Case Study – Contoso

Overview –
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment –
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirements –

Planned Changes –
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft 365 migration project.

Technical Requirements –
Contoso must meet the following technical requirements:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure.
Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.

User Requirements –
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service admin for the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.
Question
You need to recommend an identity solution that meets the technical requirements.
What should you recommend?

Question:

1.1 You need to recommend an identity solution that meets the technical requirements.
What should you recommend?

A. password hash synchronization and single sign-on (SSO)
B. federated single sign-on (SSO) and Active Directory Federation Services (AD FS)
C. Pass-thorough Authentication and single sign-on (SSO)
D. cloud-only user accounts

1.2. HOTSPOT –
You need to recommend a solution for App1. The solution must meet the technical requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

1.3. You need to implement a backup solution for App1 after the application is moved.
What should you create first?

A. an Azure Backup Server
B. a Recovery Services vault
C. a recovery plan
D. a backup policy

1.4. You need to move the blueprint files to Azure. What should you do?

A. Use the Azure Import/Export service.
B. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
C. Use Azure Storage Explorer to copy the files.
D. Generate an access key. Map a drive, and then copy the files by using File Explorer.

1.5. HOTSPOT –
You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

2. You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available. Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that Admin1 can create access reviews in contoso.com. Solution: You assign the Service administrator role to Admin1. Does this meet the goal?

A. Yes
B. No

3. HOTSPOT –
A company runs multiple Windows virtual machines (VMs) in Azure. The IT operations department wants to apply the same policies as they have for on-premises VMs to the VMs running in Azure, including domain administrator permissions and schema extensions. You need to recommend a solution for the hybrid scenario that minimizes the amount of maintenance required. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:

4. HOTSPOT –
Your company has an Azure Container Registry named Registry1. You have an Azure virtual machine named Server1 that runs Windows Server 2019. From Server1, you create a container image named image1. You need to add image1 to Registry1. Which command should you run on Server1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

5. Your company has an office in Seattle. You have an Azure subscription that contains a virtual network named VNET1. You create a site-to-site VPN between the Seattle office and VNET1. VNET1 contains the subnets shown in the following table.

You need to route all Internet-bound traffic from Subnet1 to the Seattle office. What should you create?
A. a route for GatewaySubnet that uses the virtual network gateway as the next hop
B. a route for GatewaySubnet that uses the local network gateway as the next hop
C. a route for Subnet1 that uses the local network gateway as the next hop
D. a route for Subnet1 that uses the virtual network gateway as the next hop

6. HOTSPOT –
You have an Azure subscription that contains the Azure SQL servers shown in the following table.

The subscription contains the elastic pools shown in the following table.

The subscription contains the Azure SQL databases shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

7. You have an Azure Active Directory (Azure AD) tenant named contoso.com. A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available. Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that Admin1 can create access reviews in contoso.com. Solution: You create an access package.
Does this meet the goal?

A. Yes
B. No

8. You have an Azure Active Directory (Azure AD) tenant named contoso.com. A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available. Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that the Admin1 can create access reviews in contoso.com. Solution: You purchase an Azure Directory Premium P2 license for contoso.com.
Does this meet the goal?

A. Yes
B. No

9. You have a resource group named RG1 that contains the following:
A virtual network that contains two subnets named Subnet1 and Subnet2.
An Azure Storage account named contososa1.
An Azure firewall deployed to Subnet2.
You need to ensure that contososa1 is accessible from Subnet1 over the Azure backbone network.
What should you do?

A. Deploy an Azure firewall to Subnet1.
B. Remove the Azure firewall.
C. Implement a virtual network service endpoint.
D. Create a stored access policy for contososa1.

10. Your company has the groups shown in the following table.

The company has an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
An administrator named Admin1 attempts to enable Enterprise State Roaming for all the users in the Managers group.
Admin1 reports that the options for Enterprise State Roaming are unavailable from Azure AD.
You verify that Admin1 is assigned the Global administrator role.
You need to ensure that Admin1 can enable Enterprise State Roaming.
What should you do?

A. Enforce Azure Multi-Factor Authentication (MFA) for Admin1.
B. Purchase an Azure AD Premium P1 license for each user in the Managers group.
C. Assign an Azure AD Privileged Identity Management (PIM) role to Admin1.
D. Purchase an Azure Rights Management (Azure RMS) license for each user in the Managers group.

11. HOTSPOT –
You play to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template. You need to complete the template. What should you include in the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

12. HOTSPOT –
You plan to create a virtual machine as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

13. You have an Azure subscription that contains the storage accounts shown in the following table.

All storage accounts contain blobs only. You need to implement several lifecycle management rules for all storage accounts. What should you do first?

A. Upgrade contosostorage1 and contosostorage2 to General Purpose V2 accounts.
B. Move 5 TB of blob data from contosostorage3 to contosostorage4.
C. Move 5 TB of blob data from contosostorage1 to contosostorage2.
D. Recreate contosostorage5 as a General Purpose V2 account.

14. HOTSPOT –
You have an Azure subscription that contains the resource groups shown in the following table.

RG1 contains the virtual machines shown in the following table.

RG2 contains the virtual machines shown in the following table.

All the virtual machines are configured to use premium disks and are accessible from the Internet. VM1 and VM2 are in an availability set named AVSET1. VM3 and VM4 are in the same availability zone and are in an availability set named AVSET2. VM5 and VM6 are in different availability zones.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

15. DRAG DROP –
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You install a line-to-business application on VM1.
You need to create an Azure virtual machine by using VM1 as a custom image.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

16. You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available. Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that the Admin1 can create access reviews in contoso.com. Solution: You consent to Azure AD Privileged Identity Management (PIM). Does this meet the goal?

A. Yes
B. No

17. You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available. Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that the Admin1 can create access reviews in contoso.com. Solution: You assign the Global administrator role to Admin1.
Does this meet the goal?

A. Yes
B. No

18. HOTSPOT –
You have an Azure subscription. You plan to deploy two Azure web apps that have the requirements shown in the following table.

You need to select the App Service plans for the web apps. The solution must minimize costs. Which App Service plan should you select for each web app? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

19. You have an Azure subscription. You create a custom role in Azure by using the following Azure Resource Manager template.

You assign the role to a user named User1. Which action can User1 perform?
A. Delete virtual machines.
B. Create resource groups.
C. Create virtual machines.
D. Create support requests.

20. A company plans to use third-party application software to perform complex data analysis processes. The software will use up to 500 identical virtual machines (VMs) based on an Azure Marketplace VM image. You need to design the infrastructure for the third-party application server. The solution must meet the following requirements:
– The number of VMs that are running at any given point in time must change when the user workload changes.
– When a new version of the application is available in Azure Marketplace it must be deployed without causing application downtime.|
– Use VM scale sets.
– Minimize the need for ongoing maintenance.
Which two technologies should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. single storage account
B. autoscale
C. single placement group
D. managed disks