2019 Free Microsoft EnsurePass AZ-102 Dumps VCE and PDF Download Part 5

 

EnsurePass
Exam Dumps

AZ-102 Dumps VCE and PDF

http://www.ensurepass.com/AZ-102.html

 

QUESTION 41

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

 

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

 

Another administrator plans to create several network security groups (NSGs) in the subscription.

 

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

 

Solution: You create a resource lock, and then you assign the lock to the subscription.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: B

Explanation:
How can I freeze or lock my production/critical Azure resources from accidental deletion? There is way to do this with both ASM and ARM resources using Azure resource lock.

 

References:

https://blogs.msdn.microsoft.com/azureedu/2016/04/27/using-azure-resource-manager-policy-and-azure-lock-to-control-your-azure-resources/

 

 

QUESTION 42

You have 100 Azure subscriptions. All the subscriptions are associated to the same Azure Active Directory (Azure AD) tenant named contoso.com.

 

You are a global administrator.

 

You plan to create a report that lists all the resources across all the subscriptions.

 

You need to ensure that you can view all the resources in all the subscriptions.

 

What should you do?

 

A.

From the Azure portal, modify the profile settings of your account.

B.

From Windows PowerShell, run the Add-AzureADAdministrativeUnitMember cmdlet.

C.

From Windows PowerShell, run the New-AzureADUserAppRoleAssignment cmdlet.

D.

From the Azure portal, modify the properties of the Azure AD tenant.

 

Correct Answer: C

Explanation:
The New-AzureADUserAppRoleAssignment cmdlet assigns a user to an application role in Azure Active Directory (AD). Use it for the application report.

 

References:

https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureaduserapproleassignment?view=azureadps-2.0

 

 

QUESTION 43

You have an Azure subscription named Subscription1.

 

Subscription1 contains the virtual machines in the following table.

 


Subscription1 contains a virtual network named VNet1 that has the subnets in the following table.

 


 

VM3 has a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.

 

You create a route table named RT1. RT1 is associated to Subnet1 and Subnet2 and contains the routes in the following table.

 


 

You apply RT1 to Subnet1.

 

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

QUESTION 44

You sign up for Azure Active Directory (Azure AD) Premium.

 

You need to add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain.

 

What should you configure in Azure AD?

 

A.

Device settings from the Devices blade.

B.

General settings from the Groups blade.

C.

User settings from the Users blade.

D.

Providers from the MFA Server blade.

 

Correct Answer: C

Explanation:
When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principles to the local administrators group on the device:

 

The Azure AD global administrator role

The Azure AD device administrator role

The user performing the Azure AD join

 

In the Azure portal, you can manage the device administrator role on the Devices page. To open the Devices page:

 

1. Sign in to your Azure portal as a global administrator or device administrator.

2. On the left navbar, click Azure Active Directory.

3. In the Manage section, click Devices.

4. On the Devices page, click Device settings.

5. To modify the device administrator role, configure Additional local administrators on Azure AD joined devices.

 

References:

https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

 

 

 

 

 

QUESTION 45

You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2016. Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1. What can you do from the Azure portal?

 

A.

Generate an automation script for RG1.

B.

View the keys of storageaccount1.

C.

Upload a blob to storageaccount1.

D.

Start VM1.

 

Correct Answer: B

Explanation:
ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

 

References:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

 

 

QUESTION 46

You have an Azure Linux virtual machine that is protected by Azure Backup.

 

One week ago, two files were deleted from the virtual machine.

 

You need to restore the deleted files to an on-premises computer as quickly as possible.

 

Which four actions should you perform in sequence?

 

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 


 

Correct Answer:


 

 

QUESTION 47

Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.

 







 

When you are finished performing all the tasks, click the `Next’ button.

 

Note that you cannot return to the lab once you click the `Next’ button. Scoring occur in the background while you complete the rest of the exam.

 

Overview

The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

 

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

 

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

 

To start the lab

You may start the lab by clicking the Next button.

 

You need to create a virtual network named VNET1008 that contains three subnets named subnet0, subnet1, and subnet2. The solution must meet the following requirements:

 

Connections from any of the subnets to the Internet must be blocked.

Connections from the Internet to any of the subnets must be blocked.

The number of network security groups (NSGs) and NSG rules must be minimized.

 

What should you do from the Azure portal?

 

Correct Answer: See solution below.

Explanation:

Step 1: Click Create a resource in the portal.

Step 2: Enter Virtual network in the Search the Marketplace box at the top of the New pane that appears. Click Virtual network when it appears in the search results.

Step 3: Select Classic in the Select a deployment model box in the Virtual Network pane that appears, then click Create.

Step 4: Enter the following values on the Create virtual network (classic) pane and then click Create:

 

Name: VNET1008

Address space: 10.0.0.0/16

Subnet name: subnet0

Resource group: Create new

Subnet address range: 10.0.0.0/24

Subscription and location: Select your subscription and location.

 

Step 5: In the portal, you can create only one subnet when you create a virtual network. Click Subnets (in the SETTINGS section) on the Create virtual network (classic) pane that appears.

Click +Add on the VNET1008 – Subnets pane that appears.

Step 6: Enter subnet1 for Name on the Add subnet pane. Enter 10.0.1.0/24 for Address range. Click OK.

Step 7: Create the third subnet: Click +Add on the VNET1008 – Subnets pane that appears. Enter subnet2 for Name on the Add subnet pane. Enter 10.0.2.0/24 for Address range. Click OK.

 

References:

https://docs.microsoft.com/en-us/azure/virtual-network/create-virtual-network-classic

 

 

QUESTION 48

You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table.

 


 

Subscription1 contains the virtual machines in the following table:

 


 

The firewalls on all the virtual machines are configured to allow all ICMP traffic.

 

You add the peerings in the following table.

 


 

For each of the following statements, select Yest if the statement is true. Otherwise, select No.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

QUESTION 49

Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.

 







 

When you are finished performing all the tasks, click the `Next’ button.

 

Note that you cannot return to the lab once you click the `Next’ button. Scoring occur in the background while you complete the rest of the exam.

 

Overview

The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

 

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

 

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

 

To start the lab

You may start the lab by clicking the Next button.

 

You plan to create 100 Azure virtual machines on each of the following three virtual networks:

VNET1005a

VNET1005b

VNET1005c

 

All the network traffic between the three virtual networks will be routed through VNET1005a.

 

You need to create the virtual networks, and then to ensure that all the Azure virtual machines can connect to other virtual machines by using their private IP address. The solution must NOT require any virtual network gateways and must minimize costs.

 

What should you do from the Azure portal before you configure IP routing?

 

Correct Answer: See solution below.

Explanation:

Step 1: Click Create a resource in the portal.

Step 2: Enter Virtual network in the Search the Marketplace box at the top of the New pane that appears. Click Virtual network when it appears in the search results.

Step 3: Select Classic in the Select a deployment model box in the Virtual Network pane that appears, then click Create.

Step 4: Enter the following values on the Create virtual network (classic) pane and then click Create:

 

Name: VNET1005a

Address space: 10.0.0.0/16

Subnet name: subnet0

Resource group: Create new

Subnet address range: 10.0.0.0/24

Subscription and location: Select your subscription and location.

 

Step 5: Repeat steps 3-5 for VNET1005b (10.1.0.0/16, 10.1.0.0/24), and for VNET1005c 10.2.0.0/16, 10.2.0.0/24).

 

References:

https://docs.microsoft.com/en-us/azure/virtual-network/create-virtual-network-classic

 

 

QUESTION 50

You have an Azure subscription named Subscription1.

 

You create an Azure Storage account named contosostorage, and then you create a file share named data.

 

Which UNC path should you include in a script that references files from the data file share?

 

To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 


 

2019 Free Microsoft EnsurePass AZ-100 Dumps VCE and PDF Download Part 4

EnsurePass Exam Dumps

AZ-100 Dumps VCE and PDF

http://www.ensurepass.com/AZ-100.html

 

QUESTION 31

Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.

 







 

When you are finished performing all the tasks, click the `Next’ button.

 

Note that you cannot return to the lab once you click the `Next’ button. Scoring occur in the background while you complete the rest of the exam.

 

Overview

The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

 

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

 

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

 

To start the lab

You may start the lab by clicking the Next button.

 

You need to deploy two Azure virtual machines named VM1003a and VM1003b based on the Ubuntu Server 17.10 image. The deployment must meet the following requirements:

 

Provide a Service Level Agreement (SLA) of 99.95 percent availability.

Use managed disks.

 

What should you do from the Azure portal?

 

Correct Answer: See solution below.

Explanation:
1. Open the Azure portal.

2. On the left menu, select All resources. You can sort the resources by Type to easily find your images.

3. Select the image you want to use from the list. The image Overview page opens.

4. Select Create VM from the menu.

5. Enter the virtual machine information.

Select VM1003a as the name for the first Virtual machine.The user name and password entered here will be used to log in to the virtual machine. When complete, select OK. You can create the new VM in an existing resource group, or choose Create new to create a new resource group to store the VM.

6. Select a size for the VM. To see more sizes, select View all or change the Supported disk type filter.

7. Under Settings, make changes as necessary and select OK.

8. On the summary page, you should see your image name listed as a Private image. Select Ok to start the virtual machine deployment.

Repeat the procedure for the second VM and name it VM1003b.

 

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-vm-generalized-managed

 

 

QUESTION 32

You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.

 

You need to delete the Recovery Services vault.

 

What should you do first?

 

A.

From the Recovery Service vault, stop the backup of each backup item.

B.

From the Recovery Service vault, delete the backup data.

C.

Modify the disaster recovery properties of each virtual machine.

D.

Modify the locks of each virtual machine.

 

Correct Answer: A

Explanation:
You can’t delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can’t, the vault is still configured to receive backup data.

 

Remove vault dependencies and delete vault

 

In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.

 


 

References:

https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault

 

 

QUESTION 33

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

 

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

 

Another administrator plans to create several network security groups (NSGs) in the subscription.

 

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

 

Solution: You create a resource lock, and then you assign the lock to the subscription.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: B

Explanation:
How can I freeze or lock my production/critical Azure resources from accidental deletion? There is way to do this with both ASM and ARM resources using Azure resource lock.

 

References:

https://blogs.msdn.microsoft.com/azureedu/2016/04/27/using-azure-resource-manager-policy-and-azure-lock-to-control-your-azure-resources/

QUESTION 34

Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.

 







 

When you are finished performing all the tasks, click the `Next’ button.

 

Note that you cannot return to the lab once you click the `Next’ button. Scoring occur in the background while you complete the rest of the exam.

 

Overview

The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

 

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

 

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

 

To start the lab

You may start the lab by clicking the Next button.

 

You plan to deploy several Azure virtual machines and to connect them to a virtual network named VNET1007.

 

You need to ensure that future virtual machines in VNET1007 can register their name in an internal DNS zone named corp7523690.com. The zone must NOT be hosted on a virtual machine.

 

What should you do from Azure Cloud Shell?

 

To complete this task, start Azure Cloud Shell and select PowerShell(Linux). Click Show Advanced Settings, and then enter corp7523690n1 in the Storage account text box and File1 in the File share text box. Click Create storage, and then complete the task.

 

Correct Answer: See solution below.

Explanation:
Step 1: New-AzureRMResourceGroup -name MyResourceGroup

Before you create the DNS zone, create a resource group to contain the DNS zone.

 

Step 2: New-AzureRmDnsZone -Name corp7523690.com -ResourceGroupName MyResourceGroup

A DNS zone is created by using the New-AzureRmDnsZone cmdlet. This creates a DNS zone called corp7523690.com in the resource group called MyResourceGroup.

 

References:

https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-powershell

 

 

QUESTION 35

You create an Azure Storage account named contosostorage.

 

You plan to create a file share named data.

 

Users need to map a drive to the data file share from home computers that run Windows 10.

 

Which port should be open between the home computers and the data file share?

 

A.

80

B.

443

C.

445

D.

3389

 

Correct Answer: C

Explanation:
Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked.

 

References:

https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

 

 

 

 

 

 

 

 

QUESTION 36

You have an Azure subscription named Subscription1.

 

You deploy a Linux virtual machine named VM1 to Subscription1.

 

You need to monitor the metrics and the logs of VM1.

 

What should you use?

 

A.

LAD 3.0

B.

Azure Analysis Services

C.

the AzurePerformanceDiagnostics extension

D.

Azure HDInsight

 

Correct Answer: C

Explanation:
You can use extensions to configure diagnostics on your VMs to collect additional metric data.

The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM.

 

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-monitoring

 

 

QUESTION 37

You have an Azure subscription that contains the resources in the following table.

 


 

Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1.

 

You need to apply ASG1 to VM1.

 

What should you do?

 

A.

Modify the properties of NSG1.

B.

Modify the properties of ASG1.

C.

Associate NIC1 to ASG1.

 

Correct Answer: B

Explanation:
When you deploy VMs, make them members of the appropriate ASGs.

You associate the ASG with a subnet.

 

References:

https://azure.microsoft.com/en-us/blog/applicationsecuritygroups/

 

QUESTION 38

DRAG DROP

You have an on-premises file server named Server1 that runs Windows Server 2016.

 

You have an Azure subscription that contains an Azure file share.

 

You deploy an Azure File Sync Storage Sync Service, and you create a sync group.

 

You need to synchronize files from Server1 to Azure.

 

Which three actions should you perform in sequence?

 

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 


 

Correct Answer:


 

 

QUESTION 39

You have an Azure Active Directory (Azure AD) domain that contains 5,000 user accounts. You create a new user account named AdminUser1.

 

You need to assign the User administrator administrative role to AdminUser1.

 

What should you do from the user account properties?

 

A.

From the Directory role blade, modify the directory role.

B.

From the Groups blade, invite the user account to a new group.

C.

From the Licenses blade, assign a new license.

 

Correct Answer: A

Explanation:
Assign a role to a user

Sign in to the Azure portal with an account that’s a global admin or privileged role admin for the directory.

Select Azure Active Directory, select Users, and then select a specific user from the list.

For the selected user, select Directory role, select Add role, and then pick the appropriate admin roles from the Directory roles list, such as Conditional access administrator.

Press Select to save.

 

References:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal

 

 

QUESTION 40

HOTSPOT

You have an Azure subscription.

 

You need to implement a custom policy that meet the following requirements:

 

Ensures that each new resource group in the subscription has a tag named organization set to a value of Contoso.

Ensures that resource group can be created from the Azure portal.

Ensures that compliance reports in the Azure portal are accurate.

 

How should you complete the policy?

 

To answer, select the appropriate options in the answers area.

 


 

Correct Answer:


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

2019 Free Microsoft EnsurePass AZ-100 Dumps VCE and PDF Download Part 3

EnsurePass Exam Dumps

AZ-100 Dumps VCE and PDF

http://www.ensurepass.com/AZ-100.html

 

QUESTION 21

HOTSPOT

You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.

 


 

In Azure, you create a private DNS zone named adatum.com. You set the registration virtual network to VNet2. The adatum.com zone is configured as shown in the following exhibit.

 


 

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

QUESTION 22

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

 

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.

 

You receive a notification that VM1 will be affected by maintenance.

 

You need to move VM1 to a different host immediately.

 

Solution: From the Overview blade, you move the virtual machine to a different resource group.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: B

Explanation:
You should redeploy the VM.

 

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

 

 

QUESTION 23

You have the Azure virtual machines shown in the following table.

 


You have a Recovery Services vault that protects VM1 and VM2.

 

You need to protect VM3 and VM4 by using Recovery Services.

 

What should you do first?

 

A.

Configure the extensions for VM3 and VM4.

B.

Create a new Recovery Services vault.

C.

Create a storage account.

D.

Create a new backup policy.

 

Correct Answer: B

Explanation:
A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services

 

References:

https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication

 

 

QUESTION 24

HOTSPOT

You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table.

 


 

Subscription1 contains the virtual machines in the following table:

 


 

The firewalls on all the virtual machines are configured to allow all ICMP traffic.

 

You add the peerings in the following table.

 


 

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

QUESTION 25

You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2016.

 

Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1.

 

What can you do from the Azure portal?

 

A.

Generate an automation script for RG1.

B.

View the keys of storageaccount1.

C.

Upload a blob to storageaccount1.

D.

Start VM1.

 

Correct Answer: B

Explanation:
ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

 

References:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

 

 

 

 

QUESTION 26

You have an Azure subscription that contains two resource groups named RG1 and RG2. RG2 does not contain any resources. RG1 contains the resources in the following table.

 


 

Which resource can you move to RG2?

 

A.

W10_OsDisk

B.

VNet1

C.

VNet3

D.

W10

 

Correct Answer: B

Explanation:
When moving a virtual network, you must also move its dependent resources. For example, you must move gateways with the virtual network. VM W10, which is in Vnet1, is not a dependent resource.

 

 

QUESTION 27

Your company has an Azure subscription named Subscription1.

 

The company also has two on-premises servers named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a DNS server that has a primary DNS zone named adatum.com. Adatum.com contains 1,000 DNS records.

 

You manage Server1 and Subscription1 from Server2. Server2 has the following tools installed:

 

The DNS Manager console

Azure PowerShell

Azure CLI 2.0

 

You need to move the adatum.com zone to Subscription1. The solution must minimize administrative effort.

 

What should you use?

 

A.

Azure PowerShell

B.

Azure CLI

C.

the Azure portal

D.

the DNS Manager console

 

Correct Answer: B

Explanation:
Azure DNS supports importing and exporting zone files by using the Azure command-line interface (CLI). Zone file import is not currently supported via Azure PowerShell or the Azure portal.

 

References:

https://docs.microsoft.com/en-us/azure/dns/dns-import-export

 

 

QUESTION 28

HOTSPOT

You have an Azure subscription named Subscription1.

 

In Subscription1, you create an Azure file share named share1.

 

You create a shared access signature (SAS) named SAS1 as shown in the following exhibit.

 


To answer, select the appropriate options in the answer area.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

QUESTION 29

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

 

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

 

Another administrator plans to create several network security groups (NSGs) in the subscription.

 

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

 

Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: B

 

 

QUESTION 30

You have an Azure DNS zone named adatum.com. You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure. What should you do?

 

A.

Create an PTR record named research in the adatum.com zone.

B.

Create an NS record named research in the adatum.com zone.

C.

Modify the SOA record of adatum.com.

D.

Create an A record named “.research in the adatum.com zone.

 

Correct Answer: D

Explanation:
Configure A records for the domains and sub domains.

 

References:

http://www.stefanjohansson.org/2012/12/how-to-configure-custom-dns-names-for-multiple-subdomain-based-azure-web-sites/

 


 

2019 Free Microsoft EnsurePass AZ-102 Dumps VCE and PDF Download Part 6

EnsurePass
Exam Dumps

AZ-102 Dumps VCE and PDF

http://www.ensurepass.com/AZ-102.html

 

QUESTION 51

You have an Active Directory forest named contoso.com.

 

You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled.

 

You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.

 

You need to ensure that the synchronization completes successfully.

 

What should you do?

 

A.

From Synchronization Service Manager, run a full import.

B.

Run Azure AD Connect and set the SSO method to Pass-through Authentication.

C.

From Azure PowerShell, run Start-AdSyncSyncCycle -PolicyType Initial.

D.

Run Azure AD Connect and disable staging mode.

 

Correct Answer: D

Explanation:
Staging mode must be disabled. If the Azure AD Connect server is in staging mode, password hash synchronization is temporarily disabled.

 

References:

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-troubleshoot-password-hash-synchronization#no-passwords-are-synchronized-troubleshoot-by-using-the-troubleshooting-task

 

 

QUESTION 52

You have an Azure subscription named Subscription1. Subscription1 contains two Azure virtual machines named VM1 and VM2. VM1 and VM2 run Windows Server 2016.

 

VM1 is backed up daily by Azure Backup without using the Azure Backup agent.

 

VM1 is affected by ransomware that encrypts data.

 

You need to restore the latest backup of VM1.

 

To which location can you restore the backup?

 

To answer, select the appropriate options in the answer area.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

QUESTION 53

You have an Azure Active Directory (Azure AD) domain that contains 5,000 user accounts. You create a new user account named AdminUser1.

 

You need to assign the User administrator administrative role to AdminUser1.

 

What should you do from the user account properties?

 

A.

From the Directory role blade, modify the directory role.

B.

From the Groups blade, invite the user account to a new group.

C.

From the Licenses blade, assign a new license.

 

Correct Answer: A

Explanation:
Assign a role to a user

Sign in to the Azure portal with an account that’s a global admin or privileged role admin for the directory.

For the selected user, select Directory role, select Add role, and then pick the appropriate admin roles from the Directory roles list, such as Conditional access administrator.

Press Select to save.

 

References:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal

 

 

QUESTION 54

You plan to create an Azure Storage account in the Azure region of East US 2.

 

You need to create a storage account that meets the following requirements:

 

Replicates synchronously

Remains available if a single data center in the region fails

 

How should you configure the storage account?

 

To answer, select the appropriate options in the answer area.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

QUESTION 55

You have peering configured as shown in the following exhibit.

 


 

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

 

 

QUESTION 56

You have an on-premises file server named Server1 that runs Windows Server 2016.

 

You have an Azure subscription that contains an Azure file share.

 

You deploy an Azure File Sync Storage Sync Service, and you create a sync group.

 

You need to synchronize files from Server1 to Azure.

 

Which three actions should you perform in sequence?

 

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 


 

Correct Answer:


 

 

QUESTION 57

You have an Azure subscription named Subscription1.

 

In Subscription1, you create an Azure file share named share1.

 

You create a shared access signature (SAS) named SAS1 as shown in the following exhibit.

 


 

To answer, select the appropriate options in the answer area.

 

NOTE: Each correct selection is worth one point.

 


Correct Answer:


 

 

QUESTION 58

Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.

 







 

When you are finished performing all the tasks, click the `Next’ button.

 

Note that you cannot return to the lab once you click the `Next’ button. Scoring occur in the background while you complete the rest of the exam.

 

Overview

The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

 

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

 

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

 

To start the lab

You may start the lab by clicking the Next button.

 

You plan to migrate a large amount of corporate data to Azure Storage and to back up files stored on old hardware to Azure Storage.

 

You need to create a storage account named corpdata7523690n1 in the corpdatalog7523690 resource group.

 

The solution must meet the following requirements:

 

Corpdata7523690n1 must be able to host the virtual disk files for Azure virtual machines.

 

The cost of accessing the files must be minimized.

 

Replication costs must be minimized.

 

What should you do from the Azure portal?

 

Correct Answer: See solution below.

Explanation:

Step 1: In the Azure portal, click All services. In the list of resources, type Storage Accounts. As you begin typing, the list filters based on your input. Select Storage Accounts.

Step 2: On the Storage Accounts window that appears, choose Add.

Step 3: Select the subscription in which to create the storage account.

Step 4: Under the Resource group field, select corpdatalog7523690.

Step 5: Enter a name for your storage account: corpdata7523690n1

Step 6: For Account kind select: General-purpose v2 accounts (recommended for most scenarios)

General-purpose v2 accounts is recommended for most scenarios. . General-purpose v2 accounts deliver the lowest per-gigabyte capacity prices for Azure Storage, as well as industry-competitive transaction prices.

Step 7: For replication select: Read-access geo-redundant storage (RA-GRS)

Read-access geo-redundant storage (RA-GRS) maximizes availability for your storage account. RA-GRS provides read-only access to the data in the secondary location, in addition to geo-replication across two regions.

 

References:

https://docs.microsoft.com/en-us/azure/storage/common/storage-quickstart-create-account

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview

 

 

QUESTION 59

Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.

 




 

When you are finished performing all the tasks, click the `Next’ button.

 

Note that you cannot return to the lab once you click the `Next’ button. Scoring occur in the background while you complete the rest of the exam.

 

Overview

The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

 

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

 

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

 

To start the lab

You may start the lab by clicking the Next button.

 

Your on-premises network uses an IP address range of 131.107.2.0 to 131.107.2.255.

 

You need to ensure that only devices from the on-premises network can connect to the rg1lod7523691n1 storage account.

 

What should you do from the Azure portal?

 

Correct Answer: See solution below.

Explanation:

Step 1: Navigate to the rg1lod7523691n1 storage account.

Step 2: Click on the settings menu called Firewalls and virtual networks.

Step 3: Ensure that you have elected to allow access from ‘Selected networks’.

Step 4: To grant access to an internet IP range, enter the address range of 131.107.2.0 to 131.107.2.255 (in CIDR format) under Firewall, Address Ranges.

 

References:

https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

 

 

QUESTION 60

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

 

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.

 

You need to view the date and time when the resources were created in RG1.

 

Solution: From the RG1 blade, you clickDeployments.

 

Does this meet the goal?

 

A.

Yes

B.

No

Correct Answer: A

 


 

2019 Free Microsoft EnsurePass AZ-100 Dumps VCE and PDF Download Part 2

EnsurePass Dumps

AZ-100 Dumps VCE and PDF

http://www.ensurepass.com/AZ-100.html

 

QUESTION 11

DRAG DROP

You have an Azure subscription that contains a storage account.

You have an on-premises server named Server1 that runs Window Server 2016. Server1 has 2 TB of data.

You need to transfer the data to the storage account by using the Azure Import/Export service.

In which order should you perform the actions?

To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

 


 

Correct Answer:


 

 

QUESTION 12

HOTSPOT

You have an Azure Storage accounts as shown in the following exhibit.

 


 

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:

 


 

 

QUESTION 13

You have an Azure subscription that contains a virtual machine named VM1. VM1 hosts a line-of-business application that is available 24 hours a day. VM1 has one network interface and one managed disk. VM1 uses the D4s v3 size.

 

You plan to make the following changes to VM1:

 

Change the size to D8s v3.

Add a 500-GB managed disk.

Add the Puppet Agent extension.

Attach an additional network interface.

 

Which change will cause downtime for VM1?

 

A.

Add a 500-GB managed disk.

B.

Attach an additional network interface.

C.

Add the Puppet Agent extension.

D.

Change the size to D8s v3.

 

Correct Answer: D

Explanation:
While resizing the VM it must be in a stopped state.

 

References:

https://azure.microsoft.com/en-us/blog/resize-virtual-machines/

 

 

QUESTION 14

HOTSPOT

You have an Azure subscription named Subscription1. Subscription1 contains two Azure virtual machines named VM1 and VM2. VM1 and VM2 run Windows Server 2016.

 

VM1 is backed up daily by Azure Backup without using the Azure Backup agent.

 

VM1 is affected by ransomware that encrypts data.

 

You need to restore the latest backup of VM1.

 

To which location can you restore the backup? To answer, select the appropriate options in the answer area.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

QUESTION 15

You have an Azure subscription named Subscription1 that is used be several departments at your company. Subscription1 contains the resources in the following table:

 


 

Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template.

 

You need to view the template used for the deployment.

 

From which blade can you view the template that was used for the deployment?

 

A.

RG1

B.

VM1

C.

Storage1

D.

Container1

 

Correct Answer: A

Explanation:
1. View template from deployment history

 

Go to the resource group for your new resource group. Notice that the portal shows the result of the last deployment. Select this link.

 


 

2. You see a history of deployments for the group. In your case, the portal probably lists only one deployment.

 

Select this deployment.

 


 

The portal displays a summary of the deployment. The summary includes the status of the deployment and its operations and the values that you provided for parameters. To see the template that you used for the deployment, select View template.

 


 

References:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template

 

 

QUESTION 16

You sign up for Azure Active Directory (Azure AD) Premium.

 

You need to add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain.

 

What should you configure in Azure AD?

 

A.

Device settings from the Devices blade.

B.

General settings from the Groups blade.

C.

User settings from the Users blade.

D.

Providers from the MFA Server blade.

 

Correct Answer: C

Explanation:
When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principles to the local administrators group on the device:

 

The Azure AD global administrator role

The Azure AD device administrator role

The user performing the Azure AD join

 

In the Azure portal, you can manage the device administrator role on the Devices page. To open the Devices page:

 

1. Sign in to your Azure portal as a global administrator or device administrator.

2. On the left navbar, click Azure Active Directory.

3. In the Manage section, click Devices.

4. On the Devices page, click Device settings.

5. To modify the device administrator role, configure Additional local administrators on Azure AD joined devices.

 

References:

https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

 

 

QUESTION 17

You have an Azure subscription that contains 10 virtual machines.

 

You need to ensure that you receive an email message when any virtual machines are powered off, restarted, or deallocated.

 

What is the minimum number of rules and action groups that you require?

 

A.

three rules and three action groups

B.

one rule and one action group

C.

three rules and one action group

D.

one rule and three action groups

 

Correct Answer: C

Explanation:
An action group is a collection of notification preferences defined by the user. Azure Monitor and Service Health alerts are configured to use a specific action group when the alert is triggered. Various alerts may use the same action group or different action groups depending on the user’s requirements.

 

References:

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-action-groups

 

 

QUESTION 18

DRAG DROP

You have two Azure virtual machines named VM1 and VM2. VM1 has a single data disk named Disk1. You need to attach Disk1 to VM2. The solution must minimize downtime for both virtual machines.

 

Which four actions should you perform in sequence?

 

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 


Correct Answer:


 

 

QUESTION 19

HOTSPOT

You have peering configured as shown in the following exhibit.

 


 

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

 

 

 

QUESTION 20

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

 

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

 

Another administrator plans to create several network security groups (NSGs) in the subscription.

 

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

 

Solution: You configure a custom policy definition, and then you assign the policy to the subscription.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: A

Explanation:
Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources.

 

References:

https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition

 


 

2019 Free Microsoft EnsurePass AZ-102 Dumps VCE and PDF Download Part 4

EnsurePass
Exam Dumps

AZ-102 Dumps VCE and PDF

http://www.ensurepass.com/AZ-102.html

 

QUESTION 31

Your company registers a domain name of contoso.com.

 

You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

 

You discover that Internet hosts are unable to resolvewww.contoso.comto the 131.107.1.10 IP address.

 

You need to resolve the name resolution issue.

 

Solution: You add an NS record to the contoso.com zone.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: A

Explanation:
Before you can delegate your DNS zone to Azure DNS, you need to know the name servers for your zone. The NS record set contains the names of the Azure DNS name servers assigned to the zone.

 

References:

https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

 

QUESTION 32

You have an availability set named AS1 that contains three virtual machines named VM1, VM2, and VM3.

 

You attempt to reconfigure VM1 to use a larger size. The operation fails and you receive an allocation failure message.

 

You need to ensure that the resize operation succeeds.

 

Which three actions should you perform in sequence?

 

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 


 

Correct Answer:


 

 

 

 

 

 

 

 

 

 

 

QUESTION 33

You have an Azure subscription that contains the resources in the following table.

 


 

Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1.

 

You need to apply ASG1 to VM1.

 

What should you do?

 

A.

Modify the properties of NSG1.

B.

Modify the properties of ASG1.

C.

Associate NIC1 to ASG1.

 

Correct Answer: B

Explanation:
When you deploy VMs, make them members of the appropriate ASGs.

 

You associate the ASG with a subnet.

 

References:

https://azure.microsoft.com/en-us/blog/applicationsecuritygroups/

 

 

QUESTION 34

You have an Azure subscription.

 

You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will be part of the same availability set.

 

You need to ensure that as many virtual machines as possible are available if the fabric fails or during servicing.

 

How should you configure the template?

 

To answer, select the appropriate options in the answer area.

 

NOTE: Each correct selection is worth one point.

 


 

Select two alternatives below.

 

A.

platformFaultDomainCount: 0

B.

platformFaultDomainCount: 1

C.

platformFaultDomainCount: 2

D.

platformFaultDomainCount: 3

E.

platformFaultDomainCount: 4

F.

platformUpdateDomainCount: 10

G.

platformUpdateDomainCount: 20

H.

platformUpdateDomainCount: 25

I.

platformUpdateDomainCount: 30

J.

platformUpdateDomainCount: 40

K.

platformUpdateDomainCount: 50

 

Correct Answer: CG

Explanation:
Use two fault domains.

2 or 3 is max, depending on which region you are in.

Use 20 for platformUpdateDomainCount

Increasing the update domain (platformUpdateDomainCount) helps with capacity and availability planning when the platform reboots nodes. A higher number for the pool (20 is max) means that fewer of their nodes in any given availability set would be rebooted at once.

 

References:

https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domains-managed-disks

https://github.com/Azure/acs-engine/issues/1030

 

 

 

 

 

 

 

 

QUESTION 35

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

 

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.

 

You receive a notification that VM1 will be affected by maintenance.

 

You need to move VM1 to a different host immediately.

 

Solution: From the Overview blade, you move the virtual machine to a different resource group.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: B

 

 

QUESTION 36

You have a virtual network named VNet1 that has the configuration shown in the following exhibit.

 


 

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

QUESTION 37

You have the Azure virtual machines shown in the following table.

 


 

You have a Recovery Services vault that protects VM1 and VM2.

 

You need to protect VM3 and VM4 by using Recovery Services.

 

What should you do first?

 

A.

Configure the extensions for VM3 and VM4.

B.

Create a new Recovery Services vault.

C.

Create a storage account.

D.

Create a new backup policy.

 

Correct Answer: B

Explanation:
A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services

 

References:

https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication

 

 

QUESTION 38

You plan to deploy five virtual machines to a virtual network subnet.

 

Each virtual machine will have a public IP address and a private IP address.

 

Each virtual machine requires the same inbound and outbound security rules.

 

What is the minimum number of network interfaces and network security groups that you require?

 

To answer, select the appropriate options in the answer area.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

QUESTION 39

You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.

 

You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.

 

What should you create to store the password?

 

A.

Azure Active Directory (AD) Identity Protection and an Azure policy

B.

a Recovery Services vault and a backup policy

C.

an Azure Key Vault and an access policy

D.

an Azure Storage account and an access policy

 

Correct Answer: C

Explanation:
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file.

 

References:

https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/

 

 

QUESTION 40

You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.

 


 

In Azure, you create a private DNS zone named adatum.com. You set the registration virtual network to VNet2. The adatum.com zone is configured as shown in the following exhibit.

 


 

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 


 

2019 Free Microsoft EnsurePass AZ-102 Dumps VCE and PDF Download Part 3

EnsurePass
Exam Dumps

AZ-102 Dumps VCE and PDF

http://www.ensurepass.com/AZ-102.html

 

QUESTION 21

You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.

 

You need to delete the Recovery Services vault.

 

What should you do first?

 

A.

From the Recovery Service vault, stop the backup of each backup item.

B.

From the Recovery Service vault, delete the backup data.

C.

Modify the disaster recovery properties of each virtual machine.

D.

Modify the locks of each virtual machine.

 

Correct Answer: A

Explanation:
You can’t delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can’t, the vault is still configured to receive backup data.

 

Remove vault dependencies and delete vault

 

In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.

 


 

References:

https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault

 

 

QUESTION 22

You have an Azure subscription that is used by four departments in your company. The subscription contains 10 resource groups. Each department uses resources in several resource groups.

 

You need to send a report to the finance department. The report must detail the costs for each department. Which three actions should you perform in sequence?

 

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 


 

Correct Answer:


 

 

QUESTION 23

You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.

 


 

VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and Vnet2.

 

An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.

 

You need to move the custom application to Vnet2. The solution must minimize administrative effort.

 

Which two actions should you perform?

 

To answer, select the appropriate options in the answer area.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

QUESTION 24

You have an Azure subscription.

 

You need to implement a custom policy that meet the following requirements:

 

Ensures that each new resource group in the subscription has a tag named organization set to a value of Contoso.

Ensures that resource group can be created from the Azure portal.

Ensures that compliance reports in the Azure portal are accurate.

 

How should you complete the policy?

 

To answer, select the appropriate options in the answers area.

 


 

Correct Answer:


QUESTION 25

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

 

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.

 

You receive a notification that VM1 will be affected by maintenance.

 

You need to move VM1 to a different host immediately.

 

Solution: From the Update management blade, you click enable.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: B

Explanation:
You would need to Redeploy the VM.

 

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

 

 

QUESTION 26

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

 

Your company registers a domain name of contoso.com.

 

You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

 

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

 

You need to resolve the name resolution issue.

 

Solution: You create a PTR record for www in the contoso.com zone.

 

Does this meet the goal?

 

A.

Yes

B.

No

 

Correct Answer: B

Explanation:
Modify the Name Server (NS) record.

 

References:

https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

 

 

QUESTION 27

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.

 

You purchase 10 Azure AD Premium P2 licenses for the tenant.

 

You need to ensure that 10 users can use all the Azure AD Premium features.

 

What should you do?

 

A.

From the Groups blade of each user, invite the users to a group.

B.

From the Licenses blade of Azure AD, assign a license.

C.

From the Directory role blade of each user, modify the directory role.

D.

From the Azure AD domain, add an enterprise application.

 

Correct Answer: B

Explanation:
To assign a license, under Azure Active Directory > Licenses > All Products, select one or more products, and then select Assign on the command bar.

 

References:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/license-users-groups

 

 

QUESTION 28

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

 

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

 

Another administrator plans to create several network security groups (NSGs) in the subscription.

 

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

 

Solution: You configure a custom policy definition, and then you assign the policy to the subscription.

 

Does this meet the goal?

 

A.

Yes

B.

No

Correct Answer: A

Explanation:
Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources.

 

References:

https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition

 

 

QUESTION 29

Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.

 




 

When you are finished performing all the tasks, click the `Next’ button.

 

Note that you cannot return to the lab once you click the `Next’ button. Scoring occur in the background while you complete the rest of the exam.

 

Overview

The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

 

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

 

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

 

To start the lab

You may start the lab by clicking the Next button.

 

You plan to configure VM1 to be accessible from the Internet.

 

You need to add a public IP address to the network interface used by VM1.

 

What should you do from Azure portal?

 

See solution below.

Explanation:

You can add private and public IP addresses to an Azure network interface by completing the steps that follow.

 

Step 1: In Azure portal, click More services > type virtual machines in the filter box, and then click Virtual machines.

 

Step 2: In the Virtual machines pane, click the VM you want to add IP addresses to. Click Network interfaces in the virtual machine pane that appears, and then select the network interface you want to add the IP addresses to. In the example shown in the following picture, the NIC named myNIC from the VM named myVM is selected:

 


 

Step 3: In the pane that appears for the NIC you selected, click IP configurations.

 

Step 4: Click Create public IP address.

 


 

Step 5: In the Create public IP address pane that appears, enter a Name, select an IP address assignment type, a Subscription, a Resource group, and a Location, then click Create, as shown in the following picture:

References:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-multiple-ip-addresses-portal

 

 

QUESTION 30

You create an Azure Storage account named contosostorage.

 

You plan to create a file share named data.

 

Users need to map a drive to the data file share from home computers that run Windows 10.

 

Which port should be open between the home computers and the data file share?

 

A.

80

B.

443

C.

445

D.

3389

 

Correct Answer: C

Explanation:
Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked.

 

References:

https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

 


 

2019 Free Microsoft EnsurePass AZ-101 Dumps VCE and PDF Download Part 3

EnsurePass
Exam Dumps

AZ-101 Dumps VCE and PDF

http://www.ensurepass.com/AZ-101.html

 

QUESTION 11

HOTSPOT

You create an Azure web app named WebApp1. WebApp1 has the autoscale settings shown in the following exhibit.

 


 

The scale out and scale in rules are configured to have a duration of 10 minutes and a cool down time of five minutes.

 

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


QUESTION 12

You have an Azure App Service plan named AdatumASP1 that uses the P2v2 pricing tier. AdatumASP1 hosts Ml Azure web app named adatumwebapp1. You need to delegate the management of adatumwebapp1 to a group named Devs. Devs must be able to perform the following tasks:

 

Add deployment slots.

View the configuration of AdatumASP1.

Modify the role assignment for adatumwebapp1.

 

Which role should you assign to the Devs group?

 

A.

Owner

B.

Contributor

C.

Web Plan Contributor

D.

Website Contributor

 

Correct Answer: B

Explanation:
The Contributor role lets you manage everything except access to resources.

 

 

QUESTION 13

You have an Azure Service Bus.

 

You need to implement a Service Bus queue that guarantees first in first-out (FIFO) delivery of messages.

 

What should you do?

 

A.

Set the Lock Duration setting to 10 seconds.

B.

Enable duplicate detection.

C.

Set the Max Size setting of the queue to 5 GB.

D.

Enable partitioning.

E.

Enable sessions.

 

Correct Answer: E

Explanation:
Through the use of messaging sessions you can guarantee ordering of messages, that is first-in-first-out (FIFO) delivery of messages.

 

References:

https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-azure-and-service-bus-queues-compared-contrasted

 

 

QUESTION 14

DRAG DROP

You have an Azure subscription that contains an Azure Service Bus named Bus1.

 

Your company plans to deploy two Azure web apps named App1 and App2. The web apps will create messages that have the following requirements:

 

Each message created by App1 must be consumed by only a single consumer.

Each message created by App2 will be consumed by multiple consumers.

 

Which resource should you create for each web app?

 

To answer, drag the appropriate resources to the correct web apps. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

QUESTION 15

DRAG DROP

You are developing an Azure web app named WebApp1. WebApp1 uses an Azure App Service plan named Plan1 that uses the B1 pricing tier.

 

You need to configure WebApp1 to add additional instances of the app when CPU usage exceeds 70 percent for 10 minutes.

 

Which three actions should you perform in sequence?

 

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 


Correct Answer:


 

 

QUESTION 16

You are building a custom Azure function app to connect to Azure Event Grid.

 

You need to ensure that resources are allocated dynamically to the function app. Billing must be based on the executions of the app.

 

What should you configure when you create the function app?

 

A.

the Windows operating system and the Consumption plan hosting plan

B.

the Windows operating system and the App Service plan hosting plan

C.

the Docker container and an App Service plan that uses the Bl1 pricing tier

D.

the Docker container and an App Service plan that uses the SI pricing

 

Correct Answer: A

Explanation:
Azure Functions runs in two different modes: Consumption plan and Azure App Service plan. The Consumption plan automatically allocates compute power when your code is running. Your app is scaled out when needed to handle load, and scaled down when code is not running.

 

 

QUESTION 17

HOTSPOT

You have an Azure web app named WebApp1 that runs in an Azure App Service plan named ASP1. ASP1 is based on the D1 pricing tier.

 

You need to ensure that WebApp1 can be accessed only from computers on your on-premises network. The solution must minimize costs.

 

What should you configure?

 

To answer, select the appropriate options in the answer area.

 

NOTE: Each correct selection is worth one point.

 


 

Correct Answer:


 

 

QUESTION 18

You have an Azure App Service plan that hosts an Azure App Service named App1.

 

You configure one production slot and four staging slots for App1.

 

You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot.

 

What should you add to Appl1?

 

A.

slots to the Testing in production blade

B.

a performance test

C.

a WebJob

D.

templates to the Automation script blade

 

Correct Answer: A

Explanation:
Besides swapping, deployment slots offer another killer feature: testing in production. Just like the name suggests, using this, you can actually test in production. This means that you can route a specific percentage of user traffic to one or more of your deployment slots.

 

Example:


 

References:

https://stackify.com/azure-deployment-slots/

 

 

QUESTION 19

HOTSPOT

You have an Azure web app named WebApp1.

 

You need to provide developers with a copy of WebApp1 that they can modify without affecting the production WebApp1. When the developers finish testing their changes, you must be able to switch the current line version of WebApp1 to the new version.

 

Which command should you run prepare the environment?

 

To answer, select the appropriate options in the answer area.

 

NOTE: Each correct selection is worth one point.

 


Correct Answer:


 

 

QUESTION 20

A web developer creates a web application that you plan to deploy as an Azure web app.

 

Users must enter credentials to access the web application.

 

You create a new web app named WebAppl1 and deploy the web application to WebApp1.

 

You need to disable anonymous access to WebApp1.

 

What should you configure?

 

A.

Advanced Tools

B.

Authentication/ Authorization

C.

Access control (IAM)

D.

Deployment credentials

 

Correct Answer: B

Explanation:
Anonymous access is an authentication method. It allows users to establish an anonymous connection.

 

References:

https://docs.microsoft.com/en-us/biztalk/core/guidelines-for-resolving-iis-permissions-problems


 

2019 Free Microsoft EnsurePass AZ-100 Dumps VCE and PDF Download Part 1

EnsurePass Dumps

AZ-100 Dumps VCE and PDF

http://www.ensurepass.com/AZ-100.html

 

QUESTION 1

Your company registers a domain name of contoso.com.

You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

You need to resolve the name resolution issue.

Solution: You modify the SOA record in the contoso.com zone

Does this meet the goal?

A. Yes
B. No

Correct Answer: B

Explanation:
Modify the NS record, not the SOA record.

Note:

The SOA record stores information about the name of the server that supplied the data for the zone; the administrator of the zone; the current version of the data file; the number of seconds a secondary name server should wait before checking for updates; the number of seconds a secondary name server should wait before retrying a failed zone transfer; the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire; and a default number of seconds for the time-to-live file on resource records.

References:

https://searchnetworking.techtarget.com/definition/start-of-authority-record

QUESTION 2

Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.







When you are finished performing all the tasks, click the `Next’ button.

Note that you cannot return to the lab once you click the `Next’ button. Scoring occur in the background while you complete the rest of the exam.

Overview

The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

To start the lab

You may start the lab by clicking the Next button.

You need to deploy an Azure virtual machine named VM1004a based on the Ubuntu Server 17.10 image, and then to configure VM1004a to meet the following requirements:

The virtual machine must contain data disks that can store at least 15 TB of data.

The data disks must be able to provide at least 2,000 IOPS.

Storage costs must be minimized.

What should you do from the Azure portal?

Correct Answer: See solution below.

Explanation:
1. Open the Azure portal.

2. On the left menu, select All resources. You can sort the resources by Type to easily find your images.

3. Select the image you want to use from the list. The image Overview page opens.

4. Select Create VM from the menu.

5. Enter the virtual machine information.

Select VM1004a as the name for the first Virtual machine.

The user name and password entered here will be used to log in to the virtual machine. When complete, select OK. You can create the new VM in an existing resource group, or choose Create new to create a new resource group to store the VM.

6. Select a size for the VM. To see more sizes, select View all or change the Supported disk type filter.

To support 15 TB of data you would need a Premium disk.

7. Under Settings, make changes as necessary and select OK.

8. On the summary page, you should see your image name listed as a Private image. Select Ok to start the virtual machine deployment.

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-vm-generalized-managed

QUESTION 3

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1.

RG1 contains resources that were deployed by using templates.

You need to view the date and time when the resources were created in RG1.

Solution: From the RG1 blade, you click Automation script.

Does this meet the goal?

A. Yes
B. No

Correct Answer: B

QUESTION 4

HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table.


You create two user accounts that are configured as shown in the following table.


To which groups do User1 and User2 belong? To answer. select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Correct Answer:


QUESTION 5

HOTSPOT

You have a virtual network named VNet1 that has the configuration shown in the following exhibit.


Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.


Correct Answer:


QUESTION 6

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.

You receive a notification that VM1 will be affected by maintenance.

You need to move VM1 to a different host immediately.

Solution: From the Update management blade, you click enable.

Does this meet the goal?

A. Yes
B. No

Correct Answer: B

Explanation:
You would need to Redeploy the VM.

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

QUESTION 7

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.

You receive a notification that VM1 will be affected by maintenance.

You need to move VM1 to a different host immediately.

Solution: From the Redeploy blade, you click Redeploy.

Does this meet the goal?

A. Yes
B. No

Correct Answer: A

Explanation:
When you redeploy a VM, it moves the VM to a new node within the Azure infrastructure and then powers it back on, retaining all your configuration options and associated resources.

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

QUESTION 8

HOTSPOT

You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.

You install and configure a web server and a DNS server on VM1.

VM1 has the effective network security rules shown in the following exhibit.


Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.


Correct Answer:


QUESTION 9

Your company registers a domain name of contoso.com.

You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

You need to resolve the name resolution issue.

Solution: You add an NS record to the contoso.com zone.

Does this meet the goal?

A. Yes
B. No

Correct Answer: A

Explanation:
Before you can delegate your DNS zone to Azure DNS, you need to know the name servers for your zone. The NS record set contains the names of the Azure DNS name servers assigned to the zone.

References:

https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

QUESTION 10

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.

You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE Each correct selection is worth one point.

A. Modify the extensionProfile section of the Azure Resource Manager template.
B. Create a new virtual machine scale set in the Azure portal.
C. Create an Azure policy.
D. Create an automation account.
E. Upload a configuration script.

Correct Answer: AB

Explanation:
Virtual Machine Scale Sets can be used with the Azure Desired State Configuration (DSC) extension handler. Virtual machine scale sets provide a way to deploy and manage large numbers of virtual machines, and can elastically scale in and out in response to load. DSC is used to configure the VMs as they come online so they are running the production software.

References:

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-dsc

 

2019 Free Microsoft EnsurePass AZ-102 Dumps VCE and PDF Download Part 2

EnsurePass
Exam Dumps

AZ-102 Dumps VCE and PDF

http://www.ensurepass.com/AZ-102.html

 

QUESTION 11

Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.

 




 

When you are finished performing all the tasks, click the `Next’ button.

 

Note that you cannot return to the lab once you click the `Next’ button. Scoring occur in the background while you complete the rest of the exam.

 

Overview

The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

 

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

 

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

 

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

 

To start the lab

You may start the lab by clicking the Next button.

 

You plan to store media files in the rg1lod7523691n1 storage account.

 

You need to configure the storage account to store the media files. The solution must ensure that only users who have access keys can download the media files and that the files are accessible only over HTTPS.

 

What should you do from Azure portal?

 

Correct Answer: See solution below.

Explanation:

We should create an Azure file share.

 

Step 1: In the Azure portal, select All services. In the list of resources, type Storage Accounts. As you begin typing, the list filters based on your input. Select Storage Accounts.

 

On the Storage Accounts window that appears.

 

Step 2: Locate the rg1lod7523691n1 storage account.

 

Step 3: On the storage account page, in the Services section, select Files.

 


Step 4: On the menu at the top of the File service page, click + File share. The New file share page drops down.

 

Step 5: In Name type myshare. Click OK to create the Azure file share.

 

References:

https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-portal

 

 

QUESTION 12

You have an Azure subscription named Subscrption1 that is associated to an Azure Active Directory (Azure AD) tenant named AAD1.

 

Subscription1 contains the objects in the following table:

 


 

You plan to create a single backup policy for Vault1.

 

To answer, select the appropriate options in the answer area.

 


 

Correct Answer:


 

 

QUESTION 13

You have an Azure subscription that contains two resource groups named RG1 and RG2. RG2 does not contain any resources. RG1 contains the resources in the following table.

 


 

Which resource can you move to RG2?

 

A.

W10_OsDisk

B.

VNet1

C.

VNet3

D.

W10

 

Correct Answer: B

Explanation:
When moving a virtual network, you must also move its dependent resources. For example, you must move gateways with the virtual network. VM W10, which is in Vnet1, is not a dependent resource.

 

 

 

 

 

 

 

 

QUESTION 14

You have an Azure Active Directory (Azure AD) tenant that has the initial domain name.

 

You have a domain name of contoso.com registered at a third-party registrar.

 

You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.

 

Which three actions should you perform in sequence?

 

To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

 


 

Correct Answer:


 

 

QUESTION 15

You plan to use the Azure Import/Export service to copy files to a storage account.

 

Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution.

 

NOTE: Each correct selection is worth one point.

 

A.

an XML manifest file

B.

a driveset CSV file

C.

a dataset CSV file

D.

a PowerShell PS1 file

E.

a JSON configuration file

 

Correct Answer: BC

Explanation:
B: Modify the driveset.csv file in the root folder where the tool resides.

C: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file

 

References:

https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files

 

 

 

 

 

QUESTION 16

Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.

 







 

When you are finished performing all the tasks, click the `Next’ button.

 

Note that you cannot return to the lab once you click the `Next’ button. Scoring occur in the background while you complete the rest of the exam.

 

Overview

The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

 

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

 

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

 

To start the lab

You may start the lab by clicking the Next button.

 

You need to deploy an Azure virtual machine named VM1004a based on the Ubuntu Server 17.10 image, and then to configure VM1004a to meet the following requirements:

 

The virtual machine must contain data disks that can store at least 15 TB of data.

The data disks must be able to provide at least 2,000 IOPS.

Storage costs must be minimized.

 

What should you do from the Azure portal?

 

Correct Answer: See solution below.

Explanation:

1. Open the Azure portal.

2. On the left menu, select All resources. You can sort the resources by Type to easily find your images.

3. Select the image you want to use from the list. The image Overview page opens.

4. Select Create VM from the menu.

5. Enter the virtual machine information.

Select VM1004a as the name for the first Virtual machine.

The user name and password entered here will be used to log in to the virtual machine. When complete, select OK. You can create the new VM in an existing resource group, or choose Create new to create a new resource group to store the VM.

6. Select a size for the VM. To see more sizes, select View all or change the Supported disk type filter.

To support 15 TB of data you would need a Premium disk.

7. Under Settings, make changes as necessary and select OK.

8. On the summary page, you should see your image name listed as a Private image. Select Ok to start the virtual machine deployment.

 

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-vm-generalized-managed

 

 

QUESTION 17

You have an Azure subscription. The subscription includes a virtual network named VNet1. Currently, VNet1 does not contain any subnets.

 

You plan to create subnets on VNet1 and to use application security groups to restrict the traffic between the subnets. You need to create the application security groups and to assign them to the subnets.

 

Which four cmdlets should you run in sequence?

 

To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

 


 

Correct Answer:


 

 

QUESTION 18

You have an Azure DNS zone named adatum.com. You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure. What should you do?

 

A.

Create an PTR record named research in the adatum.com zone.

B.

Create an NS record named research in the adatum.com zone.

C.

Modify the SOA record of adatum.com.

D.

Create an A record named “.research in the adatum.com zone.

 

Correct Answer: D

Explanation:
Configure A records for the domains and sub domains.

 

References:

http://www.stefanjohansson.org/2012/12/how-to-configure-custom-dns-names-for-multiple-subdomain-based-azure-web-sites/

 

 

QUESTION 19

You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.

 

You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources.

 

What should you do first?

A.

From the on-premises network, deploy Active Directory Federation Services (AD FS).

B.

From Azure AD, add and verify a custom domain name.

C.

From the on-premises network, request a new certificate that contains the Active Directory domain name.

D.

From the server that runs Azure AD Connect, modify the filtering options.

 

Correct Answer: B

Explanation:
Azure AD Connect lists the UPN suffixes that are defined for the domains and tries to match them with a custom domain in Azure AD. Then it helps you with the appropriate action that needs to be taken. The Azure AD sign-in page lists the UPN suffixes that are defined for on-premises Active Directory and displays the corresponding status against each suffix. The status values can be one of the following:

 

State: Verified

 

Azure AD Connect found a matching verified domain in Azure AD. All users for this domain can sign in by using their on-premises credentials.

 

State: Not verified

 

Azure AD Connect found a matching custom domain in Azure AD, but it isn’t verified. The UPN suffix of the users of this domain will be changed to the default .onmicrosoft.com suffix after synchronization if the domain isn’t verified.

 

Action Required: Verify the custom domain in Azure AD.

 

References:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-user-signin

 

 

QUESTION 20

You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.

 

Your company has a public DNS zone for contoso.com.

 

You add contoso.com as a custom domain name to Azure AD.

 

You need to ensure that Azure can verify the domain name.

 

Which type of DNS record should you create?

 

A.

RRSIG

B.

PTR

C.

DNSKEY

D.

TXT

 

Correct Answer: D

Explanation:
Create the TXT record. App Services uses this record only at configuration time to verify that you own the custom domain. You can delete this TXT record after your custom domain is validated and configured in App Service.

 

References:

https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain