Microsoft AZ-102 Exam Questions and Answers 2021

Proper study guides for AZ-102 Microsoft Azure Administrator Certification Transition certified begins with AZ-102 Exam Dumps preparation products which designed to deliver the AZ-102 Free Practice Questions by making you pass the AZ-102 test at your first time. Try the free AZ-102 Free Practice Questions right now.

Free demo questions for Microsoft AZ-102 Exam Dumps Below:

You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual
machine named VM1. VNet2 contains an Azure virtual machine named VM2. VM1 hosts a frontend application that connects to VM2 to retrieve data. Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2. Which Azure Network Watcher feature should you use?

  • A. NSG flow logs
  • B. Connection troubleshoot
  • C. IP flow verify
  • D. Connection monitor

Answer: D

Explanation: The Connection Monitor feature in Azure Network Watcher is now generally available in all public regions. Connection Monitor provides you RTT values on a per-minute granularity. You can monitor a direct TCP connection from a virtual machine to a virtual machine, FQDN, URI, or IPv4 address. References: in-all-public-regions/

You have an Azure subscription that contains an Azure file share.
You have an on-premises server named Server1 that runs Windows Server 2021. You plan to set up Azure File Sync between Server1 and the Azure file share. You need to prepare the subscription for the planned Azure File Sync.
Which two actions should you perform in the Azure subscription? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
AZ-102 dumps exhibit


    Explanation: First action: Create a Storage Sync Service
    The deployment of Azure File Sync starts with placing a Storage Sync Service resource into a resource group of your selected subscription.
    Second action: Run Server Registration
    Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service. A server can only be registered to one Storage Sync Service and can sync with other servers and Azure file shares associated with the same Storage Sync Service.
    The Server Registration UI should open automatically after installation of the Azure File Sync agent.
    AZ-102 dumps exhibit

    Your network contains an Active Directory domain named and an Azure Active Directory (Azure AD) tenant named contains the user accounts in the following table.
    AZ-102 dumps exhibit contains the user accounts in the following table.
    AZ-102 dumps exhibit
    You need to implement Azure AD Connect. The solution must follow the principle of least privilege. Which user accounts should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
    AZ-102 dumps exhibit


      Explanation: Box 1: User5
      In Express settings, the installation wizard asks for the following: AD DS Enterprise Administrator credentials
      Azure AD Global Administrator credentials
      The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has
      completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in Active Directory can be set in all domains.
      Box 2: UserA
      Azure AD Global Admin credentials credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD. References: accounts-permissions

      You have an Azure subscription that contains the resources in the following table.
      AZ-102 dumps exhibit
      Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1. You need to apply ASG1 to VM1.
      What should you do?

      • A. Modify the properties of NSG1.
      • B. Modify the properties of ASG1.
      • C. Associate NIC1 to ASG1.

      Answer: B

      Explanation: When you deploy VMs, make them members of the appropriate ASGs. You associate the ASG with a subnet.

      You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs Windows Server 2021 and is part of an availability set.
      VM1 has virtual machine-level backup enabled. VM1 is deleted.
      You need to restore VM1 from the backup. VM1 must be part of the availability set.
      Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
      AZ-102 dumps exhibit


        Explanation: AZ-102 dumps exhibit

        NEW QUESTION 6
        You have an Azure subscription that contains a virtual network named VNet1. VNet 1 has two subnets named Subnet1 and Subnet2. VNet1 is in the West Europe Azure region.
        The subscription contains the virtual machines in the following table.
        AZ-102 dumps exhibit
        You need to deploy an application gateway named AppGW1 to VNet1. What should you do first?

        • A. Add a service endpoint.
        • B. Add a virtual network.
        • C. Move VM3 to Subnet1.
        • D. Stop VM1 and VM2.

        Answer: D

        Explanation: If you have an existing virtual network, either select an existing empty subnet or create a new subnet in your existing virtual network solely for use by the application gateway.
        Verify that you have a working virtual network with a valid subnet. Make sure that no virtual machines or cloud deployments are using the subnet. The application gateway must be by itself in a virtual network subnet.
        References: b7a506a0a151/cant-create-application-gateway?forum=WAVirtualMachinesVirtualNetwork

        NEW QUESTION 7
        Note: This questions is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. After you answer a questions in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
        You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
        You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.
        Solution: From the Update management blade, you click enable. Does this meet the goal?

        • A. Yes
        • B. No

        Answer: B

        Explanation: You would need to Redeploy the VM.

        NEW QUESTION 8
        You have an Azure Active Directory (Azure AD) tenant named Your company has a public DNS zone for
        You add as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name.
        Which type of DNS record should you create?

        • A. RRSIG
        • B. PTR
        • C. DNSKEY
        • D. TXT

        Answer: D

        Explanation: Create the TXT record. App Services uses this record only at configuration time to verify that you own the custom domain. You can delete this TXT record after your custom domain is validated and configured in App Service.

        NEW QUESTION 9
        You have an azure subscription that contain a virtual named VNet1. VNet1. contains four subnets named Gatesway, perimeter, NVA, and production.
        The NVA contain two network virtual appliance (NVAs) that will network traffic inspection between the perimeter subnet and the production subnet.
        You need o implement an Azure load balancer for the NVAs. The solution must meet the following requirements:
        The NVAs must run in an active-active configuration that uses automatic failover.
        The NVA must load balance traffic to two services on the Production subnet. The services have different IP addresses
        Which three actions should you perform? Each correct answer presents parts of the solution. NOTE: Each correct selection is worth one point.

        • A. Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
        • B. Deploy a standard load balancer.
        • C. Add a frontend IP configuration, two backend pools, and a health prob.
        • D. Add a frontend IP configuration, a backend pool, and a health probe.
        • E. Add two load balancing rules that have HA Ports and Floating IP enabled.
        • F. Deploy a basic load balance

        Answer: BCE

        Explanation: A standard load balancer is required for the HA ports.
        -Two backend pools are needed as there are two services with different IP addresses.
        -Floating IP rule is used where backend ports are reused. Incorrect Answers:
        F: HA Ports are not available for the basic load balancer. References:

        NEW QUESTION 10
        HOT SPOT
        You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.
        For each of the following statements, select Yes if the statement is true. Otherwise, select No.
        AZ-102 dumps exhibit


          Explanation: Scenario: You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
          There is a virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet
          Note: Azure DNS provides the following capabilities:
          Automatic registration of virtual machines from a single virtual network that's linked to a private zone as a registration virtual network.
          Forward DNS resolution is supported across virtual networks that are linked to the private zone as resolution virtual networks.
          Reverse DNS lookup is supported within the virtual-network scope.

          NEW QUESTION 11
          HOT SPOT
          You need to configure the Device settings to meet the technical requirements and the user requirements.
          Which two settings should you modify? To answer, select the appropriate settings in the answer area.
          AZ-102 dumps exhibit


            Box 1: Selected
            Only selected users should be able to join devices Box 2: Yes
            Require Multi-Factor Auth to join devices. From scenario:
            Ensure that only users who are part of a group named Pilot can join devices to Azure AD
            Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.

            NEW QUESTION 12
            You have an Azure App Service plan that hosts an Azure App Service named App1.
            You configure one production slot and four staging slots for App1.
            You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot.
            What should you add to Appl1?

            • A. slots to the Testing in production blade
            • B. a performance test
            • C. a WebJob
            • D. templates to the Automation script blade

            Answer: A

            Explanation: Besides swapping, deployment slots offer another killer feature: testing in production. Just like the name suggests, using this, you can actually test in production. This means that you can route a specific percentage of user traffic to one or more of your deployment slots.
            AZ-102 dumps exhibit

            NEW QUESTION 13
            You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs.
            What should you use?

            • A. Diagram in VNet1
            • B. the security recommendations in Azure Advisor
            • C. Diagnostic settings in Azure Monitor
            • D. Diagnose and solve problems in Traffic Manager Profiles
            • E. IP flow verify in Azure Network Watcher

            Answer: E

            Explanation: Scenario: Contoso must meet technical requirements including:
            Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
            IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.

            NEW QUESTION 14
            You need to meet the technical requirement for VM4. What should you create and configure?

            • A. an Azure Notification Hub
            • B. an Azure Event Hub
            • C. an Azure Logic App
            • D. an Azure services Bus

            Answer: B

            Explanation: Scenario: Create a workflow to send an email message when the settings of VM4 are modified. You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources. These resources can publish those events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without you writing any code.

            NEW QUESTION 15
            You have a public load balancer that balancer ports 80 and 443 across three virtual machines. You need to direct all the Remote Desktop protocol (RDP) to VM3 only.
            What should you configure?

            • A. an inbound NAT rule
            • B. a load public balancing rule
            • C. a new public load balancer for VM3
            • D. a new IP configuration

            Answer: A

            Explanation: To port forward traffic to a specific port on specific VMs use an inbound network address translation (NAT) rule.
            Incorrect Answers:
            B: Load-balancing rule to distribute traffic that arrives at frontend to backend pool instances. References:

            NEW QUESTION 16
            You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access, they are prompted multiple times to sign in and are forced to use an account name that ends with
            You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources.
            What should you do first?

            • A. From the on-premises network, deploy Active Directory Federation Services (AD FS).
            • B. From Azure AD, add and verify a custom domain name.
            • C. From the on-premises network, request a new certificate that contains the Active Directory domain name.
            • D. From the server that runs Azure AD Connect, modify the filtering option

            Answer: B

            Explanation: Azure AD Connect lists the UPN suffixes that are defined for the domains and tries to match them
            with a custom domain in Azure AD. Then it helps you with the appropriate action that needs to be taken. The Azure AD sign-in page lists the UPN suffixes that are defined for on-premises Active Directory and displays the corresponding status against each suffix. The status values can be one of the following:
            State: Verified Azure AD Connect found a matching verified domain in Azure AD. All users for this domain can sign in by using their on-premises credentials.
            State: Not verified Azure AD Connect found a matching custom domain in Azure AD, but it isn't verified. The UPN suffix of the users of this domain will be changed to the default suffix after synchronization if the domain isn't verified.
            Action Required: Verify the custom domain in Azure AD.
            References: Answers PDF P-80 signin

            NEW QUESTION 17
            HOT SPOT
            You have an Azure subscription named Subscription1.
            You plan to deploy an Ubuntu Server virtual machine named VM1 to Subscription1.
            You need to perform a custom deployment of the virtual machine. A specific trusted root certification authority (CA) must be added during the deployment.
            What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
            AZ-102 dumps exhibit


              Explanation: Box 1: Unattend.xml
              In preparation to deploy shielded VMs, you may need to create an operating system specialization answer file. On Windows, this is commonly known as the "unattend.xml" file. The New-
              ShieldingDataAnswerFile Windows PowerShell function helps you do this. Starting with Windows Server version 1709, you can run certain Linux guest OSes in shielded VMs. If you are using the System Center Virtual Machine Manager Linux agent to specialize those VMs, the New- ShieldingDataAnswerFile cmdlet can create compatible answer files for it.
              Box 2: The Azure Portal
              You can use the Azure portal to deploy a Linux virtual machine (VM) in Azure that runs Ubuntu. References:

              P.S. Easily pass AZ-102 Exam with 195 Q&As 2passeasy Dumps & pdf Version, Welcome to Download the Newest 2passeasy AZ-102 Dumps: (195 New Questions)