Verified AZ-100 Exam Dumps 2019

We provide AZ-100 Exam Questions and Answers in two formats. Download PDF & Practice Tests. Pass Microsoft AZ-100 Exam quickly & easily. The AZ-100 PDF type is available for reading and printing. You can print more and practice many times. With the help of our AZ-100 Braindumps product and material, you can easily pass the AZ-100 exam.

Online AZ-100 free questions and answers of New Version:

NEW QUESTION 1
You have an Azure policy as shown in the following exhibit.
AZ-100 dumps exhibit
Which of the following statements are true? Which of the following statements are true?

  • A. You can create Azure SQL servers in ContosoRG1.
  • B. You are prevented from creating Azure SQL servers anywhere in Subscription 1.
  • C. You are prevented from creating Azure SQL Servers in ContosoRG1 only.
  • D. You can create Azure SQL servers in any resource group within Subscription 1.

Answer: A

Explanation: You are prevented from creating Azure SQL servers anywhere in Subscription 1 with the exception of ContosoRG1

NEW QUESTION 2
You are evaluating the connectivity between the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
AZ-100 dumps exhibit

    Answer:

    Explanation: Once the VNets are peered, all resources on one VNet can communicate with resources on the other peered VNets. You plan to enable peering between Paris-VNet and AllOffices-VNet. Therefore VMs on Subnet1, which is on Paris-VNet and VMs on Subnet3, which is on AllOffices-VNet will be able to connect to each other.
    All Azure resources connected to a VNet have outbound connectivity to the Internet by default. Therefore VMs on ClientSubnet, which is on ClientResources-VNet will have access to the Internet; and VMs on Subnet3 and Subnet4, which are on AllOffices-VNet will have access to the Internet.
    References:
    https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview https://docs.microsoft.com/en-us/azure/networking/networking-overview#internet-connectivity

    NEW QUESTION 3
    You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.
    AZ-100 dumps exhibit
    RG1 has a web app named WebApp1. WebApp1 is located in West Europe. You move WebApp1 to RG2. What is the effect of the move?

    • A. The App Service plan to WebApp1 moves to North Europ
    • B. Policy2 applies to WebApp1.
    • C. The App Service plan to WebApp1 moves to North Europ
    • D. Policy1 applies to WebApp1.
    • E. The App Service plan to WebApp1 remains to West Europ
    • F. Policy2 applies to WebApp1.
    • G. The App Service plan to WebApp1 remains to West Europ
    • H. Policy1 applies to WebApp1.

    Answer: C

    Explanation: You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group and geographical region.
    The region in which your app runs is the region of the App Service plan it's in. However, you cannot change an App Service plan's region.
    References: https://docs.microsoft.com/en-us/azure/app-service/app-service-plan-manage

    NEW QUESTION 4
    You have an on-premises file server named Server1 that runs Windows Server 2016. You have an Azure subscription that contains an Azure file share.
    You deploy an Azure File Sync Storage Sync Service, and you create a sync group. You need to synchronize files from Server1 to Azure.
    Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
    AZ-100 dumps exhibit

      Answer:

      Explanation: Step 1: Install the Azure File Sync agent on Server1
      The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share
      Step 2: Register Server1.
      Register Windows Server with Storage Sync Service
      Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
      Step 3: Add a server endpoint
      Create a sync group and a cloud endpoint.
      A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.
      References: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

      NEW QUESTION 5
      Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
      After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
      You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
      Another administrator plans to create several network security groups (NSGs) in the subscription.
      You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
      Solution: You assign a built-in policy definition to the subscription. Does this meet the goal?

      • A. Yes
      • B. No

      Answer: B

      NEW QUESTION 6
      Your company registers a domain name of contoso.com.
      You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
      You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address. You need to resolve the name resolution issue.
      Solution: You modify the SOA record in the contoso.com zone Does this meet the goal?

      • A. Yes
      • B. No

      Answer: B

      Explanation: Modify the NS record, not the SOA record.
      Note: The SOA record stores information about the name of the server that supplied the data for the zone; the administrator of the zone; the current version of the data file; the number of seconds a secondary name server should wait before checking for updates; the number of seconds a secondary name server should wait before retrying a failed zone transfer; the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire; and a default number of seconds for the time-to-live file on resource records.
      References: https://searchnetworking.techtarget.com/definition/start-of-authority-record

      NEW QUESTION 7
      You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com. Your company has a public DNS zone for contoso.com.
      You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name. Which type of DNS record should you create?

      • A. PTR
      • B. MX
      • C. NSEC3
      • D. RRSIG

      Answer: B

      NEW QUESTION 8
      You purchase a new Azure subscription named Subscription1.
      You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.
      You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days. What should you do? To answer, select the appropriate options in the answer area.
      NOTE: Each correct selection is worth one point.
      AZ-100 dumps exhibit

        Answer:

        Explanation: Box 1: A Recovery Services vault
        A Recovery Services vault is an entity that stores all the backups and recovery points you create over time. Box 2: A backup policy
        What happens when I change my backup policy?
        When a new policy is applied, schedule and retention of the new policy is followed. References:
        https://docs.microsoft.com/en-us/azure/backup/backup-configure-vault
        https://docs.microsoft.com/en-us/azure/backup/backup-azure-backup-faq

        NEW QUESTION 9
        Overview
        The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
        Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
        Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
        Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
        To start the lab
        You may start the lab by clicking the Next button. You plan to host several secured websites on Web01.
        You need to allow HTTPS over TCP port 443 to Web01 and to prevent HTTP over TCP port 80 to Web01. What should you do from the Azure portal?

          Answer:

          Explanation: You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
          A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
          Step A: Create a network security group
          A1. Search for and select the resource group for the VM, choose Add, then search for and select Network security group.
          A2. Select Create.
          AZ-100 dumps exhibit
          The Create network security group window opens. A3. Create a network security group
          Enter a name for your network security group.
          Select or create a resource group, then select a location. A4. Select Create to create the network security group.
          Step B: Create an inbound security rule to allows HTTPS over TCP port 443 B1. Select your new network security group.
          B2. Select Inbound security rules, then select Add. B3. Add inbound rule
          B4. Select Advanced.
          From the drop-down menu, select HTTPS.
          You can also verify by clicking Custom and selecting TCP port, and 443. B5. Select Add to create the rule.
          Repeat step B2-B5 to deny TCP port 80
          B6. Select Inbound security rules, then select Add. B7. Add inbound rule
          B8. Select Advanced.
          Clicking Custom and selecting TCP port, and 80. B9. Select Deny.
          Step C: Associate your network security group with a subnet
          Your final step is to associate your network security group with a subnet or a specific network interface. C1. In the Search resources, services, and docs box at the top of the portal, begin typing Web01. When the
          Web01 VM appears in the search results, select it.
          C2. Under SETTINGS, select Networking. Select Configure the application security groups, select the Security Group you created in Step A, and then select Save, as shown in the following picture:
          AZ-100 dumps exhibit
          References:
          https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic

          NEW QUESTION 10
          You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name should you use?

          • A. ad.humongousinsurance.com
          • B. humongousinsurance.onmicrosoft.com
          • C. humongousinsurance.local
          • D. humongousinsurance.com

          Answer: D

          Explanation: Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as ‘alice@contoso.com.’ instead of 'alice@domain name.onmicrosoft.com'.
          Scenario:
          Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
          Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure
          AD.
          References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain

          NEW QUESTION 11
          You have an Azure subscription that contains a storage account named account1.
          You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of 131.107.1.0/24.
          You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
          You need to configure account1 to meet the following requirements:
          AZ-100 dumps exhibit Ensure that you can upload the disk files to account1.
          AZ-100 dumps exhibit Ensure that you can attach the disks to VM1.
          AZ-100 dumps exhibit Prevent all other access to account1.
          Which two actions should you perform? Each correct selection presents part of the solution.
          NOTE: Each correct selection is worth one point.

          • A. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
          • B. From the Firewalls and virtual networks blade of account1, select Selected networks.
          • C. From the Firewalls and virtual networks blade of acount1, add VNet1.
          • D. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
          • E. From the Service endpoints blade of VNet1, add a service endpoint.

