Examples of 70 533 book
Q21. You manage a cloud service that utilizes data encryption.
You need to ensure that the certificate used to encrypt data can be accessed by the cloud service application.
What should you do?
A. Upload the certificate referenced in the application package.
B. Deploy the certificate as part of the application package.
C. Upload the certificate's public key referenced in the application package.
D. Use RDP to install the certificate.
Explanation: The developer must deploy the public key with their application so that, when Windows Azure spins up role instances, it will match up the thumbprint in the service definition with the uploaded service certificate and deploy the private key to the role instance. The private key is intentionally non-exportable to the .pfx format, so you won’t be able to grab the private key through an RDC connection into a role instance.
Reference: Field Note: Using Certificate-Based Encryption in Windows Azure Applications
Q22. You administer an Azure subscription with an existing cloud service named contosocloudservice. Contosocloudservice contains a set of related virtual machines (VMs) named ContosoDC, ContosoSQL and ContosoWeb1.
You want to provision a new VM within contosocloudservice.
You need to use the latest gallery image to create a new Windows Server 2012 R2 VM that
has a target IOPS of 500 for any provisioned disks.
Which PowerShell command should you use?
A. Option A
B. Option B
C. Option C
D. Option D
Explanation: This example creates a new Windows virtual machine configuration with operating system disk, data disk and provisioning configuration. This configuration is then used to create a new virtual machine.
C:\\PS> $image = (Get-AzureVMImage).ImageName C:\\PS>New-AzureVMConfig -Name "MyVM1" -InstanceSize ExtraSmall -ImageName $image ` | Add-AzureProvisioningConfig -Windows -Password $adminPassword ` | Add-AzureDataDisk -CreateNew -DiskSizeInGB 50 -DiskLabel 'datadisk1' -LUN 0 ` | New-AzureVM –ServiceName "MySvc1"
Q23. You administer a virtual machine (VM) that is deployed to Azure. You configure a rule to generate an alert when the average availability of a web service on your VM drops below 95 percent for 15 minutes.
The development team schedules a one-hour maintenance period.
You have the following requirements:
. No alerts are created during the maintenance period.
. Alerts can be restored when the maintenance is complete. You want to achieve this goal by using the least amount of administrative effort.
What should you do from the Management Portal?
A. Select and disable the rule from the Dashboard page of the virtual machine.
B. Select and delete the rule from the Configure page of the virtual machine.
C. Select and disable the rule from the Monitor page of the virtual machine.
D. Select and disable the rule on the Configure page of the virtual machine.
Explanation: * Example:
* Virtual Machines
You can configure virtual machine alert rules on: / Monitoring metrics from the virtual machine host operating system / Web endpoint status metrics
Reference: Understanding Monitoring Alerts and Notifications in Azure
Q24. Your network environment includes remote employees.
You need to create a secure connection for the remote employees who require access to your Azure virtual network.
What should you do?
A. Deploy Windows Server 2012 RRAS.
B. Configure a point-to-site VPN.
C. Configure an ExpressRoute.
D. Configure a site-to-site VPN.
Explanation: New Point-To-Site Connectivity
With today’s release we’ve added an awesome new feature that allows you to setup VPN connections between individual computers and a Windows Azure virtual network without the need for a VPN device. We call this feature Point-to-Site Virtual Private Networking. This feature greatly simplifies setting up secure connections between Windows Azure and client machines, whether from your office environment or from remote locations.
It is especially useful for developers who want to connect to a Windows Azure Virtual Network (and to the individual virtual machines within it) from either behind their corporate firewall or a remote location. Because it is point-to-site they do not need their IT staff to perform any activities to enable it, and no VPN hardware needs to be installed or configured. Instead you can just use the built-in Windows VPN client to tunnel to your Virtual Network in Windows Azure.
Reference: Windows Azure: Improvements to Virtual Networks, Virtual Machines, Cloud Services and a new Ruby SDK
Q25. You migrate a Windows Server .NET web application to Azure Cloud Services.
You need enable trace logging for the application.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Update the service definition file.
B. Update the Azure diagnostics configuration.
C. Update the service configuration file.
D. Enable verbose monitoring.
E. Update the application web.config file.
Explanation: You can use Azure logging right out of the box—it’s part of Azure SDK.
A: Azure Service Definition Schema (.csdef File)
The service definition file defines the service model for an application. The file contains the
definitions for the roles that are available to a cloud service, specifies the service
endpoints, and establishes configuration settings for the service.
