Guaranteed AZ-103 Braindump 2021

NEW QUESTION 1
Your company recently hired a user named janet-7509087@ExamUsers.com.
You need to ensure that janet-7509087@ ExamUsers.com can connect to load balancer named Web-LAB. The solution must ensure that janet-7509087@ ExamUsers.com can modify the backend pools.
What should you do from the Azure portal?

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1:
In the navigation list, choose Load Balancer.

Step 2:
Locate the load balancer named Web-ALB, and click the Access icon. Step3:
In the Users blade, click Roles. In the Roles blade, click Add to add permissions for the user Janet- 7509087@ExamUsers.com.
Step 4:
Add permission to modify backend pools References:
https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-manage-permissions

NEW QUESTION 2
Your Azure environment contains an application gateway and custom apps.
Another administrator modifies the application gateway and the apps to use HTTP over TCP port 8080.
Users report that they can no longer connect to the apps.
You suspect that the cause of the issue is a change in the configuration of the application gateway.
You need to modify the application gateway to resolve the issue.
What should you do from the Azure portal?

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1:
Select Networking and then select Application Gateway in the Featured list, and select the application gateway, and select the settings.
Step 2:
Click HTTP for the protocol of the listener and make sure that the port is defined as 443.

References:
https://docs.microsoft.com/en-us/azure/application-gateway/create-ssl-portal

NEW QUESTION 3
HOTSPOT
You configure the multi-factor authentication status for three users as shown in the following table.

You create a group named Group1 and add Admin1, Admin2, and Admin3 to the group.
For all cloud apps, you create a conditional access policy that includes Group1. The policy requires multi-factor authentication.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: No
Disabled is the default state for a new user not enrolled in Azure MF A.
Box 2: Yes
Enforced: The user has been enrolled and has completed the registration process for Azure MFA. Web browser apps require login in this case.
Box 3: Yes
Enabled: The user has been enrolled in Azure MFA, but has not registered. They receive a prompt to register the next time they sign in.
Web browser apps require login in this case. References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

NEW QUESTION 4
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com. Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name. Which type of DNS record should you create?

• A. PTR
• B. MX
• C. NSEC3
• D. RRSIG

Answer: B

NEW QUESTION 5
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.



When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to configure VM1 to be accessible from the Internet.
You need to add a public IP address to the network interface used by VM1. What should you do from Azure portal?

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
You can add private and public IP addresses to an Azure network interface by completing the steps that follow.
Step 1: In Azure portal, click More services > type virtual machines in the filter box, and then click Virtual machines.
Step 2: In the Virtual machines pane, click the VM you want to add IP addresses to. Click Network interfaces in the virtual machine pane that appears, and then select the network interface you want to
add the IP addresses to. In the example shown in the following picture, the NIC named myNIC from the VM named myVM is selected:

Step 3: In the pane that appears for the NIC you selected, click IP configurations. Step 4: Click Create public IP address.

Step 5: In the Create public IP address pane that appears, enter a Name, select an IP address
assignment type, a Subscription, a Resource group, and a Location, then click Create, as shown in the following picture:
References: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-multiple-ip- addresses-portal

NEW QUESTION 6
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task. Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to host several secured websites on Web01.
You need to allow HTTPS over TCP port 443 to Web01 and to prevent HTTP over TCP port 80 to Web01.
What should you do from the Azure portal?

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Answer:
See explanation below.
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
Step A: Create a network security group
A1. Search for and select the resource group for the VM, choose Add, then search for and select Network security group.
A2. Select Create.

The Create network security group window opens. A3. Create a network security group
Enter a name for your network security group.
Select or create a resource group, then select a location. A4. Select Create to create the network security group.
Step B: Create an inbound security rule to allows HTTPS over TCP port 443 B1. Select your new network security group.
B2. Select Inbound security rules, then select Add. B3. Add inbound rule
B4. Select Advanced.
From the drop-down menu, select HTTPS.
You can also verify by clicking Custom and selecting TCP port, and 443. B5. Select Add to create the rule.
Repeat step B2-B5 to deny TCP port 80
B6. Select Inbound security rules, then select Add. B7. Add inbound rule
B8. Select Advanced.
Clicking Custom and selecting TCP port, and 80. B9. Select Deny.
Step C: Associate your network security group with a subnet
Your final step is to associate your network security group with a subnet or a specific network interface.
C1. In the Search resources, services, and docs box at the top of the portal, begin typing Web01. When the Web01 VM appears in the search results, select it.
C2. Under SETTINGS, select Networking. Select Configure the application security groups, select the Security Group you created in Step A, and then select Save, as shown in the following picture:

References:
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic

NEW QUESTION 7
You have an Azure subscription that contains the resources in the following table.

VM1 and VM2 are deployed from the same template and host line-of-business applications accessed
by using Remote Desktop. You configure the network security group (NSG) shown in the exhibit. (Click the Exhibit button.)

You need to prevent users of VM1 and VM2 from accessing websites on the Internet. What should you do?

• A. Associate the NSG to Subnet1.
• B. Disassociate the NSG from a network interface.
• C. Change the DenyWebSites outbound security rule.
• D. Change the Port_80 inbound security rule.

Answer: A

Explanation:
You can associate or dissociate a network security group from a network interface or subnet.
The NSG has the appropriate rule to block users from accessing the Internet. We just need to associate it with Subnet1.
References: https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group

NEW QUESTION 8
You have an Azure web app named App1 that streams video content to users. App1 is located in the East US Azure region.
Users in North America stream the video content without any interruption.
Users in Asia and Europe report that the video buffer often and do not play back smoothly.
You need to recommend a solution to improve video streaming to the European and Asian users. What should you recommend?

• A. Scale out the App Service plan.
• B. Scale up the App Service plan.
• C. Configure an Azure Content Delivery Network (CDN) endpoint.
• D. Configure Azure File Sync.

Answer: C

NEW QUESTION 9
You need to create a function app named corp7509086nl that supports sticky sessions. The solution must minimize the Azure-related costs of the App Service plan.
What should you do from the Azure portal?

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1:
Select the New button found on the upper left-hand corner of the Azure portal, then select Compute > Function App.
Step 2:
Use the function app settings as listed below. App name: corp7509086n1
Hosting plan: Azure App Service plan (need this for the sticky sessions)
Pricing tier of the the App Service plan: Shared compute: Free Step 3:
Select Create to provision and deploy the function app. References:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-function-app-portal

NEW QUESTION 10
DRAG DROP
You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.
The virtual networks have the address spaces and the subnets configured as shown in the following table.

You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1: Remove peering between Vnet1 and VNet2.
You can't add address ranges to, or delete address ranges from a virtual network's address space once a virtual network is peered with another virtual network. To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering.
Step 2: Add the 10.44.0.0/16 address space to VNet1. Step 3: Recreate peering between VNet1 and VNet2 References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering

NEW QUESTION 11
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscript contains a resource group named Dev.d Subscription1. Adatum contains a group named Developers. Subscription!
You need to provide the Developers group with the ability to create Azure logic apps in the; Dev, resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

NEW QUESTION 12
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.



When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You need to allow RDP connections over TCP port 3389 to VM1 from the internet. The solution must prevent connections from the Internet over all other TCP ports.
What should you do from the Azure portal?

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1: Create a new network security group Step 2: Select your new network security group.

Step 3: Select Inbound security rules, . Under Add inbound security rule, enter the following
Destination: Select Network security group, and then select the security group you created previously. Destination port ranges: 3389
Protocol: Select TCP

References: https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic

NEW QUESTION 13
You plan to grant the member of a new Azure AD group named crop 75099086 the right to delegate administrative access to any resource in the resource group named 7509086.
You need to create the Azure AD group and then to assign the correct to e to the group. The solution must use the principle of least privilege and minimize the number of role assignments.
What should you do from the Azure portal?

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1:
Click Resource groups from the menu of services to access the Resource Groups blade

Step 2:
Click Add (+) to create a new resource group. The Create Resource Group blade appears. Enter corp7509086 as the Resource group name, and click the Create button.

Step 3:
Select Create.
Your group is created and ready for you to add members. Now we need to assign a role to this resource group scope. Step 4:
Choose the newly created Resource group, and Access control (IAM) to see the current list of role assignments at the resource group scope. Click +Add to open the Add permissions pane.

Step 5:
In the Role drop-down list, select a role Delegate administration, and select Assign access to: resource group corp7509086

References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal https://www.juniper.net/documentation/en_US/vsrx/topics/task/multi-task/security-vsrx-azure- marketplace-resource-group.html
Case Study: 3 Contoso Case Study
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Contoso are hosted on-premises.
Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
Contoso.com contains a user named User1. All the offices connect by using private links.
Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.

Contoso uses two web applications named App1 and App2. Each instance on each web application
requires 1GB of memory.
The Azure subscription contains the resources in the following table.

The network security team implements several network security groups (NSGs).
Planned Changes
Contoso plans to implement the following changes:
• Deploy Azure ExpressRoute to the Montreal office.
• Migrate the virtual machines hosted on Server1 and Server2 to Azure.
• Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
• Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2.
Technical requirements
Contoso must meet the following technical requirements:
• Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instance*.
• Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
• Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
• Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
• Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com.
• Connect the New Your office to VNet1 over the Internet by using an encrypted connection.
• Create a workflow to send an email message when the settings of VM4 are modified.
• Cre3te a custom Azure role named Role1 that is based on the Reader role.
• Minimize costs whenever possible.

