Get Full Version of the Exam
You manage a cloud service that has a web role named fabWeb. You create a virtual network named fabVNet that has two subnets defined as Web and Apps.
You need to be able to deploy fabWeb into the Web subnet. What should you do?
Modify the service definition (csdef) for the cloud service.
Run the Set-AzureSubnet PowerShell cmdlet.
Run the Set-AzureVNetConfig PowerShell cmdlet.
Modify the network configuration file.
Modify the service configuration (cscfg) for the fabWeb web role.
Correct Answer: E
Azure Service Definition Schema (.csdef File)
The service definition file defines the service model for an application. The file contains the definitions for the roles that are available to a cloud service, specifies the service endpoints, and establishes configuration settings for the service.
Your company has recently signed up for Azure.
You plan to register a Data Protection Manager (DPM) server with the Azure Backup service. You need to recommend a method for registering the DPM server with the Azure Backup vault.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
Import a self-signed certificate created using the makecert tool.
Import a self-signed certificate created using the createcert tool.
Import an X.509 v3 certificate with valid clientauthentication EKU.
Import an X.509 v3 certificate with valid serverauthentication EKU.
Correct Answer: AC
A: You can create a self-signed certificate using the makecert tool, or use any valid SSL certificate issued by a Certification Authority (CA) trusted by Microsoft, whose root certificates are distributed via the Microsoft Root Certificate Program.
C: The certificate must have a valid ClientAuthentication EKU.
Reference: Prerequisites for Azure Backup
You administer an Azure solution that uses a virtual network named fabVNet. FabVNet has a single subnet named Subnet-1.
You discover a high volume of network traffic among four virtual machines (VMs) that are part of Subnet-1.
You need to isolate the network traffic among the four VMs. You want to achieve this goal with the least amount of downtime and impact on users.
What should you do?
Create a new subnet in the existing virtual network and move the four VMs to the new subnet.
Create a site-to-site virtual network and move the four VMs to your datacenter.
Create a new virtual network and move the VMs to the new network.
Create an availability set and associate the four VMs with that availability set.
Correct Answer: A
Machine Isolation Options
There are three basic options where machine isolation may be implemented on the Windows Azure platform:
Between machines deployed to a single virtual network Subnets within a Single Virtual Network Between machines deployed to distinct virtual networks
Between machines deployed to distinct virtual networks where a VPN connection has been established from on-premises with both virtual networks
Windows Azure provides routing across subnets within a single virtual network. Reference: Network Isolation Options for Machines in Windows Azure Virtual Networks
Not B: A site-to-site VPN allows you to create a secure connection between your on- premises site and your virtual network.
Use a site-to-site connection when:
You want to create a branch office solution.
You want a connection between your on-premises location and your virtual network that#39;s available without requiring additional client-side configurations.
You manage a cloud service that utilizes data encryption.
You need to ensure that the certificate used to encrypt data can be accessed by the cloud service application.
What should you do?
Upload the certificate referenced in the application package.
Deploy the certificate as part of the application package.
Upload the certificate#39;s public key referenced in the application package.
Use RDP to install the certificate.
Correct Answer: C
The developer must deploy the public key with their application so that, when Windows Azure spins up role instances, it will match up the thumbprint in the service definition with the uploaded service certificate and deploy the private key to the role instance. The private key is intentionally non-exportable to the .pfx format, so you won#39;t be able to grab the private key through an RDC connection into a role instance.
Field Note: Using Certificate-Based Encryption in Windows Azure Applications
You administer an Azure Active Directory (Azure AD) tenant where Box is configured for:
Application Access Password Single Sign-on
An employee moves to an organizational unit that does not require access to Box through the Access Panel.
You need to remove only Box from the list of applications only for this user. What should you do?
Delete the user from the Azure AD tenant.
Delete the Box Application definition from the Azure AD tenant.
From the Management Portal, remove the user#39;s assignment to the application.
Disable the user#39;s account in Windows AD.
Correct Answer: C
Note: Use Azure AD to manage user access, provision user accounts, and enable single sign-on with Box. Requires an existing Box subscription.
You manage a large datacenter that has limited physical space. You plan to extend your datacenter to Azure.
You need to create a connection that supports a multiprotocol label switching (MPLS) virtual private network.
Which connection type should you use?
Correct Answer: C
ExpressRoute provides even richer capabilities by allowing a dedicated MPLS connection to Azure.
You manage two solutions in separate Azure subscriptions.
You need to ensure that the two solutions can communicate on a private network. Which three actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You administer an Azure Storage account named contosostorage. The account has a blob container to store image files.
A user reports being unable to access an image file.
You need to ensure that anonymous users can successfully read image files from the container. Which log entry should you use to verify access?
Correct Answer: A
Check for GetBlob and for AnonymousSuccess. Example:
Get Blob AnonymousSuccess: 1.0;2011-07-
28T18:52:40.9241789Z;GetBlob;AnonymousSuccess;200;18;10;anonymous;;sally;blob;quot;http://sall y.blob.core.windows.net/thumbnails/lake.jpg?timeout=30000quot;;quot;/sally/thumbnails/lake.jpgquot;;a84aa7 05-8a85-48c5-b064-b43bd22979c3;0;184.108.40.206;2009-09-
19;252;0;265;100;0;;;quot;0x8CE1B6EA95033D5quot;;Thursday, 28-Jul-11 18:52:40 GMT;;;;quot;7/28/2011
Not C: Check for AnonymousSuccess not Access.
Not B, not D: Check for GetBlob not GetBlobProperties
nce: Windows Azure Storage Logging: Using Logs to Track Storage Requests
URL: http://blogs.msdn.com/b/windowsazurestorage/archive/2011/08/03/windows-azure- storage- logging-using-logs-to-track-storage-requests.aspx
You manage a cloud service that is running in two small instances. The cloud service hosts a help desk application. The application utilizes a virtual network connection to synchronize data to the company#39;s internal accounting system. You need to reduce the amount of time required for data synchronization. What should you do?
Configure the servers as large instances and re-deploy.
Increase the instance count to three.
Deploy the application to Azure Web Sites.
Increase the processors allocated to the instances.
Correct Answer: A
Note: When you create your service model, you can specify the size to which to deploy an instance of your role, depending on its resource requirements. The size of the role determines the number of CPU cores, the memory capacity, and the local file system size that is allocated to a running instance.
Reference: Virtual Machine and Cloud Service Sizes for Azure
You migrate a Windows Server .NET web application to Azure Cloud Services. You need enable trace logging for the application.
Which two actions should you perform? Each correct answer presents part of the solution.
Update the service definition file.
Update the Azure diagnostics configuration.
Update the service configuration file.
Enable verbose monitoring.
Update the application web.config file.
Correct Answer: AB
You can use Azure logging right out of the boxit#39;s part of Azure SDK.
A: Azure Service Definition Schema (.csdef File) The service definition file defines the service model for an application. The file contains the definitions for the roles that are available to a cloud service, specifies the service endpoints, and establishes configuration settings for the service.
B: Take Control of Logging and Tracing in Microsoft Azure The Microsoft.WindowsAzure.Diagnostics namespace, which inherits from and extends standard System.Diagnostics classes, enables the use of System.Diagnostics as a logging framework in Azure environment.