To
use Azure Active Directory (Azure AD) Privileged Identity Management (PIM),
your directory must have a valid license.
Which licenses will you require? (Make three selections – each answer is a complete solution).
A) Azure AD Premium P1 B) Azure AD Premium P2 C) Enterprise Mobility + Security (EMS) E3 D) Enterprise Mobility + Security (EMS) E5 E) Microsoft 365 F1 F) Microsoft 365 M3 G) Microsoft 365 M5
CORRECT ANSWERS: B) Azure AD Premium P2 D) Enterprise Mobility + Security (EMS) E5 G) Microsoft 365 M5
Licensing requirements
To use Privileged Identity Management, your directory must have one of the following paid or trial licenses:
Your enterprise environment is presently using Active Directory Domain Services (AD DS).
You have been tasked with configuring directory synchronization with your Office 365 E5 subscription.
You need to set up support for Single Sign-on (SSO) and you want to confirm that all of the domain user names in use meet the formatting standard and will not cause any issues with the synchronization.
What should you do? (Choose the best option)
A) Make changes to the default configuration of Azure Active Directory (Azure AD) Connect sync B) Confirm the synchronization settings in the Synchronization Rules Editor C) Run Azure AD Connect sync with the defaults D) Run the IdFix tool E) Run the Synchronization Rules Editor and create a custom rule
Correct answer: D
The correct
answer is (D) Run the Office 365 IdFix tool – the tool is used to search for
problems in your directory and then fix the errors in the GUI.
Common
errors detected by IdFix include illegal characters, duplicate entries /
values, format violations, length limitations, to name a few.
While you
can make changes to the default configuration in Azure Active Directory (Azure
AD) Connect sync and / or run Azure Active Directory (Azure AD) Connect sync
with the default settings, neither of these options would address any potential
issues that might be found where there are the formatting exceptions and where
these may cause issues with the synchronization.
The
Synchronization Rules Editor is used to see and change the default
configuration. It is configured with the default rules and you can add custom
changes to the rules, such as flow, precedence, scoping, and so on, but this
will not address the issue with any potential issues that might be found where
there are the formatting exceptions and where these may cause issues with the
synchronization.
To use Azure Active Directory (Azure AD) Privileged Identity Management (PIM), your directory must have a valid license.
Which licenses will you require? (Make three selections – each answer is a complete solution).
A) Azure AD Premium P1 B) Azure AD Premium P2 C) Enterprise Mobility + Security (EMS) E3 D) Enterprise Mobility + Security (EMS) E5 E) Microsoft 365 F1 F) Microsoft 365 M3 G) Microsoft 365 M5
When looking at using a cloud service, what expenditure type are cloud services based on?
A) Capital Expenditure (CapEx) B) Friendly expenditure C) Maximum expense D) Operational Expenditure (OpEx) – CORRECT ANSWER
Explanation
Operational Expenditure (OpEx) is the correct answer. Cloud
services operate on an Operational Expenditure model. It is regular, repeated
expenditure that you pay for using cloud services.
Capital Expenditure (CapEx) is not the correct answer. Capital Expenditure (CapEx) is
not required to be paid upfront when looking to start using a cloud services.
There are no up-front costs to use cloud services. You pay for what you
consume, under a consumption-based model.
Friendly expenditure and Maximum expense are not defined expenditure types.
Your enterprise environment is presently using Active Directory Domain Services (AD DS).
You have been tasked with configuring directory synchronization with your Office 365 E5 subscription.
You need to set up support for Single Sign-on (SSO) and you want to confirm that all of the domain user names in use meet the formatting standard and will not cause any issues with the synchronization.
What should you do? (Choose the best option)
A) Make changes to the default configuration of Azure Active Directory (Azure AD) Connect sync B) Confirm the synchronization settings in the Synchronization Rules Editor C) Run Azure AD Connect sync with the defaults D) Run the IdFix tool E) Run the Synchronization Rules Editor and create a custom rule
You’re
running your environment in Azure and you review the following resources
Resource
Group – rgmain001
Storage
Account – samain001
Azure File
Sync – afs001
samain001
contains a file share called IMAGES that contains 1,000 image files.
You need to
synchronize the files in Azure to an on-premises Windows server named
IMGSYS001.
