Practice Free D-AXAZL-A-00 Exam Online Questions
During the "Networking" step of the Azure Portal deployment wizard, the engineer is required to define the Network ATC intents for a 2-node switchless cluster.
The engineer configures the following input:
“`
Intent Name: "Converged_Intent"
Traffic Type: Compute, Storage, Management
Adapters: pNIC01, pNIC02 (Mellanox ConnectX-6 Dx 25GbE)
Override: None
“`
However, the "Next: Tags" button remains disabled, and a validation message appears regarding the Management traffic type.
What is the most likely configuration error in this input parameter set?
- A . Network ATC does not support combining "Compute", "Storage", and "Management" traffic on identical adapters within a single intent for switchless deployments; separation into multiple intents is required.
- B . For switchless configurations, the "Storage" traffic type requires the "JumboPacket" override parameter to be explicitly set to 1514 bytes to avoid validation errors.
- C . The specified adapter names "pNIC01" and "pNIC02" do not correspond to the physical PCI bus locations detected by the Azure Arc agent during system inventory.
- D . "Management" traffic cannot share a Network ATC intent with "Storage" traffic in switchless topologies; deployment requires a separate intent or dedicated 1GbE adapter.
An Implementation Engineer is customizing the parameters.json for a 4-node Azure Local cluster deployment. The customer’s security policy requires that the "Infrastructure Network" (Management) uses a specific VLAN ID, as the default untagged (Native VLAN) configuration is prohibited on the Top-of-Rack switches.
Which JSON property must be added or modified in the Network ATC intent definition to ensure the management traffic is tagged correctly on the host adapters?
- A . json
"intentName":
"Management",
"overrideAdapterProperty":
{
"vlanId": "10"
} - B . json
"infrastructureNetwork":
{
"vlan": "10",
"subnetMask":
"255.255.255.0"
} - C . json
"managementAdapter": {
"vlanTag":
"10"
} - D . json
"networkIntents": [
{
"trafficType":
["Management"],
"adapterPropertyOverrides":
{
"networkDirect":
"Disabled",
"vlanId": "10"
}
}
]
A Deployment Engineer is enabling remote management on a node that is currently in a WORKGROUP. The engineer wants to ensure that sconfig and other remote tools can connect securely.
Which of the following PowerShell cmdlets configures the WinRM (Windows Remote Management) service to accept connections, enabling the HTTP listener and creating the necessary firewall exception?
- A . Enable-PSRemoting -Force (comprehensive setup: starts service, creates listener, enables firewall rule)
- B . New-NetFirewallRule for WinRM HTTP traffic (creates firewall exception but does not configure WinRM service)
- C . Enable-WACConnectivity cmdlet (designed for Windows Admin Center connectivity scenarios)
- D . Start-Service WinRM cmdlet (starts service only; no listener or firewall changes)
- E . Set-ItemProperty on WinRM registry key to enable service (lacks listener and firewall configuration)
A Support Engineer is investigating why a node takes a very long time (>30 minutes) to enter Maintenance Mode during a CAU run, triggering timeouts.
The engineer checks the Cluster Events and sees repeated warnings about "CSV ownership change" and "Virtual Machine Live Migration" occurring very slowly.
What underlying networking configuration should the engineer verify to ensure rapid Live Migration during updates?
- A . Check whether the Windows Search service is actively indexing VHDX files on the Cluster Shared Volume, potentially causing disk I/O contention during migration operations.
- B . In Failover Cluster Manager, verify Live Migration network settings prioritize RDMA (SMB Direct) adapters over management network adapters.
- C . Ensure the Cluster Shared Volume (CSV) is set to Redirected Access mode, which routes all I/O through a single coordinator node and is unsuitable for optimal Live Migration performance.
- D . Verify IPv6 is disabled on all cluster network interfaces across nodes, based on the outdated belief that IPv4-only configurations improve Live Migration traffic efficiency.
A Security Engineer is reviewing the access control for the Service Principal (SPN) used to deploy Azure Local.
The SPN has been assigned "Contributor" on the Resource Group. However, the deployment script fails when trying to create the "Custom Location" resource, returning an AuthorizationFailed error regarding a "Linked Backend" operation.
What additional specific permission or role configuration is often missed for Custom Location creation?
- A . The Service Principal must be added to the "Backup Operators" security group within the on-premises Active Directory domain.
- B . The Service Principal requires "Write" permission on the Cluster’s "Arc Settings" (host of the Custom Location).
- C . A distinct Service Principal with dedicated permissions must be configured for the Custom Location resource creation workflow.
- D . The Service Principal must be granted the "User Access Administrator" role to assign permissions specifically to the Resource Bridge component during deployment.
An Infrastructure Manager is training a junior admin on the limitations of sconfig. The admin asks why they cannot use sconfig to configure the "Switch Embedded Teaming" (SET) for the management uplink.
Why is attempting to configure SET/Teaming via sconfig considered an Anti-Pattern? (Choose 2.)
- A . For Dell PowerEdge AX-series hardware, SET team configuration must occur through the BIOS "Device Settings" menu during pre-OS initialization, not within the operating system.
- B . sconfig supports only LBFO teams (New-NetLbfoTeam), deprecated and unsupported on Azure Stack HCI, and cannot create SET teams.
- C . sconfig relies on the "GUI Management Tools" Windows feature to present the NIC Teaming interface, which is unavailable in Server Core deployments.
- D . Team configuration via sconfig triggers binding modifications that risk immediate remote session termination; it lacks Network ATC’s atomic commit functionality.
- E . Within its NIC teaming workflow, sconfig enforces the "Hyper-V Port" load balancing algorithm, which typically conflicts with LACP requirements on Top-of-Rack switches.
An administrator is inputting the storage configuration parameters in the Azure Portal wizard. The cluster consists of 4 nodes. The wizard requests the "Witness" configuration.
Which of the following inputs represents a valid and recommended configuration for an Azure Local cluster deployed via the portal? (Choose 2.)
- A . Selecting "None" is incorrect; a 4-node cluster requires a witness for quorum majority.
- B . Selecting "Cloud Witness" as the witness type and providing a valid Azure Storage Account name along with its access key during portal configuration.
- C . Using an Azure Storage Account deployed within the same Azure region as the cluster nodes to ensure low-latency witness operations.
- D . Selecting "File Share Witness" with a UNC path to an external file share.
An Implementation Engineer creates a Service Principal for an upcoming Azure Local deployment. The engineer needs to assign the Principle of Least Privilege (PoLP) permissions. The Service Principal will be responsible for creating the Resource Group, registering the Cluster resource, and writing the deployment data.
Which Azure RBAC role assignment meets the minimum requirements for the Service Principal to execute the deployment within a pre-created Resource Group?
- A . Contributor role scoped exclusively to the designated Resource Group for deployment operations.
- B . Owner role assigned at the Subscription scope with full administrative control privileges.
- C . Reader role on the Resource Group combined with Connected Machine Onboarding at Subscription scope.
- D . Network Contributor role limited strictly to the Virtual Network resource scope.
A DevOps Engineer attempts to create a Service Principal for Arc registration using PowerShell but encounters an "Insufficient Privileges" error.
– User Role: "Owner" on the Azure Subscription.
– Error: "You do not have permission to register applications in this directory."
Why did the creation fail despite the user being an Owner of the subscription?
- A . A "Disabled" subscription restricts Azure resource operations but does not trigger Entra ID directory-level permission errors during app registration.
- B . Unregistered "Microsoft.HybridCompute" resource provider blocks Azure Arc resource deployment but does not interfere with Entra ID app registration, which is where the permission error originates.
- C . Service Principal quotas are enforced at the Entra ID directory level (default 1000); exceeding quota returns a quota-specific error, not "Insufficient Privileges." Enterprise directories commonly have elevated limits.
- D . App Registration requires Microsoft Entra ID (tenant scope) permissions. Azure Subscription Owner role does not grant these; the user needs an Entra ID role (e.g., Application Developer) or the tenant setting "Users can register applications" enabled.
A Systems Integrator verifies the deployment of a 4-node cluster. The "Overview" blade in the Azure Portal shows the cluster is "Online", but the "Configuration" blade shows a warning for "Drift Control".
Status: "Non-Compliant"
Drift Detected: "HostNetworking"
Details: "Node-03: Adapter ‘pNIC01’ JumboPacket value is 1514. Intent ‘Storage’ requires 9014."
The integrator suspects a manual change was made on the node.
What is the consequence of this state, and how does the system behave? (Select all that apply.)
- A . Within the Azure Resource Manager (ARM) portal, deployment status changes to "Failed" and persists until an administrator manually corrects the configuration drift.
- B . The cluster remains operational, though storage performance may degrade due to RoCEv2 packet fragmentation.
- C . The "Storage" network intent on Node-03 becomes non-functional and ceases enforcement until drift resolution occurs.
- D . The cluster will trigger an immediate "Evacuate Node" action to drain workloads from Node-03.
- E . Network ATC remediates drift by resetting the JumboPacket to 9014 during its next scan (default interval: 15 minutes).