Categories
AZ-103 Dumps

AZ-103 Real Exam Dumps Questions and answers 61-70

Get Full Version of the Exam
http://www.EnsurePass.com/AZ-103.html

Question No.61

You sign up for Azure Active Directory (Azure AD) Premium.

You need to add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain.

What should you configure in Azure AD?

A.

Device settings from the Devices blade.

B.

General settings from the Groups blade.

C.

User settings from the Users blade.

D.

Providers from the MFA Server blade.

Answer: C

Explanation:

When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principles to the local administrators group on the device:

The Azure AD global administrator role

image

The Azure AD device administrator role

image

The user performing the Azure AD join

image

In the Azure portal, you can manage the device administrator role on the Devices page. To open the Devices page:

  1. Sign in to your Azure portal as a global administrator or device administrator.

  2. On the left navbar, click Azure Active Directory.

  3. In the Manage section, click Devices.

  4. On the Devices page, click Device settings.

  5. To modify the device administrator role, configure Additional local administrators on Azure AD joined devices.

References:

https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

Question No.62

Note: This question is part of a series of questions that present the same scenario. Each question

in the series contains a unique solution that might meet the stated goals.

Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to these questions will not appear the review screen.

You manage a virtual network named VNetl1 that is hosted in the West US Azure region. VNetl1 hosts two virtual machines named VM1 and VM2 that run Windows Server.

You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Network Watcher, you create a packet capture.

Does this meet the goal?

A.

Yes

B.

No

Answer: A

Explanation:

Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network.

Capture packets to and from a VM

Advanced filtering options and fine-tuned controls, such as the ability to set time and size limitations, provide versatility. The capture can be stored in Azure Storage, on the VM#39;s disk, or both. You can then analyze the capture file using several standard network capture analysis tools.

Network Watcher variable packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine. Packet capture helps to diagnose network anomalies both reactively and proactivity.

References:

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

Question No.63

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscript contains a resource group named Dev.Subscription1. Adatum contains a group named Developers. Subscription!

You need to provide the Developers group with the ability to create Azure logic apps in the; Dev, resource group.

Solution: On Dev, you assign the Logic App Contributor role to the Developers group. Does this meet the goal?

A.

Yes

B.

No

Answer: A

Explanation:

The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app.

References:

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

Question No.64

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage a virtual network named VNet1 that is hosted in the West US Azure region.

VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.

Solution: From Azure Monitor, you create a metric on Network In and Network Out. Does this meet the goal?

A.

Yes

B.

No

Answer: B

Explanation:

You should use Azure Network Watcher.

References:

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

Question No.65

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure web app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.

You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day.

Solution: You change the pricing tier of Plan1 to Basic. Does this meet the goal?

A.

Yes

B.

No

Answer: A

Explanation:

The Free Tier provides 60 CPU minutes / day. This explains why App1 is stops. The Basic tier has no such cap.

References:

https://azure.microsoft.com/en-us/pricing/details/app-service/windows/

Question No.66

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it As a result these questions will not appear in the review screen.

You have an Azure wet) app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.

You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day.

Solution: You change the pricing tier of Plan1 to Shared. Does this meet the goal?

A.

Yes

B.

No

Answer: B

Explanation:

You should switch to the Basic Tier.

The Free Tier provides 60 CPU minutes / day. This explains why App1 is stops. The Shared Tier provides 240 CPU minutes / day. The Basic tier has no such cap.

References:

https://azure.microsoft.com/en-us/pricing/details/app-service/windows/

Question No.67

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.

You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group. Does this meet the goal?

A.

Yes

B.

No

Answer: B

Explanation:

DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest Labs.

You would need the Logic App Contributor role. References:

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

Question No.68

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.

You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

Solution: On Subscription1, you assign the Logic App Operator role to the Developers group. Does this meet the goal?

A.

Yes

B.

No

Answer: B

Explanation:

The Logic App Operator role only lets you read, enable and disable logic app. With it you can view the logic app and run history, and enable/disable. Cannot edit or update the definition.

You would need the Logic App Contributor role. References:

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

Question No.69

Note: This question is part of a series of questions that present the same seer Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.

You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Performance Monitor, you create a Data Collector Set (DCS)

Does this meet the goal?

A.

Yes

B.

No

Answer: B

Explanation:

You should use Azure Network Watcher.

References:

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

Question No.70

Note: This question is part of a series of questions that present the same scenario goals. Some question sets might have more than one correct solution, while others question in the series contains a unique solution that might meet the stated not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure web app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.

You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day.

Solution: You add a triggered WebJob to App1. Does this meet the goal?

A.

Yes

B.

No

Answer: B

Explanation:

You need to change to Basic pricing Tier.

Note:

The Free Tier provides 60 CPU minutes / day. This explains why App1 is stops. The Basic tier has no such cap.

