You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to...

To ensure that visitors are serviced by the same web server for each request, the correct solution is to configure session persistence. This setting ensures that once a client connects to a specific web server, they will continue to be directed to that same server for the duration of their session. Now, let’s analyze the options: A) Floating IP (direct server return) to Disabled - Explanation: The Floating IP (direct server return) setting allows the load balancer to forward traffic directly to the backend server without passing through the load balancer after the initial connection. This can be beneficial for reducing load balancer overhead and improving performance for specific scenarios (e.g., high-traffic applications). - Reasoning: Disabling floating IP does not directly solve the problem of session persistence. It merely ensures that the traffic is routed through the load balancer for every request. It doesn't guarantee that requests from the same visitor will always go to the same server. This option isn't intended for maintaining session stickiness. - Rejected option: This is useful in different network configurations but doesn't solve the session persistence issue. B) Idle Time-out (minutes) to 20 - Explanation: The idle timeout setting controls how long the load balancer waits before closing an inactive session. Setting this to 20 minutes means the load balancer will wait for up to 20 minutes of inactivity before considering the session closed. - Reasoning: While the idle timeout can keep sessions active for a specified time, it doesn’t ensure that a visitor stays on the same server for each request. It doesn’t establish session persistence in terms of routing requests to the same server. - Rejected option: This is useful for maintaining session state when idle but doesn’t gua...

Author: Lucas · Last updated May 17, 2026

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to...

To ensure that visitors are serviced by the same web server for each request, the correct configuration is session persistence. This ensures that a client will consistently be directed to the same web server during their session. Let's go through the options to find the best fit for this requirement. A) Session persistence to Client IP - Explanation: Session persistence to Client IP ensures that requests from the same client IP address are consistently routed to the same backend server (virtual machine). This option guarantees that once a visitor connects to a web server, subsequent requests from that visitor will continue to be serviced by the same server, which is precisely the goal. - Reasoning: This is the most suitable choice, as it directly addresses the requirement to ensure that visitors are serviced by the same web server for each request. - Selected option: A is the best solution for maintaining session consistency. B) Idle Time-out (minutes) to 20 - Explanation: The idle timeout setting defines how long the load balancer should wait before closing an idle session. Setting it to 20 minutes means that if there is no activity for 20 minutes, the load balancer will terminate the session. - Reasoning: While this setting helps control session lifetimes, it does not guarantee that a client will stay connected to the same server during their session. It only affects session expiry due to inactivity but doesn’t ensure session persistence. - Rejected option...

Author: Amira99 · Last updated May 17, 2026

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is a...

To ensure that NGINX is available on all the virtual machines in your virtual machine scale set (VMSS) after deployment, you need a solution that automates the installation and configuration of NGINX on each virtual machine within the scale set. Let's review the options: A) the Publish-AzVMDscConfiguration cmdlet - Explanation: The Publish-AzVMDscConfiguration cmdlet is used to publish a Desired State Configuration (DSC) script to Azure, specifically for automating configurations on Windows virtual machines. However, this cmdlet by itself does not install or manage NGINX directly; rather, it is part of the broader DSC infrastructure. - Reasoning: While it can be used to deploy a DSC configuration, the process needs to involve setting up a DSC extension on the virtual machines to apply the configurations. The cmdlet alone does not address the installation of software like NGINX. - Rejected option: This cmdlet is a part of the DSC management process but not the right solution for directly ensuring NGINX is installed on VMSS instances. B) A Microsoft Endpoint Manager device configuration profile - Explanation: Microsoft Endpoint Manager is a management platform for managing devices like PCs, mobile devices, and servers. It allows you to configure policies, deploy software, and manage devices in an enterprise environment. - Reasoning: This is not the right tool for configuring virtual machines in an Azure VMSS, especially when you want to automate the installation of software like NGINX. Endpoint Manager is typically used for managing client devices, not for configuring Azure virtual machines directly. - Rejected option: This is useful for managing end-user devices but not for configuring software installation on Azu...

Author: Amira99 · Last updated May 17, 2026

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is a...

To ensure that NGINX is available on all the virtual machines (VMs) in a Virtual Machine Scale Set (VMSS) after they are deployed, the most appropriate solution should automate the installation and configuration of NGINX across all VMs in the scale set. Let’s review each option: A) Azure Custom Script Extension - Explanation: The Azure Custom Script Extension allows you to run custom scripts on Azure virtual machines. This can be used to install and configure software, such as NGINX, during or after the VM deployment. You can use this extension in the Azure Resource Manager (ARM) template to deploy and configure NGINX on each VM in the scale set. - Reasoning: This is the best option for this scenario. The Custom Script Extension can run PowerShell or Bash scripts to install and configure NGINX on each VM. It’s commonly used to execute tasks like software installation and system configuration across all instances in a scale set. - Selected option: This option directly addresses the requirement by enabling the automation of software installation and configuration. B) Deployment Center in Azure App Service - Explanation: The Deployment Center in Azure App Service is used to deploy applications (such as web apps) to Azure App Services using continuous integration or other deployment mechanisms. It is designed for use with Azure App Services and is not suitable for VM-based deployments. - Reasoning: The Deployment Center is specifically designed for deploying applications to App Services, not for deploying software to virtual machines. It cannot be used to install NGINX on VMs in a VMSS. - Rejected option: This option is not applicable for VM deployments. C) the New-AzConfigurationAssignment cm...

