Want to know Ucertify exam ref 70 533 implementing microsoft azure infrastructure solutions Exam practice test features? Want to lear more about Microsoft Implementing Microsoft Azure Infrastructure Solutions certification experience? Study Precise Microsoft 70 533 study guide answers to Far out microsoft azure 70 533 questions at Ucertify. Gat a success with an absolute guarantee to pass Microsoft 70 533 certification (Implementing Microsoft Azure Infrastructure Solutions) test on your first attempt.

Q31. Your company is launching a public website that allows users to stream videos. 

You upload multiple video files to an Azure storage container. 

You need to give anonymous users read access to all of the video files in the storage container. 

What should you do? 

A. Edit each blob's metadata and set the access policy to Public Blob. 

B. Edit the container metadata and set the access policy to Public Container. 

C. Move the files into a container sub-directory and set the directory access level to Public Blob. 

D. Edit the container metadata and set the access policy to Public Blob. 



By default, the container is private and can be accessed only by the account owner. To allow public read access to the blobs in the container, but not the container properties and metadata, use the "Public Blob" option. To allow full public read access for the container and blobs, use the "Public Container" option. 


You have a solution deployed into a virtual network in Azure named fabVNet. The fabVNet virtual network has three subnets named Apps, Web, and DB that are configured as shown in the exhibit. (Click the Exhibits button.) 

You want to deploy two new VMs to the DB subnet. 

You need to modify the virtual network to expand the size of the DB subnet to allow more IP addresses. 

Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 



You have an Azure SQL Database named Contosodb. Contosodb is running in the Standard/S2 tier and has a service level objective of 99 percent. 

You review the service tiers in Microsoft Azure SQL Database as well as the results of running performance queries for the usage of the database for the past week as shown in the exhibits. (Click the Exhibits button.) 

For each of the following statements, select Yes if the statement is true. Otherwise, select No. 



You administer two virtual machines (VMs) that are deployed to a cloud service. The VMs are part of a virtual network. 

The cloud service monitor and virtual network configuration are configured as shown in the exhibits. (Click the Exhibits button.) 

You need to create an internal load balancer named fabLoadBalancer that has a static IP address of 

Which value should you use in each parameter of the Power Shell command? 

To answer, drag the appropriate value to the correct location in the Power Shell command. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. 


Q35. You administer a Microsoft Azure SQL Database data base in the US Central region named contosodb. Contosodb runs on a Standard tier within the S1 performance level. 

You have multiple business-critical applications that use contosodb. 

You need to ensure that you can bring contosodb back online in the event of a natural disaster in the US Central region. You want to achieve this goal with the least amount of downtime. 

Which two actions should you perform? Each correct answer presents part of the solution. 

A. Upgrade to S2 performance level. 

B. Use active geo-replication. 

C. Use automated Export. 

D. Upgrade to Premium tier. 

E. Use point in time restore. 

F. Downgrade to Basic tier. 

Answer: B,D 

Explanation: B: The Active Geo-Replication feature implements a mechanism to provide database redundancy within the same Microsoft Azure region or in different regions (geo-redundancy). One of the primary benefits of Active Geo-Replication is that it provides a database-level disaster recovery solution. Using Active Geo-Replication, you can configure a user database in the Premium service tier to replicate transactions to databases on different Microsoft Azure SQL Database servers within the same or different regions. Cross-region redundancy enables applications to recover from a permanent loss of a datacenter caused by natural disasters, catastrophic human errors, or malicious acts. 

D: Active Geo-Replication is available for databases in the Premium service tier only. 

Reference: Active Geo-Replication for Azure SQL Database 


Q36. You manage a cloud service that utilizes an Azure Service Bus queue. You need to ensure that messages that are never consumed are retained. What should you do? 

A. Check the MOVE TO THE DEAD-LETTER SUBQUEUE option for Expired Messages in the Azure Portal. 

B. From the Azure Management Portal, create a new queue and name it Dead-Letter. 

C. Execute the Set-AzureServiceBus PowerShell cmdlet. 

D. Execute the New-AzureSchedulerStorageQueueJob PowerShell cmdlet. 


Explanation: The EnableDeadLetteringOnMessageExpiration property allows to enable\disable the dead-lettering on message expiration. 

Reference: Azure, Managing and Testing Topics, Queues and Relay Services with the Service Bus Explorer Tool 

Q37. You administer an Azure Storage account with a blob container. You enable Storage account logging for read, write and delete requests. 

You need to reduce the costs associated with storing the logs. 

What should you do? 

A. Execute Delete Blob requests over https. 

B. Create an export job for your container. 

C. Set up a retention policy. 

D. Execute Delete Blob requests over http. 


Explanation: To ease the management of your logs, we have provided the functionality of retention policy which will automatically cleanup ‘old’ logs without you being charged for the cleanup. It is recommended that you set a retention policy for logs such that your analytics data will be within the 20TB limit allowed for analytics data (logs and metrics combined). 

Reference: Windows Azure Storage Logging: Using Logs to Track Storage Requests, How do I cleanup my logs? 

URL: http://blogs.msdn.com/b/windowsazurestorage/archive/2011/08/03/windows-azure-storage-logging-using-logs-to-track-storage-requests.aspx 

Q38. You manage a cloud service that utilizes data encryption. 

You need to ensure that the certificate used to encrypt data can be accessed by the cloud service application. 

What should you do? 

A. Upload the certificate referenced in the application package. 

B. Deploy the certificate as part of the application package. 

C. Upload the certificate's public key referenced in the application package. 

D. Use RDP to install the certificate. 


Explanation: The developer must deploy the public key with their application so that, when Windows Azure spins up role instances, it will match up the thumbprint in the service definition with the uploaded service certificate and deploy the private key to the role instance. The private key is intentionally non-exportable to the .pfx format, so you won’t be able to grab the private key through an RDC connection into a role instance. 

Reference: Field Note: Using Certificate-Based Encryption in Windows Azure Applications 


You administer an Azure Virtual Machine (VM) named CON-CL1. CON-CL1 is in a cloud service named ContosoService1. 

You want to create a new VM named MyApp that will have a fixed IP address and be hosted by an Azure Datacenter in the US West region. 

You need to assign a fixed IP address to the MyApp VM. 

Which Azure Power Shell cmdlets and values should you use? To answer, drag the appropriate cmdlet or value to the correct location in the PowerShell command. Each cmdlet or value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content 


Q40. You plan to use Password Sync on your DirSync Server with Azure Active Directory {Azure AD) on your company network. You configure the DirSync server and complete an initial synchronization of the users. 

Several remote users are unable to log in to Office 365. You discover multiple event log entries for "Event ID 611 Password synchronization failed for domain." 

You need to resolve the password synchronization issue. 

Which two actions should you perform? Each correct answer presents part of the solution. 

A. Restart Azure AD Sync Service. 

B. Run the Set-FullPasswordSync Power Shell cmdlet. 

C. Force a manual synchronization on the DirSync server. 

D. Add the DirSync service account to the Schema Admins domain group. 

Answer: A,B 

Explanation: On the computer that has the Azure Active Directory Sync tool installed, follow these steps: . Perform.a full password sync for all users who are synced through directory synchronization. To do this, follow these steps: Set-FullPasswordSync . Restart the Forefront Identity Manager Synchronization Service. To do this, follow 

these steps: Reference: User passwords don't sync if your organization is using Azure Active Directory synchronization 



You manage an Azure Service Bus for your company. You plan to enable access to the Azure Service Bus for an application named ContosoLOB. 

You need to create a new shared access policy for subscriptions and queues that has the following requirements: 

Receives messages from a queue 

Deadletters a message 

Defers a message for later retrieval 

Enumerates subscriptions 

Gets subscription description 

In the table below, identify the permission you need to assign to ensure that ContosoLOB is able to accomplish the above requirements. Make only one selection in each column. 


Q42. You administer a solution deployed to a virtual machine (VM) in Azure. The VM hosts a web service that is used by several applications. You are located in the US West region and have a worldwide user base. 

Developers in Asia report that they experience significant delays when they execute the services. 

You need to verify application performance from different locations. 

Which type of monitoring should you configure? 

A. Disk Read 

B. Endpoint 

C. Network Out 


E. Average Response Time 





Not B: Health Endpoint Monitoring Pattern is used for checking the health of the program: 

Implement functional checks within an application that external tools can access through 

exposed endpoints at regular intervals. This pattern can help to verify that applications and 

services are performing correctly. 

Reference: How to Monitor and Analyze Performance of the Windows Azure Storage 



You manage an Azure Web Site for a consumer-product company. 

The website runs in Standard mode on a single medium instance. 

You expect increased traffic to the website due to an upcoming sale during a holiday 


You need to ensure that the website performs optimally when user activity is at its highest. 

Which option should you select? To answer, select the appropriate option in the answer 



Q44. You manage a collection of large video files that is stored in an Azure Storage account. 

A user wants access to one of your video files within the next seven days. 

You need to allow the user access only to the video file, and then revoke access once the user no longer needs it. 

What should you do? 

A. Give the user the secondary key for the storage account. 

Once the user is done with the file, regenerate the secondary key. 

B. Create an Ad-Hoc Shared Access Signature for the Blob resource. 

Set the Shared Access Signature to expire in seven days. 

C. Create an access policy on the container. 

Give the external user a Shared Access Signature for the blob by using the policy. 

Once the user is done with the file, delete the policy. 

D. Create an access policy on the blob. 

Give the external user access by using the policy. 

Once the user is done with the file, delete the policy. 


Explanation: See 3) below. By default, only the owner of the storage account may access blobs, tables, and queues within that account. If your service or application needs to make these resources available to other clients without sharing your access key, you have the following options for permitting access: 

1.You can set a container's permissions to permit anonymous read access to the container and its blobs. This is not allowed for tables or queues. 

2. You can expose a resource via a shared access signature, which enables you to delegate restricted access to a container, blob, table or queue resource by specifying the interval for which the resources are available and the permissions that a client will have to it. 

3. You can use a stored access policy to manage shared access signatures for a container or its blobs, for a queue, or for a table. The stored access policy gives you an additional measure of control over your shared access signatures and also provides a straightforward means to revoke them. 

Reference: Manage Access to Azure Storage Resources 


Your company network includes a single forest with multiple domains. You plan to migrate from On-Premises Exchange to Exchange Online. 

You want to provision the On-Premises Windows Active Directory (AD) and Azure Active Directory (Azure AD) service accounts. 

You need to set the required permissions for the Azure AD service account. 

Which settings should you use? To answer, drag the appropriate permission to the service account. Each permission may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.