Microsoft AZ-600 Exam Practice Test Instant Access

Question 1

You have an Azure Stack Hub integrated system that has the following configurations:

A deployment prefix of AzS

A physical prefix of AzP

You need to renew the certificates for the integrated system.

To which virtual machine should you establish a PowerShell session?

AAzS-ERCS02

BAzS-CA01

CAzS-WAS01

DAzP-S1-N01

Answer : B

https://docs.microsoft.com/en-gb/learn/modules/manage-azure-stack-hub-use-privileged-endpoints/2-connect-privileged-endpoint

Question 2

You have an Azure Stack Hub integrated system that connects to the Internet.

You are migrating several Hyper-V workloads to Azure Stack Hub. Billing for the workloads is consumption-based.

You need to predict the ongoing Microsoft subscription charges for the workloads.

You run an Azure Migrate assessment and receive the output shown in the following table.

The values from which three columns affect the ongoing Microsoft subscription charges? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

ADisk 1 size (In GB)

BNetwork throughput (MB per second)

CCores

DMemory (In MB)

EDisk 1 read ops (operations per second)

FDisk 1 write ops (operations per second)

GOS name

Answer : A, C, D

https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-usage-related-faq?view=azs-2008

Question 3

You have an Azure Stack Hub integrated system that is disconnected from the internet. The integrated system has an Azure App Service resource provider.

You generate a new certificate.

You need to rotate the certificate of the App Service identity application to use the new certificate.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

AFrom the administrator portal, get the value of the default provider subscription object ID.

BFrom a privileged endpoint (PEP) session, run the Export-Cercificace cmdlet. and then run the Import-Certificace cmdlet

CFrom a privileged endpoint (PEP) session, run the New-Object cmdlet. and then run the import-PfxCertificace cmdlet

DFrom a privileged endpoint (PEP) session, run the New-Objecc cmdlet, and then run the Sec-GraphApplicacion cmdlet

EFrom the administrator portal, get the value of the AzureStack-AppService object ID.

Answer : D, E

Your choice of either Azure AD or AD FS is determined by the mode in which you deploy Azure Stack Hub:

When you deploy it in a connected mode, you can use either Azure AD or AD FS.

When you deploy it in a disconnected mode, without a connection to the internet, only AD FS is supported.

Rotate certificate for AD FS identity application

The identity application is created by the operator before deployment of Azure App Service on Azure Stack Hub. If the application's object ID is unknown, follow these steps to discover it:

Go to the Azure Stack Hub administrator portal.

Go to Subscriptions and select Default Provider Subscription.

Select Access Control (IAM) and select the AzureStack-AppService-<guid> application.

Take a note of the Object ID, this value is the ID of the Service Principal that must be updated in AD FS.

D: To rotate the certificate for the application in AD FS, you need to have access to the privileged endpoint (PEP). Then you update the certificate credential using PowerShell.

# Sign in to PowerShell interactively, using credentials that have access to the VM running the Privileged Endpoint

$Creds = Get-Credential

# Create a new Certificate object from the identity application certificate exported as .cer file

$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2('<CertificateFileLocation>')

# Create a new PSSession to the PrivelegedEndpoint VM

$Session = New-PSSession -ComputerName '<PepVm>' -ConfigurationName PrivilegedEndpoint -Credential $Creds -SessionOption (New-PSSessionOption -Culture en-US -UICulture en-US)

# Use the privileged endpoint to update the certificate thumbprint, used by the service principal associated with the App Service identity application

$SpObject = Invoke-Command -Session $Session -ScriptBlock {Set-GraphApplication -ApplicationIdentifier '<ApplicationObjectId>' -ClientCertificates $using:Cert}

$Session | Remove-PSSession

# Output the updated service principal details

$SpObject

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-identity-overview

https://learn.microsoft.com/en-us/azure-stack/operator/app-service-rotate-certificates

Question 4

You have an Azure Stack Hub integrated system.

A scale unit node has a hardware failure.

You replace the physical server based on the field replacement unit (FRU) documentation of the OEM hardware vendor.

You need to reintroduce the node to the scale unit.

Which PowerShell cmdlet should you run?

AEnable-AzsScaleUnitNode

BRepair-AzsScaleUnitNode

CStart-AzsScaleUnitNode

DRestart-AzsInfrastructureRole

EAdd-AzsScaleUnitNode

Answer : B

https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-node-actions?view=azs-

2008&tabs=az1#repair

Question 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Stack Hub integrated system that connects to the Internet. The integrated system uses an Enterprise Agreement (EA) for licensing.

You are creating an Azure Resource Manager template to generate a marketplace item for a virtual machine that runs Windows Server 2019 Datacenter and a custom application.

You need to ensure that Windows Server is licensed by using the bring-your-own-license model.

Solution: You add OsType: Windows to the Azure Resource Manager template.

Does this meet the goal?

AYes

BNo

Answer : B

Question 6

You have an Azure Stack Hub integrated system.

You unlock the privileged endpoint (PEP).

How long will the PEP session remain unlocked?

A30 minutes

Bone hour

C24 hours

Deight hours

Answer : D

Unlocking the privileged endpoint for support scenarios

During a support scenario, the Microsoft support engineer might need to elevate the privileged endpoint PowerShell session to access the internals of the Azure Stack Hub infrastructure. This process is sometimes informally referred to as 'break the glass' or 'unlock the PEP'.

An elevated PEP session has a validity of 8 hours, after which, if not terminated, the elevated PEP session will automatically lock back to a regular PEP session.

Question 7

You are troubleshooting an Azure Stack Hub integrated system.

A Microsoft Support Engineer needs to review automatically uploaded logs.

What should you provide to the Microsoft Support Engineer?

Athe Azure AD tenant ID

Bthe metering subscription ID

Cthe Microsoft Partner Network (MPN) number

Dthe Azure Stack Hub Cloud ID

Ethe default service provider subscription ID

Answer : D

The Cloud ID is the unique ID for tracking support data uploaded from a specific scale unit. When diagnostic logs are uploaded for support analysis, the Cloud ID is how the logs are associated with that scale unit.

Microsoft Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub AZ-600 Exam Practice Test