Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lad section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: Tom-11234828@ExamUsers.com
Azure Password: Nq9Md6+!Bj
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 11234828
A new corporate policy states that users must be able to authenticate to the web app by using their Azure Active Directory (Azure AD) credentials.
What should you add to the web app?
NOTE: To answer this question, sign in to the Azure portal and explore the Azure resource groups.
You can create a managed identity for App Service and Azure Functions applications and how to use it to access other resources. A managed identity from Azure Active Directory (AAD) allows your app to easily access other AAD-protected resources such as Azure Key Vault.
References:
https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity
You need to recommend a backup solution for the data store of the payment processing.
What should you include in the recommendation?
You plan to move a web application named App1 from an on-premises data center to Azure.
App1 depends on a custom framework that is installed on the host server.
You need to recommend a solution to host App1 in Azure. The solution must meet the following requirements:
* App1 must be available to users if an Azure data center becomes unavailable.
* Costs must be minimized.
What should you include in the recommendation?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM).
Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant.
The company is developing an application named Application1. Application1 will be hosted in Azure by using 10 virtual machines that run Windows Server 2016. Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks.
You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption (BitLocker).
Solution: Deploy one Azure Key Vault to each region. Configure virtual machines to use Azure Disk Encryption. Use a different Key Vault for encrypting virtual machine disks in each region.
Does this meet the goal?
The security key from the on-premises HSM need to be exported.
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-prerequisites-aad
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named Storage1.
You plan to archive data to Storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create a file share and snapshots.
Does this meet the goal?
Instead you could create an Azure Blob storage container, and you configure a legal hold access policy.
References:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage