
techlabuser2 Enforced
techlabuser3 Enabled
A group has been created and all users have been added as part of the group. You create a conditional access policy which enforces the use of multi-factor authentication for the group for all cloud-based applications.

Would techlabuser3 be required to use multi-factor authentication when signing into Azure via the web browser?

21. A company currently has a set of virtual machines created in Azure. They want to ensure that their IT administrative team is alerted if anyone of the virtual machines are shutdown.
They decide to create alerts in the Service Health service
Would this fulfil the requirement?

22. A company currently has an Azure subscription and tenant in place. They want to make use of the Azure Data Box service to transfer 20 TB of data to Azure.
Which of the following roles are required to the subscription to create a Data Box order? Choose 2 answers from the options given below

23. View Case Study:

Overview:
techlabs is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment:
• Their existing environment consists of an Active Directory domain named techlabs.com. This is being hosted on a Windows Server.
• The company also has a set of web and application servers hosted on Windows Server 2016 servers.
• The company has also setup an Azure AD tenant
• Their subscription currently consists of Azure AD basic licences.
• Users currently store their files onto a shared file server. The file server is currently configured with 2 TB of storage
Proposed Environment:
• The company wants to migrate all of the web and application servers onto Azure
• Azure AD Connect will be used to synchronize objects from the on-premise Active Directory onto Azure AD
• The file store on Azure needs to be available even in the event of a data center failure
• The costs for hosting resources should be minimized.
• Policies need to be implemented to ensure all users with admin rights need to authenticate to Azure with the use of Multi-Factor Authentication
• A virtual network named techlabvnet1 would be setup in Azure
• One of the virtual machines would still need to access an API hosted on a server in the on-premise environment

Which of the following would you implement as the replication method for the Azure storage account?

24. A company currently has an Azure subscription and a tenant in place. They want to deploy the following infrastructure
An application server on a set of Azure Linux virtual machines.
The application server would listen to user requests on port 80 and control plane requests on port 8090
The application server would connect to a database server hosted on an Azure Linux Virtual machine hosted in the same virtual network
A Load Balancer would be in place and set in front of the application server
In which of the following settings would you configure the ability of the load balancer to check the health of the the application server on port 8090?

25. A company currently has a set of virtual machines created in Azure. They want to ensure that their IT administrative team is alerted if anyone of the virtual machines are shutdown.
They decide to create alerts in the Azure Advisor service.
Would this fulfil the requirement?

26. A company currently has the following networks defined in Azure
Name Address space
techlab-vnet1 10.1.0.0/16
techlab-vnet2 10.2.0.0/16
techlab-vnet3 10.3.0.0/16
All virtual networks are hosting virtual machines with varying workloads. A virtual machine named “techlab-detect” hosted in techlab-vnet2. This virtual machine will have an intrusion detection software installed on it. All traffic on all virtual networks need to be routed via this virtual machine.
You need to complete the required steps for implementing this requirement
Which of the following would you need to create additional to ensure traffic is sent via the virtual machine hosting the intrusion software?

27. A company currently has an Azure subscription and tenant in place. They want to make use of the Azure Data Box service to transfer 20 TB of data to Azure.
Which of the following subscription type is not allowed for the Data Box service?

28. A company has the following set of servers that need to be migrated to an Azure subscription
Name Operating System Configuration
techcertproer1 Windows Server 2012 R2 Domain Controller
techcertproer2 Windows Server 2016 Microsoft SQL Server 2016
techcertproer3 Red Hat Linux Enterprise 7.5 File Server
The company decides to use the Data Migration Assistant tool to move the servers to Azure.
Would this fulfil the requirement?

29. A company is planning on hosting the following infrastructure in Azure
A web server listening on port 80
The web server would be hosted on an Azure Windows virtual machine
The web server would connect to a database server
The database server would be hosted using the Azure SQL database service
The company needs to ensure that when users go to the URL http://techlab.com on the Internet , they are directed to the web server running on the virtual machine. Which of the following service could help fulfil this requirement?

