The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification.
Question 241
You have an Azure subscription that contains a virtual machine named VM1.
VM1 hosts a line-of-business application that is available 24 hours a day.
VM1 has one network interface and one managed disk.
VM1 uses the D4s v3 size.
You plan to make the following changes to VM1:
* Change the size to D8s v3.
* Add a 500-GB managed disk.
* Add the Puppet Agent extension.
* Attach an additional network interface.
Which change will cause downtime for VM1?
A. Add the Puppet Agent extension.
* B. Change the size to D8s v3.
C. Add a 500-GB managed disk.
D. Attach an additional network interface.
Explanation
While resizing the VM it must be in a stopped state.
Question 242
You have an Azure virtual machine named VM1 that you use for testing.
VM1 is protected by Azure Backup.
You delete VM1.
You need to remove the backup data stored for VM1.
What should you do first?
A. Delete the Recovery Services vault.
B. Delete the storage account.
C. Stop the backup.
* D. Modify the backup policy.
Answer Description:
With the release of backup policy management, customers can manage backup policies and model them to meet their changing requirements from a single window. Customers can edit a policy, associate more virtual machines to a policy, and delete unnecessary policies to meet their compliance requirements.
Azure Backup provides backup for virtual machines – created through both the classic deployment model and the Azure Resource Manager deployment model – by using custom-defined backup policies in a Recovery Services vault.
With the release of backup policy management, customers can manage backup policies and model them to meet their changing requirements from a single window. Customers can edit a policy, associate more virtual machines to a policy, and delete unnecessary policies to meet their compliance requirements.
You can’t delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can’t, the vault is still configured to receive backup data.
Question 243
You have an Azure subscription named Subscription1.
You deploy a Linux virtual machine named VM1 to Subscription1.
You need to monitor the metrics and the logs of VM1.
What should you use?
* A. The AzurePerformanceDiagnostics extension.
B. Azure HDInsight.
C. Linux Diagnostic Extension (LAD) 3.0.
D. Azure Analysis Services.
Explanation
You can use extensions to configure diagnostics on your VMs to collect additional metric data.
The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM.
Question 244
You plan to back up an Azure virtual machine named VM1.
You discover that the Backup Pre-Check status displays a status of Warning.
What is a possible cause of the Warning status?
A. VM1 is stopped.
* B. VM1 does not have the latest version of WaAppAgent.exe installed.
C. VM1 has an unmanaged disk.
D. A Recovery Services vault is unavailable.
Explanation
The WARNING state indicates one or more issues in VM’s configuration that might lead to backup failures and provides recommended steps to ensure successful backups. Not having the latest VM Agent installed, for example, can cause backups to fail intermittently and falls in this class of issues.
The PASSED state indicates that your VMs configuration is conducive for successful backups and no corrective action needs to be taken.
The CRITICAL state indicates one or more critical issues in the VM’s configuration that will lead to backup failures and provides required steps to ensure successful backups. A network issue caused due to an update to the NSG rules of a VM, for example, will fail backups as it prevents the VM from communicating with the Azure Backup service and falls in this class of issues.
Question 245
You have an Azure subscription named Subscription1 that is used by several departments at your company.
Subscription1 contains the resources in the following table:
***
Name: Storage1,???????????????Type: Storage account
Name: RG1,????????????????????Type: Resource group
Name: Container1,?????????????Type: Blob container
Name: Share1,?????????????????Type: File share
***
Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template.
You need to view the template used for the deployment.
From which blade can you view the template that was used for the deployment?
A. Container1.
* B. RG1.
C. Share1.
D. Storage1.
Explanation
View template from deployment history
- Go to the resource group for your new resource group. Notice that the portal shows the result of the last deployment. Select this link.
- You see a history of deployments for the group. In your case, the portal probably lists only one deployment. Select this deployment.
- The portal displays a summary of the deployment. The summary includes the status of the deployment and its operations and the values that you provided for parameters. To see the template that you used for the deployment, select View template.
Question 246
You have an Azure virtual machine named VM1.
VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution: From the Redeploy blade, you click Redeploy.
Does this meet the goal?
