Microsoft AZ-600 Exam Practice Test Instant Access

Question 1

You have an Azure Stack Hub integrated system that connects to the Internet.

You are migrating several Hyper-V workloads to Azure Stack Hub. Billing for the workloads is consumption-based.

You need to predict the ongoing Microsoft subscription charges for the workloads.

You run an Azure Migrate assessment and receive the output shown in the following table.

The values from which three columns affect the ongoing Microsoft subscription charges? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

ADisk 1 size (In GB)

BNetwork throughput (MB per second)

CCores

DMemory (In MB)

EDisk 1 read ops (operations per second)

FDisk 1 write ops (operations per second)

GOS name

Answer : A, C, D

https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-usage-related-faq?view=azs-2008

Question 2

You have an Azure Slack Hub integrated system that uses the latest version.

You discover an alert for an external certificate that will expire. You obtain new certificates.

You need to validate that all the components required to change the certificates are in a healthy state, and then renew the certificates.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

ARun the Start -Sec ret Rot at Ion and specify the PfxFilePath parameter.

BCopy the certificates to Azure Blob storage.

CCopy the certificates to an SMB file share that is accessible from the privilege endpoint (PEP).

DRun the Test-AzureStack cmdlet and Specify the -Group UpdateReadiness parameter.

ERun the Test-AzureStaek cmdlet and Specify the -Group SecretRotationReadiness parameter.

FRun Start-SecretRotation cmdlet and Specify the Internal parameter.

Answer : C, E, F

Question 3

You have a disconnected Azure Stack Hub integrated system.

You have a registered app named App1 that has a client ID of 2bbe67d8-3fdb-4b62-87cf-cc41dd4344rf.

You plan to assign a role-based access control (RBAC) role to Appl.

You need to locate App1 in the Azure Stack Hub user portal by using the search feature.

Which prefix should you use?

AAzureStackHub-app1

BAxuraStack-appl

C2bbe67d8-3fdb-4b62-87cf-cc41dd4344ff

Dapp1

Answer : A

Under Select, search for your app using a full or partial Application Name. During registration, the Application Name is generated as Azurestack-<YourAppName>-<ClientId>. For example, if you used an application name of App2, and ClientId 2bbe67d8-3fdb-4b62-87cf-cc41dd4344ff was assigned during creation, the full name would be Azurestack-App2-2bbe67d8-3fdb-4b62-87cf-cc41dd4344ff. You can search for either the exact string, or a portion, like Azurestack or Azurestack-App2.

Note: An Application ID, sometimes referred to as a Client ID. A GUID that uniquely identifies the app's registration in your Active Directory tenant.

Question 4

You have an Azure Stack Hub integrated system that is disconnected from the internet. The integrated system has an Azure App Service resource provider.

You generate a new certificate.

You need to rotate the certificate of the App Service identity application to use the new certificate.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

AFrom the administrator portal, get the value of the default provider subscription object ID.

BFrom a privileged endpoint (PEP) session, run the Export-Cercificace cmdlet. and then run the Import-Certificace cmdlet

CFrom a privileged endpoint (PEP) session, run the New-Object cmdlet. and then run the import-PfxCertificace cmdlet

DFrom a privileged endpoint (PEP) session, run the New-Objecc cmdlet, and then run the Sec-GraphApplicacion cmdlet

EFrom the administrator portal, get the value of the AzureStack-AppService object ID.

Answer : D, E

Your choice of either Azure AD or AD FS is determined by the mode in which you deploy Azure Stack Hub:

When you deploy it in a connected mode, you can use either Azure AD or AD FS.

When you deploy it in a disconnected mode, without a connection to the internet, only AD FS is supported.

Rotate certificate for AD FS identity application

The identity application is created by the operator before deployment of Azure App Service on Azure Stack Hub. If the application's object ID is unknown, follow these steps to discover it:

Go to the Azure Stack Hub administrator portal.

Go to Subscriptions and select Default Provider Subscription.

Select Access Control (IAM) and select the AzureStack-AppService-<guid> application.

Take a note of the Object ID, this value is the ID of the Service Principal that must be updated in AD FS.

D: To rotate the certificate for the application in AD FS, you need to have access to the privileged endpoint (PEP). Then you update the certificate credential using PowerShell.

# Sign in to PowerShell interactively, using credentials that have access to the VM running the Privileged Endpoint

$Creds = Get-Credential

# Create a new Certificate object from the identity application certificate exported as .cer file

$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2('<CertificateFileLocation>')

# Create a new PSSession to the PrivelegedEndpoint VM

$Session = New-PSSession -ComputerName '<PepVm>' -ConfigurationName PrivilegedEndpoint -Credential $Creds -SessionOption (New-PSSessionOption -Culture en-US -UICulture en-US)

# Use the privileged endpoint to update the certificate thumbprint, used by the service principal associated with the App Service identity application

$SpObject = Invoke-Command -Session $Session -ScriptBlock {Set-GraphApplication -ApplicationIdentifier '<ApplicationObjectId>' -ClientCertificates $using:Cert}

$Session | Remove-PSSession

# Output the updated service principal details

$SpObject

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-identity-overview

https://learn.microsoft.com/en-us/azure-stack/operator/app-service-rotate-certificates

Question 5

You are troubleshooting an Azure Stack Hub integrated system.

A Microsoft Support Engineer needs to review automatically uploaded logs.

What should you provide to the Microsoft Support Engineer?

Athe Azure AD tenant ID

Bthe metering subscription ID

Cthe Microsoft Partner Network (MPN) number

Dthe Azure Stack Hub Cloud ID

Ethe default service provider subscription ID

Answer : D

The Cloud ID is the unique ID for tracking support data uploaded from a specific scale unit. When diagnostic logs are uploaded for support analysis, the Cloud ID is how the logs are associated with that scale unit.

Question 6

You have a multitenant Azure Stack Hub integrated system for a Cloud Solution Provider (CSP). The integrated system is used by several customers.

You hire a new support technician to help manage the integrated system.

You need to configure access for the support technician. The solution must meet the following requirements:

The technician must be prevented from accessing customer resources.

The technician must be able to monitor the status of infrastructure backups.

The technician must be able to create and manage plans, offers, and quotas.

Which built-in role should you assign to the support technician?

AReader

BOwner

CUse Access Administrator

DContributor

EBackup Operator

Answer : D

https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-manage-permissions?view=azs-2008

Question 7

You have an Azure Stack Hub integrated system that is enabled for multi-tenancy.

You receive an alert that one or more guest Azure Active Directory (Azure AD) tenants requires updates to support new features.

You need to identify which Azure AD tenants you must update.

Which two options can you use? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Athe App registrations blade of the public Azure portal

Bthe Get-AzureADTenancDecail cmdlet

Cthe User subscriptions blade of the administrator portal in Azure Stack Hub

Dthe Gec-AzsDireccoryTenancidentif ier cmdlet

Ethe Directories blade of the administrator portal in Azure Stack Hub

Fthe Gec-AzsHealchReporc cmdlet

Gthe Gec-AzsAlercs cmdlet

Answer : E, F

E: You can determine whether an update is required for home or guest directories by viewing the directories pane in the admin portal. Each directory listing shows the type of directory. The type can be a home or guest directory, and its status is shown.

F: .Synopsis

Gets the health report of identity application in the Azure Stack home and guest directories

.DESCRIPTION

Gets the health report for Azure Stack identity applications in the home directory as well as guest directories of Azure Stack. Any directories with an unhealthy status need to have their permissions updated.

.EXAMPLE

$adminResourceManagerEndpoint = 'https://adminmanagement.local.azurestack.external'

$homeDirectoryTenantName = '<homeDirectoryTenant>.onmicrosoft.com'

Get-AzsHealthReport -AdminResourceManagerEndpoint $adminResourceManagerEndpoint `

-DirectoryTenantName $homeDirectoryTenantName -Verbose

Examples.

Example 1: Get details for a tenant

PS C:\>Get-AzureADTenantDetail

ObjectId DisplayName VerifiedDomains

-------- ----------- ---------------

85b5ff1e-0402-400c-9e3c-0f9e965325d1 Coho Vineyard & Winery {class VerifiedDomain {..

https://github.com/Azure/AzureStack-Tools/blob/master/Identity/AzureStack.Identity.psm1

Microsoft AZ-600 Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub Exam Practice Test