30. A team currently has a virtual machine deployed to Azure. The team wants to get a log of all the network traffic to and from the virtual machine.
Which of the following service from Network Watcher could they use to fulfil this requirement?

31. A company currently has an Azure subscription and a tenant in place. They want to deploy the following infrastructure
An application server on a set of Azure Linux virtual machines.
The application server would listen to user requests on port 80 and control plane requests on port 8090
The application server would connect to a database server hosted on an Azure Linux Virtual machine hosted in the same virtual network
A Load Balancer would be in place and set in front of the application server
In which of the following settings would you configure the routing of the requests from the users on the Load balancer to the application servers?

32. View Case Study:

Overview:
techlabs is an online training provider.
Existing Environment:
The existing environment for techlabs currently consists of the following resources
• An on-premise data centre that hosts an Active Directory forest named techlabs.com
• The Active Directory contains users from different departments – IT, Finance, HR
• The following table shows the On-premise infrastructure. All servers are running in a virtualized environment
On-premise server name – Type of Virtualization – Virtual Machine name
techlabs-ser1 – VMware vCenter server – demovm
techlabs-ser2 – Hyper-V host – demovm-test
There are 2 web applications that are hosted on the On-premise environment. The overall details of the web applications are given below
• Programming Language – .Net
• Average memory used for each application – 1 GB
Proposed Environment:
• techlabs is looking towards purchasing an Azure subscription and setting up their environment in Azure
• The Virtual Machines need to have a central location for storage of files. They would connect to these file shares using SMB.
• All applications and Virtual Machines need to be migrated onto Azure
• One of the web applications which will be hosted in Azure Web Apps needs to be mapped to a custom domain of techlabs-quiz.com in Azure.
• Active Directory users need to be synched onto Azure AD
• The following Virtual Networks and subnets are going to be setup in Azure
Virtual Network name – Address space
techlabs-net1 – 10.0.0.0/16
techlabs-net2 – 20.0.0.0/16

Subnet name – Virtual Network name – Address space
SubnetA – techlabs-net1 – 10.0.1.0/24
SubnetB – techlabs-net2 – 20.0.1.0/24
Technical Requirements:
• The Instances for the underlying Web applications should be able to scale up to 5 instances
• Users from the Internet should be able to communicate with an Azure virtual machine named “techlabapi” on port 80
• A workflow should be in place for demovm when it is migrated onto Azure. The IT Administrative staff needs to be notified on any changes that occur on this Virtual Machine
• Minimize costs wherever possible
• There should be an encrypted connection between the On-premise data centre and the Virtual Network techlabs-net2
• A custom role needs to be defined known as techlabsrole which will be based on the reader role.

The custom role definition is contained in a script named newrole.json. Which of the following command could be used to create the custom role out of the script file?

33. A team currently has a virtual machine deployed to Azure. The team wants to get a log of all the network traffic to and from the virtual machine.
Which of the following would you need to have prior for storing the log files?

34. View Case Study:

Overview:
techlabs is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment:
• Their existing environment consists of an Active Directory domain named techlabs.com. This is being hosted on a Windows Server.
• The company also has a set of web and application servers hosted on Windows Server 2016 servers.
• The company has also setup an Azure AD tenant
• Their subscription currently consists of Azure AD basic licences.
• Users currently store their files onto a shared file server. The file server is currently configured with 2 TB of storage
Proposed Environment:
• The company wants to migrate all of the web and application servers onto Azure
• Azure AD Connect will be used to synchronize objects from the on-premise Active Directory onto Azure AD
• The file store on Azure needs to be available even in the event of a data center failure
• The costs for hosting resources should be minimized.
• Policies need to be implemented to ensure all users with admin rights need to authenticate to Azure with the use of Multi-Factor Authentication
• A virtual network named techlabvnet1 would be setup in Azure
• One of the virtual machines would still need to access an API hosted on a server in the on-premise environment

For user authentication, the company wants to enforce the user of their on-premise Active Directory security and password policies. The company decides to configure Azure AD Connect with Pass-through Authentication.
Would this fulfil the requirement?

