AZ-600 : Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub : Part 02

AZ-600 : Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub : Part 02

1. DRAG DROP

   Your company is a Cloud Solution Provider (CSP).

   You plan to create an Azure subscription for a new Azure Stack Hub integrated system and configure Azure Stack Hub to be available to multiple customers. Your company will also have its own workloads deployed to the Azure Stack Hub.

   You need to perform the deployment so that usage data for future customers is directed to their Azure subscription.

   Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

   

   

2. You have an Azure Stack Hub integrated system and an offer to which users can subscribe.

   You need to prevent users and operators from creating new user subscriptions based on the offer without affecting the existing user subscriptions.

   What should you do?

   • Change the offer state to Private.
   • Change the offer state to Decommissioned.
   • Change the offer state to Public.
   • Delete the offer and create a new private offer.

3. DRAG DROP

   You have an Azure Stack Hub integrated system that connects to the internet.

   You need to deploy Azure Event Hubs to the integrated system and ensure that users can create Event Hubs resources. The solution must minimize administrative effort.

   Which three actions should you perform in a sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

   

   

4. DRAG DROP

   You have an Azure Stack Hub integrated system that has several Azure Active Directory (Azure AD) tenants onboarded for various departments at your company. Each department uses a specific tag for every resource it creates.

   You need to generate a report to help the finance department perform a chargeback to each department.

   Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

   

   

5. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   You have an Azure Stack Hub integrated system that connects to the Internet. The integrated system uses an Enterprise Agreement (EA) for licensing.

   You are creating an Azure Resource Manager template to generate a marketplace item for a virtual machine that runs Windows Server 2019 Datacenter and a custom application.

   You need to ensure that Windows Server is licensed by using the bring-your-own-license model.

   Solution: You add licenseType: None to the Azure Resource Manager template.

   Does this meet the goal?

   • Yes
   • No

6. DRAG DROP

   You deploy an Azure Stack Hub integrated system that contains an Azure App Service deployment. The integrated system uses an Azure Active Directory (Azure AD) identity provider.

   You need to provide users with the ability to deploy App Service web apps directly from their GitHub repositories.

   Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

   

   

7. HOTSPOT

   You have an Azure Stack Hub integrated system that connects to the Internet.

   You attempt to download an image as shown in the Add from Azure exhibit. (Click the Add from Azure tab.)

   

   The Marketplace item blade for [smalldisk] Windows Server 2019 Datacenter-Pay as you go is shown in the item exhibit. (Click the Item tab.)

   

   The marketplace items are shown in the Marketplace Items exhibit. (Click the Marketplace Items tab.)

   

   For each of the following statements, select Yes if the statement is true. Otherwise, select No.

   NOTE: Each correct selection is worth one point.

   

   

8. Case study

   This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

   To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

   At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

   To start the case study
   To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

   Overview

   Litware Inc. is a renewable energy company. Litware has a business partner named Fabrikam, Ltd. that develops custom software for Litware.

   Litware has a main office in Boston and a research department in Chicago. Each location has a datacenter. Fabrikam has an office in Boston.

   Existing Environment

   Network Environment

   The Litware offices and the Fabrikam office connect by using a private circuit. Each office connects directly to the Internet.

   Identity Environment

   The Litware network contains an Active Directory forest named litwareinc.com. The forest and an Azure Active Directory (Azure AD) tenant named litwareinc.com are integrated by using Active Directory Federation Services (AD FS). Litware has an enterprise certification authority (CA).

   The Azure subscriptions of Litware are associated to the litwareic.com Azure AD tenant.

   Fabrikam also has an Azure AD tenant.

   Azure Stack Hub Environment

   Litware has the following two Azure Stack Hub integrated systems:

   A fully operational integrated system in Boston that connects to the Internet and has the following configurations:
   – Is managed by using an administrator management endpoint of:
   https://adminportal.eastus.litwareinc.com
   – Has an Azure App Service deployment that has two dedicated, large web workers
   – Currently uses version 2005 of Azure Stack Hub and does NOT have any hotfixes installed
   A newly delivered integrated system in Chicago that is disconnected from the Internet and will be managed by using an administrator management endpoint of: https://adminportal.northcentralus.litwareinc.com

   Datacenter Environment

   The Chicago datacenter of Litware contains the infrastructure shown in the following table.

   

   Current Problems

   During heavy usage, requests to App Service in Boston fail despite low utilization of the web workers.

   Requirements

   Planned Changes

   Litware plans to implement the following changes:

   Deploy an Event Hubs resource provider to the integrated system in Boston.
   Make Azure Functions available to Azure Stack Hub users in Boston.
   Prepare the integrated system in Chicago to be production-ready.

