| Question.96 You need to identify the type of failure for which an Azure Availability Zone can be used to protect access to Azure services. What should you identify? (A) a physical server failure (B) an Azure region failure (C) a storage failure (D) an Azure data center failure |
96. Click here to View Answer
Answer is (D) an Azure data center failure
Availability zones expand the level of control you have to maintain the availability of the applications and data on your VMs. An Availability Zone is a physically separate zone, within an Azure region. There are three Availability Zones per supported Azure region.
Each Availability Zone has a distinct power source, network, and cooling. By architecting your solutions to use replicated VMs in zones, you can protect your apps and data from the loss of a datacenter. If one zone is compromised, then replicated apps and data are instantly available in another zone.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/availability
| Question.97 Your company plans to migrate to Azure. The company has several departments. All the Azure resources used by each department will be managed by a department administrator. What are two possible techniques to segment Azure for the departments? (A) multiple subscriptions (B) multiple Azure Active Directory (Azure AD) directories (C) multiple regions (D) multiple resource groups |
97. Click here to View Answer
Answers are A & D
multiple subscriptions
multiple resource groups
An Azure subscription is a container for Azure resources. It is also a boundary for permissions to resources and for billing. You are charged monthly for all resources in a subscription. A single Azure tenant (Azure Active Directory) can contain multiple Azure subscriptions.
A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.
To enable each department administrator to manage the Azure resources used by that department, you will need to create a separate subscription per department. You can then assign each department administrator as an administrator for the subscription to enable them to manage all resources in that subscription.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator
| Question.98 You have an Azure environment that contains multiple Azure virtual machines. You plan to implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines. You need to recommend which Azure resources must be created for the planned solution. Which two Azure resources should you include in the recommendation? (A) a virtual network gateway (B) a load balancer (C) an application gateway (D) a virtual network (E) a gateway subnet |
98. Click here to View Answer
Answers are A & E
a virtual network gateway
a gateway subnet
To implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines, you need to configure a VPN (Virtual Private Network) to connect the on-premises network to the Azure virtual network.
The Azure VPN device is known as a Virtual Network Gateway. The virtual network gateway needs to be located in a dedicated subnet in the Azure virtual network. This dedicated subnet is known as a gateway subnet and must be named GatewaySubnet.
Note: a virtual network (answer D) is also required. However, as we already have virtual machines deployed in a Azure, we can assume that the virtual network is already in place.
References:
https://docs.microsoft.com/en-us/office365/enterprise/connect-an-on-premises-network-to-a-microsoft-azure-virtual-network
| Question.99 For each of the following statements, select Yes if the statement is true. Otherwise, select No.  |
99. Click here to View Answer
Box 1: No
You can have 1 Account Administrator and 1 Service Administrator, but you can have 200 Co-Administrators per subscription
Box 2: No
You need an Azure Active Directory account to manage a subscription, not a Microsoft account. An account is created in the Azure Active Directory when you create the subscription. Further accounts can be created in the Azure Active Directory to manage the subscription.
Box 3: No
Resource groups are logical containers for Azure resources. However, resource groups do not contain subscriptions. Subscriptions contain resource groups.
| Question.100 Your company plans to move several servers to Azure. The company’s compliance policy states that a server named FinServer must be on a separate network segment. You are evaluating which Azure services can be used to meet the compliance policy requirements. Which Azure solution should you recommend? (A) a resource group for FinServer and another resource group for all the other servers (B) a virtual network for FinServer and another virtual network for all the other servers (C) a VPN for FinServer and a virtual network gateway for each other server (D) one resource group for all the servers and a resource lock for FinServer |
100. Click here to View Answer
Answer is (B) a virtual network for FinServer and another virtual network for all the other servers
Networks in Azure are known as virtual networks. A virtual network can have multiple IP address spaces and multiple subnets. Azure automatically routes traffic between different subnets within a virtual network.
The question states that FinServer must be on a separate network segment. The only way to separate FinServer from the other servers in networking terms is to place the server in a different virtual network to the other servers.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm