Your success in AZ-102 Exam Questions is our sole target and we develop all our AZ-102 Exam Dumps in a way that facilitates the attainment of this target. Not only is our AZ-102 Study Guides material the best you can find, it is also the most detailed and the most updated. AZ-102 Exam Dumps for Microsoft AZ-102 are written to the highest standards of technical accuracy.
Microsoft AZ-102 Free Dumps Questions Online, Read and Test Now.
NEW QUESTION 1
You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2021. Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1. What can you do from the Azure portal?
- A. Generate an automation script for RG1.
- B. View the keys of storageaccount1.
- C. Upload a blob to storageaccount1.
- D. Start VM1.
Answer: B
Explanation: ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lockresources
NEW QUESTION 2
HOT SPOT
You create an Azure web app named WebApp1. WebApp1 has the autoscale settings shown in the following exhibit.
The scale out and scale in rules are configured to have a duration of 10 minutes and a cool down time of five minutes.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 3
HOT SPOT
You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table.
You create two user accounts that are configured as shown in the following table.
To which groups do User1 and User2 belong? To answer. select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation: Box 1: Group 1 only First rule applies
Box 2: Group1 and Group2 only Both membership rules apply.
References: https://docs.microsoft.com/en-us/sccm/core/clients/manage/collections/createcollections
NEW QUESTION 4
You need to recommend an identify solution that meets the technical requirements. What should you recommend?
- A. federated single-on (SSO) and Active Directory Federation Services (AD FS)
- B. password hash synchronization and single sign-on (SSO)
- C. cloud-only user accounts
- D. Pass-through Authentication and single sign-on (SSO)
Answer: A
Explanation: Active Directory Federation Services is a feature and web service in the Windows Server Operating System that allows sharing of identity information outside a company’s network.
Scenario: Technical Requirements include:
Prevent user passwords or hashes of passwords from being stored in Azure.
References: https://www.sherweb.com/blog/active-directory-federation-services/
NEW QUESTION 5
Your company registers a domain name of contoso.com.
You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You modify the SOA record in the contoso.com zone Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation: Modify the NS record, not the SOA record.
Note: The SOA record stores information about the name of the server that supplied the data for the zone; the administrator of the zone; the current version of the data file; the number of seconds a secondary name server should wait before checking for updates; the number of seconds a secondary name server should wait before retrying a failed zone transfer; the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire; and a default number of seconds for the time-to-live file on resource records.
References: https://searchnetworking.techtarget.com/definition/start-of-authority-record
NEW QUESTION 6
From the MFA Server blade, you open the Block/unblock users blade as shown in the exhibit.
What caused AlexW to be blocked?
- A. An administrator manually blocked the user.
- B. The user reports a fraud alert when prompted for additional authentication.
- C. The user account password expired.
- D. The user entered an incorrect PIN four times within 10 minute
Answer: B
NEW QUESTION 7
You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.
RG1 has a web app named WebApp1. WebApp1 is located in West Europe. You move WebApp1 to RG2. What is the effect of the move?
- A. The App Service plan to WebApp1 moves to North Europ
- B. Policy2 applies to WebApp1.
- C. The App Service plan to WebApp1 moves to North Europ
- D. Policy1 applies to WebApp1.
- E. The App Service plan to WebApp1 remains to West Europ
- F. Policy2 applies to WebApp1.
- G. The App Service plan to WebApp1 remains to West Europ
- H. Policy1 applies to WebApp1.
Answer: C
NEW QUESTION 8
You need to create a function app named corp7509086nl that supports sticky sessions. The solution must minimize the Azure-related costs of the App Service plan.
What should you do from the Azure portal?
Answer:
Explanation: Step 1:
Select the New button found on the upper left-hand corner of the Azure portal, then select Compute
> Function App. Step 2:
Use the function app settings as listed below. App name: corp7509086n1
Hosting plan: Azure App Service plan (need this for the sticky sessions)
Pricing tier of the the App Service plan: Shared compute: Free Step 3:
Select Create to provision and deploy the function app. References:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-function-app-portal
NEW QUESTION 9
You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com.
You need to enable two-step verification for Azure users. What should you do?
- A. Configure a playbook in Azure AD conditional access policy.
- B. Create an Azure AD conditional access policy.
- C. Create and configure the Identify Hub.
- D. Install and configure Azure AD Connec
Answer: B
Explanation: References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
NEW QUESTION 10
HOT SPOT
You purchase a new Azure subscription named Subscription1.
You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup. You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation: Box 1: A Recovery Services vault
A Recovery Services vault is an entity that stores all the backups and recovery points you create over time.
Box 2: A backup policy
What happens when I change my backup policy?
When a new policy is applied, schedule and retention of the new policy is followed. References:
https://docs.microsoft.com/en-us/azure/backup/backup-configure-vault https://docs.microsoft.com/en-us/azure/backup/backup-azure-backup-faq
NEW QUESTION 11
Note: This questions is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. After you answer a questions in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription. Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation: How can I freeze or lock my production/critical Azure resources from accidental deletion? There is way to do this with both ASM and ARM resources using Azure resource lock.
References: https://blogs.msdn.microsoft.com/azureedu/2021/04/27/using-azure-resourcemanager-policy-and-azure-lock-to-control-your-azure-resources/
NEW QUESTION 12
DRAG DROP
You have an Azure Linux virtual machine that is protected by Azure Backup. One week ago, two files were deleted from the virtual machine.
You need to restore the deleted files to an on-premises computer as quickly as possible.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation: To restore files or folders from the recovery point, go to the virtual machine and choose the desired recovery point.
Step 0. In the virtual machine's menu, click Backup to open the Backup dashboard. Step 1. In the Backup dashboard menu, click File Recovery.
Step 2. From the Select recovery point drop-down menu, select the recovery point that holds the files you want. By default, the latest recovery point is already selected.
Step 3: To download the software used to copy files from the recovery point, click Download Executable (for Windows Azure VM) or Download Script (for Linux Azure VM, a python script is generated).
Step 4: Copy the files by using AzCopy
AzCopy is a command-line utility designed for copying data to/from Microsoft Azure Blob, File, and Table storage, using simple commands designed for optimal performance. You can copy data between a file system and a storage account, or between storage accounts.
References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy
NEW QUESTION 13
SIMULATION
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to move backup files and documents from an on-premises Windows file server to Azure Storage. The backup files will be stored as blobs.
You need to create a storage account named corpdata7523690n2. The solution must meet the following requirements:
Ensure that the documents are accessible via drive mappings from Azure virtual machines that run Windows Server 2021.
Provide the highest possible redundancy for the documents. Minimize storage access costs.
What should you do from the Azure portal?
Answer:
Explanation: Step 1: In the Azure portal, click All services. In the list of resources, type Storage Accounts. As you begin typing, the list filters based on your input. Select Storage Accounts.
Step 2: On the Storage Accounts window that appears, choose Add. Step 3: Select the subscription in which to create the storage account.
Step 4: Under the Resource group field, select Create New. Create a new Resource
Step 5: Enter a name for your storage account: corpdata7523690n2
Step 6: For Account kind select: General-purpose v2 accounts (recommended for most scenarios) General-purpose v2 accounts is recommended for most scenarios. . General-purpose v2 accounts deliver the lowest per-gigabyte capacity prices for Azure Storage, as well as industry-competitive transaction prices.
Step 7: For replication select: Read-access geo-redundant storage (RA-GRS)
Read-access geo-redundant storage (RA-GRS) maximizes availability for your storage account. RA-GRS provides read-only access to the data in the secondary location, in addition to geo-replication across
two regions.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-quickstart-create-account https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
NEW QUESTION 14
You have an Azure subscription named Subscription1 and two Azure Active Directory (Azure AD) tenants named Tenant1 and Tenant2.
Subscnption1 is associated to Tenant1 Multi-factor authentication (MFA) is enabled for all the users in Tenant1.
You need to enable MFA for the users in Tenant2. The solution must maintain MFA forTenant1. What should you do first?
- A. Transfer the administration of Subscription1 to a global administrator of Tenants.
- B. Configure the MFA Server setting in Tenant1.
- C. Create and link a subscription to Tenant2.
- D. Change the directory for Subscription1.
Answer: C
Explanation: Case Study: 12
ADatum Corporation Overview
A Datum Corporation is a financial company that has two main offices in New York and Los Angeles. A Datum has a subsidiary named Fabrikam, Inc. that shares the Los Angeles office.
A Datum is conducting an initial deployment of Azure services to host new line-of-business applications and is preparing to migrate its existing on-premises workloads to Azure.
A Datum uses Microsoft Exchange Online for email. On-Premises Environment
The on-premises workloads run on virtual machines hosted in a VMware vSphere 6 infrastructure. All the virtual machines are members of an Active Directory forest named adatum.com and run Windows Server 2021.
The New York office an IP address of 10.0.0.0/16. The Los Angeles office uses an IP address space of 10.10.0.0/16.
The offices connect by using a VPN provided by an ISP. Each office has one Azure ExpressRoute circuit that provides access to Azure services and Microsoft Online Services. Routing is implemented by using Microsoft peering.
The New York office has a virtual machine named VM1 that has the vSphere console installed. Azure Environment
You provision the Azure infrastructure by using the Azure portal. The infrastructure contains the resources shown in the following table.
AG1 has two backend pools named Pool11 and Pool12. AG2 has two backend pools named Pool21 and Pool22.
Planned Changes
ADatum plans to migrate the virtual machines from the New York office to the East US Azure region by using Azure Site Recovery.
Infrastructure Requirements
ADatum identifies the following infrastructure requirements:
? A new web app named App1 that will access third-parties for credit card processing must be deployed.
? A newly developed API must be implemented as an Azure function named App2. App2 will use a blob storage trigger. App2 must process new blobs immediately.
? The Azure infrastructure and the on-premises infrastructure and the on-premises infrastructure must be prepared for the migration of the VMware virtual machines to Azure.
? The sizes of the Azure virtual machines that will be used to migrate the on-premises workloads must be identified.
? All migrated and newly deployed Azure virtual machines must be joined to the adatum.com domain.
? AG1 must load balance incoming traffic in the following manner:
1. http://corporate.adatum.com/video/* will be load balanced across Pool11.
2. http://corporate.adatum.com/images/* will be load balanced across Pool12.
? AG2 must load balance incoming traffic in the following manner:
1. http://www.adatum.com will be load balanced across Pool21.
2. http://www.fabrikam.com will be load balanced across Pool22.
? ER1 must route traffic between the New York office and the platform as a service (PaaS) services in the East US Azure region, as long as ER1 is available.
? ER2 must route traffic between the Los Angeles office and the PaaS sevices in the West US region, as long as ER2 is available.
? ER1 and ER2 must be configured to fail over automatically. Application Requirements
App2 must be able to connect directly to the private IP addresses of the Azure virtual machines. App2 will be deployed directly to an Azure virtual network.
Inbound and outbound communications to App1 must be controlled by using NSGs. Pricing Requirements
ADatum identifies the following pricing requirements:
? The cost of App1 and App2 must be minimized.
? The transactional charges of Azure Storage account must be minimized.
NEW QUESTION 15
SIMULATION
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You need to create a virtual network named VNET1008 that contains three subnets named subnet0, subnet1, and subnet2. The solution must meet the following requirements:
Connections from any of the subnets to the Internet must be blocked. Connections from the Internet to any of the subnets must be blocked.
The number of network security groups (NSGs) and NSG rules must be minimized. What should you do from the Azure portal?
Answer:
Explanation: Step 1: Click Create a resource in the portal.
Step 2: Enter Virtual network in the Search the Marketplace box at the top of the New pane that appears. Click Virtual network when it appears in the search results.
Step 3: Select Classic in the Select a deployment model box in the Virtual Network pane that appears, then click Create.
Step 4: Enter the following values on the Create virtual network (classic) pane and then click Create: Name: VNET1008
Address space: 10.0.0.0/16 Subnet name: subnet0 Resource group: Create new
Subnet address range: 10.0.0.0/24
Subscription and location: Select your subscription and location.
Step 5: In the portal, you can create only one subnet when you create a virtual network. Click Subnets (in the SETTINGS section) on the Create virtual network (classic) pane that appears. Click +Add on the VNET1008 - Subnets pane that appears.
Step 6: Enter subnet1 for Name on the Add subnet pane. Enter 10.0.1.0/24 for Address range. Click OK.
Step 7: Create the third subnet: Click +Add on the VNET1008 - Subnets pane that appears. Enter subnet2 for Name on the Add subnet pane. Enter 10.0.2.0/24 for Address range. Click OK. References: https://docs.microsoft.com/en-us/azure/virtual-network/create-virtual-network-classic
Case Study: 4,
Mix Questions Set A (Implement and manage application services)
NEW QUESTION 16
You plan to deploy a site-to-site VPN connection from on-premises network to your Azure environment. The VPN connection will be established to the VNET01-USEA2 virtual network. You need to create the required resources in Azure for the planned site-to-site VPN. The solution must minimize costs.
What should you do from the Azure portal?
NOTE: This task may a very long time to complete. You do NOT need to wait for the deployment to complete this task successfully.
Answer:
Explanation: We create a VPN gateway. Step 1:
On the left side of the portal page, click + and type 'Virtual Network Gateway' in search. In Results, locate and click Virtual network gateway.
Step 2:
At the bottom of the 'Virtual network gateway' page, click Create. This opens the Create virtual network gateway page.
Step 3:
On the Create virtual network gateway page, specify the values for your virtual network gateway. Gateway type: Select VPN. VPN gateways use the virtual network gateway type VPN.
Virtual network: Choose the existing virtual network VNET01-USEA2
Gateway subnet address range: You will only see this setting if you did not previously create a gateway subnet for your virtual network.
Step 4:
Select the default values for the other setting, and click create.
The settings are validated and you'll see the "Deploying Virtual network gateway" tile on the dashboard. Creating a gateway can take up to 45 minutes.
Note: This task may take a very long time to complete. You do NOT need to wait for the deployment to complete this task successfully.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resourcemanager- portal
Case Study: 7 Contoso Case Study Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Contoso are hosted on-premises.
Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department.
New users are added frequently. Contoso.com contains a user named User1. All the offices connect by using private links.
Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.
Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.
The Azure subscription contains the resources in the following table.
The network security team implements several network security groups (NSGs). Planned Changes
Contoso plans to implement the following changes:
• Deploy Azure ExpressRoute to the Montreal office.
• Migrate the virtual machines hosted on Server1 and Server2 to Azure.
• Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
• Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2..
Technical requirements
Contoso must meet the following technical requirements:
• Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instance*.
• Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
• Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
• Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
• Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com.
• Connect the New Your office to VNet1 over the Internet by using an encrypted connection.
• Create a workflow to send an email message when the settings of VM4 are modified.
• Cre3te a custom Azure role named Role1 that is based on the Reader role.
• Minimize costs whenever possible.
NEW QUESTION 17
You need to add a deployment slot named staging to an Azure web app named corplod@lab.LabInstance.Idn4. The solution must meet the following requirements:
When new code is deployed to staging, the code must be swapped automatically to the production slot. Azure-related costs must be minimized.
What should you do from the Azure portal?
Answer:
Explanation: Step 1:
Locate and open the corplod@lab.LabInstance.Idn4 web app.
1. In the Azure portal, on the left navigation panel, click Azure Active Directory.
2. In the Azure Active Directory blade, click Enterprise applications. Step 2:
Open your app's resource blade and Choose the Deployment slots option, then click Add Slot.
Step 3:
In the Add a slot blade, give the slot a name, and select whether to clone app configuration from another existing deployment slot. Click the check mark to continue.
The first time you add a slot, you only have two choices: clone configuration from the default slot in production or not at all.
References:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-staged-publishing
P.S. Easily pass AZ-102 Exam with 195 Q&As Certleader Dumps & pdf Version, Welcome to Download the Newest Certleader AZ-102 Dumps: https://www.certleader.com/AZ-102-dumps.html (195 New Questions)