35. A company has the following set of servers that need to be migrated to an Azure subscription
Name Operating System Configuration
techcertproer1 Windows Server 2012 R2 Domain Controller
techcertproer2 Windows Server 2016 Microsoft SQL Server 2016
techcertproer3 Red Hat Linux Enterprise 7.5 File Server
The company decides to use the az copy tool to move the servers to Azure.
Would this fulfil the requirement?

36. View Case Study:

Overview:
techlabs is an online training provider.
Existing Environment:
The existing environment for techlabs currently consists of the following resources
• An on-premise data centre that hosts an Active Directory forest named techlabs.com
• The Active Directory contains users from different departments – IT, Finance, HR
• The following table shows the On-premise infrastructure. All servers are running in a virtualized environment
On-premise server name – Type of Virtualization – Virtual Machine name
techlabs-ser1 – VMware vCenter server – demovm
techlabs-ser2 – Hyper-V host – demovm-test
There are 2 web applications that are hosted on the On-premise environment. The overall details of the web applications are given below
• Programming Language – .Net
• Average memory used for each application – 1 GB
Proposed Environment:
• techlabs is looking towards purchasing an Azure subscription and setting up their environment in Azure
• The Virtual Machines need to have a central location for storage of files. They would connect to these file shares using SMB.
• All applications and Virtual Machines need to be migrated onto Azure
• One of the web applications which will be hosted in Azure Web Apps needs to be mapped to a custom domain of techlabs-quiz.com in Azure.
• Active Directory users need to be synched onto Azure AD
• The following Virtual Networks and subnets are going to be setup in Azure
Virtual Network name – Address space
techlabs-net1 – 10.0.0.0/16
techlabs-net2 – 20.0.0.0/16

Subnet name – Virtual Network name – Address space
SubnetA – techlabs-net1 – 10.0.1.0/24
SubnetB – techlabs-net2 – 20.0.1.0/24
Technical Requirements:
• The Instances for the underlying Web applications should be able to scale up to 5 instances
• Users from the Internet should be able to communicate with an Azure virtual machine named “techlabapi” on port 80
• A workflow should be in place for demovm when it is migrated onto Azure. The IT Administrative staff needs to be notified on any changes that occur on this Virtual Machine
• Minimize costs wherever possible
• There should be an encrypted connection between the On-premise data centre and the Virtual Network techlabs-net2
• A custom role needs to be defined known as techlabsrole which will be based on the reader role.

Which of the following account is required in Azure AD for the setup of Azure AD Connect?

37. An IT admin for a company’s Azure account needs to create an Azure Policy. The main purpose of the Azure policy is to ensure that only Load balancers of a certain SKU are allowed to be created in the company’s Azure subscription.
Below is the snippet of the Azure Policy

Which of the following would go into Slot2?

38. A company current has an Azure subscription and an Azure tenant defined. The company wants to allow users to have the ability to join their Windows 10 devices to Azure AD.
The company wants to ensure that a user is made the local administrator by default on those devices which are registered with Azure AD. Where should you go to enable this setting?

39. A company current has an Azure subscription and an Azure tenant defined. The company wants to allow users to have the ability to join their Windows 10 devices to Azure AD.
Which of the following would you need to configure to ensure this requirement is fulfilled?