B: Take Control of Logging and Tracing in Microsoft Azure
The Microsoft.WindowsAzure.Diagnostics namespace, which inherits from and extends
standard System.Diagnostics classes, enables the use of System.Diagnostics as a logging framework in Azure environment.
Q26. You administer an Azure Web Site named contoso. The development team has implemented changes to the website that need to be validated.
You need to validate and deploy the changes with minimum downtime to users.
What should you do first?
A. Create a new Linked Resource.
B. Configure Remote Debugging on contoso.
C. Create a new website named contosoStaging.
D. Create a deployment slot named contosoStaging.
E. Back up the contoso website to a deployment slot.
Explanation: When you deploy your application to Azure Websites, you can deploy to a separate deployment slot instead of the default production slot, which are actually live sites with their own hostnames.
Furthermore, you can swap the sites and site configurations between two deployment slots, including the production slot. Deploying your application to a deployment slot has the following benefits:
* You can validate website changes in a staging deployment slot before swapping it with the production slot.
* After a swap, the slot with previously staged site now has the previous production site. If the changes swapped into the production slot are not as you expected, you can perform the same swap immediately to get your "last known good site" back.
* Deploying a site to a slot first and swapping it into production ensures that all instances of the slot are warmed up before being swapped into production. This eliminates downtime when you deploy your site. The traffic redirection is seamless, and no requests are dropped as a result of swap operations.
Reference: Staged Deployment on Microsoft Azure Websites
Q27. You administer an Azure solution that uses a virtual network named fabVNet. FabVNet has a single subnet named Subnet-1.
You discover a high volume of network traffic among four virtual machines (VMs) that are part of Subnet-1.
You need to isolate the network traffic among the four VMs. You want to achieve this goal with the least amount of downtime and impact on users.
What should you do?
A. Create a new subnet in the existing virtual network and move the four VMs to the new subnet.
B. Create a site-to-site virtual network and move the four VMs to your datacenter.
C. Create a new virtual network and move the VMs to the new network.
D. Create an availability set and associate the four VMs with that availability set.
Explanation: Machine Isolation Options
There are three basic options where machine isolation may be implemented on the Windows Azure platform:
* Between machines deployed to a single virtual network Subnets within a Single Virtual Network
* Between machines deployed to distinct virtual networks
* Between machines deployed to distinct virtual networks where a VPN connection has been established from on-premises with both virtual networks
Windows Azure provides routing across subnets within a single virtual network.
Reference: Network Isolation Options for Machines in Windows Azure Virtual Networks
not B: A site-to-site VPN allows you to create a secure connection between your on-premises site and your virtual network.
Use a site-to-site connection when:
* You want to create a branch office solution.
* You want a connection between your on-premises location and your virtual network that’s available without requiring additional client-side configurations.
Q28. DRAG DROP
You administer two virtual machines (VMs) that are deployed to a cloud service. The VMs are part of a virtual network.
The cloud service monitor and virtual network configuration are configured as shown in the exhibits. (Click the Exhibits button.)
You need to create an internal load balancer named fabLoadBalancer that has a static IP address of 172.16.0.100.
Which value should you use in each parameter of the Power Shell command?
To answer, drag the appropriate value to the correct location in the Power Shell command. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Q29. You manage an application running on Azure Web Sites Standard tier. The application uses a substantial amount of large image files and is used by people around the world.
Users from Europe report that the load time of the site is slow.
You need to implement a solution by using Azure services.
What should you do?
A. Configure Azure blob storage with a custom domain.
B. Configure Azure CDN to cache all responses from the application web endpoint.
C. Configure Azure Web Site auto-scaling to increase instances at high load.
D. Configure Azure CDN to cache site images and content stored in Azure blob storage.
Explanation: You can configure a custom domain for accessing blob data in your Azure storage account. The default endpoint for the Blob service is https://<mystorageaccount>.blob.core.windows.net. If you map a custom domain and subdomain such as www.contoso.com to the blob endpoint for your storage account, then your users can also access blob data in your storage account using that domain.
Reference: Configure a custom domain name for blob data in an Azure storage account
Q30. DRAG DROP
You administer a virtual machine (VM) that is deployed to Azure. The VM hosts a web service that is used by several applications.
You need to ensure that the VM sends a notification In the event that the average response time for the web service exceeds a pre-defined response time for an hour or more.
Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.