Microsoft AZ-600 Exam Practice Test Instant Access

Question 1

You plan to deploy a highly available Azure App Service resource provider to an Azure Stack Hub integrated system.

You need to ensure that the App Service resource meets the prerequisites. The solution must minimize costs.

Which two resources should you deploy? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Aa highly available Microsoft SQL Server 2019 instance in the default provider subscription

Ba highly available file server in a dedicated user subscription

Ca highly available file server in the default provider subscription

Da highly available Microsoft SQL Server 2019 instance in a dedicated user subscription

Ea single file server in the default provider subscription

Fa single Microsoft SQL Server 2019 instance in the default provider subscription

Answer : A, C

https://blog.apps.id.au/adventures-cloud-operator-highly-available-app-service-1-4-azure-stack-step-2-deployment/

Question 2

You have a disconnected Azure Stack Hub integrated system.

You plan to implement an app named App1.

You need to create a new service principal for App1. The solution must maximize security.

What should you do first?

ACreate an app registration in Azure AD.

BCreate a group managed service account (gMSA)

CGenerate an Azure Key Vault secret.

DGenerate an X.509 certificate.

Answer : D

You start by creating a new app registration in your directory, which creates an associated service principal object to represent the app's identity within the directory.

Your choice of either Azure AD or AD FS is determined by the mode in which you deploy Azure Stack Hub:

When you deploy it in a connected mode, you can use either Azure AD or AD FS.

When you deploy it in a disconnected mode, without a connection to the internet, only AD FS is supported.

Manage an AD FS app

If you deployed Azure Stack Hub with AD FS as your identity management service, you must use PowerShell to manage your app's identity. The following examples demonstrate both an X509 certificate and a client secret credential.

Once you have a certificate, use a PowerShell script to register your app and sign in using the app's identity.

https://learn.microsoft.com/en-us/azure-stack/operator/give-app-access-to-resources

Question 3

You plan to install an update to an Azure Stack Hub integrated system.

You need to verify whether the integrated system is healthy, and whether you can apply the update. You must achieve the goal as quickly as possible.

Solution: From the administrator management endpoint, you run Test-AzureStack --Group "UpdateReadiness".

Does this meet the goal?

AYes

BNo

Answer : A

Question 4

You have an Azure Stack Hub integrated system.

You need to add an additional scale unit node to the system.

What can you do while the operation to add the new node is being performed?

ARepair a scale unit node.

BStop Azure Stack Hub.

CRemove a node

DCreate new user subscriptions.

Answer : B

Question 5

You have an Azure Stack Hub integrated system.

You need to create a new offer that can be used only by an operator to provision user subscriptions. The solution must simplify the process for users to create resources.

Which type of offer should you create?

Apublic with a base plan only

Bdelegated with a base plan only

Cprivate with a base plan only

Ddecommissioned

Answer : B

https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-delegated-provider?view=azs-2008

Question 6

You have an Azure Slack Hub integrated system that uses the latest version.

You discover an alert for an external certificate that will expire. You obtain new certificates.

You need to validate that all the components required to change the certificates are in a healthy state, and then renew the certificates.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

ARun the Start -Sec ret Rot at Ion and specify the PfxFilePath parameter.

BCopy the certificates to Azure Blob storage.

CCopy the certificates to an SMB file share that is accessible from the privilege endpoint (PEP).

DRun the Test-AzureStack cmdlet and Specify the -Group UpdateReadiness parameter.

ERun the Test-AzureStaek cmdlet and Specify the -Group SecretRotationReadiness parameter.

FRun Start-SecretRotation cmdlet and Specify the Internal parameter.

Answer : C, E, F

Question 7

You need to change the DNS forwarder of the priv1 region.

Which two actions should you perform? Each correct answer presents part of the solution?

NOTE: Each correct selection is worth one point.

ARun the Register-CustomDnsServer cmdlet

BRun the Add-DnsServerForwarder cmdlet

CRun the Set-AzsDnsForwarder cmdlet

DConnect to the administrator management endpoint of the priv1 region

EConnect to privileged endpoint (PEP) of the priv1 region

Answer : C, E

https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-configure-dns?view=azs-2008

Microsoft Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub AZ-600 Exam Practice Test