Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM).
Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant.
The company is developing an application named Application1. Application1 will be hosted in Azure by using 10 virtual machines that run Windows Server 2016. Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks.
You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption (BitLocker).
Solution: Deploy one Azure Key Vault to each region. Create two Azure AD service principals. Configure the virtual machines to use Azure Disk Encryption and specify a different service principal for the virtual machines in each region.
Does this meet the goal?
You would also have to import Import the security keys from the HSM into each Azure key vault.
References:
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-prerequisites-aad
Your network contains an on-premises Active Directory domain. The domain contains the Hyper-V clusters shown in the following table.
You plan to implement Azure Site Recovery to protect six virtual machines running on Cluster1 and three virtual machines running on Cluster2. You need to identify the minimum number of Azure Site Recovery Providers that must be installed on premises. How many Providers should you identify?
Install it on all seven nodes.
Note: Install the Azure Site Recovery Provider
Run the Provider setup file on each VMM server. If VMM is deployed in a cluster, install for the first time as follows:
* Install the Provider on an active node, and finish the installation to register the VMM server in the vault.
* Then, install the Provider on the other nodes. Cluster nodes should all run the same version of the Provider.
https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-vmm-disaster-recovery
https://developer.microsoft.com/en-us/graph/blogs/retrieving-azure-ad-access-reviews/
You have a hybrid deployment of Azure Active Directory (Azure AD).
You need to recommend a solution to ensure that the Azure AD tenant can be managed only from the computers on your on-premises network.
What should you include in the recommendation?
You plan to deploy a payroll system to Azure. The payroll system will use Azure virtual machines that run SUSE Linux Enterprise Server and Windows.
You need to recommend a business continuity solution for the payroll system. The solution must meet the following requirements:
* Minimize costs.
* Provide business continuity if an Azure region fails.
* Provide a recovery time objective (RTO) of 30 minutes.
* Provide a recovery point objective (RPO) of five minutes.
What should you include in the recommendation?
If your storage account has GRS enabled, then your data is durable even in the case of a complete regional outage or a disaster in which the primary region isn't recoverable.
Note: The recovery time objective (RTO) is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity.
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-grs
https://azure.microsoft.com/en-us/support/legal/sla/site-recovery/v1_0/
You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2012 R2 instances. The instances host databases that have the following characteristics:
* The largest database is currently 3 TB. None of the databases will ever exceed 4 TB.
* Stored procedures are implemented by using CLR.
You plan to move all the data from SQL Server to Azure.
You need to recommend an Azure service to host the databases. The solution must meet the following requirements:
* Whenever possible, minimize management overhead for the migrated databases.
* Minimize the number of database changes required to facilitate the migration.
* Ensure that users can authenticate by using their Active Directory credentials.
What should you include in the recommendation?
Azure SQL Database single databases