* A. Yes
B. No
Explanation
When you redeploy a VM, it moves the VM to a new node within the Azure infrastructure and then powers it back on, retaining all your configuration options and associated resources.
Question 247
You download an Azure Resource Manager template based on an existing virtual machine.
The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password.
You must prevent the password from being stored in plain text.
What should you create to store the password?
* A. An Azure Key Vault and an access policy.
B. A Recovery Services vault and a backup policy.
C. Azure Active Directory (AD) Identity Protection and an Azure policy.
D. An Azure Storage account and an access policy.
Explanation
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore, the password is never put in plain text in the template parameter file.
Question 248
You have an Azure subscription that contains three virtual networks named VNet1, VNet2, and VNet3.
VNet2 contains a virtual appliance named VM2 that operates as a router.
You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network.
You plan to configure peering between VNet1 and Vnet2 and between VNet2 and VNet3.
You need to provide connectivity between VNet1 and VNet3 through VNet2.
Which two configurations should you perform? Each correct answer presents part of the solution.
* A. On the peering connections, use remote gateways.
B. On the peering connections, allow forwarded traffic.
* C. On the peering connections, allow gateway transit.
D. Create route tables and assign the table to subnets.
E. Create a route filter.
Explanation
Allow gateway transit: Check this box if you have a virtual network gateway attached to this virtual network and want to allow traffic from the peered virtual network to flow through the gateway. For example, this virtual network may be attached to an on-premises network through a virtual network gateway. The gateway can be an ExpressRoute or VPN gateway. Checking this box allows traffic from the peered virtual network to flow through the gateway attached to this virtual network to the on-premises network. If you check this box, the peered virtual network cannot have a gateway configured. The peered virtual network must have the Use remote gateways checkbox checked when setting up the peering from the other virtual network to this virtual network. If you leave this box unchecked (default), traffic from the peered virtual network still flows to this virtual network, but cannot flow through a virtual network gateway attached to this virtual network. If the peering is between a virtual network (Resource Manager) and a virtual network (classic), the gateway must be in the virtual network (Resource Manager).
Question 249
You have a public load balancer that balances ports 80 and 443 across three virtual machines.
You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only.
What should you configure?
* A. An inbound NAT rule.
B. A load balancing rule.
C. A new public load balancer for VM3.
D. A frontend IP configuration.
Explanation
Create an inbound NAT port-forwarding rule: Create a load balancer inbound network address translation (NAT) rule to forward traffic from a specific port of the front-end IP address to a specific port of a back-end VM.
- Select All resources in the left-hand menu, and then select MyLoadBalancer from the resource list.
- Under Settings, select Inbound NAT rules, and then select Add.
- On the Add inbound NAT rule page, type or select the following values:
- Name: Type MyNATRuleVM1.
- Port: Type 4221.
- Target virtual machine: Select MyVM1 from the drop-down.
- Port mapping: Select Custom.
- Target port: Type 3389.
- Select OK.
Question 250
You are troubleshooting a performance issue for an Azure Application Gateway.
You need to compare the total requests to the failed requests during the past six hours.
What should you use?
A. NSG flow logs in Azure Network Watcher.
* B. Metrics in Application Gateway.
C. Connection monitor in Azure Network Watcher.
D. Diagnostics logs in Application Gateway.
Explanation
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 – TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.
With Application Gateway, you can make routing decisions based on additional attributes of an HTTP request, such as URI path or host headers. For example, you can route traffic based on the incoming URL. So if /images is in the incoming URL, you can route traffic to a specific set of servers (known as a pool) configured for images. If /video is in the URL, that traffic is routed to another pool that’s optimized for videos.
This type of routing is known as application layer (OSI layer 7) load balancing. Azure Application Gateway can do URL-based routing and more.
By using Azure Application Gateway, you can monitor resources in the following ways:
- Back-end health: Application Gateway provides the capability to monitor the health of the servers in the back-end pools through the Azure portal and through PowerShell. You can also find the health of the back-end pools through the performance diagnostic logs.
- Logs: Logs allow for performance, access, and other data to be saved or consumed from a resource for monitoring purposes.
- Metrics: Application Gateway has several metrics which help you verify that your system is performing as expected.