Author: Daniel · Last updated May 17, 2026

You have an Azure subscription that contains a Recovery Services vault named Vault1. You need to enable multi-user authorization (M...

To enable multi-user authorization (MAU) for a Recovery Services vault in Azure, the first resource that needs to be created is C) a resource guard. Reasoning: - Multi-user Authorization (MAU) is a security feature that helps to ensure that a single user cannot perform actions like deleting or modifying recovery points without the approval of other authorized users. It requires a resource guard to enforce this requirement for the Recovery Services vault. Here’s why other options are rejected: - A) An administrative unit: Administrative units are used to manage and delegate administrative access at a finer granularity within Azure Active Directory (Azure AD). However, administrative units are not directly related to the process of enabling multi-user authorization for Recovery Services vaults. This is more for organizing resources in Azure AD, not for implementing security features in the vault. - B) A managed identity: Managed identities are used to au...

Author: James · Last updated May 17, 2026

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer. The effective network security configurations for VM2 are shown in the following exhibit. You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You ve...

Solution Analysis: In this scenario, you need to ensure that connections to App1 on VM2 can be established successfully from the IP address 131.107.100.50 over TCP port 443. The goal is to confirm if the proposed solution (creating an inbound security rule allowing traffic from the AzureLoadBalancer source on TCP port 443) meets this objective. Step-by-Step Breakdown: - Network Security Group (NSG) rules are controlling the inbound traffic to VM2. Based on the exhibit (which isn’t available here but can be inferred), the traffic from 131.107.100.50 likely does not match any existing rules. - Azure Load Balancer's Role: In this context, the Azure Load Balancer is managing the connections. Typically, when a load balancer distributes traffic to backend virtual machines (VMs), it uses its own AzureLoadBalancer source IP in security rules. Therefore, allowing traffic from AzureLoadBalancer ensures that traffic coming from the Load Balancer to VM2 is permitted, which is essential for correct load balancing. Why the Solution Might...

Author: Elizabeth · Last updated May 17, 2026

You have an Azure subscription that contains the resources shown in the following table. You create a route table named RT1 in the East...

Scenario Breakdown: In this scenario, we are working with an Azure route table, RT1, created in the East US region. The goal is to determine to which resources we can associate RT1. The resources mentioned are: - VNet1 (Virtual Network) - Subnet1 (Subnet within a Virtual Network) - NIC1 (Network Interface Card) Explanation of Options: 1. VNet1: - You cannot directly associate a route table with a virtual network (VNet). Route tables are associated with subnets, not the entire VNet. The VNet itself is a container for subnets and networking resources, but the route table cannot be applied at the VNet level. 2. Subnet1: - Route tables are associated with subnets in Azure. When you associate a route table with a subnet, the routes defined in the route table apply to all resources within that subnet. Therefore, associating RT1 with Sub...

Author: Jack · Last updated May 17, 2026

You create an Azure VM named VM1 that runs Windows Server 2019. VM1 is configured as shown in the exhibit. (Click the Exhibit tab.) You need to enab...

To enable Desired State Configuration (DSC) on VM1, we need to understand how DSC works and what prerequisites must be met. Explanation of Options: 1. A) Connect to VM1: - Connecting to VM1 is an essential step to configure DSC, as it requires direct access to the virtual machine. However, just connecting to the VM does not fulfill the prerequisite for enabling DSC. We would typically connect to VM1 to configure DSC after ensuring that the VM is running. 2. B) Start VM1: - Starting VM1 might be necessary if the VM is not running, but from the question context, we assume that VM1 is already created and could be in a stopped state. To enable DSC, the VM must be running. Thus, starting the VM is a logical first step if it is not already active, as you cannot configure DSC on a stopped VM. 3. C) Capture a snapshot of VM1: - Capturing a snapshot is typically used for backup or creating restore points. This is not a required step for enabling DSC o...

Author: William · Last updated May 17, 2026

HOTSPOT - You have an Azure subscription that contains the virtual networks shown in the following table. The subnets have the IP address spaces shown in the following table. You plan to create a container app named contapp1 in the East US Azure region. You need to create a container app environment named con-env1 that meets the following requirements: * Uses its own virtual network. * Uses its own subnet. * Is connected to the smallest possible subnet...

Author: Ishaan · Last updated May 17, 2026

You have an Azure subscription that contains the virtual networks shown in the following table. All the virtual networks are peered. Each virtual network contains nine virtual machines. You need to configure secure RDP connections ...

To determine the minimum number of Azure Bastion hosts required for secure RDP connections, we need to consider the following key factors: 1. Azure Bastion Deployment: Azure Bastion is deployed in a specific virtual network (VNet), and it can provide RDP and SSH access to virtual machines (VMs) in the same virtual network. In addition, Bastion can access VMs in other peered virtual networks. 2. Peering and Access Across Networks: Since the virtual networks are peered, a Bastion host deployed in one virtual network can be used to connect to VMs in other peered virtual networks. This means we do not need a separate Bastion host for each virtual network; a single Bastion host can serve multiple virtual networks if they are properly peered. 3. Number of Virtual Networks and VMs: The question mentions that each virtual network contains nine virtual machines (VMs), and there are multiple virtual networks that are peered. However, the number of VMs doesn’t directly impact the number of Bastion hosts required, as Bastion provides access to the entire VNet and all of its VMs. Analysis of Options: - Option A: 1 Bastion Host – Possible: One Bastion host...

