Microsoft AZ-600 Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub Exam Practice Test

Page: 1 / 14
Total 176 questions
Question 1

You have a disconnected Azure Stack Hub integrated system.

You deploy an Operator Access Workstation (OAW) virtual machine image.

Which management tool should be installed manually on the image?



Answer : C

Windows Admin Center is a new, locally-deployed, browser-based management tool set that lets you manage your Windows Servers with no Azure or cloud dependency. Windows Admin Center gives you full control over all aspects of your server infrastructure and is particularly useful for managing servers on private networks that are not connected to the Internet.


https://learn.microsoft.com/en-us/azure-stack/operator/operator-access-workstation

Question 2

You have an Azure Stack Hub integrated system that is disconnected from the internet. The integrated system has an Azure App Service resource provider.

You generate a new certificate.

You need to rotate the certificate of the App Service identity application to use the new certificate.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.



Answer : D, E

Your choice of either Azure AD or AD FS is determined by the mode in which you deploy Azure Stack Hub:

When you deploy it in a connected mode, you can use either Azure AD or AD FS.

When you deploy it in a disconnected mode, without a connection to the internet, only AD FS is supported.

E:

Rotate certificate for AD FS identity application

The identity application is created by the operator before deployment of Azure App Service on Azure Stack Hub. If the application's object ID is unknown, follow these steps to discover it:

Go to the Azure Stack Hub administrator portal.

Go to Subscriptions and select Default Provider Subscription.

Select Access Control (IAM) and select the AzureStack-AppService-<guid> application.

Take a note of the Object ID, this value is the ID of the Service Principal that must be updated in AD FS.

D: To rotate the certificate for the application in AD FS, you need to have access to the privileged endpoint (PEP). Then you update the certificate credential using PowerShell.

# Sign in to PowerShell interactively, using credentials that have access to the VM running the Privileged Endpoint

$Creds = Get-Credential

# Create a new Certificate object from the identity application certificate exported as .cer file

$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2('<CertificateFileLocation>')

# Create a new PSSession to the PrivelegedEndpoint VM

$Session = New-PSSession -ComputerName '<PepVm>' -ConfigurationName PrivilegedEndpoint -Credential $Creds -SessionOption (New-PSSessionOption -Culture en-US -UICulture en-US)

# Use the privileged endpoint to update the certificate thumbprint, used by the service principal associated with the App Service identity application

$SpObject = Invoke-Command -Session $Session -ScriptBlock {Set-GraphApplication -ApplicationIdentifier '<ApplicationObjectId>' -ClientCertificates $using:Cert}

$Session | Remove-PSSession

# Output the updated service principal details

$SpObject


https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-identity-overview

https://learn.microsoft.com/en-us/azure-stack/operator/app-service-rotate-certificates

Question 3

You have an Azure Stack Hub integrated system that is disconnected from the internet. The integrated system contains an Azure App Service deployment.

You anticipate a major increase in new App Service workloads. The integrated system has the required hardware to handle the increased demand.

You need to ensure that App Service can support the increased workloads.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.



Answer : A, B, E


https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-app-service-add-worker-roles?view=azs-2008&tabs=az

Question 4

You have an Azure Stack Hub integrated system.

You need to add GPUs to the integrated system. The solution must minimize downtime of the existing Azure Stack Hub workloads.

Which PowerShell cmdlet should you run first?



Answer : A

Note: Upgrade GPUs or add to an existing node

The following section provides a high-level overview of the process to add a GPU.

The entire scale unit must be shut down, as a rolling GPU upgrade isn't supported. Stop Azure Stack Hub using the steps documented in the Start and stop Azure Stack Hub article.

Add or upgrade the memory on each physical computer using your hardware manufacturer's documentation.

Start Azure Stack Hub using the steps in Start and stop Azure Stack Hub.

Note: Stop Azure Stack Hub

Stop or shut down Azure Stack Hub with the following steps:

1. Prepare all workloads running on your Azure Stack Hub environment's tenant resources for the upcoming shutdown.

2. Open a privileged endpoint session (PEP) from a machine with network access to the Azure Stack Hub ERCS VMs. For instructions, see Using the privileged endpoint in Azure Stack Hub.

3. From the PEP, run:

Stop-AzureStack

Wait for all physical Azure Stack Hub nodes to power off.

Note

You can verify the power status of a physical node by following the instructions from the original equipment manufacturer (OEM) who supplied your Azure Stack Hub hardware.

4. (Optional) If the stop operation times out, you can monitor its progress using the following PowerShell cmdlet:

Get-ActionStatus Stop-AzureStack


https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-start-and-stop

Question 5

You have an Azure Stack Hub integrated system that is enabled for multi-tenancy.

You receive an alert that one or more guest Azure Active Directory (Azure AD) tenants requires updates to support new features.

You need to identify which Azure AD tenants you must update.

Which two options can you use? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.



Answer : E, F

E: You can determine whether an update is required for home or guest directories by viewing the directories pane in the admin portal. Each directory listing shows the type of directory. The type can be a home or guest directory, and its status is shown.

F: .Synopsis

Gets the health report of identity application in the Azure Stack home and guest directories

.DESCRIPTION

Gets the health report for Azure Stack identity applications in the home directory as well as guest directories of Azure Stack. Any directories with an unhealthy status need to have their permissions updated.

.EXAMPLE

$adminResourceManagerEndpoint = 'https://adminmanagement.local.azurestack.external'

$homeDirectoryTenantName = '<homeDirectoryTenant>.onmicrosoft.com'

Get-AzsHealthReport -AdminResourceManagerEndpoint $adminResourceManagerEndpoint `

-DirectoryTenantName $homeDirectoryTenantName -Verbose

Examples.

Example 1: Get details for a tenant

PS C:\>Get-AzureADTenantDetail

ObjectId DisplayName VerifiedDomains

-------- ----------- ---------------

85b5ff1e-0402-400c-9e3c-0f9e965325d1 Coho Vineyard & Winery {class VerifiedDomain {..


https://github.com/Azure/AzureStack-Tools/blob/master/Identity/AzureStack.Identity.psm1

Question 6

You have 20 computers that run Linux.

You deploy a disconnected Azure Stack Hub integrated system.

You need to ensure that users on the Linux computers can manage their Azure Stack Hub resources by using Azure Command-Line Interface (CLI).

What should you do first?



Answer : D

Add certificate

Export and then import Azure Stack Hub certificate for disconnected integrated systems and for the ASDK.

You need the CA root certificate for Azure Stack Hub to use Azure CLI on your development machine.

Export the Azure Stack Hub CA root certificate

Export the CA root certificate. To export the ASDK root certificate in PEM format:

Get the name of your Azure Stack Hub Root Cert:

1. Sign in to the Azure Stack Hub User or Azure Stack Hub Administrator portal.

Select the lock in the browser address bar.

In the pop-up window, select Connection is secure.

In the Certificate window, select the Certification Path tab.

Note down the name of your Azure Stack Hub Root Cert, for example, *.<locale>.<FQDN>

2. Sign in to the VM, open an elevated PowerShell prompt, and then run the following script:

$label = '*.<locale>.<FQDN> from step 1'

Write-Host 'Getting certificate from the current user trusted store with subject CN=$label'

$root = Get-ChildItem Cert:\CurrentUser\Root | Where-Object Subject -eq 'CN=$label' | select -First 1

if (-not $root)

{

Write-Error 'Certificate with subject CN=$label not found'

return

}

Write-Host 'Exporting certificate'

Export-Certificate -Type CERT -FilePath root.cer -Cert $root

Write-Host 'Converting certificate to PEM format'

certutil -encode root.cer root.pem


https://learn.microsoft.com/en-us/azure-stack/asdk/asdk-cli

https://learn.microsoft.com/en-us/azure-stack/user/azure-stack-version-profiles-azurecli2

Question 7

You have an Azure Slack Hub integrated system that uses the latest version.

You discover an alert for an external certificate that will expire. You obtain new certificates.

You need to validate that all the components required to change the certificates are in a healthy state, and then renew the certificates.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.



Answer : C, E, F


Page:    1 / 14   
Total 176 questions