| Question.21 You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use? (A) The Publish-AzVMDscConfiguration cmdlet (B) Azure Application Insights (C) Azure Custom Script Extension (D)The New-AzConfigurationAssignement cmdlet |
21. Click here to View Answer
Answer is (C) Azure Custom Script Extension
Note: There are several versions of this question in the exam. The question has two correct answers:
1. a Desired State Configuration (DSC) extension
2. Azure Custom Script Extension
The question can have other incorrect answer options, including the following:
– the Publish-AzVMDscConfiguration cmdlet
– Azure Application Insights
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template
https://docs.microsoft.com/en-us/samples/mspnp/samples/azure-well-architected-framework-sample-state-configuration
https://docs.microsoft.com/en-us/azure/architecture/framework/devops/automation-configuration
| Question.22 You have an Azure subscription that contains the resources shown in the following table.  VMSS1 is set to VM (virtual machines) orchestration mode. You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1. Which resource group and location should you use to deploy VM1?  |
22. Click here to View Answer
Box 1: RG1, RG2, or RG3
The resource group stores metadata about the resources. When you specify a location for the resource group, you’re specifying where that metadata is stored. The location of the RG doesn’t influence the choice of the location of VM. best practice would be to create the VM1 in the RG1 because the scale set is in RG1. And Microsoft recommends that resources contained in a Resource Group share the same resource lifecycle.
Box 2: West US only
You can add the virtual machine to a scale set in the same region, zone, and resource group.
Note: Virtual machine scale sets will support 2 distinct orchestration modes:
ScaleSetVM Virtual machine instances added to the scale set are based on the scale set configuration model. The virtual machine instance lifecycle – creation, update, deletion – is managed by the scale set.
VM (virtual machines) Virtual machines created outside of the scale set can be explicitly added to the scaleset.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes
| Question.23 You have an Azure subscription that contains the resource groups shown in the following table.  RG1 contains the resources shown in the following table.  You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1. Which resources should you identify?  |
23. Click here to View Answer
Box 1: IP1, VNET2, and storage1
Box 2: IP2, VNET2, and storage2
Locks are designed for any update or removal. In this case we want to move only, we are not deleting, and we are not changing anything in the resource.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-support-resources
| Question.24 You have an Azure subscription that contains the resources shown in the following table:  You assign a policy to RG6 as shown in the following table:  To RG6, you apply the tag: RGroup: RG6. You deploy a virtual network named VNET2 to RG6. Which tags apply to VNET1 and VNET2?  |
24. Click here to View Answer
Box 1: Department: D1 only
The Policy only affects resources that are created after the policy is enabled. There is a remediation option that can be used for resources created before the Policy applied. Nothing mentioned about remediation task in this in the question. VNET1 will have its original tag.
Box 2: Label: Value1 only
Tags are not inherited, so VNET2 will have the tag from the Policy.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-policies
| Question.25 You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1. Subscription1 has a user named User1. User1 has the following roles: -Reader -Security Admin Security Reader You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do? (A) Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. (B) Assign User1 the Owner role for VNet1. (C) Remove User1 from the Security Reader and Reader roles for Subscription1. (D) Assign User1 the Network Contributor role for RG1. |
25. Click here to View Answer
Answer is (B) Assign User1 the Owner role for VNet1.
Owner role has full access to all resources including the right to delegate access to others.
Note: There are several versions of this question in the exam.
The question can have other incorrect answer options, including the following:
1. Name Server (NS)
2. Assign User1 the Contributor role for VNet1.
3. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview