Want to Pass 70-533 Exam In Next HOURS? Download Now →
February 6, 2018

The Secret of exam 70 533

Free Instant Download NEW 70-533 Exam Dumps (PDF & VCE):
Available on: https://www.certshared.com/exam/70-533/

Q11. You administer an Azure Storage account with a blob container. You enable Storage account logging for read, write and delete requests. 

You need to reduce the costs associated with storing the logs. 

What should you do? 

A. Execute Delete Blob requests over https. 

B. Create an export job for your container. 

C. Set up a retention policy. 

D. Execute Delete Blob requests over http. 


Explanation: To ease the management of your logs, we have provided the functionality of retention policy which will automatically cleanup ‘old’ logs without you being charged for the cleanup. It is recommended that you set a retention policy for logs such that your analytics data will be within the 20TB limit allowed for analytics data (logs and metrics combined). 

Reference: Windows Azure Storage Logging: Using Logs to Track Storage Requests, How do I cleanup my logs? 

URL: http://blogs.msdn.com/b/windowsazurestorage/archive/2011/08/03/windows-azure-storage-logging-using-logs-to-track-storage-requests.aspx 

Q12. You publish an application named MyApp to Azure Active Directory (Azure AD). You grant access to the web APIs through OAuth 2.0. 

MyApp is generating numerous user consent prompts. 

You need to reduce the amount of user consent prompts. 

What should you do? 

A. Enable Multi-resource refresh tokens. 

B. Enable WS-federation access tokens. 

C. Configure the Open Web Interface for .NET. 

D. Configure SAML 2.0. 


Explanation: When using the Authorization Code Grant Flow, you can configure the client to call multiple resources. Typically, this would require a call to the authorization endpoint for each target service. To avoid multiple calls and multiple user consent prompts, and reduce the number of refresh tokens the client needs to cache, Azure Active Directory (Azure AD) has implemented multi-resource refresh tokens. This feature allows you to use a single refresh token to request access tokens for multiple resources. 

Reference:Azure, OAuth 2.0, Refresh Tokens for Multiple Resources 

Q13. You manage an Azure Active Directory (AD) tenant 

You plan to allow users to log in to a third-party application by using their Azure AD credentials. 

To access the application, users will be prompted for their existing third-party user names and passwords. 

You need to add the application to Azure AD. 

Which type of application should you add? 

A. Existing Single Sign-On with identity provisioning 

B. Password Single Sign-On with identity provisioning 

C. Existing Single Sign-On without identity provisioning 

D. Password Single Sign-On without identity provisioning 


Explanation: * Azure AD supports two different modes for single sign-on: / Federation using standard protocols Configuring Federation-based single sign-on enables the users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account information from Azure AD. / Password-based single sign-on * Support for user provisioning 

User provisioning enables automated user provisioning and deprovisioning of accounts in third-party SaaS applications from within the Azure Management Portal, using your Windows Server Active Directory or Azure AD identity information. When a user is given permissions in Azure AD for one of these applications, an account can be automatically created (provisioned) in the target SaaS application. 

Reference: Application access enhancements for Azure AD 

URL: http://msdn.microsoft.com/en-us/library/azure/dn308588.aspx 

Q14. You administer of a set of virtual machine (VM) guests hosted in Hyper-V on Windows Server 2012 R2. 

The virtual machines run the following operating systems: 

Windows Server 2008 Windows Server 2008 R2 Linux (openSUSE 13.1) 

All guests currently are provisioned with one or more network interfaces with static bindings and VHDX disks. You need to move the VMs to Azure Virtual Machines hosted in an Azure subscription. 

Which three actions should you perform? Each correct answer presents part of the solution. 

A. Install the WALinuxAgent on Linux servers. 

B. Ensure that all servers can acquire an IP by means of Dynamic Host Configuration Protocol (DHCP). 

C. Upgrade all Windows VMs to Windows Server 2008 R2 or higher. 

D. Sysprep all Windows servers. 

E. Convert the existing virtual disks to the virtual hard disk (VHD) format. 

Answer: A,C,D 

Explanation: * A: Azure Linux Agent 

This agent is installed on the Linux VM and is responsible to communicate with the Azure Frabric Controller. 


Assumption: A Windows Server (2008 R2 or 2012) is created and running as a virtual machine in Hyper-V. (C) Log onto the Windows Server hosted in Hyper-V you’d like to upload to Windows Azure 

and open and command prompt (I’m using Windows Server 2012 R2). 

Navigate to c:\\Windows\\System32\\Sysprep 

Type in sysprep.exe and select enter: (D) 

Q15. You manage a virtual Windows Server 2012 web server that is hosted by an on-premises Windows Hyper-V server. You plan to use the virtual machine (VM) in Azure. 

You need to migrate the VM to Azure Storage to add it to your repository. 

Which Azure Power Shell cmdlet should you use? 

A. Import-AzureVM 

B. New-AzureVM 

C. Add-AzureDisk 

D. Add-AzureWebRole 

E. Add-AzureVhd 


Explanation: * How do I move an existing virtual machine to the cloud? The steps are pretty basic: 

Create a place to store your hard disk in Windows Azure 

Prepare your virtual hard disk 

Upload your virtual hard disk 

.Create your machine in Windows Azure 

* Add-AzureVhd Uploads a virtual hard disk (in .vhd file format) from an on-premises virtual machine to a blob in a cloud storage account in Azure. 

The Add-AzureVhd cmdlet allows you to upload on-premises virtual hard disks (in .vhd file format) to a blob storage account as fixed virtual hard disks. You can configure the number of uploader threads that will be used or overwrite an existing blob in the specified destination URI. Also supported is the ability to upload a patched version of an on-premises .vhd file: When a base virtual hard disk has already been uploaded, you can upload differencing disks that use the base image as the parent. Shared access signature (SAS URI) is supported as well. 

Reference: Add-AzureVhd 

URL: http://msdn.microsoft.com/en-us/library/dn495173.aspx 

Q16. You administer a Microsoft Azure SQL Database data base in the US Central region named contosodb. Contosodb runs on a Standard tier within the S1 performance level. 

You have multiple business-critical applications that use contosodb. 

You need to ensure that you can bring contosodb back online in the event of a natural disaster in the US Central region. You want to achieve this goal with the least amount of downtime. 

Which two actions should you perform? Each correct answer presents part of the solution. 

A. Upgrade to S2 performance level. 

B. Use active geo-replication. 

C. Use automated Export. 

D. Upgrade to Premium tier. 

E. Use point in time restore. 

F. Downgrade to Basic tier. 

Answer: B,D 

Explanation: B: The Active Geo-Replication feature implements a mechanism to provide database redundancy within the same Microsoft Azure region or in different regions (geo-redundancy). One of the primary benefits of Active Geo-Replication is that it provides a database-level disaster recovery solution. Using Active Geo-Replication, you can configure a user database in the Premium service tier to replicate transactions to databases on different Microsoft Azure SQL Database servers within the same or different regions. Cross-region redundancy enables applications to recover from a permanent loss of a datacenter caused by natural disasters, catastrophic human errors, or malicious acts. 

D: Active Geo-Replication is available for databases in the Premium service tier only. 

Reference: Active Geo-Replication for Azure SQL Database 


Q17. Your company has recently signed up for Azure. 

You plan to register a Data Protection Manager (DPM) server with the Azure Backup service. 

You need to recommend a method for registering the DPM server with the Azure Backup vault. 

What are two possible ways to achieve this goal? Each correct answer presents a complete solution. 

A. Import a self-signed certificate created using the makecert tool. 

B. Import a self-signed certificate created using the createcert tool. 

C. Import an X.509 v3 certificate with valid clientauthentication EKU. 

D. Import an X.509 v3 certificate with valid serverauthentication EKU. 

Answer: A,C 

Explanation: A: You can create a self-signed certificate using the makecert tool, or use any valid SSL certificate issued by a Certification Authority (CA) trusted by Microsoft, whose root certificates are distributed via the Microsoft Root Certificate Program. 

C: The certificate must have a valid ClientAuthentication EKU. 

Reference: Prerequisites for Azure Backup 

URL: http://technet.microsoft.com/en-us/library/dn296608.aspx 


You administer a cloud service named contosoapp that has a web role and worker role. 

Contosoapp requires you to perform an in-place upgrade to the service. 

You need to ensure that at least six worker role instances and eight web role instances are available when you apply upgrades to the service. You also need to ensure that updates are completed for all instances by using the least amount of time. 

Which value should you use with each configuration? To answer, drag the appropriate value to the correct configuration. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. 


Q19. You manage a cloud service that hosts a customer-facing application. The application allows users to upload images and create collages. The cloud service is running in two medium instances and utilizes Azure Queue storage for image processing. The storage account is configured to be locally redundant. 

The sales department plans to send a newsletter to potential clients. As a result, you expect a significant increase in global traffic. 

You need to recommend a solution that meets the following requirements: 

. Configure the cloud service to ensure the application is responsive to the traffic increase. . Minimize hosting and administration costs. 

What are two possible ways to achieve this goal? Each correct answer presents a complete solution. 

A. Configure the cloud service to run in two Large instances. 

B. Configure the cloud service to auto-scale to three instances when processor utilization is above 80%. 

C. Configure the storage account to be geo-redundant 

D. Deploy a new cloud service in a separate data center. Use Azure Traffic Manager to load balance traffic between the cloud services. 

E. Configure the cloud service to auto-scale when the queue exceeds 1000 entries per machine. 

Answer: B,E 

Explanation: * An autoscaling solution reduces the amount of manual work involved in dynamically scaling an application. It can do this in two different ways: either preemptively by setting constraints on the number of role instances based on a timetable, or reactively by adjusting the number of role instances in response to some counter(s) or measurement(s) that you can collect from your application or from the Azure environment. 

Reference: Autoscaling and Microsoft Azure 

Q20. Your company network has two physical locations configured in a geo-clustered environment. You create a Blob storage account in Azure that contains all the data associated with your company. 

You need to ensure that the data remains available in the event of a site outage. 

Which storage option should you enable? 

A. Locally redundant storage 

B. Geo-redundant storage 

C. Zone-redundant storage 

D. Read-only geo-redundant storage 


Explanation: Introducing Read-only Access to Geo Redundant Storage (RA-GRS): 

RA-GRS allows you to have higher read availability for your storage account by providing “read only” access to the data replicated to the secondary location. Once you enable this feature, the secondary location may be used to achieve higher availability in the event the data is not available in the primary region. This is an “opt-in” feature which requires the storage account be geo-replicated. 

Reference: Windows Azure Storage Redundancy Options and Read Access Geo Redundant Storage