References:

https://azure.microsoft.com/en-us/pricing/details/app-service/windows/

Get Full Version of AZ-103 Dumps

Categories
AZ-103 Dumps

AZ-103 Real Exam Dumps Questions and answers 31-40

Get Full Version of the Exam
http://www.EnsurePass.com/AZ-103.html

Question No.31

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1.

RG1 contains resources that were deployed by using templates.

You need to view the date and time when the resources were created in RG1.

Solution: From the Subscriptions blade, you select the subscription, and then click Resource providers.

Does this meet the goal?

A.

Yes

B.

No

Answer: B

Question No.32

You have an Azure subscription that contains two resource groups named RG1 and RG2. RG2 does not contain any resources. RG1 contains the resources in the following table.

image

Which resource can you move to RG2?

A.

W10_OsDisk

B.

VNet1

C.

VNet3

D.

W10

Answer: B

Explanation:

When moving a virtual network, you must also move its dependent resources. For example, you must move gateways with the virtual network. VM W10, which is in Vnet1, is not a dependent resource.

Question No.33

You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.

Your company has a public DNS zone for contoso.com.

You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name.

Which type of DNS record should you create?

A.

RRSIG

B.

PTR

C.

DNSKEY

D.

TXT

Answer: D

Explanation:

Create the TXT record. App Services uses this record only at configuration time to verify that you own the custom domain. You can delete this TXT record after your custom domain is validated and configured in App Service.

References:

https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain

Question No.34

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.

You purchase 10 Azure AD Premium P2 licenses for the tenant.

You need to ensure that 10 users can use all the Azure AD Premium features. What should you do?

A.

From the Groups blade of each user, invite the users to a group.

B.

From the Licenses blade of Azure AD, assign a license.

C.

From the Directory role blade of each user, modify the directory role.

D.

D.From the Azure AD domain, add an enterprise application.

Answer: B

Explanation:

To assign a license, under Azure Active Directory gt; Licenses gt; All Products, select one or more products, and then select Assign on the command bar.

References:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/license-users-groups

Question No.35

You have an Azure policy as shown in the following exhibit.

image

Which of the following statements are true?

A.

You can create Azure SQL servers in ContosoRG1.

B.

You are prevented from creating Azure SQL servers anywhere in Subscription 1.

C.

You are prevented from creating Azure SQL Servers in ContosoRG1 only.

D.

You can create Azure SQL servers in any resource group within Subscription 1.

Answer: A

Explanation:

You are prevented from creating Azure SQL servers anywhere in Subscription 1 with the exception of ContosoRG1

Question No.36

You have an Azure subscription.

You have 100 Azure virtual machines.

You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.

Which blade should you use?

A.

Metrics

B.

Customer insights

C.

Monitor

D.

Advisor

Answer: D

Explanation:

https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations https://docs.microsoft.com/bs-latn-ba/azure/cost-management/tutorial-acm-opt-recommendations

Question No.37

You have an Azure subscription named Subscription1 that is used be several departments at your company. Subscription1 contains the resources in the following table:

image

Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template.

You need to view the template used for the deployment.

From which blade can you view the template that was used for the deployment?

A.

RG1

B.

VM1

C.

Storage1

D.

Container1

Answer: A

Explanation:

  1. View template from deployment history

    image

    Go to the resource group for your new resource group. Notice that the portal shows the result of the last deployment. Select this link.

  2. You see a history of deployments for the group. In your case, the portal probably lists only one deployment. Select this deployment.

image

The portal displays a summary of the deployment. The summary includes the status of the deployment and its operations and the values that you provided for parameters. To see the template that you used for the deployment, select View template.

image

References:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export- template

Question No.38

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.

You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Deployments.

Does this meet the goal?

A.

Yes

B.

No

Answer: A

Question No.39

You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.

You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.

What should you create to store the password?

A.

Azure Active Directory (AD) Identity Protection and an Azure policy

B.

a Recovery Services vault and a backup policy

C.

an Azure Key Vault and an access policy

D.

an Azure Storage account and an access policy

Answer: C

Explanation:

You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file.

References:

https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/

Question No.40

You create an Azure Storage account named contosostorage. You plan to create a file share named data.

Users need to map a drive to the data file share from home computers that run Windows 10. Which port should be open between the home computers and the data file share?

A.

80

B.

443

C.

445

D.

3389

Answer: C

Explanation:

Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked.

References:

https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

Get Full Version of AZ-103 Dumps

Categories
AZ-103 Dumps

AZ-103 Real Exam Dumps Questions and answers 41-50

Get Full Version of the Exam
http://www.EnsurePass.com/AZ-103.html

Question No.41

You have an Azure subscription that contains a storage account named account1.

You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of 131.107.1.0/24.

You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a

virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24. You need to configure account1 to meet the following requirements:

Ensure that you can upload the disk files to account1.

image

Ensure that you can attach the disks to VM1.

image

Prevent all other access to account1.

image

A.

From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.

B.

From the Firewalls and virtual networks blade of account1, select Selected networks.

C.

From the Firewalls and virtual networks blade of acount1, add VNet1.

D.

From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this st

E.

From the Service endpoints blade of VNet1, add a service endpoint.

Which two actions should you perform? Each correct selection presents part of the solution. NOTE: Each correct selection is worth one point.

Answer: BE

Explanation:

B: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.

Azure portal

Navigate to the storage account you want to secure.

Click on the settings menu called Firewalls and virtual networks.

To deny access by default, choose to allow access from #39;Selected networks#39;. To allow traffic from all networks, choose to allow access from #39;All networks#39;.

Click Save to apply your changes.

E: Grant access from a Virtual Network

Storage accounts can be configured to allow access only from specific Azure Virtual Networks.

By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each request.

References:

https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

Question No.42

You have an Azure subscription that contains a resource group named RG1. RG1 contains 100 virtual machines.

Your company has three cost centers named Manufacturing, Sales, and Finance. You need to associate each virtual machine to a specific cost center.

What should you do?

A.

Add an extension to the virtual machines.

B.

Modify the inventory settings of the virtual machine.

C.

Assign tags to the virtual machines.

D.

Configure locks for the virtual machine.

Answer: C

Explanation:

https://docs.microsoft.com/en-us/azure/billing/billing-getting-started https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

Question No.43

You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2.

VM2 is protected by RSV1.

A.

From the RSV1 blade, click Backup items and stop the VM2 backup.

B.

From the RSV1 blade, click Backup Jobs and export the VM2 backup.

C.

From the RSV1 blade, click Backup . From the Backup blade, select the backup for the virtual machine, and then c

D.

From the VM2 blade, click Disaster recovery , click Replication settings , and then select RSV2 as the Recovery Se

You need to use RSV2 to protect VM2. What should you do first?

Answer: D

Explanation:

https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm

Question No.44

You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.)

image

No devices are connected to VNet1.

You plan to peer VNet1 to another virtual network named VNet2 in the same region. VNet2 has an address space of 10.2.0.0/16.

You need to create the peering. What should you do first?

A.

Configure a service endpoint on VNet2.

B.

Modify the address space of VNet1.

C.

Add a gateway subnet to VNet1.

D.

Create a subnet on VNet1 and VNet2.

Answer: B

Explanation:

The virtual networks you peer must have non-overlapping IP address spaces. The exhibit indicates that VNet1 has an address space of 10.2.0.0/16, which is the same as VNet2, and thus overlaps. We need to change the address space for VNet1.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage- peering#requirements-and-constraints

Question No.45

You have an Azure subscription named Subscription1.

You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1.

What should you use?

A.

LAD 3.0

B.

Azure Analysis Services

C.

the AzurePerformanceDiagnostics extension

D.

Azure HDInsight

Answer: C

Explanation:

You can use extensions to configure diagnostics on your VMs to collect additional metric data.

The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM.

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-monitoring

Question No.46

You have an Azure subscription named Subscription1.

You have 5 TB of data that you need to transfer to Subscription. You plan to use an Azure Import/Export job.

What can you use as the destination of the imported data?

A.

Azure SQL Database

B.

Azure Data Factory

C.

A virtual machine

D.

Azure Blob storage

Answer: D

Explanation:

https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service

Question No.47

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You create a resource lock, and then you assign the lock to the subscription. Does this meet the goal?

A.

Yes

B.

No

Answer: B

Explanation:

How can I freeze or lock my production/critical Azure resources from accidental deletion? There is way to do this with both ASM and ARM resources using Azure resource lock.

References:

https://blogs.msdn.microsoft.com/azureedu/2016/04/27/using-azure-resource-manager-policy- and-azure-lock-to-control-your-azure-resources/

Question No.48

Your company registers a domain name of contoso.com.

You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

You need to resolve the name resolution issue.

Solution: You modify the SOA record in the contoso.com zone Does this meet the goal?

A.

Yes

B.

No

Answer: B

Explanation:

Modify the NS record, not the SOA record.

Note:

The SOA record stores information about the name of the server that supplied the data for the zone; the administrator of the zone; the current version of the data file; the number of seconds a secondary name server should wait before checking for updates; the number of seconds a secondary name server should wait before retrying a failed zone transfer; the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire; and a default number of seconds for the time-to-live file on resource records.

References:

https://searchnetworking.techtarget.com/definition/start-of-authority-record

Question No.49

You have an Azure subscription that contains the resources in the following table.

image

Store1 contains a file share named Data. Data contains 5,000 files.

You need to synchronize the files in Data to an on-premises server named Server1.

Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A.

Download an automation script.

B.

Create a container instance.

C.

Create a sync group.

D.

Register Server1.

E.

Install the Azure File Sync agent on Server1.

Answer: CDE

Explanation:

Step 1 (E): Install the Azure File Sync agent on Server1

The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share

Step 2 (D): Register Server1.

Register Windows Server with Storage Sync Service

Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.

Step 3 (C): Create a sync group and a cloud endpoint.

A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.

References:

https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

Question No.50

You have an Azure subscription that contains three virtual networks named VNet1, VNet2, VNet3. VNet2 contains a virtual appliance named VM2 that operates as a router.

You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network.

You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3. You need to provide connectivity between VNet1 and VNet3 through VNet2.

Which two configurations should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A.

On the peering connections, allow forwarded traffic.

B.

On the peering connections, allow gateway transit.

C.

Create route tables and assign the table to subnets.

D.

Create a route filter.

E.

On the peering connections, use remote gateways.

Answer: BE

Explanation:

Allow gateway transit: Check this box if you have a virtual network gateway attached to this virtual network and want to allow traffic from the peered virtual network to flow through the gateway.

The peered virtual network must have the Use remote gateways checkbox checked when setting up the peering from the other virtual network to this virtual network.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage- peering#requirements-and-constraints

Get Full Version of AZ-103 Dumps

Categories
AZ-103 Dumps

AZ-103 Real Exam Dumps Questions and answers 51-60

Get Full Version of the Exam
http://www.EnsurePass.com/AZ-103.html

Question No.51

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.

You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.

Solution: From the Update management blade, you click enable. Does this meet the goal?

A.

Yes

B.

B.No

Answer: B

Explanation:

You would need to Redeploy the VM.

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

Question No.52

You plan to use the Azure Import/Export service to copy files to a storage account.

Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

an XML manifest file

B.

a driveset CSV file

C.

a dataset CSV file

D.

a PowerShell PS1 file

E.

a JSON configuration file

Answer: BC

Explanation:

B: Modify the driveset.csv file in the root folder where the tool resides.

C: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file

References:

https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files

Question No.53

You have an Azure subscription that contains 100 virtual machines. You regularly create and delete virtual machines.

You need to identify unused disks that can be deleted. What should you do?

A.

From Microsoft Azure Storage Explorer, view the Account Management properties.

B.

From the Azure portal, configure the Advisor recommendations.

C.

From Cloudyn, open the Optimizer tab and create a report.

D.

From Cloudyn, create a Cost Management report.

Answer: C

Explanation:

The Unattached Disks report lists storage that is not attached to any active VM. To open the report, click in the Optimizer tab. Select Inefficiencies and the click Unattached Disks.

Rreferences:

https://social.msdn.microsoft.com/Forums/en-US/0e4b3c28-a7f3-416b-84b7-3753f534e1b9/faq- how-to-save-money-with-cloudyn-8211-10-steps?forum=Cloudyn

https://docs.microsoft.com/en-us/azure/cost-management/overview

Question No.54

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.

You receive a notification that VM1 will be affected by maintenance.

You need to move VM1 to a different host immediately. Solution: From the Redeploy blade, you click Redeploy. Does this meet the goal?

A.

Yes

B.

No

Answer: A

Explanation:

When you redeploy a VM, it moves the VM to a new node within the Azure infrastructure and then powers it back on, retaining all your configuration options and associated resources.

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

Question No.55

You have an Azure virtual machine named VM1 that you use for testing. VM1 is protected by Azure Backup.

You delete VM1.

You need to remove the backup data stored for VM1. What should you do first?

A.

Modify the backup policy.

B.

Delete the Recovery Services vault.

C.

Stop the backup.

D.

Delete the storage account.

Answer: A

Explanation:

Azure Backup provides backup for virtual machines created through both the classic deployment model and the Azure Resource Manager deployment model by using custom- defined backup policies in a Recovery Services vault.

With the release of backup policy management, customers can manage backup policies and model them to meet their changing requirements from a single window. Customers can edit a policy, associate more virtual machines to a policy, and delete unnecessary policies to meet their compliance requirements.

Question No.56

You have an Active Directory forest named contoso.com.

You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled.

You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.

You need to ensure that the synchronization completes successfully. What should you do?

A.

A.From Synchronization Service Manager, run a full import.

B.

Run Azure AD Connect and set the SSO method to Pass-through Authentication.

C.

From Azure PowerShell, run Start-AdSyncSyncCycle -PolicyType Initial.

D.

Run Azure AD Connect and disable staging mode.

Answer: D

Explanation:

Staging mode must be disabled. If the Azure AD Connect server is in staging mode, password hash synchronization is temporarily disabled.

References:

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync- troubleshoot-password-hash-synchronization#no-passwords-are-synchronized-troubleshoot-by- using-the-troubleshooting-task

Question No.57

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.

You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.

Solution: From the Overview blade, you move the virtual machine to a different resource group. Does this meet the goal?

A.

Yes

B.

No

Answer: B

Explanation:

You should redeploy the VM.

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

Question No.58

You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.

You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources.

What should you do first?

A.

From the on-premises network, deploy Active Directory Federation Services (AD FS).