          Answer: BE

          Explanation: B: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.
          Azure portal
          AZ-100 dumps exhibit Navigate to the storage account you want to secure.
          AZ-100 dumps exhibit Click on the settings menu called Firewalls and virtual networks.
          AZ-100 dumps exhibit To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all networks, choose to allow access from 'All networks'.
          AZ-100 dumps exhibit Click Save to apply your changes. E: Grant access from a Virtual Network
          Storage accounts can be configured to allow access only from specific Azure Virtual Networks.
          By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each request.
          References: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

          NEW QUESTION 12
          You have an Azure subscription that contains the resources in the following table.
          AZ-100 dumps exhibit
          Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1. You need to apply ASG1 to VM1.
          What should you do?

          • A. Modify the properties of NSG1.
          • B. Modify the properties of ASG1.
          • C. Associate NIC1 to ASG1.

          Answer: B

          Explanation: When you deploy VMs, make them members of the appropriate ASGs. You associate the ASG with a subnet.
          References: https://azure.microsoft.com/en-us/blog/applicationsecuritygroups/

          NEW QUESTION 13
          You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
          You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
          What should you create to store the password?

          • A. Azure Active Directory (AD) Identity Protection and an Azure policy
          • B. a Recovery Services vault and a backup policy
          • C. an Azure Key Vault and an access policy
          • D. an Azure Storage account and an access policy

          Answer: C

          Explanation: You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file.
          References: https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/

          NEW QUESTION 14
          You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs Windows Server 2016 and is part of an availability set.
          VM1 has virtual machine-level backup enabled. VM1 is deleted.
          You need to restore VM1 from the backup. VM1 must be part of the availability set.
          Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
          AZ-100 dumps exhibit

            Answer:

            Explanation: AZ-100 dumps exhibit

            NEW QUESTION 15
            Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
            AZ-100 dumps exhibit
            AZ-100 dumps exhibit
            AZ-100 dumps exhibit
            AZ-100 dumps exhibit
            AZ-100 dumps exhibit
            AZ-100 dumps exhibit
            When you are finished performing all the tasks, click the ‘Next’ button.
            Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
            Overview
            The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
            Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
            Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
            To start the lab
            You may start the lab by clicking the Next button.
            You plan to create several virtual machines in different availability zones, and then to configure the virtual machines for load balanced connections from the Internet.
            You need to create an IP address resource named ip1006 to support the planned load balancing solution. The solution must minimize costs.
            What should you do from the Azure portal?

              Answer:

              Explanation: We should create a public IP address.
              AZ-100 dumps exhibit At the top, left corner of the portal, select + Create a resource.
              AZ-100 dumps exhibit Enter public ip address in the Search the Marketplace box. When Public IP address appears in the search results, select it.
              AZ-100 dumps exhibit Under Public IP address, select Create.
              AZ-100 dumps exhibit Enter, or select values for the following settings, under Create public IP address, then select Create: Name: ip1006
              SKU: Basic SKU IP Version: IPv6
              IP address assignment: Dynamic Subscription: Select appropriate Resource group: Select appropriate
              References: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-public-ip-address

              NEW QUESTION 16
              You need to prepare the environment to meet the authentication requirements.
              Which two actions should you perform? Each correct answer presents part of the solution.
              NOTE Each correct selection is worth one point.

              • A. Azure Active Directory (AD) Identity Protection and an Azure policy
              • B. a Recovery Services vault and a backup policy
              • C. an Azure Key Vault and an access policy
              • D. an Azure Storage account and an access policy

              Answer: BD

              Explanation: D: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.
              B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com

              Topic 2, Contoso Ltd
              Overview
              Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
              Contoso products are manufactured by using blueprint files that the company authors and maintains.
              Existing Environment
              Currently, Contoso uses multiple types of servers for business operations, including the following:
              File servers
              Domain controllers
              Microsoft SQL Server servers
              Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
              You have a public-facing application named App1. App1 is comprised of the following three tiers:
              A SQL database
              A web front end
              A processing middle tier
              Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
              Requirements Planned Changes
              Contoso plans to implement the following changes to the infrastructure: Move all the tiers of App1 to Azure.
              Move the existing product blueprint files to Azure Blob storage.
              Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.
              Technical Requirements
              Contoso must meet the following technical requirements:
              Move all the virtual machines for App1 to Azure.
              Minimize the number of open ports between the App1 tiers.
              Ensure that all the virtual machines for App1 are protected by backups.
              Copy the blueprint files to Azure over the Internet.
              Ensure that the blueprint files are stored in the archive storage tier.
              Ensure that partner access to the blueprint files is secured and temporary.
              Prevent user passwords or hashes of passwords from being stored in Azure.
              Use unmanaged standard storage for the hard disks of the virtual machines.
              Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
              Minimize administrative effort whenever possible.
              User Requirements
              Contoso identifies the following requirements for users:
              Ensure that only users who are part of a group named Pilot can join devices to Azure AD. Designate a new user named Admin1 as the service administrator of the Azure subscription. Ensure that a new user named User3 can create network objects for the Azure subscription.

              NEW QUESTION 17
              Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
              AZ-100 dumps exhibit
              AZ-100 dumps exhibit
              AZ-100 dumps exhibit
              AZ-100 dumps exhibit
              AZ-100 dumps exhibit
              AZ-100 dumps exhibit
              When you are finished performing all the tasks, click the ‘Next’ button.
              Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
              Overview
              The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
              Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
              Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
              To start the lab
              You may start the lab by clicking the Next button.
              You plan to create 100 Azure virtual machines on each of the following three virtual networks:
              AZ-100 dumps exhibit VNET1005a
              AZ-100 dumps exhibit VNET1005b
              AZ-100 dumps exhibit VNET1005c
              All the network traffic between the three virtual networks will be routed through VNET1005a.
              You need to create the virtual networks, and then to ensure that all the Azure virtual machines can connect to other virtual machines by using their private IP address. The solution must NOT require any virtual network gateways and must minimize costs.
              What should you do from the Azure portal before you configure IP routing?

                Answer:

                Explanation: Step 1: Click Create a resource in the portal.
                Step 2: Enter Virtual network in the Search the Marketplace box at the top of the New pane that appears. Click Virtual network when it appears in the search results.
                Step 3: Select Classic in the Select a deployment model box in the Virtual Network pane that appears, then click Create.
                Step 4: Enter the following values on the Create virtual network (classic) pane and then click Create: Name: VNET1005a
                Address space: 10.0.0.0/16 Subnet name: subnet0 Resource group: Create new
                Subnet address range: 10.0.0.0/24
                Subscription and location: Select your subscription and location.
                Step 5: Repeat steps 3-5 for VNET1005b (10.1.0.0/16, 10.1.0.0/24), and for VNET1005c 10.2.0.0/16, 10.2.0.0/24).
                References: https://docs.microsoft.com/en-us/azure/virtual-network/create-virtual-network-classic

                NEW QUESTION 18
                Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
                After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
                You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
                You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.
                Solution: From the Overview blade, you move the virtual machine to a different resource group. Does this meet the goal?

                • A. Yes
                • B. No

                Answer: B

                Explanation: You should redeploy the VM.
                References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

                NEW QUESTION 19
                You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2016. Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1.
                What can you do from the Azure portal?

                • A. Generate an automation script for RG1.
                • B. View the keys of storageaccount1.
                • C. Upload a blob to storageaccount1.
                • D. Start VM1.

                Answer: B

                Explanation: ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
                References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

                NEW QUESTION 20
                You have an Azure subscription that contains 100 virtual machines. You regularly create and delete virtual machines.
                You need to identify unused disks that can be deleted. What should you do?

                • A. From Microsoft Azure Storage Explorer, view the Account Management properties.
                • B. From the Azure portal, configure the Advisor recommendations.
                • C. From Cloudyn, open the Optimizer tab and create a report.
                • D. From Cloudyn, create a Cost Management report.

                Answer: A

                Explanation: References:
                https://cloud.netapp.com/blog/reduce-azure-storage-costs

                100% Valid and Newest Version AZ-100 Questions & Answers shared by prep-labs.com, Get Full Dumps HERE: https://www.prep-labs.com/dumps/AZ-100/ (New 106 Q&As)