| Question.41 You have an Azure subscription that contains the resources shown in the following table.  The Not allowed resource types Azure policy is assigned to RG1 and uses the following parameters: Microsoft.Network/virtualNetworks Microsoft.Compute/virtualMachines In RG1, you need to create a new virtual machine named VM2, and then connect VM2 to VNET1. What should you do first? (A) Remove Microsoft.Compute/virtualMachines from the policy. (B) Create an Azure Resource Manager template (C) Add a subnet to VNET1. (D) Remove Microsoft.Network/virtualNetworks from the policy. |
41. Click here to View Answer
Answer is (A) Remove Microsoft.Compute/virtualMachines from the policy.
The Not allowed resource types Azure policy prohibits the deployment of specified resource types. You specify an array of the resource types to block.
Virtual Networks and Virtual Machines are prohibited.
By removing VMs from policy you will be able to create a new VM on the RG, and assign an already existing Vnet to the VM.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/samples/not-allowed-resource-types
| Question.42 Your company has an Azure subscription named Subscription1. The company also has two on-premises servers named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a DNS server that has a primary DNS zone named adatum.com. Adatum.com contains 1,000 DNS records. You manage Server1 and Subscription1 from Server2. Server2 has the following tools installed: -The DNS Manager console -Azure PowerShell -Azure CLI 2.0 You need to move the adatum.com zone to an Azure DNS zone in Subscription1. The solution must minimize administrative effort. What should you use? (A) Azure CLI (B) Azure PowerShell (C) The Azure portal (D) The DNS Manager console |
42. Click here to View Answer
Answer is (A) Azure CLI
Azure DNS supports importing and exporting zone files by using the Azure command-line interface (CLI). Zone file import is not currently supported via Azure PowerShell or the Azure portal.
PrivateDNSMigrationScript is for migrating legacy Azure DNS private zones to the new Azure DNS private zone resource.
Reference:
https://docs.microsoft.com/en-us/azure/dns/dns-import-export https://docs.microsoft.com/en-us/azure/dns/private-dns-migration-guide
| Question.43 You have a public load balancer that balances ports 80 and 443 across three virtual machines. You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only. What should you configure? (A) An inbound NAT rule (B) A new public load balancer for VM3 (C) A frontend IP configuration (D) A load balancing rule |
43. Click here to View Answer
Answer is (A) An inbound NAT rule
Create an Inbound NAT rule in the LB front end to port forward 3389 to VM3.
Create a load balancer inbound network address translation (NAT) rule to forward traffic from a specific port of the front-end IP address to a specific port of a back-end VM.
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-portal
| Question.44 You have an Azure virtual machine that runs Windows Server 2019 and has the following configurations: -Name: VM1 -Location: West US -Connected to: VNET1 -Private IP address: 10.1.0.4 -Public IP addresses: 52.186.85.63 -DNS suffix in Windows Server: Adatum.com You create the Azure DNS zones shown in the following table.  You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register. Which zones should you identify?  |
44. Click here to View Answer
Box 1: The private zones only
Box 2: The private zones only
You can only link VNETs to private DNS zones only and accordingly auto register a VNET only to a private DNS zones. Private DNS zones can be linked with VNETs (not public ones). And VM can auto-register to any private DNS zone linked with the Vnet and with auto-registration option set. To resolve the records of a private DNS zone from your virtual network, you must link the virtual network with the zone. Linked virtual networks have full access and can resolve all DNS records published in the private zone.
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
| Question.45 You plan to create an Azure virtual machine named VM1 that will be configured as shown in the following exhibit.  The planned disk configurations for VM1 are shown in the following exhibit.  You need to ensure that VM1 can be created in an Availability Zone. Which two settings should you modify? (A) Use managed disks (B) OS disk type (C) Availability options (D) Size (E)Image |
45. Click here to View Answer
Answer is A & C
A: Your VMs should use managed disks if you want to move them to an Availability Zone by using Site Recovery.
C: When you create a VM for an Availability Zone, Under Settings > High availability, select one of the numbered zones from the Availability zone dropdown.
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/move-azure-vms-avset-azone
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-portal-availability-zone
https://docs.microsoft.com/en-us/azure/virtual-machines/manage-availability
https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#availability-zones