Q31. You develop a Windows Store application that has a web service backend.
You plan to use the Azure Active Directory Authentication Library to authenticate users to Azure Active Directory (Azure AD) and access directory data on behalf of the user.
You need to ensure that users can log in to the application by using their Azure AD credentials.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Create a native client application in Azure AD.
B. Configure directory integration.
C. Create a web application in Azure AD.
D. Enable workspace join.
E. Configure an Access Control namespace.
Answer: B,C
Explanation: B: An application that wants to outsource authentication to Azure AD must be
registered in Azure AD, which registers and uniquely identifies the app in the directory.
C (not A): NativeClient-WindowsStore
A Windows Store application that calls a web API that is secured with Azure AD.
Reference: AzureADSamples/NativeClient-WindowsStore Authentication Scenarios for Azure AD, Basics of Authentication in Azure AD http://msdn.microsoft.com/en-us/library/azure/dn499820.aspx#BKMK_Auth https://github.com/AzureADSamples/NativeClient-WindowsStore
Q32. You manage a cloud service that utilizes an Azure Service Bus queue. You need to ensure that messages that are never consumed are retained. What should you do?
A. Check the MOVE TO THE DEAD-LETTER SUBQUEUE option for Expired Messages in the Azure Portal.
B. From the Azure Management Portal, create a new queue and name it Dead-Letter.
C. Execute the Set-AzureServiceBus PowerShell cmdlet.
D. Execute the New-AzureSchedulerStorageQueueJob PowerShell cmdlet.
Answer: A
Explanation: The EnableDeadLetteringOnMessageExpiration property allows to enable\disable the dead-lettering on message expiration.
Reference: Azure, Managing and Testing Topics, Queues and Relay Services with the Service Bus Explorer Tool
Q33. DRAG DROP
You have an Azure Virtual Network named fabVNet with three subnets named Subnet-1, Subnet-2 and Subnet-3. You have a virtual machine (VM) named fabVM running in the fabProd service.
You need to modify fabVM to be deployed into Subnet-3. You want to achieve this goal by using the least amount of time and while causing the least amount of disruption to the existing deployment.
What should you do? To answer, drag the appropriate Power Shell cmdlet to the correct location in the Power Shell command. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q34. DRAG DROP
You administer two virtual machines (VMs) that are deployed to a cloud service. The VMs are part of a virtual network.
The cloud service monitor and virtual network configuration are configured as shown in the exhibits. (Click the Exhibits button.)
You need to create an internal load balancer named fabLoadBalancer that has a static IP address of 172.16.0.100.
Which value should you use in each parameter of the Power Shell command?
To answer, drag the appropriate value to the correct location in the Power Shell command. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q35. HOTSPOT
You create a virtual network named fabVNet01.
You design the virtual network to include two subnets, one named DNS-subnet and one named Apps-subnet, as shown in the exhibit. (Click the Exhibits button.)
In the table below, identify the number of IP addresses that will be available for virtual machines (VMs) or cloud services in each subnet. Make only one selection in each column.
Answer:
Q36. You develop a set of Power Shell scripts that will run when you deploy new virtual machines (VMs).
You need to ensure that the scripts are executed on new VMs. You want to achieve this goal by using the least amount of administrative effort.
What should you do?
A. Create a new GPO to execute the scripts as a logon script.
B. Create a SetupComplete.cmd batch file to call the scripts after the VM starts.
C. Create a new virtual hard disk (VHD) that contains the scripts.
D. Load the scripts to a common file share accessible by the VMs.
E. Set the VMs to execute a custom script extension.
Answer: E
Explanation: After you deploy a Virtual Machine you typically need to make some changes before it’s ready to use. This is something you can do manually or you could use Remote PowerShell to automate the configuration of your VM after deployment for example.
But now there’s a third alternative available allowing you customize your VM: the CustomScript extension.
This CustomScript extension is executed by the VM Agent and it’s very straightforward: you specify which files it needs to download from your storage account and which file it needs to execute. You can even specify arguments that need to be passed to the script. The only requirement is that you execute a .ps1 file.
Reference: Customizing your Microsoft Azure Virtual Machines with the new CustomScript extension
http://fabriccontroller.net/blog/posts/customizing-your-microsoft-azure-virtual-machines-with-the-new-customscript-extension/
Q37. DRAG DROP
You plan to deploy a cloud service named contosoapp that has a web role named contosoweb and a worker role named contosoimagepurge.
You need to ensure the service meets the following requirements:
. Contosoweb can be accessed over the Internet by using http.
. Contosoimagepurge can only be accessed through tcp port 5001 from
contosoweb.
. Contosoimagepurge cannot be accessed directly over the Internet.
Which configuration should you use? To answer, drag the appropriate configuration setting to the correct location in the service configuration file. Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q38. You manage a set of virtual machines (VMs) deployed to the cloud service named fabrikamVM.
You configure auto scaling according to the following parameters:
With an instance range of two to six instances To maintain CPU usage between 70 and 80 percent To scale up one instance at a time With a scale up wait time of 30 minutes To scale down one instance at a time With a scale down wait time of 30 minutes
You discover the following usage pattern of a specific application:
The application peaks very quickly, and the peak lasts for several hours.
CPU usage stays above 90 percent for the first 1 to 1.5 hours after usage
increases.
After 1.5 hours, the CPU usage falls to about 75 percent until application usage
begins to decline.
You need to modify the auto scaling configuration to scale up faster when usage peaks.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. Decrease the scale down wait time.
B. Decrease the scale up wait time.
C. Increase the number of scale up instances.
D. Increase the scale up wait time.
E. Increase the maximum number of instances.
Answer: B,C
Q39. You manage a cloud service on two instances. The service name is Service1 and the role name is ServiceRole1.
Service1 has performance issues during heavy traffic periods.
You need to increase the existing deployment of Service1 to three instances.
Which Power Shell cmdlet should you use?
A. PS C:\>Set-AzureService -ServiceName "Service1” -Label "ServiceRole1' -Description "Instance count=3"
B. PS C:\>Set-AzureRole -ServiceName "Service1" -Slot "Production” -RoleName "ServiceRole1" -Count 3
C. PS C:\>Add-AzureWebRole -Name 'ServiceRole1" -Instances 3
D. PS C:\> $instancecount = New-Object Hashtable$settings['INSTANCECOUNT=3] PS C:\> Set-AzureWebsite -AppSettings $instancecount ServiceRole1
Answer: B
Explanation: The Set-AzureRole cmdlet sets the number of instances of a specified role to run in an Azure deployment
Example This command sets the "MyTestRole3" role running in production on the "MySvc1" service to three instances.
Windows PowerShell C:\PS>Set-AzureRole –ServiceName "MySvc1" –Slot "Production" –RoleName
"MyTestRole3" –Count 3 Reference: Set-AzureRole
Q40. Your company has recently signed up for Azure.
You plan to register a Data Protection Manager (DPM) server with the Azure Backup service.
You need to recommend a method for registering the DPM server with the Azure Backup vault.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. Import a self-signed certificate created using the makecert tool.
B. Import a self-signed certificate created using the createcert tool.
C. Import an X.509 v3 certificate with valid clientauthentication EKU.
D. Import an X.509 v3 certificate with valid serverauthentication EKU.
Answer: A,C
Explanation: A: You can create a self-signed certificate using the makecert tool, or use any valid SSL certificate issued by a Certification Authority (CA) trusted by Microsoft, whose root certificates are distributed via the Microsoft Root Certificate Program.
C: The certificate must have a valid ClientAuthentication EKU.
Reference: Prerequisites for Azure Backup
URL: http://technet.microsoft.com/en-us/library/dn296608.aspx