AZ-600試験無料問題集「Microsoft Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub 認定」
You plan to deploy a disconnected Azure Stack Hub integrated system.
You need to identify which type of certificate to use for the deployment and the file format for the certificate.
The solution must meet the following requirements:
* Minimize administrative effort.
* Maximize security.
What should identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to identify which type of certificate to use for the deployment and the file format for the certificate.
The solution must meet the following requirements:
* Minimize administrative effort.
* Maximize security.
What should identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
正解:
Explanation
Azure Stack Hub public key infrastructure (PKI) certificate requirements Azure Stack Hub has a public infrastructure network using externally accessible public IP addresses assigned to a small set of Azure Stack Hub services and possibly tenant VMs. PKI certificates with the appropriate DNS names for these Azure Stack Hub public infrastructure endpoints are required during Azure Stack Hub deployment.
Box 1: A certificate from an internal certification authority (CA)
Your Azure Stack Hub infrastructure must have network access to the certificate authority's Certificate Revocation List (CRL) location published in the certificate. This CRL must be an http endpoint. Note: for disconnected deployments, certificates issued by a public certificate authority (CA) are not supported, if the CRL endpoint is not accessible.
Features that are impaired or unavailable in disconnected deployments
Azure Stack Hub was designed to work best when connected to Azure, so it's important to note that there are some features and functionality that are either impaired or completely unavailable in the disconnected mode.
Private/internal Certificate Authority (CA)
No impact - In cases where the deployment uses certificates issued by a private CA, such as an internal CA within an organization, only internal network access to the CRL endpoint is required. Internet connectivity is not required, but you should verify that your Azure Stack Hub infrastructure has the required network access to contact the CRL endpoint defined in the certificates CDP extension.
Box 2: PFX
The certificate format must be PFX, as both the public and private keys are required for Azure Stack Hub installation. The private key must have the local machine key attribute set.
Reference:
https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-disconnected-deployment
https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-pki-certs
You have an Azure Stack Hub integrated system that is disconnected from the internet. The integrated system has an Azure App Service resource provider.
You generate a new certificate.
You need to rotate the certificate of the App Service identity application to use the new certificate.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You generate a new certificate.
You need to rotate the certificate of the App Service identity application to use the new certificate.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
正解:C,D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You need to create the Linux virtual machine image. The solution must support the planned changes.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation
Step 1: Create a config.file and save the file as Sloud-init.txt file.
Publish a custom cloud-init built image of a Linux virtual machine to Azure Stack Hub Marketplace on the integrated system.
Add Linux images to the Azure Stack Hub Marketplace
1: Create a cloud-init.txt file with your cloud-config
Step 2: Upload the file to Azure Stack Hub storage account.
2: Reference cloud-init.txt during the Linux VM deployment
Upload the file to an Azure storage account, Azure Stack Hub storage account, or GitHub repository reachable by your Azure Stack Hub Linux VM.
Step 3: Provision on Azure Stack Hub virtual machine by using Az PowerShell moduel.
You can create an Ubuntu Server 16.04 LTS virtual machine (VM) by using Azure Stack Hub PowerShell.
Make sure to reference the cloud-init.txt as a part of the -CustomData flag:
$VirtualMachine =Set-AzVMOperatingSystem -VM $VirtualMachine `
-Linux `
-ComputerName "MainComputer" `
-Credential $cred -CustomData "#include https://cloudinitstrg.blob.core.windows.net/strg/cloud-init.txt" Reference:
https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-linux?
You have 20 computers that run Linux.
You deploy a disconnected Azure Stack Hub integrated system.
You need to ensure that users on the Linux computers can manage their Azure Stack Hub resources by using Azure Command-Line Interface (CLI).
What should you do first?
You deploy a disconnected Azure Stack Hub integrated system.
You need to ensure that users on the Linux computers can manage their Azure Stack Hub resources by using Azure Command-Line Interface (CLI).
What should you do first?
正解:B
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You back up VM1 .
You restore VM1 to the integrated system.
You need to ensure that VM1 will start successfully and that users can connect to share!
Which three actions should you perform after restoring VM1 from the backup? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You restore VM1 to the integrated system.
You need to ensure that VM1 will start successfully and that users can connect to share!
Which three actions should you perform after restoring VM1 from the backup? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
正解:A,B
解答を投票する
You have an Azure Stack Hub integrated system that has the App Service resource provider. You have the App Service Environment (ASE) shown in the following table.
You need to ensure that web apps and function apps remain available during upgrades and maintenance events.
What is the minimum number of additional worker nodes you should deploy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to ensure that web apps and function apps remain available during upgrades and maintenance events.
What is the minimum number of additional worker nodes you should deploy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation
D:\mudassar\Untitled.jpg
You have a connected Azure Stack Hub integrated system.
You perform the following tasks:
* On a server named SERVER1. you create a file share named AzSHLogs.
* You create a PowerShell remoting session to the privileged endpoint (PEP) of the integrated system.
* In a variable named $Session, you store a reference to the session.
* In a variable named $AdHinCredentials. you store a reference to the credentials required to write to AzSHLogs.
You need to collect the Hyper-V event logs for all the cluster hosts and copy the logs to the AzSHLogs share.
How should you complete the PowerShell script? To answer, select the appropriate options in the answer area.
You perform the following tasks:
* On a server named SERVER1. you create a file share named AzSHLogs.
* You create a PowerShell remoting session to the privileged endpoint (PEP) of the integrated system.
* In a variable named $Session, you store a reference to the session.
* In a variable named $AdHinCredentials. you store a reference to the credentials required to write to AzSHLogs.
You need to collect the Hyper-V event logs for all the cluster hosts and copy the logs to the AzSHLogs share.
How should you complete the PowerShell script? To answer, select the appropriate options in the answer area.
正解:
Explanation
Box 1: $using:AdminCredentials
Box 2: Storage
Send Azure Stack Hub diagnostic logs by using the privileged endpoint (PEP) To run Get-AzureStackLog on an integrated system, you need to have access to the privileged endpoint (PEP).
Here's an example script you can run using the PEP to collect logs.
$ipAddress = "<IP ADDRESS OF THE PEP VM>" # You can also use the machine name instead of IP here.
$password = ConvertTo-SecureString "<CLOUD ADMIN PASSWORD>" -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential ("<DOMAIN NAME>\CloudAdmin", $password)
$shareCred = Get-Credential
$session = New-PSSession -ComputerName $ipAddress -ConfigurationName PrivilegedEndpoint -Credential
$cred -SessionOption (New-PSSessionOption -Culture en-US -UICulture en-US)
$fromDate = (Get-Date).AddHours(-8)
$toDate = (Get-Date).AddHours(-2) # Provide the time that includes the period for your issue Invoke-Command -Session $session { Get-AzureStackLog -OutputSharePath "<EXTERNAL SHARE ADDRESS>" -OutputShareCredential $using:shareCred -FilterByRole Storage -FromDate $using:fromDate
-ToDate $using:toDate}
if ($session) {
Remove-PSSession -Session $session
}
Reference:
https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-get-azurestacklog