40. View Case Study:

Overview:
techlabs is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment:
• Their existing environment consists of an Active Directory domain named techlabs.com. This is being hosted on a Windows Server.
• The company also has a set of web and application servers hosted on Windows Server 2016 servers.
• The company has also setup an Azure AD tenant
• Their subscription currently consists of Azure AD basic licences.
• Users currently store their files onto a shared file server. The file server is currently configured with 2 TB of storage
Proposed Environment:
• The company wants to migrate all of the web and application servers onto Azure
• Azure AD Connect will be used to synchronize objects from the on-premise Active Directory onto Azure AD
• The file store on Azure needs to be available even in the event of a data center failure
• The costs for hosting resources should be minimized.
• Policies need to be implemented to ensure all users with admin rights need to authenticate to Azure with the use of Multi-Factor Authentication
• A virtual network named techlabvnet1 would be setup in Azure
• One of the virtual machines would still need to access an API hosted on a server in the on-premise environment

For user authentication, the company wants to enforce the user of their on-premise Active Directory security and password policies. The company decides to configure Azure AD Connect with Federated Authentication.
Would this fulfil the requirement?

41. A company has currently setup a sync process between their on-premise Active Directory named techlab.com and their Azure AD Tenant techlab.onmicrosoft.com. The on-premise domain contains the following users
Name Distinguished Name
techlabusr1 CN=techlabusr1, DC=techlab, DC=com
techlabusr2 CN=techlabusr2, DC=techlab, DC=com
techlabusr3 CN=techlabusr3, DC=techlab, DC=com
The users have the following details set for their accounts
Name :Home number: Mobile phone
techlabusr1 :879908776 :18906754
techlabusr2 :Null :Null
techlabusr3 :899076576: 18904657
Azure Multi-Factor Authentication is going to be enabled for the users via a bulk update with the following file contents
Username, MFA Status
CN=techlabusr1, DC=techlab, DC=com, Enabled
techlabusr2@techlab.com, Enabled
techlabusr3@techlab.com, Enabled

In order for Azure MFA to be successfully applied for techlabusr1, you need to change the second line of the file to techlabusr1@techlab.com, Enabled

42. A company has setup a web application on a set of Azure virtual machines. The web application will be used by users across the world. The company is planning on setting up a Content Delivery profile to ensure that users get the ideal response times no matter where they are located.
Which of the following would they setup as the Origin Type for the CDN Endpoint?

43. A company has decided to use Privileged Identity Management. They have configured the following role settings for the Owner role.

From Privileged Identity Management, you then assign the Owner role to a user named techlabusr1 and set the Assignment type as Active.
If the user activates the role for the first time, after how long with the user need to activate the role again?

44. An IT admin has created an Azure tenant for a company named techlab.onmicrosoft.com. The IT admin has also created a user named techlabadmin and provided the User Administrator role to the user. techlabadmin is now trying to add an external partner to the Microsoft account. The external partner sign in name is userA@outlook.com.
The IT admin is getting the following error when trying to add the sign-in name
“Unable to invite user userA@outlook.com – Generic authorization exception”
Which of the following needs to be done to resolve this issue? You also need to ensure this is done in a secure manner.

45. A company currently has a set of virtual machines created in Azure. They want to ensure that their IT administrative team is alerted if anyone of the virtual machines are shutdown.
They decide to create alerts based on Activity Logs in Azure Monitor.
Would this fulfil the requirement?

46. View Case Study:

Overview:
techlabs is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment:
• Their existing environment consists of an Active Directory domain named techlabs.com. This is being hosted on a Windows Server.
• The company also has a set of web and application servers hosted on Windows Server 2016 servers.
• The company has also setup an Azure AD tenant
• Their subscription currently consists of Azure AD basic licences.
• Users currently store their files onto a shared file server. The file server is currently configured with 2 TB of storage
Proposed Environment:
• The company wants to migrate all of the web and application servers onto Azure
• Azure AD Connect will be used to synchronize objects from the on-premise Active Directory onto Azure AD
• The file store on Azure needs to be available even in the event of a data center failure
• The costs for hosting resources should be minimized.
• Policies need to be implemented to ensure all users with admin rights need to authenticate to Azure with the use of Multi-Factor Authentication
• A virtual network named techlabvnet1 would be setup in Azure
• One of the virtual machines would still need to access an API hosted on a server in the on-premise environment

Which of the following would need to be done to ensure users sign in using Multi-Factor authentication?