   Technical Requirements

   Litware identifies the following technical requirements:

   Implement an infrastructure to support Azure Functions on the integrated system in Boston.
   Provision the certificates required to deploy the Event Hubs resource provider to the integrated system in Boston.
   Configure an identity provider for the integrated system in Chicago.
   Locate the IP address of the privileged endpoint (PEP) of the integrated system in Chicago.
   Ensure that only operators have control over the creation of subscriptions on the integrated system in Chicago.
   Provision a certificate to provide access to the Azure Resource Manager endpoint of the integrated system in Chicago.
   Identify which PowerShell setting on CLIENT1 and CLIENT2 must be modified to register the integrated system in Chicago.
   Implement a management app that will use Azure Resource Manager to inventory the resources of the integrated system in Chicago.

   Security and Compliance Requirements

   Litware has the following security and compliance requirements:

   – All infrastructure software must run the latest version, including hotfixes.
   – Litware must have control over certificate revocations.

   Business Requirements

   Litware wants to ensure that the users at Fabrikam have secure access to the workloads on the integrated system in Boston.

   Updates and Hotfixes

   The current hotfixes and updates available for Azure Stack Hub are:

   – 2005
   – 2005 hotfix 1
   – 2005 hotfix 2
   – 2005 hotfix 3
   – 2008
   – 2008 hotfix 1
   – 2008 hotfix 2
   – 2011 (latest version)

   1. HOTSPOT

      You need to identify the certificate for the integrated system in Chicago. The solution must meet the technical requirements.

      What should you identify? To answer, select the appropriate options in the answer area.

      NOTE: Each correct selection is worth one point.

      

      

      Explanation:

      When deploying Azure Stack Hub in disconnected mode it is recommended to use certificates issued by an enterprise certificate authority. This is important because clients accessing Azure Stack Hub endpoints must be able to contact the certificate revocation list (CRL).

   2. HOTSPOT

      You need to register the northcentralus region.

      How should you complete the command? To answer, select the appropriate options in the answer area.

      NOTE: Each correct selection is worth one point.

      

      

9. HOTSPOT

   You plan to deploy two Azure Stack Hub integrated systems named AZStack1 and AZStack2.

   AZStack1 must meet the following requirements:

   – Connect to the Internet.
   – Have minimal capital expenditures.
   – Use the minimum number of on-premises servers for identity.
   – Have no existing licenses for Windows virtual machines deployed.

   AZStack2 must meet the following requirements:

   – Be disconnected from the Internet.
   – Use the minimum number of on-premises servers for identity.
   – Support the syndication of Azure Stack Hub Marketplace items.

   Which identity provider and licensing model should you use for each integrated system? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

10. In which three situations should you update the registration of an Azure Stack Hub integrated system? Each correct answer presents a complete solution.

    NOTE: Each correct selection is worth one point.

    • when you add or remove nodes for capacity-based billing
    • when you change the billing model
    • when you add or remove nodes for consumption-based billing
    • when you renew an annual capacity subscription
    • when you enable Azure Stack Hub for multitenancy
    • when you update the Azure Active Directory (Azure AD) home directory

11. You have an Azure Stack Hub integrated system that has the following configurations:

    – A deployment prefix of AzS
    – A physical prefix of AzP

    You need to renew the certificates for the integrated system.

    To which virtual machine should you establish a PowerShell session?

    • AzS-CA01
    • AzP-S1-N01
    • AzP-DC01
    • AzS-ERCS02

12. You plan to deploy an Azure Stack Hub integrated system that will connect to the Internet.

    You need to define the public VIP pool.

    What is the smallest subnet mask that you can use for the public VIP pool?

    • /22
    • /25
    • /26
    • /27

13. Your company is a Cloud Solution Provider (CSP).

    You are planning the deployment of a multitenant Azure Stack Hub integrated system that will host internal company workloads and customer workloads.

    You need to register the integrated system.

    Which type of Azure subscription should you use for the registration?

    • Azure Partner Shared Services (APSS)
    • Enterprise Agreement (EA)
    • Pay-As-You-Go (PAYG)
    • CSP

14. You plan to deploy an Azure Stack Hub integrated system that will connect to the internet.

    You are planning the network design. You plan the address space for the public VIP network and the private network.

    Which three additional networks are required for the Azure Stack Hub deployment? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • a switch infrastructure network
    • a DNS network
    • a storage network
    • a hypervisor network
    • a BMC network
    • an infrastructure network

15. HOTSPOT

    You have an Azure Stack Hub integrated system.

    You need to update the integrated system to use a non-Windows NTP service that has a host name of ntp1.contoso.com.

    How should you complete the command? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

16. You plan to deploy an Azure Stack Hub integrated system that will use an Azure Active Directory (Azure AD) identity provider.

    You obtain certificates for the deployment.

    You need to ensure that the certificates meet the prerequisites for Azure Stack Hub.

    Which PowerShell cmdlet should you run?

    • Invoke-AzsHubDeploymentCertificateValidation

    • Test-Certificate

    • ConvertTo-AzsPFX

    • Get-PfxCertificate

    • New-AzsHubDeploymentCertificateSigningRequest

17. Case study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

    Overview

    A company named Northwind Traders has a main office and a datacenter. All development occurs at the main office.

    Existing Environment

    Identity Environment

    The network contains an Active Directory forest named northwind.com. The forest and an Azure Active Directory (Azure AD) tenant named northwind.onmicrosoft.com are integrated by using Active Directory Federation Service (AD FS).

    All Azure subscriptions use the northwind.onmicrosoft.com Azure AD tenant.

    Northwind Traders uses an Enterprise Agreement (EA) subscription.

    All operators are global administrators in northwind.onmicrosoft.com.

    Azure Stack Hub Environment

    Northwind Traders has the following five Azure Stack Hub integrated systems:

    One integrated system that connects to an internet-facing network and has the following configurations:
    – The region name is int1.
    – The operators do not have access to the user subscriptions.
    – The integrated system is used for customer and partner applications.
    – The partners and customers of NorthWind Traders use guest user accounts to access various user resources.
    Two integrated systems that connect to a private network, are accessed only from inside the company, and have the following configurations:
    – The integrated systems are dedicated to research and development.
    – One integrated system has a region name of priv1, and the other has a region name of priv2.
    – The integrated systems are used for various data rendering, AI workloads, inference, and data visualization.
    Two integrated systems that are dedicated to application development and have the following configurations:
    – The integrated systems are disconnected from the Internet. The workloads in the user subscriptions have Internet access.
    – One integrated system has a region name of dev1, and the other has a region name of dev2.
    – Both regions are used only by developers at Northwind Traders.

    The external domain name of all the integrated systems is northwind.com. All the integrated systems have Azure App Service and the Azure Kubernetes Service (AKS) engine deployed.

    The computer of the operator in each region has all the prerequisite software installed for managing Azure Stack Hub.

    Current Problems

    You identify the following issues in the current environment:

    – The priv2 region recently experienced a catastrophic failure.
    – The developers report high chargeback costs for the dev1 region.
    – The int1 region runs a high number of Windows virtual machines that use pay-as-you-use images.
    – The Northwind Traders partners and customers report that use of the guest user accounts is too complex.
    – Users in the priv1 region recently deployed NCas_v4 virtual machines for various AI workload. The users discover that the virtual machines do not use GPUs.

    Requirements

    Planned Changes

    Northwind Traders plans to implement the following changes:

    – Remove all guest user accounts.
    – Change the DNS forwarder of the priv1 region.
    – Change the billing model and registration name of the int1 region.
    – After the catastrophic failure, restore the priv2 region to its original state.
    – Provide each partner with its own dedicated user subscription that will use its own dedicated Azure AD tenant.

    Technical Requirements

    Northwind Traders identifies the following technical requirements:

    – Minimize hardware and software costs.
    – Standardize all datacenter workloads on Azure Stack Hub.
    – In the priv1 region, implement a disaster recovery plan for App Service.
    – Whenever possible, implement solutions by using the minimum amount of administrative effort.
    – In the dev2 region, update the AKS Base Ubuntu image to the latest version in Azure Stack Hub Marketplace.
    – Whenever possible, implement solutions by using built-in tools, features, and services without acquiring additional third-party tools.
    – For the users’ virtual machines and the associated resources in the dev1 and dev2 regions, implement a business continuity and disaster recovery plan that includes an automated failback process.
    – If changes to the Azure Stack Hub infrastructure cause workload downtime outside of planned maintenance windows, notify all users in the region where the downtime occurred and schedule a maintenance window.

    1. You remove all the workloads from the int1 region and change the registration model to capacity.

       You prepare additional Azure AD tenants for each partner.

       You need to configure multitenancy.

       Which two actions should you perform for each guest tenant? Each correct answer presents part of the solution.

       NOTE: Each correct selection is worth one point.

       • Run the Register-AzSWithMyDirectoryTenant cmdlet and specify https://management.int1. northwind.com as the endpoint.
       • Run the Register-AzSGuestDirectoryTenant cmdlet and specify https://management.int1. northwind.com as the endpoint.
       • Run the Register-AzSGuestDirectoryTenant cmdlet and specify https://adminmanagement.int1. northwind.com as the endpoint.
       • Change the registration model to pay-as-you-use.
       • Run the Register-AzSWithMyDirectoryTenant cmdlet and specify https://adminmanagement.int1. northwind.com as the endpoint.

