Azure Certification Question of the Day (QOTD) – AZ-500 Q002

The Zero Trust model states to never assume trust but instead to validate trust continually​

Trust determination components include (choose the four correct answers)​

A) Authentication Tokens​
B) Identity Provider​
C) Device Directory​
D) Policy Evaluation Service​
E) Access Proxy​
F) Access Services 

Azure Certification Question of the Day (QOTD) – AZ-103 003 – ANSWERED

You are the Azure Cloud Consultant for your organization, and you have been tasked with configuring VNet Peering.

You need to review the corporate needs to have the desired connectivity across all Azure public regions, keeping all your traffic on the Microsoft Backbone.

Which of the following statements below is TRUE regarding Global VNet Peering? (Choose three)

A) You can peer across VNets only in Azure public regions with non-overlapping address spaces.
B) You can peer across VNets in any Azure public regions regardless of any overlapping address spaces.
C) You can globally peer within a given subscription.
D) You can globally peer across subscriptions.
E) You can peer virtual networks in the same region, or different regions
F) You can peer virtual networks only in the same region
G) You can peer virtual networks only in different regions
 

Correct answer:

A, D, and E

You can configure peering of your VNets in any Azure public regions with non-overlapping address spaces, across deployment models, as well as across subscriptions, where the virtual networks in the same region, or in different regions.

https://azure.microsoft.com/en-us/blog/global-vnet-peering-now-generally-available/

https://docs.microsoft.com/en-us/azure/virtual-network/create-peering-different-subscriptions

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-constraints

Azure Certification Question of the Day (QOTD) – AZ-103 003

You are the Azure Cloud Consultant for your organization, and you have been tasked with configuring VNet Peering.

You need to review the corporate needs to have the desired connectivity across all Azure public regions, keeping all your traffic on the Microsoft Backbone.

Which of the following statements below is TRUE regarding Global VNet Peering? (Choose three)

A) You can peer across VNets only in Azure public regions with non-overlapping address spaces.
B) You can peer across VNets in any Azure public regions regardless of any overlapping address spaces.
C) You can globally peer within a given subscription.
D) You can globally peer across subscriptions.
E) You can peer virtual networks in the same region, or different regions
F) You can peer virtual networks only in the same region
G) You can peer virtual networks only in different regions

And here is the updated blog post with the answer – Azure Certification Question of the Day (QOTD) – AZ-103 003 – ANSWERED

Azure Certification Question of the Day (QOTD) – AZ-500 Q001 – ANSWERED

To use Azure Active Directory (Azure AD) Privileged Identity Management (PIM), your directory must have a valid license.

Which licenses will you require? (Make three selections – each answer is a complete solution).

A) Azure AD Premium P1
B) Azure AD Premium P2
C) Enterprise Mobility + Security (EMS) E3
D) Enterprise Mobility + Security (EMS) E5
E) Microsoft 365 F1
F) Microsoft 365 M3
G) Microsoft 365 M5

CORRECT ANSWERS:
B) Azure AD Premium P2
D) Enterprise Mobility + Security (EMS) E5
G) Microsoft 365 M5

Licensing requirements

To use Privileged Identity Management, your directory must have one of the following paid or trial licenses:

  • Azure AD Premium P2
  • Enterprise Mobility + Security (EMS) E5
  • Microsoft 365 M5

Deploy Azure AD Privileged Identity Management (PIM)

License requirements to use Privileged Identity Management

Azure Certification Question of the Day (QOTD) – AZ-103 002 – ANSWERED

Your enterprise environment is presently using Active Directory Domain Services (AD DS).

You have been tasked with configuring directory synchronization with your Office 365 E5 subscription.

You need to set up support for Single Sign-on (SSO) and you want to confirm that all of the domain user names in use meet the formatting standard and will not cause any issues with the synchronization.

What should you do? (Choose the best option)

A) Make changes to the default configuration of Azure Active Directory (Azure AD) Connect sync
B) Confirm the synchronization settings in the Synchronization Rules Editor
C) Run Azure AD Connect sync with the defaults
D) Run the IdFix tool
E) Run the Synchronization Rules Editor and create a custom rule

Correct answer: D

The correct answer is (D) Run the Office 365 IdFix tool – the tool is used to search for problems in your directory and then fix the errors in the GUI.

Common errors detected by IdFix include illegal characters, duplicate entries / values, format violations, length limitations, to name a few.

While you can make changes to the default configuration in Azure Active Directory (Azure AD) Connect sync and / or run Azure Active Directory (Azure AD) Connect sync with the default settings, neither of these options would address any potential issues that might be found where there are the formatting exceptions and where these may cause issues with the synchronization.

The Synchronization Rules Editor is used to see and change the default configuration. It is configured with the default rules and you can add custom changes to the rules, such as flow, precedence, scoping, and so on, but this will not address the issue with any potential issues that might be found where there are the formatting exceptions and where these may cause issues with the synchronization.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-change-the-configuration

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-service-manager-ui

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis

Azure Certification Question of the Day (QOTD) – AZ-500 Q001

To use Azure Active Directory (Azure AD) Privileged Identity Management (PIM), your directory must have a valid license.

Which licenses will you require? (Make three selections – each answer is a complete solution).

A) Azure AD Premium P1
B) Azure AD Premium P2
C) Enterprise Mobility + Security (EMS) E3
D) Enterprise Mobility + Security (EMS) E5
E) Microsoft 365 F1
F) Microsoft 365 M3
G) Microsoft 365 M5

And here is the updated blog post with the answer – Azure Certification Question of the Day (QOTD) – AZ-500 Q001 – ANSWERED

Azure Certification Question of the Day (QOTD) – AZ-900 001 – ANSWERED

When looking at using a cloud service, what expenditure type are cloud services based on?

A) Capital Expenditure (CapEx)
B) Friendly expenditure
C) Maximum expense
D) Operational Expenditure (OpEx) CORRECT ANSWER

Explanation

Operational Expenditure (OpEx) is the correct answer. Cloud services operate on an Operational Expenditure model. It is regular, repeated expenditure that you pay for using cloud services.

Capital Expenditure (CapEx) is not the correct answer. Capital Expenditure (CapEx) is not required to be paid upfront when looking to start using a cloud services. There are no up-front costs to use cloud services. You pay for what you consume, under a consumption-based model.

Friendly expenditure and Maximum expense are not defined expenditure types.

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/financial-models

Azure Certification Question of the Day (QOTD) – AZ-103 002

Your enterprise environment is presently using Active Directory Domain Services (AD DS).

You have been tasked with configuring directory synchronization with your Office 365 E5 subscription.

You need to set up support for Single Sign-on (SSO) and you want to confirm that all of the domain user names in use meet the formatting standard and will not cause any issues with the synchronization.

What should you do? (Choose the best option)

A) Make changes to the default configuration of Azure Active Directory (Azure AD) Connect sync
B) Confirm the synchronization settings in the Synchronization Rules Editor
C) Run Azure AD Connect sync with the defaults
D) Run the IdFix tool
E) Run the Synchronization Rules Editor and create a custom rule

And here is the updated blog post with the answer – Azure Certification Question of the Day (QOTD) – AZ-103 002 – ANSWERED

Azure Certification Question of the Day (QOTD) – AZ-900 001

When looking at using a cloud service, what expenditure type are cloud services based on?

A) Capital Expenditure (CapEx)
B) Friendly expenditure
C) Maximum expense
D) Operational Expenditure (OpEx)

And here is the updated blog post with the answer – Azure Certification Question of the Day (QOTD) – AZ-900 001 – ANSWERED

Certification QOTD – AZ-103 001 – ANSWERED

QUESTION 1 – ANSWERED

You’re running your environment in Azure and you review the following resources

Resource Group – rgmain001

Storage Account – samain001

Azure File Sync – afs001

samain001 contains a file share called IMAGES that contains 1,000 image files.

You need to synchronize the files in Azure to an on-premises Windows server named IMGSYS001.

Which three actions should you perform? Each correct answer presents part of the solution.

A) Mount the current Blob storage in state as a file system

B) Transfer data with the AzCopy

C) Create a sync group and a cloud endpoint

D) Register IMGSYS001
E) Install the Azure File Sync agent on IMGSYS001

Correct answer:

C, D, E

Step 1 (E): Install the Azure File Sync agent on IMGSYS001 – The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share

Step 2 (D): Register IMGSYS001.

Register Windows Server with Storage Sync Service – establishes a trust relationship between your physical server (or cluster) and the Storage Sync Service.

Step 3 (C): Create a sync group and a cloud endpoint – defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.

AzCopy is a command-line utility designed for copying data to/from Microsoft Azure Blob, File, and Table storage, using simple commands designed for optimal performance. You can copy data between a file system and a storage account, or between storage accounts but it is not the best answer to fully synchronize files in Azure to an on-premises server.

You can mount Blob storage as a file system with blobfuse, but this is only available through the Linux file system. Blobfuse is a virtual file system driver for Azure Blob storage.