Practice Free D-AXAZL-A-00 Exam Online Questions
A Security Administrator mandates that the OS installation must comply with the "Secure Boot" chain of trust. During the execution of the deployment wizard, the engineer notices a prompt regarding "Unsigned Drivers".
[Setup Warning] Windows can’t verify the publisher of this driver software.
[Driver] percsas3.sys
[Action] Install this driver software anyway?
What is the correct course of action and the underlying reason?
- A . Disable Secure Boot via the BIOS configuration menu, install the unsigned driver, and re-enable Secure Boot after the operating system has been patched and updated.
- B . Abort the installation; the VSR media is likely corrupt or tampered because valid VSR drivers require WHQL signing for Secure Boot compliance on AX nodes.
- C . Proceed with the installation; the VSR media sometimes contains beta drivers that are not yet WHQL signed but are safe for Dell hardware.
- D . This warning is expected for Microsoft "Inbox" drivers included in the OS image; therefore, the warning can be safely ignored during the installation process.
A Solution Architect is designing a monitoring strategy for verifying "Day 2" resource provisioning success. They need to alert if the *Arc Resource Bridge* (used for VM management) fails to provision correctly after the cluster is deployed.
Which of the following signals in the Azure Portal indicates that the Arc Resource Bridge is correctly provisioned and ready? (Choose 2.)
- A . The Cluster resource Overview blade lists the "Arc Resource Bridge" status as "Connected".
- B . The Azure Monitor Metrics show Heartbeat events from the appliance VM.
- C . The Activity Log shows a "Write Virtual Machines" success event for the appliance VM.
- D . The "Extensions" tab of the Cluster resource lists the "Microsoft.ArcResourceBridge" extension.
- E . The Custom Location resource associated with the cluster shows "Provisioning State: Succeeded".
An Implementation Engineer initiates a cluster deployment via the Azure Portal. The validation phase completes successfully, and the deployment proceeds. However, after 45 minutes, the deployment status remains stuck at "Deploying: Waiting for service…" without failing or progressing.
The engineer verifies that the physical nodes are powered on and the OS is responsive.
What is the most likely underlying cause of this specific timeout behavior?
- A . Physical switch ports use an incorrect VLAN for the "Compute" intent, triggering a broadcast storm that interrupts deployment progress.
- B . The deployment wizard is paused, awaiting manual approval from the engineer to create the cluster quorum witness in a separate Azure Portal browser window.
- C . The Azure Stack HCI operating system license has expired after the evaluation period, causing cluster nodes to halt deployment command processing.
- D . Firewall blocks outbound HTTPS traffic to *.servicebus.windows.net, preventing Arc agent status updates to Azure Resource Manager.
A Network Administrator runs a PowerShell command to verify the driver version of the Mellanox ConnectX-6 adapters on Node-01 after an OS deployment.
“`
PS C:> Get-NetAdapter | Where-Object InterfaceDescription -like "*Mellanox*" | Select-Object Name, DriverVersion, DriverDate
Name DriverVersion DriverDate
—- ————- ———-
Slot 1 P1 2.60.255.0 2023-01-15
Slot 1 P2 2.60.255.0 2023-01-15
# VSR Requirement from SBE
Target Version: 23.10.15.0
“`
The administrator observes a significant discrepancy.
What is the most likely reason for this mismatch immediately after a clean install?
- A . During the Out-of-Box Experience (OOBE) phase, the operating system might have automatically updated the Mellanox network driver through Windows Update.
- B . The Mellanox ConnectX-6 adapter firmware version is too new, which forces the driver to downgrade itself for compatibility reasons.
- C . For the Mellanox adapter, the driver is reporting the Microsoft NDIS (Network Driver Interface Specification) version number instead of the vendor-specific package version.
- D . Installation with a standard Microsoft ISO instead of the Dell Custom VSR ISO results in an older "Inbox" driver being used.
A Site Reliability Engineer (SRE) runs the azcmagent connect command and encounters a failure related to Tags.
[Error] RequestDisallowedByPolicy
[Policy] ‘Require-CostCenter-Tag’
[Detail] The resource was missing the required tag ‘CostCenter’.
The SRE verifies that the target Resource Group already has the CostCenter: IT-Ops tag applied.
Why did the registration still fail?
- A . Changing the policy assignment effect to ‘Audit’ would permit non-compliant resources, violating mandatory cost center tracking requirements. The ‘Deny’ effect is intentionally configured for enforcement.
- B . The azcmagent CLI has been observed to strip tags when a proxy server with NTLM authentication is configured, though this behavior is not documented as a bug in current versions.
- C . Azure Policy checks tags directly on the Arc Machine resource during creation. Resource Group tags are not inherited, so the untagged request triggered the Deny effect.
- D . The tag name is case-sensitive in Azure Policy. The Resource Group uses ‘costcenter’ (lowercase) while the policy definition explicitly requires ‘CostCenter’ (with capital C).