18. Case study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

    Overview

    Litware Inc. is a renewable energy company. Litware has a business partner named Fabrikam, Ltd. that develops custom software for Litware.

    Litware has a main office in Boston and a research department in Chicago. Each location has a datacenter. Fabrikam has an office in Boston.

    Existing Environment

    Network Environment

    The Litware offices and the Fabrikam office connect by using a private circuit. Each office connects directly to the Internet.

    Identity Environment

    The Litware network contains an Active Directory forest named litwareinc.com. The forest and an Azure Active Directory (Azure AD) tenant named litwareinc.com are integrated by using Active Directory Federation Services (AD FS). Litware has an enterprise certification authority (CA).

    The Azure subscriptions of Litware are associated to the litwareic.com Azure AD tenant.

    Fabrikam also has an Azure AD tenant.

    Azure Stack Hub Environment

    Litware has the following two Azure Stack Hub integrated systems:

    A fully operational integrated system in Boston that connects to the Internet and has the following configurations:
    – Is managed by using an administrator management endpoint of:
    https://adminportal.eastus.litwareinc.com
    – Has an Azure App Service deployment that has two dedicated, large web workers
    – Currently uses version 2005 of Azure Stack Hub and does NOT have any hotfixes installed
    A newly delivered integrated system in Chicago that is disconnected from the Internet and will be managed by using an administrator management endpoint of: https://adminportal.northcentralus.litwareinc.com

    Datacenter Environment

    The Chicago datacenter of Litware contains the infrastructure shown in the following table.

    

    Current Problems

    During heavy usage, requests to App Service in Boston fail despite low utilization of the web workers.

    Requirements

    Planned Changes

    Litware plans to implement the following changes:

    Deploy an Event Hubs resource provider to the integrated system in Boston.
    Make Azure Functions available to Azure Stack Hub users in Boston.
    Prepare the integrated system in Chicago to be production-ready.

    Technical Requirements

    Litware identifies the following technical requirements:

    Implement an infrastructure to support Azure Functions on the integrated system in Boston.
    Provision the certificates required to deploy the Event Hubs resource provider to the integrated system in Boston.
    Configure an identity provider for the integrated system in Chicago.
    Locate the IP address of the privileged endpoint (PEP) of the integrated system in Chicago.
    Ensure that only operators have control over the creation of subscriptions on the integrated system in Chicago.
    Provision a certificate to provide access to the Azure Resource Manager endpoint of the integrated system in Chicago.
    Identify which PowerShell setting on CLIENT1 and CLIENT2 must be modified to register the integrated system in Chicago.
    Implement a management app that will use Azure Resource Manager to inventory the resources of the integrated system in Chicago.

    Security and Compliance Requirements

    Litware has the following security and compliance requirements:

    All infrastructure software must run the latest version, including hotfixes.
    Litware must have control over certificate revocations.

    Business Requirements

    Litware wants to ensure that the users at Fabrikam have secure access to the workloads on the integrated system in Boston.

    Updates and Hotfixes

    The current hotfixes and updates available for Azure Stack Hub are:

    – 2005
    – 2005 hotfix 1
    – 2005 hotfix 2
    – 2005 hotfix 3
    – 2008
    – 2008 hotfix 1
    – 2008 hotfix 2
    – 2011 (latest version)

    1. HOTSPOT

       You need to identify the authentication and authorization process for the integrated system in Chicago. The solution must meet the technical requirements.

       What should you include in the solution? To answer, select the appropriate options in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

19. HOTSPOT

    You have an Azure Stack Hub integrated system that is enabled for multitenancy and uses an Azure Active Directory (Azure AD) tenant named fabrikam.com as an identity provider.

    The integrated system has the following guest directory tenants onboarded and enabled for multitenancy:

    – com
    – onmicrosoft.com
    – onmicrosoft.com

    You need to verify whether all the guest directory tenants are registered properly.

    How should you complete the PowerShell script? To answer, drag the appropriate cmdlet to the correct targets. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

    NOTE: Each correct selection is worth one point.

    

    

20. You have a multitenant Azure Stack Hub integrated system for a Cloud Solution Provider (CSP). The integrated system is used by several customers.

    You hire a new support technician to help manage the integrated system.

    You need to configure access for the support technician. The solution must meet the following requirements:
    – The technician must be prevented from accessing customer resources.
    – The technician must be able to monitor the status of infrastructure backups.
    – The technician must be able to create and manage plans, offers, and quotas.

    Which built-in role should you assign to the support technician?

    • Reader
    • Owner
    • Use Access Administrator
    • Contributor
    • Backup Operator