47. View Case Study:

Overview:
techlabs is an online training provider. They have several main offices and a couple of branch offices.
Existing Environment:
• Their existing environment consists of an Active Directory domain named techlabs.com. This is being hosted on a Windows Server.
• The company also has a set of web and application servers hosted on Windows Server 2016 servers.
• The company has also setup an Azure AD tenant
• Their subscription currently consists of Azure AD basic licences.
• Users currently store their files onto a shared file server. The file server is currently configured with 2 TB of storage
Proposed Environment:
• The company wants to migrate all of the web and application servers onto Azure
• Azure AD Connect will be used to synchronize objects from the on-premise Active Directory onto Azure AD
• The file store on Azure needs to be available even in the event of a data center failure
• The costs for hosting resources should be minimized.
• Policies need to be implemented to ensure all users with admin rights need to authenticate to Azure with the use of Multi-Factor Authentication
• A virtual network named techlabvnet1 would be setup in Azure
• One of the virtual machines would still need to access an API hosted on a server in the on-premise environment

For user authentication, the company wants to enforce the user of their on-premise Active Directory security and password policies. The company decides to configure Azure AD Connect with Password Hash Synchronization.
Would this fulfil the requirement?

48. A company has the following set of servers that need to be migrated to an Azure subscription
Name Operating System Configuration
techcertproer1 Windows Server 2012 R2 Domain Controller
techcertproer2 Windows Server 2016 Microsoft SQL Server 2016
techcertproer3 Red Hat Linux Enterprise 7.5 File Server
The company decides to use the Azure Site Recovery tool to move the servers to Azure.
Would this fulfill the requirement?

49. View Case Study:

Overview:
techlabs is an online training provider.
Existing Environment:
The existing environment for techlabs currently consists of the following resources
• An on-premise data centre that hosts an Active Directory forest named techlabs.com
• The Active Directory contains users from different departments – IT, Finance, HR
• The following table shows the On-premise infrastructure. All servers are running in a virtualized environment
On-premise server name – Type of Virtualization – Virtual Machine name
techlabs-ser1 – VMware vCenter server – demovm
techlabs-ser2 – Hyper-V host – demovm-test
There are 2 web applications that are hosted on the On-premise environment. The overall details of the web applications are given below
• Programming Language – .Net
• Average memory used for each application – 1 GB
Proposed Environment:
• techlabs is looking towards purchasing an Azure subscription and setting up their environment in Azure
• The Virtual Machines need to have a central location for storage of files. They would connect to these file shares using SMB.
• All applications and Virtual Machines need to be migrated onto Azure
• One of the web applications which will be hosted in Azure Web Apps needs to be mapped to a custom domain of techlabs-quiz.com in Azure.
• Active Directory users need to be synched onto Azure AD
• The following Virtual Networks and subnets are going to be setup in Azure
Virtual Network name – Address space
techlabs-net1 – 10.0.0.0/16
techlabs-net2 – 20.0.0.0/16

Subnet name – Virtual Network name – Address space
SubnetA – techlabs-net1 – 10.0.1.0/24
SubnetB – techlabs-net2 – 20.0.1.0/24
Technical Requirements:
• The Instances for the underlying Web applications should be able to scale up to 5 instances
• Users from the Internet should be able to communicate with an Azure virtual machine named “techlabapi” on port 80
• A workflow should be in place for demovm when it is migrated onto Azure. The IT Administrative staff needs to be notified on any changes that occur on this Virtual Machine
• Minimize costs wherever possible
• There should be an encrypted connection between the On-premise data centre and the Virtual Network techlabs-net2
• A custom role needs to be defined known as techlabsrole which will be based on the reader role.

You need to ensure that users can communicate with the virtual machine “techlabapi” on port 80, and decided to add an Outbound rule in the Network Security Group attached to the network interface of the virtual machine. Would this fulfill the requirement?