B.

From Azure AD, add and verify a custom domain name.

C.

From the on-premises network, request a new certificate that contains the Active Directory domain name.

D.

From the server that runs Azure AD Connect, modify the filtering options.

Answer: B

Explanation:

Azure AD Connect lists the UPN suffixes that are defined for the domains and tries to match them with a custom domain in Azure AD. Then it helps you with the appropriate action that needs to be taken. The Azure AD sign-in page lists the UPN suffixes that are defined for on-premises Active Directory and displays the corresponding status against each suffix. The status values can be one of the following:

State: Verified

Azure AD Connect found a matching verified domain in Azure AD. All users for this domain can sign in by using their on-premises credentials.

State: Not verified

Azure AD Connect found a matching custom domain in Azure AD, but it isn#39;t verified. The UPN suffix of the users of this domain will be changed to the default .onmicrosoft.com suffix after synchronization if the domain isn#39;t verified.

Action Required: Verify the custom domain in Azure AD.

References:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-user-signin

Question No.59

You have an Azure subscription.

You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will

be part of the same availability set.

You need to ensure that as many virtual machines as possible are available if the fabric fails or during servicing.

How should you configure the template? To answer, select the appropriate options in the answer area.

image

NOTE: Each correct selection is worth one point.

Select two alternatives below.

A.

platformFaultDomainCount: 0

B.

platformFaultDomainCount: 1

C.

platformFaultDomainCount: 2

D.

platformFaultDomainCount: 3

E.

platformFaultDomainCount: 4

F.

platformUpdateDomainCount: 10

G.

platformUpdateDomainCount: 20

H.

platformUpdateDomainCount: 25

I.

platformUpdateDomainCount: 30

J.

platformUpdateDomainCount: 40

K.

platformUpdateDomainCount: 50

Answer: CG

Explanation:

Use two fault domains.

2 or 3 is max, depending on which region you are in. Use 20 for platformUpdateDomainCount

Increasing the update domain (platformUpdateDomainCount) helps with capacity and availability planning when the platform reboots nodes. A higher number for the pool (20 is max) means that fewer of their nodes in any given availability set would be rebooted at once.

References:

https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domains- managed-disks

https://github.com/Azure/acs-engine/issues/1030

Question No.60

You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.

Subscription1 contains a virtual network named VNet1.VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.

Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24.

You need to connect VNet1 to VNet2. What should you do first?

A.

Move VNet1 to Subscription2.

B.

Modify the IP address space of VNet2.

C.

Provision virtual network gateways.

D.

Move VM1 to Subscription2.

Answer: C

Explanation:

The virtual networks can be in the same or different regions, and from the same or different subscriptions. When connecting VNets from different subscriptions, the subscriptions do not need to be associated with the same Active Directory tenant.

Configuring a VNet-to-VNet connection is a good way to easily connect VNets. Connecting a virtual network to another virtual network using the VNet-to-VNet connection type (VNet2VNet) is similar to creating a Site-to-Site IPsec connection to an on-premises location. Both connectivity types use a VPN gateway to provide a secure tunnel using IPsec/IKE, and both function the same way when communicating.

The local network gateway for each VNet treats the other VNet as a local site. This lets you specify additional address space for the local network gateway in order to route traffic.

References:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource- manager-portal

Get Full Version of AZ-103 Dumps

Categories
AZ-103 Dumps

AZ-103 Real Exam Dumps Questions and answers 1-10

Get Full Version of the Exam
http://www.EnsurePass.com/AZ-103.html

Question No.1

You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2016.

Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1. What can you do from the Azure portal?

A.

Generate an automation script for RG1.

B.

View the keys of storageaccount1.

C.

Upload a blob to storageaccount1.

D.

Start VM1.

Answer: B Explanation:

ReadOnly means authorized users can read a resource, but they can#39;t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

References:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

Question No.2

You have an Azure subscription named Subscription1.

You have 5 TB of data that you need to transfer to Subscription1. You plan to use an Azure Import/Export job.

What can you use as the destination of the imported data?

A.

Azure SQL Database

B.

Azure File Storage

C.

An Azure Cosmos DB database

D.

The Azure File Sync Storage Sync Service

E.

Azure Data Factory

F.

A virtual machine

Answer: B Explanation:

Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.

References:

https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service

Question No.3

You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.

You need to delete the Recovery Services vault.

What should you do first?

A.

From the Recovery Service vault, stop the backup of each backup item.

B.

From the Recovery Service vault, delete the backup data.

C.

Modify the disaster recovery properties of each virtual machine.

D.

Modify the locks of each virtual machine.

Answer: A Explanation:

You can#39;t delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can#39;t, the vault is still configured to receive backup data.

Remove vault dependencies and delete vault

In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.

image

References:

https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault

Question No.4

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You configure a custom policy definition, and then you assign the policy to the subscription.

Does this meet the goal?

A.

Yes

B.

No

Answer: A Explanation:

Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources.

References:

https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition

Question No.5

You have an Azure subscription that contains 10 virtual machines.

You need to ensure that you receive an email message when any virtual machines are powered off, restarted, or deallocated.

What is the minimum number of rules and action groups that you require?

A.

three rules and three action groups

B.

B.one rule and one action group

C.

three rules and one action group

D.

one rule and three action groups

Answer: C Explanation:

An action group is a collection of notification preferences defined by the user. Azure Monitor and Service Health alerts are configured to use a specific action group when the alert is triggered.

Various alerts may use the same action group or different action groups depending on the user#39;s requirements.

References:

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-action-groups

Question No.6

You have an Azure Active Directory (Azure AD) domain that contains 5,000 user accounts. You create a new user account named AdminUser1.

You need to assign the User administrator administrative role to AdminUser1. What should you do from the user account properties?

A.

From the Directory role blade, modify the directory role.

B.

From the Groups blade, invite the user account to a new group.

C.

From the Licenses blade, assign a new license.

Answer: A

Explanation:

Assign a role to a user

Sign in to the Azure portal with an account that#39;s a global admin or privileged role admin for the directory.

Select Azure Active Directory, select Users, and then select a specific user from the list.

For the selected user, select Directory role, select Add role, and then pick the appropriate admin roles from the Directory roles list, such as Conditional access administrator.

Press Select to save. References:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-

assign-role-azure-portal

Question No.7

You have an azure subscription named Subscription that contains the resource groups shown in the following table.

image

In RG1, you create a virtual machine named VM1 in the East Asia location. You plan to create a virtual network named VNET1.

You need to create VNET, and then connect VM1 to VNET1.

What are two possible ways to achieve this goal? Each correct answer presents a complete a solution.

NOTE: Each correct selection is worth one point.

A.

Create VNET1 in RG2, and then set East Asia as the location.

B.

Create VNET1 in a new resource group in the West US location, and then set West US as the location.

C.

Create VNET1 in RG1, and then set East Asia as the location

D.

Create VNET1 in RG1, and then set East US as the location.

E.

Create VNET1 in RG2, and then set East US as the location.

Answer: AC

Question No.8

Note: This question is part of a series of questions that present the same scenario. Each question

in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.

You need to view the date and time when the resources were created in RG1.

Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment.

Does this meet the goal?

A.

Yes

B.

No

Answer: B

Question No.9

You have an Azure subscription that contains the resources shown in the following table.

image

The Not allowed resources types Azure policy is assigned to RG1 and uses the following parameters:

image

In RG1, you need to create a new virtual named VM2, and then connected VM2 to VNET1. What should you do first?

A.

Add a subnet to VNET1.

B.

Remove Microsft.Network/virtualsNetwork from the policy.

C.

Creata an Azure resource Manager template.

D.

Remove Microsoft. Compute/virtualmachine from the policy

Answer: B

Question No.10

You have the Azure virtual machines shown in the following table.

image

You have a Recovery Services vault that protects VM1 and VM2. You need to protect VM3 and VM4 by using Recovery Services. What should you do first?

A.

Configure the extensions for VM3 and VM4.

B.

Create a new Recovery Services vault.

C.

Create a storage account.

D.

Create a new backup policy.

Answer: B

Explanation:

A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services

References:

https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication

Get Full Version of AZ-103 Dumps

Categories
AZ-103 Dumps

AZ-103 Real Exam Dumps Questions and answers 11-20

Get Full Version of the Exam
http://www.EnsurePass.com/AZ-103.html

Question No.11

You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.

image

RG1 has a web app named WebApp1. WebApp1 is located in West Europe. You move WebApp1 to RG2. What is the effect of the move?

A.

The App Service plan to WebApp1 moves to North Europe. Policy2 applies to WebApp1.

B.

The App Service plan to WebApp1 moves to North Europe. Policy1 applies to WebApp1.

C.

The App Service plan to WebApp1 remains to West Europe. Policy2 applies to WebApp1.

D.

The App Service plan to WebApp1 remains to West Europe. Policy1 applies to WebApp1.

Answer: C

Explanation:

You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group and geographical region.

The region in which your app runs is the region of the App Service plan it#39;s in. However, you cannot change an App Service plan#39;s region.

References:

https://docs.microsoft.com/en-us/azure/app-service/app-service-plan-manage

Question No.12

Your company has an Azure subscription named Subscription1.

The company also has two on-premises servers named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a DNS server that has a primary DNS zone named adatum.com. Adatum.com contains 1,000 DNS records.

You manage Server1 and Subscription1 from Server2. Server2 has the following tools installed: The DNS Manager console

image

Azure PowerShell

image

Azure CLI 2.0

image

You need to move the adatum.com zone to Subscription1. The solution must minimize administrative effort.

What should you use?

A.

Azure PowerShell

B.

