You have an Azure Stack Hub integrated system that has the following configurations:
A deployment prefix of AzS
A physical prefix of AzP
You need to renew the certificates for the integrated system.
To which virtual machine should you establish a PowerShell session?
You have an Azure Stack Hub integrated system that connects to the Internet.
You are migrating several Hyper-V workloads to Azure Stack Hub. Billing for the workloads is consumption-based.
You need to predict the ongoing Microsoft subscription charges for the workloads.
You run an Azure Migrate assessment and receive the output shown in the following table.
The values from which three columns affect the ongoing Microsoft subscription charges? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Answer : A, C, D
https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-usage-related-faq?view=azs-2008
You have an Azure Stack Hub integrated system that is disconnected from the internet. The integrated system has an Azure App Service resource provider.
You generate a new certificate.
You need to rotate the certificate of the App Service identity application to use the new certificate.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer : D, E
Your choice of either Azure AD or AD FS is determined by the mode in which you deploy Azure Stack Hub:
When you deploy it in a connected mode, you can use either Azure AD or AD FS.
When you deploy it in a disconnected mode, without a connection to the internet, only AD FS is supported.
E:
Rotate certificate for AD FS identity application
The identity application is created by the operator before deployment of Azure App Service on Azure Stack Hub. If the application's object ID is unknown, follow these steps to discover it:
Go to the Azure Stack Hub administrator portal.
Go to Subscriptions and select Default Provider Subscription.
Select Access Control (IAM) and select the AzureStack-AppService-<guid> application.
Take a note of the Object ID, this value is the ID of the Service Principal that must be updated in AD FS.
D: To rotate the certificate for the application in AD FS, you need to have access to the privileged endpoint (PEP). Then you update the certificate credential using PowerShell.
# Sign in to PowerShell interactively, using credentials that have access to the VM running the Privileged Endpoint
$Creds = Get-Credential
# Create a new Certificate object from the identity application certificate exported as .cer file
$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2('<CertificateFileLocation>')
# Create a new PSSession to the PrivelegedEndpoint VM
$Session = New-PSSession -ComputerName '<PepVm>' -ConfigurationName PrivilegedEndpoint -Credential $Creds -SessionOption (New-PSSessionOption -Culture en-US -UICulture en-US)
# Use the privileged endpoint to update the certificate thumbprint, used by the service principal associated with the App Service identity application
$SpObject = Invoke-Command -Session $Session -ScriptBlock {Set-GraphApplication -ApplicationIdentifier '<ApplicationObjectId>' -ClientCertificates $using:Cert}
$Session | Remove-PSSession
# Output the updated service principal details
$SpObject
https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-identity-overview
https://learn.microsoft.com/en-us/azure-stack/operator/app-service-rotate-certificates
You have an Azure Stack Hub integrated system.
A scale unit node has a hardware failure.
You replace the physical server based on the field replacement unit (FRU) documentation of the OEM hardware vendor.
You need to reintroduce the node to the scale unit.
Which PowerShell cmdlet should you run?
Answer : B
https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-node-actions?view=azs-
2008&tabs=az1#repair
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Stack Hub integrated system that connects to the Internet. The integrated system uses an Enterprise Agreement (EA) for licensing.
You are creating an Azure Resource Manager template to generate a marketplace item for a virtual machine that runs Windows Server 2019 Datacenter and a custom application.
You need to ensure that Windows Server is licensed by using the bring-your-own-license model.
Solution: You add OsType: Windows to the Azure Resource Manager template.
Does this meet the goal?
Answer : B
You have an Azure Stack Hub integrated system.
You unlock the privileged endpoint (PEP).
How long will the PEP session remain unlocked?
Answer : D
Unlocking the privileged endpoint for support scenarios
During a support scenario, the Microsoft support engineer might need to elevate the privileged endpoint PowerShell session to access the internals of the Azure Stack Hub infrastructure. This process is sometimes informally referred to as 'break the glass' or 'unlock the PEP'.
An elevated PEP session has a validity of 8 hours, after which, if not terminated, the elevated PEP session will automatically lock back to a regular PEP session.
You are troubleshooting an Azure Stack Hub integrated system.
A Microsoft Support Engineer needs to review automatically uploaded logs.
What should you provide to the Microsoft Support Engineer?
Answer : D
The Cloud ID is the unique ID for tracking support data uploaded from a specific scale unit. When diagnostic logs are uploaded for support analysis, the Cloud ID is how the logs are associated with that scale unit.