A deployment team is ready to create an Azure Local instance using the Azure Portal wizard. They have successfully registered all four AX-760 nodes with Azure Arc. However, when the engineer attempts to initiate the "Create" workflow, they are unable to select the subscription where the nodes are registered.
Based on the Azure Local deployment prerequisites, which permission assignment must be verified for the user account attempting the deployment?
- A . The user must be a ‘Global Administrator’ in the Entra ID tenant.
- B . The user must have ‘Owner’ or ‘Contributor’ permissions on the Azure Subscription.
- C . The user must have the ‘Backup Operator’ role on the Arc-enabled servers.
- D . The user must be assigned the ‘Azure Connected Machine Onboarding’ role on the Resource Group.
A Dell Solutions Consultant is preparing a registration script for a client who uses multiple Azure Directories. The consultant needs to ensure the script retrieves the Subscription ID from the correct context.
– The user account is a Guest in "Tenant A" and a Member in "Tenant B".
– The target subscription "Sub-XYZ" exists in "Tenant B".
The consultant runs az login followed by az account show. The output shows tenantId matching "Tenant A".
What command must the consultant run next to switch the context and retrieve the correct Subscription ID for "Sub-XYZ"?
- A . Get-AzSubscription -TenantId <Tenant-B-ID>
- B . az logout; az login –tenant <Tenant-B-ID>
- C . az config set defaults.subscription="Sub-XYZ"
- D . Run az account set –subscription "Sub-XYZ"
An architect is designing the deployment strategy for a new 4-node Dell AX-760 cluster. They are weighing the trade-offs between using the Azure Portal deployment wizard versus an ARM Template deployment.
# Scenario Context
– Cluster Size: 4 Nodes (Switched Topology)
– Requirement: Replicable deployment across 50 branch sites
– Connectivity: Reliable 1Gbps link to Azure
– Personnel: Junior admins at branch sites
Which of the following factors favor using the Azure Portal wizard over the ARM Template method for the *initial* pilot deployment? (Select all that apply.)
- A . The wizard provides an interactive, step-by-step validation UI that helps identify prerequisites gaps visually without writing JSON code.
- B . The wizard integrates the selection of the "Witness" storage account type directly into the workflow.
- C . The wizard automatically generates the required parameters.json file which can be exported for use in the subsequent 50 branch deployments.
- D . The wizard manages the registration of the nodes to Azure Arc automatically as part of the "Basics" tab workflow.
- E . The wizard allows for granular definition of custom Network ATC intents that are not possible via ARM templates.
An IT Operations Analyst is reviewing the default "Remote Management" configuration on a newly imaged server.
The analyst attempts to connect via RDP but fails.
– Firewall: Enabled (Public Profile)
– Remote Desktop: "Disabled" (Default)
The analyst runs sconfig to enable Remote Desktop.
Which of the following statements accurately describes the security implication of this action in the default "Public" profile state? (Select all that apply.)
- A . When enabling Remote Desktop via sconfig or the PowerShell command Set-ItemProperty, the operating system automatically activates the predefined "Remote Desktop" firewall rule group to permit inbound TCP 3389 traffic.
- B . Enabling the Remote Desktop feature through sconfig will trigger an automatic change of the network profile category from Public to Private, as the system requires the less restrictive Private profile to allow inbound RDP connections.
- C . To establish connectivity from a routed management network while the server remains assigned to the Public profile, the analyst must modify the RemoteDesktop-UserMode-In-TCP firewall rule to set the remote address scope to "Any".
- D . In the Public network profile, the default firewall rule for Remote Desktop restricts access exclusively to the LocalSubnet scope, blocking connections originating from routed subnets such as a separate management VLAN.
- E . The sconfig utility will fail to enable Remote Desktop functionality because the Remote-Desktop-Services role is not installed, and this role is required for RDP to operate on Windows Server systems.
During the "Security" input phase, the engineer is asked to configure the "Infrastructure Lock" setting (if available/exposed in the wizard or template).
“`
# Scenario
The customer requires that once deployed, no changes can be made to the Network ATC configuration or Storage Pools to prevent accidental drift.
“`
Which input selection achieves this "Day 2" security posture during the "Day 1" deployment configuration?
- A . Infrastructure Lock is not available in the deployment wizard; it is configured post-deployment via Cluster resource blade or PowerShell.
- B . Setting the "Drift Control" toggle to "Strict" within the Network ATC intent configuration section during cluster deployment.
- C . Within the Azure portal deployment wizard for Azure Stack HCI, selecting the "Enable Secured-core server" checkbox is intended for hardware security features and automatically enables Infrastructure Lock.
- D . Assigning the "Azure Stack HCI Infrastructure Lock" policy through the "Advanced Configuration" tab in the deployment wizard interface.