Author: Julian · Last updated May 17, 2026

HOTSPOT - You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the virtual machines shown in the following table. Each virtual machine contains only a private IP address. You create an Azure bastion for VNet1 as shown in the following exhibit. F...

Author: Kai · Last updated May 17, 2026

HOTSPOT - You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the subnets shown in the following table. The subscription contains the storage accounts shown in the following table. You create a service endpoint policy named Policy1 in the South Central US Azure region to allow connectivity to all the storage accou...

Author: Liam123 · Last updated May 17, 2026

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is a...

To ensure that NGINX is available on all the virtual machines (VMs) after they are deployed in an Azure Virtual Machine Scale Set (VMSS), you need to use a method that automatically configures and installs NGINX on the VMs during or after deployment. Let's review each option: Analysis of the Options: - Option A: the New-AzConfigurationAssignment cmdlet – This cmdlet is used to assign a configuration to a resource (like an Azure Policy or custom configuration), but it is not specifically designed to deploy software or configure VMs. It is mainly used for assigning policies or configurations rather than ensuring software installation, so it wouldn't be the best choice for ensuring NGINX is installed on VMs. - Option B: Azure Application Insights – Azure Application Insights is a monitoring service designed to track and analyze the performance and usage of applications. It does not handle VM configuration or software deployment, so it is irrelevant to the task of ensuring NGINX is installed. - Option C: the Publish-AzVMDscConfiguration cmdlet – The `Publish-AzVMDscConfiguration` cmdlet is used to publish a Desired State Configuration (DSC) configuration to Azure Automation. While DSC can be used...

Author: Lucas · Last updated May 17, 2026

You have an Azure subscription that contains a resource group named RG1 and a virtual network named VNet1. You plan to create an Azure container instance named container1. You need to be able to configu...

In this scenario, you're planning to create an Azure Container Instance (ACI) named `container1` and need to configure DNS name label scope reuse. DNS name label scope reuse ensures that a DNS name is reused across multiple container instances without conflicts. To achieve this, let's analyze the available options: Analysis of the Options: - Option A: the private networking type – The private networking type for an Azure Container Instance involves creating an instance within a private virtual network. While this option is useful for scenarios where the container instance needs to have private IP addresses and communicate with other resources in the same virtual network, DNS name label scope reuse typically requires a public IP and is more related to the public networking type, not private networking. Therefore, this option is not appropriate for DNS name label reuse. - Option B: the public networking type – The public networking type allows Azure Container Instances to have a public IP address, which can be used for DNS name label configuration. When using public networking, you can configure a DNS name label to allow the container instance to be reachable by a unique DNS name. This option is r...

Author: Akash · Last updated May 17, 2026

HOTSPOT - You have the Azure virtual machines shown in the following table. VNET1, VNET2, and VNET3 are peered. VM4 has a DNS server that is authoritative for a zone named contoso.com and contains the records shown in the following table. The virtual networks are configured to use the DNS servers shown in the following table. ...

Author: Deepak · Last updated May 17, 2026

DRAG DROP - You have an Azure subscription that contains a resource group named RG1. You plan to create an Azure Resource Manager (ARM) template to deploy a new virtual machine named VM1. VM1 must support the capture of performance data. You need to specify resource dependencies for the ARM template. In which order sho...

Author: Stella · Last updated May 17, 2026

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is a...

To ensure that NGINX is installed on all virtual machines (VMs) in a Virtual Machine Scale Set (VMSS) running Windows Server 2019, we need to choose a solution that automates the installation and configuration process across all VMs when they are deployed. Let's analyze the available options: Analysis of the Options: - Option A: a Desired State Configuration (DSC) extension – Correct choice: The Desired State Configuration (DSC) extension is a powerful tool to automate the configuration of Windows VMs. It ensures that software (like NGINX) is installed and configured on all VMs in the scale set according to a defined DSC configuration script. DSC is widely used to enforce desired configurations on VMs, and it allows you to install and manage software like NGINX in an automated and repeatable way. You can create a DSC script to install NGINX and apply it using the DSC extension to all VMs in the scale set. This is the most appropriate solution for the scenario. - Option B: a Microsoft Intune device configuration profile – Microsoft Intune is a cloud-based service that focuses on managing and securing mobile devices, apps, and other endpoints. While it can manage some settings on VMs, it is not designed for configuring software installations like NGINX on VMs, especially in the context of Azure VMSS. Intune is...

Author: NightmareDragon2025 · Last updated May 17, 2026

You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the virtual machines shown in the following table. All the virtual machines have only private IP addresses. You deplo...

To determine which virtual machines (VMs) you can connect to through Azure Bastion, let's review the key facts and reasoning: Key Considerations: 1. Azure Bastion Access: Azure Bastion provides secure RDP and SSH access to virtual machines within a virtual network (VNet) that Bastion is deployed in. For Bastion to connect to virtual machines, the virtual machines must be located in the same VNet or in a peered VNet. However, Bastion only works with private IPs, as it is intended for secure access without exposing VMs to the public internet. 2. Virtual Machine Placement: The table provided in the question is assumed to show that: - VM1 is located in VNet1, where Bastion1 is deployed. - VM2 and VM3 are located in other VNets (possibly peered or not) and have only private IPs. 3. Virtual Network Peering: If VM2 and VM3 are in peered VNets, Bastion can connect to them because Bastion in VNet1 can reach the VMs in the peered networks via their private IPs. Scenario Analysis: - Option A: VM1 only – This option suggests that Bastion can only connect to VM1, which is in the same VNet as Bastion1. If VM2 and VM3 are in different VNets that are not peered...

Author: David · Last updated May 17, 2026

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is a...

To ensure that NGINX is available on all virtual machines (VMs) in a Virtual Machine Scale Set (VMSS) running Windows Server 2019 after they are deployed, we need a method to automate the installation and configuration of NGINX on each VM. Let’s evaluate each of the options provided: Analysis of the Options: - Option A: a Microsoft Intune device configuration profile – Not applicable: Microsoft Intune is a tool for managing and securing devices, apps, and endpoints, particularly for mobile devices and PCs. While it can manage some configurations and security settings for Azure VMs, Intune is not designed for installing server-side software like NGINX on VMs in a scale set. Intune is more focused on managing user and device configurations and wouldn't be the appropriate choice for configuring software installation across VMs in a scale set. - Option B: a Desired State Configuration (DSC) extension – Correct choice: The Desired State Configuration (DSC) extension is a powerful automation tool in Azure that can be used to configure and manage the state of Windows machines. DSC ensures that the system configuration (such as software installation) is consistent across VMs. You can create a DSC configuration script to install NGINX on all VMs in the scale set, and use the DSC extension to apply this configuration when the VMs are deployed. This is the ideal solution for ensurin...

Author: ShadowWolf101 · Last updated May 17, 2026

You have an Azure subscription. You plan to migrate 50 virtual machines from VMware vSphere to the subscription. You creat...

To migrate virtual machines (VMs) from VMware vSphere to an Azure subscription, it's essential to follow a process that ensures the VMs can be successfully replicated and restored in the Azure environment. Here's an explanation of the available options: A) Configure an extended network - This option is typically used when you're extending your on-premises network to Azure using Azure Site-to-Site VPN or ExpressRoute. It's useful if you need to keep communication between on-premises and Azure networks after migration. However, it is not the immediate next step for migrating VMs from VMware to Azure. It’s more relevant when setting up hybrid connectivity but not part of the initial migration process. - Rejected: Not directly related to the VM migration process at this stage. B) Create a recovery plan - A recovery plan is used in Azure Site Recovery (ASR) when setting up failover strategies for disaster recovery. While recovery plans are essential for planning failover and recovery of VMs in the event of a disaster, they are not required at the initial stage of migration. You need to set up replication and migration first. - Rejected: Recovery plans are used for disaster recovery, not for the initial migration of VMs. C) Deploy an Open Virtualization Application (OVA) ...

Author: GlowingTiger · Last updated May 17, 2026

HOTSPOT - You have an Azure subscription that contains the virtual networks shown in the following table. Each virtual network has 50 connected virtual machines. You need to implement Azure Bastion. The solution must meet the fallowing requirements: * Support host scaling. * Support uploading and downloading files. * Support the virtual machines on both VNet1 and VNet2. * Minimize the number of ...

Author: Ming88 · Last updated May 17, 2026

You have an Azure subscription that contains the virtual networks shown in the following table. You need to ensure that all the traffic between VNet1 and VNet2...

To ensure that all traffic between VNet1 and VNet2 traverses the Microsoft backbone network, the appropriate configuration must route traffic through Azure's private and secure backbone rather than the public internet or using other network paths. Let’s analyze the options: A) A private endpoint - A private endpoint is used to provide secure, private connectivity to Azure services over the Azure backbone network. However, private endpoints are typically used for accessing specific Azure services (like Azure Storage, Azure SQL, etc.) securely. It doesn’t directly apply to routing traffic between two VNets. - Rejected: This option is used for connecting to Azure services securely, not for connecting VNets or routing traffic between them. B) Peering - VNet Peering allows you to connect two VNets in the same or different regions to allow traffic to flow between them. By default, traffic between peered VNets can traverse either the Microsoft backbone network (if configured as such) or use public routing depending on how the peering is configured. - When you configure VNet peering, if you select the option "Use remote gateways" and "Allow forwarded traffic," this can ensure that traffic flows over the Microsoft backbone network rather than the public internet. In this case, VNet peering can be configured to ensure traffic between VNets goes over the private network. - Selected: This is the most suitable option to connect the VNets and ensure traffic flows over the Azure backbone network. C) Exp...

Author: Sophia · Last updated May 17, 2026

You have the Azure virtual networks shown in the following table. Which virtual networks can ...

To determine which virtual networks VNet1 can peer with, we need to analyze the following key factors for VNet peering in Azure: 1. Same Region or Different Region: If the VNets are in the same region, peering can be set up easily. If they are in different regions, Global VNet Peering can be used, but it may incur additional costs. 2. Address Space Overlap: VNets can only be peered if their address spaces do not overlap. This is crucial as overlapping IP ranges can cause routing issues. 3. Peering Policies: For peering to work, certain policies must be allowed (such as enabling traffic forwarding, remote gateways, etc.) during the peering configuration. Now, let’s analyze the options: A) VNet2, VNet3, and VNet4 - This option assumes that VNet1 can peer with VNet2, VNet3, and VNet4. - Reason to reject: If VNet1 is not allowed to peer with any of these VNets due to address space overlap or any other limitations, then this option cannot be correct. B) VNet2 only - This option assumes that VNet1 can only peer with VNet2. - Reason to reject: If VNet1 can peer with more than just VNet2, then this option is too restrictive. C) VNet3 and VNet4 only - ...