Which three
actions should you perform? Each correct answer presents part of the solution.
A) Mount
the current Blob storage in state as a file system
B) Transfer
data with the AzCopy
C) Create a
sync group and a cloud endpoint
D) Register
IMGSYS001
E) Install the Azure File Sync agent on IMGSYS001
Correct
answer:
C, D, E
Step 1 (E): Install the Azure File Sync agent on IMGSYS001 – The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share
Step 2 (D):
Register IMGSYS001.
Register
Windows Server with Storage Sync Service – establishes a trust relationship
between your physical server (or cluster) and the Storage Sync Service.
Step 3 (C): Create a sync group and a cloud endpoint – defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.
AzCopy is a command-line utility designed for copying data to/from Microsoft Azure Blob, File, and Table storage, using simple commands designed for optimal performance. You can copy data between a file system and a storage account, or between storage accounts but it is not the best answer to fully synchronize files in Azure to an on-premises server.
samain001
contains a file share called IMAGES that contains 1,000 image files.
You need to
synchronize the files in Azure to an on-premises server named IMGSYS001.
Which three
actions should you perform? Each correct answer presents part of the solution.
A) Mount the current Blob storage in state as a file system B) Transfer data with the AzCopy C) Create a sync group and a cloud endpoint D) Register IMGSYS001 E) Install the Azure File Sync agent on IMGSYS001
As part of getting back into regular blogging, I would like to announce that the Certification Question of the Day is going to be making its return.
I did this in the past for prior MCSE and MCSA certifications on my old blog (from many, many moons ago) and I thought it might be cool to give it another go now under the mantle of Azure certifications and the new role based training that I am involved with.
As I did prior, I will put “QOTD” in the category field for easier searching here on the site as well as the certification it applies to (e.g. “AZ-103” or “AZ-500” – etc.)
A day after a post, I will re-post the question with the accompanying answer.
So as I alluded to the other day, I kick started a blog again (yes I know… how quaint and 1990s of me).
I’ve contributed probably to over a dozen different blogs over the years and then have separately run a dozen or so of my own. It’s always varying degrees of fun and frustration depending on which end of the spectrum you are at a given point of time.
Azure offers many different options for creating your own personal blog and one of them is a free option if you’re going to be very light on the use and traffic. This is a great option if it’s more for just “fun” as a hobby or creative outlet.
Eventually, if you’re marginally successful picking up a following, you’ll need to step up and pay for some of the services.
To get started, you’ll go to the Azure Portal to access your subscription.
On your homepage or via the dashboard, you can go to the search bar and type in WordPress as a simple way to get started.
Once you select that option from the Azure Marketplace, you’ll arrive at the APP configuration page.
You’ll give your site a unique address (has to be globally unique) – whatever name you give it will be the default Fully Qualified Domain Name (FQDN) that you’ll use to reach the site (unless you’re going to register a different name).
You’ll set the subscription you’ll use in the next drop down box and then choose to either use an existing Resource Group or Create a new one
Next, you’ll choose a Database provider; you can select Azure Database for MySQL (which is designed for production environment and will scale to meet demand) or the cheaper option of MySQL in App.
Because I want to try to do this just as a hobby and for fun, I am going with everything I can (at least for now) that is inexpensive or free; with that, I’ll use MySQL in-app.
Next, I’ll choose my App Service Plan and the location and I’ll accept the defaults for Application Insights.
I will also choose the F1 Pricing tier as that is free for 60 minutes a day worth of compute.
(You can view all the tiers and what each one offers and costs HERE.)
Once that’s done, I’ll select CREATE, which will run the validation and deploy the app.
So that’s how I set mine all up… let’s see how we’re doing with that free service over the past three days the site’s been up by reviewing the output on the OVERVIEW dashboard and the APPLICATION INSIGHTS page for the information it supplies.
So we can see the results of the past hour on the OVERVIEW page above, but let’s dig in some on the past three days to see how well that F1 Pricing tier has served the new page.
So far, so good – 240 requests, all serviced (no failures), and the worst latency isn’t really all that bad at the peak of 200.85ms.
I can also see from my QUOTA view that I have a fair amount of room to grow still under this free plan.
Guess my next task is to try to drive a little more traffic to the blog 😉
