AZ-102日本語 無料問題集「Microsoft Azure Administrator Certification Transition (AZ-102日本語版)」
正解:
See explanation below.
Explanation
To distribute traffic to the VMs in the availability set, a back-end address pool contains the IP addresses of the virtual NICs that are connected to the load balancer. Create the back-end address pool to include the VMs in the availability set.
Step 1:
Select All resources on the left menu, and then select LoadBalancer from the resource list.
Step 2:
Under Settings, select Backend pools, and then select Add.
Step 3:
On the Add a backend pool page, select the Web-AS availability set, and then select OK:
References:
https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-create-basic-load-balancer-portal
Topic 4, Contoso Case StudyOverview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Contoso are hosted on-premises.
Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
Contoso.com contains a user named User1.
All the offices connect by using private links.
Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.
Contoso uses two web applications named App1 and App2. Each instance on each web application requires
1GB of memory.
The Azure subscription contains the resources in the following table.
The network security team implements several network security groups (NSGs).
Planned Changes
Contoso plans to implement the following changes:
* Deploy Azure ExpressRoute to the Montreal office.
* Migrate the virtual machines hosted on Server1 and Server2 to Azure.
* Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
* Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2.
Technical requirements
Contoso must meet the following technical requirements:
* Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instance*.
* Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
* Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
* Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
* Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com.
* Connect the New Your office to VNet1 over the Internet by using an encrypted connection.
* Create a workflow to send an email message when the settings of VM4 are modified.
* Cre3te a custom Azure role named Role1 that is based on the Reader role.
* Minimize costs whenever possible.
Explanation
To distribute traffic to the VMs in the availability set, a back-end address pool contains the IP addresses of the virtual NICs that are connected to the load balancer. Create the back-end address pool to include the VMs in the availability set.
Step 1:
Select All resources on the left menu, and then select LoadBalancer from the resource list.
Step 2:
Under Settings, select Backend pools, and then select Add.
Step 3:
On the Add a backend pool page, select the Web-AS availability set, and then select OK:
References:
https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-create-basic-load-balancer-portal
Topic 4, Contoso Case StudyOverview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Contoso are hosted on-premises.
Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
Contoso.com contains a user named User1.
All the offices connect by using private links.
Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.
Contoso uses two web applications named App1 and App2. Each instance on each web application requires
1GB of memory.
The Azure subscription contains the resources in the following table.
The network security team implements several network security groups (NSGs).
Planned Changes
Contoso plans to implement the following changes:
* Deploy Azure ExpressRoute to the Montreal office.
* Migrate the virtual machines hosted on Server1 and Server2 to Azure.
* Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
* Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2.
Technical requirements
Contoso must meet the following technical requirements:
* Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instance*.
* Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
* Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
* Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
* Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com.
* Connect the New Your office to VNet1 over the Internet by using an encrypted connection.
* Create a workflow to send an email message when the settings of VM4 are modified.
* Cre3te a custom Azure role named Role1 that is based on the Reader role.
* Minimize costs whenever possible.
正解:
See explanation below.
Explanation
We create a VPN gateway.
Step 1:
On the left side of the portal page, click + and type 'Virtual Network Gateway' in search. In Results, locate and click Virtual network gateway.
Step 2:
At the bottom of the 'Virtual network gateway' page, click Create. This opens the Create virtual network gateway page.
Step 3:
On the Create virtual network gateway page, specify the values for your virtual network gateway.
Gateway type: Select VPN. VPN gateways use the virtual network gateway type VPN.
Virtual network: Choose the existing virtual network VNET01-USEA2
Gateway subnet address range: You will only see this setting if you did not previously create a gateway subnet for your virtual network.
Step 4:
Select the default values for the other setting, and click create.
The settings are validated and you'll see the "Deploying Virtual network gateway" tile on the dashboard.
Creating a gateway can take up to 45 minutes.
Note: This task may take a very long time to complete. You do NOT need to wait for the deployment to complete this task successfully.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Explanation
We create a VPN gateway.
Step 1:
On the left side of the portal page, click + and type 'Virtual Network Gateway' in search. In Results, locate and click Virtual network gateway.
Step 2:
At the bottom of the 'Virtual network gateway' page, click Create. This opens the Create virtual network gateway page.
Step 3:
On the Create virtual network gateway page, specify the values for your virtual network gateway.
Gateway type: Select VPN. VPN gateways use the virtual network gateway type VPN.
Virtual network: Choose the existing virtual network VNET01-USEA2
Gateway subnet address range: You will only see this setting if you did not previously create a gateway subnet for your virtual network.
Step 4:
Select the default values for the other setting, and click create.
The settings are validated and you'll see the "Deploying Virtual network gateway" tile on the dashboard.
Creating a gateway can take up to 45 minutes.
Note: This task may take a very long time to complete. You do NOT need to wait for the deployment to complete this task successfully.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
正解:
See explanation below.
Explanation
Virtual network peering enables you to seamlessly connect two Azure virtual networks. Once peered, the virtual networks appear as one, for connectivity purposes.
Peer virtual networks
Step 1. In the Search box at the top of the Azure portal, begin typing VNET01-USEA2. When VNET01-USEA2 appears in the search results, select it.
Step 2. Select Peerings, under SETTINGS, and then select + Add, as shown in the following picture:
Step 3. Enter, or select, the following information, accept the defaults for the remaining settings, and then select OK.
Name: myVirtualNetwork1-myVirtualNetwork2 (for example)
Subscription: elect your subscription.
Virtual network: VNET01-USWE2 - To select the VNET01-USWE2 virtual network, select Virtual network, then select VNET01-USWE2. You can select a virtual network in the same region or in a different region.
Now we need to repeat steps 1-3 for the other network VNET01-USWE2:
Step 4. In the Search box at the top of the Azure portal, begin typing VNET01- USEA2. When VNET01- USEA2 appears in the search results, select it.
Step 5. Select Peerings, under SETTINGS, and then select + Add.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
Explanation
Virtual network peering enables you to seamlessly connect two Azure virtual networks. Once peered, the virtual networks appear as one, for connectivity purposes.
Peer virtual networks
Step 1. In the Search box at the top of the Azure portal, begin typing VNET01-USEA2. When VNET01-USEA2 appears in the search results, select it.
Step 2. Select Peerings, under SETTINGS, and then select + Add, as shown in the following picture:
Step 3. Enter, or select, the following information, accept the defaults for the remaining settings, and then select OK.
Name: myVirtualNetwork1-myVirtualNetwork2 (for example)
Subscription: elect your subscription.
Virtual network: VNET01-USWE2 - To select the VNET01-USWE2 virtual network, select Virtual network, then select VNET01-USWE2. You can select a virtual network in the same region or in a different region.
Now we need to repeat steps 1-3 for the other network VNET01-USWE2:
Step 4. In the Search box at the top of the Azure portal, begin typing VNET01- USEA2. When VNET01- USEA2 appears in the search results, select it.
Step 5. Select Peerings, under SETTINGS, and then select + Add.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
正解:
Explanation
Step 1: Install the Azure Site Recovery Provider
Step 2: Deploy the OVF template
Set up the source environment.
Download the OVF template for the configuration server, and import the template in VMware.
Note: Open Virtualization Format (OVF) template is an industry standard software distribution model for virtual machine templates. Starting January 2018, configuration server for the VMware to Azure scenario will be available to all our customers as an OVF template.
Step 3: Associate the configuration server to the replication policy
Associate the replication policy with your on-premises configuration server.
Step 4: Enable replication
References:
https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-set-up-replication
正解:
Explanation
Box 1: Yes
Traffic from VM1 and VM2 can reach VM3 thanks to the routing table, and as IP forwarding is enabled on VM3, traffic from VM3 can reach VM1.
Box 2: No
VM3, which has IP forwarding, must be turned on, in order for traffic from VM2 to reach VM1.
Box 3: Yes
The traffic from VM1 will reach VM3, which thanks to IP forwarding, will send the traffic to VM2.
References: https://www.quora.com/What-is-IP-forwarding
正解:
Explanation
Step 1: Create an event subscription
When you subscribe to events for a resource group, your endpoint receives all events for that resource group.
Step 2: Create an Azure Event Grid trigger
Step 3: Create conditions and actions
References:
https://docs.microsoft.com/en-us/azure/event-grid/event-schema-resource-groups
正解:
Explanation
* A newly developed API must be implemented as an Azure function named App2. App2 will use a blob storage trigger. App2 must process new blobs immediately.
* This requires "Always On".
* The cost of App1 and App2 must be minimized
* The Standard pricing tier is the cheapest tier that supports Always On.
正解:
Explanation
Swapping the slots means the destination slot website URL will run source slot code with destination slot settings.