Author: GlowingTiger · Last updated May 17, 2026

You have an Azure subscription that has a Recovery Services vault named Vault1. The subscription contains the virtual machines shown in the following table: You plan to schedule backups to occur...

To determine which virtual machines can be backed up using Azure Backup, we need to evaluate the key requirements and characteristics of each VM. Azure Backup can back up VMs that meet certain conditions, such as: 1. Operating System: The VM must be running a supported operating system (Windows or Linux). 2. Azure VM: The VM must be an Azure VM. If it's an on-premises VM or a VM that’s not registered with Azure Backup, it cannot be backed up using the service. 3. Backup Availability: The VM should not be excluded from backup due to specific configurations or constraints like disk types or VM sizes. Given these key factors, let’s evaluate the virtual machines: A) VM1 and VM3 only - If VM1 and VM3 meet the requirements (correct operating system, Azure-based, no exclusions), they can be backed up, while other VMs may have restrictions. - Reason to reject: If VM2 and VM4 do not have any restrictions preventing backup, this option would be incomplete. B) VM1, VM2, VM3, and VM4 - This option suggests that all four VMs are eligible for backup, meaning there are no operating system, configuration, or other restrictions prev...

Author: SilverBear · Last updated May 17, 2026

You have the Azure virtual machines shown in the following table: You have a Recovery Services vault that protects VM1 and VM2. You need to protect ...

To protect VM3 and VM4 using Recovery Services, we need to evaluate each option based on its relevance to the setup and requirements for backing up virtual machines. Key Factors for Evaluation: - Azure Recovery Services Vault: A Recovery Services vault is the container used to manage backup data and restore points for protected Azure VMs. Each set of VMs must be backed up using a Recovery Services vault. - Backup Policy: A backup policy defines when and how backups are taken for the VMs. Without a backup policy, no backups can be scheduled. - Storage Account: A storage account is used to store backup data, but creating a storage account is not necessary to use Recovery Services Vault, since it manages storage internally. - VM Extensions: Extensions are used to configure VMs for specific services like monitoring or backup, but this is not the first step in setting up Recovery Services protection. Option Breakdown: 1. A) Create a new Recovery Services vault: - This option could be relevant if a separate Recovery Services vault is needed for VM3 and VM4, but typically, you would want to use the same vault if you're managing backups for multiple VMs, provided it’s already set up for VM1 and VM2. - If the existing Recovery Services vault alread...

Author: Layla · Last updated May 17, 2026

HOTSPOT - You have an Azure subscription that contains an Azure Storage account named storage1 and the users shown in the following table. You plan to monitor storage1 and to configure email notifications for the signals shown in the following table. You need to identify the minimum number of alert rules and action groups required for the planned monitoring. How many alert r...

Author: CrimsonViperX · Last updated May 17, 2026

You have an Azure subscription that contains the identities shown in the following table. User1, Principal1, and Group1 are assigned the Monitoring Reader role. An action group named AG1 has the Email Azure Resource Manager Role notification type and is configured to email the Monitoring Reader role. You create an alert rul...

Let's break down the question step by step to determine who will receive the email notification when Alert1 is triggered, based on the given scenario. Key Factors: - Monitoring Reader Role: This role grants the ability to view monitoring data in Azure, but it does not grant the ability to modify resources or create alerts. - Action Group (AG1): This action group is configured to send email notifications for Azure Resource Manager (ARM) role notifications. - Alert Rule (Alert1): The alert rule triggers the action group AG1, which is set to notify by email. - Assigned Roles: - User1, Principal1, and Group1 are assigned the Monitoring Reader role. - The action group AG1 is configured to notify the Monitoring Reader role by email when triggered. Step-by-Step Evaluation: 1. Who can be notified? - Since the action group AG1 is configured to notify the Monitoring Reader role, it will send email notifications to any users or identities who have the Monitoring Reader role. 2. Who has the Monitoring Reader role? - User1: Assigned the Monitoring Reader role. - Principal1: Assigned the Monitoring Reader role. - Group1: Members of Group1 have the Monitoring Reader role, so any users within this group are also eligible for the notification. 3. Email Notification Criteria: - The email notifications will be sent to any identity or user associated with User1, Principal1, or Group1. - The email notification is being sent to the identitie...

Author: Ava · Last updated May 17, 2026

HOTSPOT - You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1. You create a backup policy named Policy1 as shown in the exhibit. (Click the Exhibit tab.) You configure the backup of VM1 to use Policy1 on Thursday, January 1 at 1:00 AM. You need to identify the number of available recovery points for VM1. How many recovery points are...

Author: Lucas Carter · Last updated May 17, 2026

HOTSPOT - You have the web apps shown in the following table. You need to monitor the performance and usage of the apps by using Azure Application Insights. The solution must minimize modifications to the application code. What should you do on each app? To answ...