Azure CLI

C.

the Azure portal

D.

the DNS Manager console

Answer: B

Explanation:

Azure DNS supports importing and exporting zone files by using the Azure command-line interface (CLI). Zone file import is not currently supported via Azure PowerShell or the Azure

portal.

References:

https://docs.microsoft.com/en-us/azure/dns/dns-import-export

Question No.13

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You assign a built-in policy definition to the subscription. Does this meet the goal?

A.

Yes

B.

No

Answer: B

Question No.14

You have an Azure subscription that contains the resources in the following table.

image

Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1. You need to apply ASG1 to VM1.

What should you do?

A.

Modify the properties of NSG1.

B.

Modify the properties of ASG1.

C.

Associate NIC1 to ASG1.

Answer: B

Explanation:

When you deploy VMs, make them members of the appropriate ASGs. You associate the ASG with a subnet.

References:

https://azure.microsoft.com/en-us/blog/applicationsecuritygroups/

Question No.15

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company registers a domain name of contoso.com.

You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

You need to resolve the name resolution issue.

Solution: You create a PTR record for www in the contoso.com zone. Does this meet the goal?

A.

Yes

B.

No

Answer: B

Explanation:

Modify the Name Server (NS) record.

References:

https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

Question No.16

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.

You need to ensure that when the scale set virtual machines are provisioned, they have web

server components installed.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE Each correct selection is worth one point.

A.

Modify the extensionProfile section of the Azure Resource Manager template.

B.

Create a new virtual machine scale set in the Azure portal.

C.

Create an Azure policy.

D.

Create an automation account.

E.

Upload a configuration script.

Answer: AB

Explanation:

Virtual Machine Scale Sets can be used with the Azure Desired State Configuration (DSC) extension handler. Virtual machine scale sets provide a way to deploy and manage large numbers of virtual machines, and can elastically scale in and out in response to load. DSC is used to configure the VMs as they come online so they are running the production software.

References:

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-dsc

Question No.17

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.

Does this meet the goal?

A.

Yes

B.

No

Answer: B

Question No.18

You have an Azure subscription that contains a virtual machine named VM1. VM1 hosts a line-of- business application that is available 24 hours a day. VM1 has one network interface and one managed disk. VM1 uses the D4s v3 size.

You plan to make the following changes to VM1: Change the size to D8s v3.

image

Add a 500-GB managed disk.

image

Add the Puppet Agent extension.

image

Attach an additional network interface.

image

Which change will cause downtime for VM1?

A.

Add a 500-GB managed disk.

B.

Attach an additional network interface.

C.

Add the Puppet Agent extension.

D.

Change the size to D8s v3.

Answer: D

Explanation:

While resizing the VM it must be in a stopped state.

References:

https://azure.microsoft.com/en-us/blog/resize-virtual-machines/

Question No.19

You have 100 Azure subscriptions. All the subscriptions are associated to the same Azure Active Directory (Azure AD) tenant named contoso.com.

You are a global administrator.

You plan to create a report that lists all the resources across all the subscriptions. You need to ensure that you can view all the resources in all the subscriptions.

What should you do?

A.

From the Azure portal, modify the profile settings of your account.

B.

From Windows PowerShell, run the Add-AzureADAdministrativeUnitMember cmdlet.

C.

From Windows PowerShell, run the New-AzureADUserAppRoleAssignment cmdlet.

D.

From the Azure portal, modify the properties of the Azure AD tenant.

Answer: C

Explanation:

The New-AzureADUserAppRoleAssignment cmdlet assigns a user to an application role in Azure Active Directory (AD). Use it for the application report.

References:

https://docs.microsoft.com/en-us/powershell/module/azuread/new- azureaduserapproleassignment?view=azureadps-2.0

Question No.20

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

You hire a temporary vendor. The vendor uses a Microsoft account that has a sign-in of user1@outlook.com.

A.

From Windows PowerShell, run the New-AzureADUser cmdlet and specify the – UserPrincipalName user1@outloo

B.

From the Azure portal, add a custom domain name, create a new Azure AD user, and then specify user1@outlook.

C.

From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the -UserPrincipalName user1@outlook.co

D.

From the Azure portal, add a new guest user, and then specify user1@outlook.com as the email address.

You need to ensure that the vendor can authenticate to the tenant by using user1@outlook.com. What should you do?

Answer: A

Explanation:

UserPrincipalName – contains the UserPrincipalName (UPN) of this user. The UPN is what the user will use when they sign in into Azure AD. The common structure is @, so for Abby Brown in Contoso.com, the UPN would be AbbyB@contoso.com

Example:

To create the user, call the New-AzureADUser cmdlet with the parameter values:

powershell New-AzureADUser -AccountEnabled $True -DisplayName quot;Abby Brownquot; – PasswordProfile $PasswordProfile -MailNickName quot;AbbyBquot; -UserPrincipalName quot;AbbyB@contoso.comquot;

References:

https://docs.microsoft.com/bs-cyrl-ba/powershell/azure/active-directory/new-user- sample?view=azureadps-2.0

Get Full Version of AZ-103 Dumps

Categories
AZ-103 Dumps

AZ-103 Real Exam Dumps Questions and answers 21-30

Get Full Version of the Exam
http://www.EnsurePass.com/AZ-103.html

Question No.21

You have an Azure tenant that contains two subscriptions named Subscription1 and Subscription2.

In Subscription1, you deploy a virtual machine named Server1 that runs Windows Server 2016. Server1 uses managed disks.

You need to move Server1 to Subscription2. The solution must minimize administration effort. What should you do first?

A.

In Subscription2, create a copy of the virtual disk.

B.

From Azure PowerShell, run the Move-AzureRmResource cmdlet.

C.

Create a snapshot of the virtual disk.

D.

Create a new virtual machine in Subscription2.

Answer: B

Explanation:

To move existing resources to another resource group or subscription, use the Move- AzureRmResource cmdlet.

References:

https://docs.microsoft.com/en-in/azure/azure-resource-manager/resource-group-move- resources#moveresources

Question No.22

You have an Azure DNS zone named adatum.com. You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure. What should you do?

A.

Create an PTR record named research in the adatum.com zone.

B.

Create an NS record named research in the adatum.com zone.

C.

Modify the SOA record of adatum.com.

D.

Create an A record named quot;.research in the adatum.com zone.

Answer: B

Explanation:

You need to create a name server (NS) record for the zone.

References:

https://docs.microsoft.com/en-us/azure/dns/delegate-subdomain

Question No.23

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.

You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.

Solution: Solution: From the Overview blade, you move the virtual machine to a different subscription.

Does this meet the goal?

A.

Yes

B.

No

Answer: B

Explanation:

You would need to Redeploy the VM.

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

Question No.24

Your company registers a domain name of contoso.com.

You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

You need to resolve the name resolution issue.

Solution: You modify the name server at the domain registrar. Does this meet the goal?

A.

Yes

B.

No

Answer: B

Explanation:

Modify the Name Server (NS) record.

References:

https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

Question No.25

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets

might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.

You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Automation script.

Does this meet the goal?

A.

Yes

B.

No

Answer: B

Question No.26

You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com. Your company has a public DNS zone for contoso.com.

You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name.

Which type of DNS record should you create?

A.

PTR

B.

MX

C.

NSEC3

D.

RRSIG

Answer: B

Question No.27

You have an Azure subscription that contains the resources in the following table. To which subnets can you apply NSG1?

image

A.

the subnets on VNet2 only

B.

the subnets on VNet1 only

C.

the subnets on VNet2 and VNet3 only

D.

the subnets on VNet1, VNet2, and VNet3

E.

the subnets on VNet3 only

Answer: E

Explanation:

All Azure resources are created in an Azure region and subscription. A resource can only be created in a virtual network that exists in the same region and subscription as the resource.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm

Question No.28

You have two Azure Active Directory (Azure AD) tenants named contoso.com and fabrikam.com. You have a Microsoft account that you use to sign in to both tenants.

You need to configure the default sign-in tenant for the Azure portal. What should you do?

A.

From the Azure portal, configure the portal settings.

B.

From the Azure portal, change the directory.

C.

From Azure Cloud Shell, run Set-AzureRmContext .

D.

From Azure Cloud Shell, run Set-AzureRmSubscription .

Answer: C

Explanation:

The Set-AzureRmContext cmdlet sets authentication information for cmdlets that you run in the current session. The context includes tenant, subscription, and environment information.

References:

https://docs.microsoft.com/en-us/powershell/module/azurerm.profile/set-azurermcontext

Question No.29

Your company registers a domain name of contoso.com.

You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

You need to resolve the name resolution issue.

Solution: You add an NS record to the contoso.com zone. Does this meet the goal?

A.

Yes

B.

No

Answer: A

Explanation:

Before you can delegate your DNS zone to Azure DNS, you need to know the name servers for your zone. The NS record set contains the names of the Azure DNS name servers assigned to the zone.

References:

https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

Question No.30

You plan to back up an Azure virtual machine named VM1.

You discover that the Backup Pre-Check status displays a status of Warning. What is a possible cause of the Warning status?

A.

VM1 does not have the latest version of WaAppAgent.exe installed.

B.

VM1 has an unmanaged disk.

C.

VM1 is stopped.

D.

A Recovery Services vault is unavailable.

Answer: A

Explanation:

The Warning state indicates one or more issues in VM#39;s configuration that might lead to backup failures and provides recommended steps to ensure successful backups. Not having the latest VM Agent installed, for example, can cause backups to fail intermittently and falls in this class of issues.

References:

https://azure.microsoft.com/en-us/blog/azure-vm-backup-pre-checks/

Get Full Version of AZ-103 Dumps