Author: Zara · Last updated May 17, 2026

You have an Azure virtual machine named VM1. You use Azure Backup to create a backup of VM1 named Backup1. After creating Backup1, you perform the following changes to VM1: * Modify the size of VM1. * Copy a file named Budget.xls to a folder named Data. * Reset the password for the built-in administrator account. * Add a data disk to VM1. An administrator us...

Let's analyze the situation and determine which change should be performed again after restoring VM1 from Backup1. Key Information: - Backup1: This is the backup created of VM1 before any changes were made to it. - Changes to VM1: 1. Modify the size of VM1: The size of the virtual machine was modified after the backup. 2. Copy a file named Budget.xls to a folder named Data: A file was added to the virtual machine. 3. Reset the password for the built-in administrator account: The password for the built-in administrator account was reset. 4. Add a data disk: A new data disk was added to the VM. Restore Scenario: - An administrator uses the Replace existing option to restore VM1 from Backup1. The Replace existing option will restore VM1 to its state at the time the backup was taken, meaning all the changes that occurred after the backup (like the modifications listed above) will be undone. Evaluating the Changes: 1. Modify the size of VM1: - When restoring a VM from a backup, the size of the virtual machine is also restored to the configuration at the time the backup was taken. So, the size of VM1 will revert to its original state from before the backup. Therefore, the size will need to be modified again after the restore. - This change needs to be performed again because the restored VM will have the original size from Backup1, not the modified size. 2. R...

Author: Aria · Last updated May 17, 2026

HOTSPOT - You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains the users shown in the following table. You enable password reset for contoso.onmicrosoft.com as shown in the Password Reset exhibit. (Click the Password Reset tab.) You configure the authentication methods for password reset as shown in the Authentication Methods exhibit. (Click the Authenticati...

Author: IceDragon2023 · Last updated May 17, 2026

Your company has a main office in London that contains 100 client computers. Three years ago, you migrated to Azure Active Directory (Azure AD). The company's security policy states that all personal devices and corporate-owned devices must be registered or joined to Azure AD. A remote user named User1 is unable to join a personal device to Azure AD from a home networ...

To ensure that User1 can join a personal device to Azure AD from their home network, let’s break down the key factors and evaluate the options provided: Key Factors: - User1 previously could join devices to Azure AD, but is now unable to do so. - The security policy states that all personal devices and corporate-owned devices must be registered or joined to Azure AD. - The issue occurs from a home network, so it suggests there might be restrictions or configurations that affect User1's ability to join devices remotely. Evaluation of the Options: 1. A) Assign the User administrator role to User1: - The User administrator role would allow User1 to manage user settings and some aspects of devices in Azure AD, but it is not required to join a device to Azure AD. The ability to join devices is controlled by the device settings in Azure AD. - This option is not relevant, as User1’s inability to join a device is more likely related to device registration settings, not administrative privileges. 2. B) From the Device settings blade, modify the Maximum number of devices per user setting: - The Maximum number of devices per user setting defines how many devices a user can register or join to Azure AD. If User1 has reached the limit, they would be unable to join additional devices. - However, this is not likely the issue in this case, as User1 was able to join devices in the past. The problem is more related to the permission or policy settings regarding device joining, not the number of devices. 3. C) Create a point-to-site VPN from the home n...

Author: Isabella1 · Last updated May 17, 2026

HOTSPOT - You have two Azure App Service app named App1 and App2. Each app has a production deployment slot and a test deployment slot. The Backup Configuration settings for the production slots are shown in the following table. For each of the following statements, s...

Author: Zara · Last updated May 17, 2026

HOTSPOT - You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory domain. The domain contains the users shown in the following table. You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods: * Number of methods required to reset: 2 * Methods available to users: Mobile phone, Security questions * Number of questions required to register: 3 * Number of questions required to reset: 3 You select the following security questions: ...

Author: Zain · Last updated May 17, 2026

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com: Use...

Let's break down the scenario and evaluate the solution: Key Information: - Azure Active Directory (Azure AD) tenant: There are two Azure AD tenants: 1. contoso.onmicrosoft.com 2. external.contoso.onmicrosoft.com - User1 is creating the second tenant external.contoso.onmicrosoft.com. - The task is to create new user accounts in the external.contoso.onmicrosoft.com tenant. Understanding the Role of User1: - User1's Role in contoso.onmicrosoft.com: User1 is an existing user in the contoso.onmicrosoft.com tenant. However, being a member of the contoso.onmicrosoft.com tenant does not automatically grant User1 the ability to create users in a different tenant (in this case, external.contoso.onmicrosoft.com). - Creating Users in Another Tenant: In order to create users in external.contoso.onmicrosoft.com, User1 must be a global administrator or have the User administrator role in the external.contoso.onmicrosoft.com tenant. Analysis of the Solution: -...

Author: Liam123 · Last updated May 17, 2026

You have an existing Azure subscription that contains 10 virtual machines. You need to monitor the latency between your on-premise...

Let's analyze the options based on the requirement to monitor the latency between your on-premises network and the Azure virtual machines: Key Considerations: - The goal is to monitor latency, which refers to the time taken for data to travel between two points (in this case, your on-premises network and Azure VMs). - The solution needs to be capable of assessing the network performance, specifically related to latency, between on-premises resources and Azure VMs. Option Evaluation: 1. A) Service Map: - Service Map provides insights into the communication and dependencies between applications and services in your environment. It tracks the relationships between processes and services on virtual machines, but it does not directly measure latency. - Rejected: Service Map is not designed for monitoring network latency between on-premises and Azure. 2. B) Connection troubleshoot: - Connection troubleshoot is useful for diagnosing network connectivity issues (e.g., determining if a VM is reachable or if a specific port is open), but it is not designed to continuously monitor or report latency. - Rejected: While it is useful for troubleshooting, it does not meet the goal ...

Author: Henry · Last updated May 17, 2026

HOTSPOT - You have an Azure App Service plan named ASP1. CPU usage for ASP1 is shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the infor...

Author: RadiantPhoenixX · Last updated May 17, 2026

DRAG DROP - You have an Azure Linux virtual machine that is protected by Azure Backup. One week ago, two files were deleted from the virtual machine. You need to restore the deleted files to an on-premises Windows Server 2016 computer as quickly as possible. Which four actions should you perform in sequence? To a...

Author: Samuel · Last updated May 17, 2026

HOTSPOT - You purchase a new Azure subscription named Subscription1. You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup. You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days. What should you d...

Author: Olivia · Last updated May 17, 2026

You have an Azure virtual machine named VM1. Azure collects events from VM1. You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the Syst...

To determine the correct target resource for the alert rule in Azure Monitor, let's evaluate each option based on the goal of monitoring the System event log of VM1 for errors. Key Considerations: - The goal is to trigger an alert based on events logged in the System event log of VM1. Azure Monitor alerts can be set up to monitor specific resources and log data. - Azure's ability to collect event logs (like the System event log) depends on having the appropriate monitoring setup in place, such as using Log Analytics to store logs and events. Option Evaluation: 1. A) Virtual machine extension: - Virtual machine extensions are small software components that can be installed on a VM to perform specific functions (e.g., the Azure Monitor agent, Log Analytics agent, etc.). These extensions collect and send data (including event logs) to Azure Monitor or Log Analytics. - Rejected: While extensions are involved in collecting logs, they themselves are not the target resource for setting up the alert. The alert should be set at the level of the data source (VM or Log Analytics) rather than the extension itself. 2. B) Virtual machine: - A virtual machine in Azure can be a direct resource monitored for alerts. If the Azure Monitor agent is installed on the VM (which sends event logs to Log Analytics), you can create an alert rule directly on the VM for the logs or events. - Selected: This is the correct op...

Author: Elijah · Last updated May 17, 2026

You have an Azure subscription that contains 100 virtual machines. You regularly create and delete virtual machines. You need to identif...

To identify unattached disks that can be deleted in an Azure subscription containing virtual machines, let's analyze the provided options based on the goal of identifying unattached disks. Key Considerations: - Unattached disks are disks that were once associated with virtual machines but are no longer attached. Identifying these disks helps in optimizing storage and cost management by ensuring unused resources are deleted. - The objective is to identify unattached disks so they can be deleted and reduce unnecessary storage costs. Option Evaluation: 1. A) From Azure Cost Management, view Cost Analysis: - Cost Analysis in Azure Cost Management helps you track and analyze your spending on Azure resources. It gives insights into costs but does not specifically identify unattached disks. It shows usage and cost data, but it doesn't directly highlight unused or unattached disks. - Rejected: Cost Analysis is focused on cost tracking, not specifically on identifying unattached disks. 2. B) From Azure Advisor, modify the Advisor configuration: - Azure Advisor provides best practices and recommendations for optimizing your Azure resources. It may suggest actions like resizing VMs, removing unused resources, and optimizing performance and security. However, modifying the configuration of Azure Advisor does not directly help identify unattached disks. - Rejected: Modifying Advisor’s configuration alone won’t help identify unattached disks. While Advisor can give resource optimization recommendations, it is not designed specifically for tracking unattached disk...

Author: Ahmed97 · Last updated May 17, 2026

You have an Azure web app named webapp1. Users report that they often experience HTTP 500 errors when they connect to webapp1. You need to provide the developers of webapp1 with real-time access to the connection e...

To provide developers of webapp1 with real-time access to the connection errors (specifically HTTP 500 errors), we need to ensure we have access to detailed logging and error information. Let's analyze the available options: Key Considerations: - The developers need real-time access to connection error details, specifically HTTP 500 errors, which are typically related to server-side issues. - To achieve this, we need to capture detailed application and server logs, not just surface-level metrics. Option Evaluation: 1. A) From webapp1, enable Web server logging: - Web server logging captures detailed HTTP request and response data, which includes the status codes (such as HTTP 500 errors) generated by the web server. This logging is ideal for tracking server-related errors. - Selected: This is the most relevant option because enabling Web server logging for webapp1 will capture the HTTP 500 errors along with all the details about the requests and responses, making it suitable for troubleshooting and providing real-time access to the developers. 2. B) From Azure Monitor, create a workbook: - Azure Monitor workbooks provide visualizations and interactive reports based on log data, but they do not directly capture connection errors. Workbooks are used to visualize existing data, not to collect detailed logs. Therefore, creating a workbook without having the underlying log data will not directly help with real-time access to error details. - Rejected: Workbooks require data sources like logs or metrics. Without th...

Author: Rohan · Last updated May 17, 2026

You have an Azure web app named App1. You need to monitor the availability of App1 by using a multi-step w...

To monitor the availability of an Azure web app (App1) using a multi-step web test, we need to choose the right tool within Azure Monitor. Let's analyze the available options: Key Considerations: - A multi-step web test allows you to simulate a user accessing the web app and perform a series of steps to ensure that the application is functioning correctly. It's an advanced method for monitoring web app availability. - The goal is to set up a way to simulate and monitor the availability of the web app (App1) through multiple interactions. Option Evaluation: 1. A) Azure Service Health: - Azure Service Health provides information on the health of Azure services, including issues that might affect your resources (e.g., outages or planned maintenance). However, Azure Service Health does not provide functionality to run multi-step web tests for monitoring the availability of an individual web app like App1. - Rejected: Azure Service Health is focused on platform-wide health, not on application-level availability monitoring, so it’s not suitable for multi-step web tests. 2. B) Azure Application Insights: - Azure Application Insights is a powerful tool for monitoring the performance, availability, and usage of web apps. It includes the availability testing feature, which can be configured to run multi-step web tests to simulate user interactions with your web app (App1). This i...

Author: Maya · Last updated May 17, 2026

HOTSPOT - You have an Azure subscription that has diagnostic logging enabled and is configured to send logs to a Log Analytics workspace. You are investigating a service outage. You need to view the event time, the event name, and the affected resources. How should you complete the quer...

Author: Victoria · Last updated May 17, 2026

You have a Recovery Services vault named RSV1. RSV1 has a backup policy that retains instant snapshots for five days and daily backup for 14 days. RSV1 performs daily backups of VM1. VM1 hosts a static website that was updated eight days ago. You ne...

To recover VM1 to a point eight days ago while minimizing downtime, we need to evaluate each option carefully in the context of the existing Recovery Services vault (RSV1), backup policies, and the requirement to restore VM1 with minimal downtime. Key Considerations: - Instant snapshots: The RSV1 backup policy retains instant snapshots for five days and daily backups for 14 days. This means that instant snapshots are only available for the last five days, and daily backups are retained for a total of 14 days. - Since the update to the website occurred eight days ago, the daily backup from eight days ago is available. We must restore VM1 to this backup to recover the website to its previous state. Option Evaluation: 1. A) Deallocate VM1: - Deallocating a VM stops it but does not involve backup or restore operations. This action would stop the VM from consuming resources, but it does not help in restoring VM1 to the required point in time. - Rejected: Deallocating the VM does not assist in recovering VM1 to a specific backup state or restore the website. 2. B) Restore VM1 by using the Replace existing restore configuration option: - Replace existing is a common option for restoring the VM to its previous state. It would replace the current configuration of VM1 with the backup from eight days ago. However, this option can lead to downtime because the existing VM will be replaced entirely by the backup, potentially causing service disruption during the res...

Author: Olivia · Last updated May 17, 2026

HOTSPOT - You have an Azure subscription that contains the resources shown in the following table. You plan to create a data collection rule named DCR1 in Azure Monitor. Which resources can you set as data sources in DCR1, and which resources can you set as destinations in DCR1?...

Author: RadiantPhoenixX · Last updated May 17, 2026

HOTSPOT - You have the role assignment file shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information pres...

Author: StarryEagle42 · Last updated May 17, 2026

HOTSPOT - You have the following custom role-based access control (RBAC) role. For each of the following statements, select Yes if the statement is true. Otherwise,...

Author: Olivia Johnson · Last updated May 17, 2026

HOTSPOT - You have an Azure subscription that contains the resources shown in the following table. NSG1 is configured as shown in the following exhibit. For each of the following statements, select Yes if the state...

Author: FrostFalcon88 · Last updated May 17, 2026

You have an Azure subscription named Subscription1 that contains two Azure virtual networks named VNet1 and VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1. On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1. You configure virtual network peering between VNet1 and VNet2. Y...

To resolve the issue where Client1 is unable to connect to VNet2 despite being able to connect to VNet1 and having virtual network peering between VNet1 and VNet2, let's carefully evaluate the options and understand the situation in detail. Key Considerations: - There is virtual network peering between VNet1 and VNet2. - Client1 is using a point-to-site VPN connection to VNet1. - VPNGW1 in VNet1 is using static routing for the site-to-site VPN connection between your on-premises network and VNet1. - Client1 can connect to VNet1, but is unable to access VNet2. - The goal is to ensure that Client1 can access VNet2 via the established peering between VNet1 and VNet2. Option Evaluation: 1. A) Select Use the remote virtual network's gateway or Route Server on VNet1 to VNet2 peering: - This option uses the gateway or route server of VNet1 to route traffic to VNet2. However, Client1 is connected to VNet1 via point-to-site VPN, and VNet1's gateway is used for the on-premises network, not Client1’s traffic. - Rejected: This option won't help Client1 because it specifies using the gateway for traffic from VNet1, but Client1 is connected to VNet1 via point-to-site VPN and does not use the gateway for its traffic. This option is more relevant for site-to-site VPN connections. 2. B) Select Use the remote virtual network's gateway or Route Server on VNet2 to VNet1 peering: - This option would configure the peering so that VNet2 can use its gateway to route traffic back to VNet1. However, since Client1 is directly connected to VNet1 via point-to-site VPN, the route from VNet1 to VNet2 should be configured to ensure that the...

Author: Sophia · Last updated May 17, 2026