NEW QUESTION 14
You have five Azure virtual machines that run Windows Server 2021.
You have an Azure load balancer named LB1 that provides load balancing se
You need to ensure that visitors are serviced by the same web server for each
request.
What should you configure?

• A. Floating IP (direct server return) to Disable
• B. Session persistence to Client IP
• C. a health probe
• D. Session persistence to None

Answer: B

Explanation:
You can set the sticky session in load balancer rules with setting the session persistence as the client IP.
References:
https://cloudopszone.com/configure-azure-load-balancer-for-sticky-sessions/

NEW QUESTION 15
HOTSPOT
You have an Azure subscription named Subscription1.
You enable Azure Active Directory (AD) Privileged Identity Management.
From Azure AD Privileged Identity Management, you configure the Global Administrator role for the Azure Active Directory (Azure AD) tenant as shown in the Role settings exhibit. (Click the Exhibit tab.)

From Azure AD Privileged Identity Management, you configure the global administrators as shown in
the Members exhibit. (Click the Exhibit tab.)

User2 activates the Global Administrator role on July 16, 2021, at 10:00, as shown in the Activation exhibit. (Click the Exhibit tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 16
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.






When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to move backup files and documents from an on-premises Windows file server to Azure Storage. The backup files will be stored as blobs.
You need to create a storage account named corpdata7523690n2. The solution must meet the following requirements:
 Ensure that the documents are accessible via drive mappings from Azure virtual machines that run Windows Server 2021.
 Provide the highest possible redundancy for the documents.
 Minimize storage access costs.
What should you do from the Azure portal?

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1: In the Azure portal, click All services. In the list of resources, type Storage Accounts. As you begin typing, the list filters based on your input. Select Storage Accounts.
Step 2: On the Storage Accounts window that appears, choose Add. Step 3: Select the subscription in which to create the storage account.
Step 4: Under the Resource group field, select Create New. Create a new Resource

Step 5: Enter a name for your storage account: corpdata7523690n2
Step 6: For Account kind select: General-purpose v2 accounts (recommended for most scenarios) General-purpose v2 accounts is recommended for most scenarios. . General-purpose v2 accounts deliver the lowest per-gigabyte capacity prices for Azure Storage, as well as industry-competitive transaction prices.
Step 7: For replication select: Read-access geo-redundant storage (RA-GRS)
Read-access geo-redundant storage (RA-GRS) maximizes availability for your storage account. RA-
GRS provides read-only access to the data in the secondary location, in addition to geo-replication across two regions.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-quickstart-create-account https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview

NEW QUESTION 17
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.
Solution: From the Redeploy blade, you click Redeploy. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
When you redeploy a VM, it moves the VM to a new node within the Azure infrastructure and then
powers it back on, retaining all your configuration options and associated resources.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

NEW QUESTION 18
You have an Azure Active Directory (Azure AD) tenant.
You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations.
You need to ensure that members of the Global Administrators group will also be forced to use multi- factor authentication when authenticating from untrusted locations.
What should you do?

• A. From the multi-factor authentication page, modify the service settings.
• B. From the multi-factor authentication page, modify the user settings.
• C. From the Azure portal, modify grant control of Policy1.
• D. From the Azure portal, modify session control of Policy1.

Answer: C

Explanation:
There are two types of controls:
 Grant controls – To gate access
 Session controls – To restrict access to a session
Grant controls oversee whether a user can complete authentication and reach the resource that
they’re attempting to sign-in to. If you have multiple controls selected, you can configure whether all of them are required when your policy is processed. The current implementation of Azure Active Directory enables you to set the following grant control requirements:

References:
https://blog.lumen21.com/2021/12/15/conditional-access-in-azure-active-directory/

NEW QUESTION 19
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.






When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be
able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to create 100 Azure virtual machines on each of the following three virtual networks:
 VNET1005a
 VNET1005b
 VNET1005c
All the network traffic between the three virtual networks will be routed through VNET1005 a.
You need to create the virtual networks, and then to ensure that all the Azure virtual machines can connect to other virtual machines by using their private IP address. The solution must NOT require any virtual network gateways and must minimize costs.
What should you do from the Azure portal before you configure IP routing?

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1: Click Create a resource in the portal.
Step 2: Enter Virtual network in the Search the Marketplace box at the top of the New pane that appears. Click Virtual network when it appears in the search results.
Step 3: Select Classic in the Select a deployment model box in the Virtual Network pane that appears, then click Create.
Step 4: Enter the following values on the Create virtual network (classic) pane and then click Create: Name: VNET1005a
Address space: 10.0.0.0/16 Subnet name: subnet0 Resource group: Create new
Subnet address range: 10.0.0.0/24
Subscription and location: Select your subscription and location.
Step 5: Repeat steps 3-5 for VNET1005b (10.1.0.0/16, 10.1.0.0/24), and for VNET1005c 10.2.0.0/16, 10.2.0.0/24).
References: https://docs.microsoft.com/en-us/azure/virtual-network/create-virtual-network-classic

NEW QUESTION 20
You need to configure AG1. What should you create?

• A. a multi-site listener
• B. a URL path-based routing rule
• C. a basic listener
• D. a basic routing rule

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-url-route- portal

NEW QUESTION 21
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task. Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
Your company plans to store several documents on a public website.
You need to create a container named bios that will host the documents in the storagelod8095859 storage account. The solution must ensure anonymous access and must ensure that users can browse folders in the container.
What should you do from the Azure portal?

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Azure portal create public container
To create a container in the Azure portal, follow these steps:
Step 1. Navigate to your new storage account in the Azure portal.
Step 2. In the left menu for the storage account, scroll to the lob service section, then select Blobs. Select the + Container button.
Type a name for your new container: bios
Set the level of public access to the container: Select anonymous access.

Step 3. Select OK to create the container. References:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-portal

NEW QUESTION 22
You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve dat a.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2. Which Azure Network Watcher feature should you use?

• A. NSG flow logs
• B. Connection troubleshoot
• C. IP flow verify
• D. Connection monitor

Answer: D

Explanation:
The Connection Monitor feature in Azure Network Watcher is now generally available in all public regions. Connection Monitor provides you RTT values on a per-minute granularity. You can monitor a direct TCP connection from a virtual machine to a virtual machine, FQDN, URI, or IPv4 address. References:
https://azure.microsoft.com/en-us/updates/general-availability-azure-network-watcher-connection- monitor-in-all-public-regions/

NEW QUESTION 23
You recently deployed a web app named homepagelod7509087.
You need to back up the code used for the web app and to store the code in the homepagelod7509Q87 storage account. The solution must ensure that a new backup is created daily.
What should you do from the Azure portal?

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1:
Locate and select the web app homepagelod7509087, select Backups. The Backups page is displayed.

Step 2:
In the Backup page, Click Configure. Step 3:
In the Backup Configuration page, click Storage: Not configured to configure a storage account.

Step 4:
Choose your backup destination by selecting a Storage Account and Container. Select the homepagelod7509087 storage account.
Step 5:
In the Backup Configuration page that is still left open, select Scheduled backup On, and configure daily backups.

Step 6:
In the Backup Configuration page, click Save. Step 7:
In the Backups page, click Backup. References:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-backup

NEW QUESTION 24
HOTSPOT
You have an Azure subscription named Subscription1.
In Subscription1, you create an Azure file share named share1.
You create a shared access signature (SAS) named SAS1 as shown in the following exhibit.

To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Will be prompted for credentials
Azure Storage Explorer is a standalone app that enables you to easily work with Azure Storage data on Windows, macOS, and Linux. It is used for connecting to and managing your Azure storage accounts.
Box 2: Will have read, write, and list access
The net use command is used to connect to file shares. References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature- part-1
https://docs.microsoft.com/en-us/azure/vs-azure-tools-storage-manage-with-storage-explorer?tabs=windows

NEW QUESTION 25
You have an Azure subscription named Subscnption1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1. What should you do fit -

• A. From the Azure portal modify the Access control (1AM) settings of VM1.
• B. From the Azure portal, modify the Policies settings of RG1.
• C. From the Azure portal, modify the value of the Managed Service Identity option for VM1.
• D. From the Azure portal, modify the Access control (IAM) settings of RG1.

Answer: C

Explanation:
A managed identity from Azure Active Directory allows your app to easily access other AAD-protected resources such as Azure Key Vault. The identity is managed by the Azure platform and does not require you to provision or rotate any secrets.
User assigned managed identities can be used on Virtual Machines and Virtual Machine Scale Sets. References:
https://docs.microsoft.com/en-us/azure/app-service/app-service-managed-service-identity

NEW QUESTION 26
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?

• A. Azure Active Directory (AD) Identity Protection and an Azure policy
• B. a Recovery Services vault and a backup policy
• C. an Azure Key Vault and an access policy
• D. an Azure Storage account and an access policy

Answer: C

Explanation:
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file.
References: https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/

NEW QUESTION 27
DRAG DROP
You have an on-premises network that you plan to connect to Azure by using a site-to-site VPN.
In Azure, you have an Azure virtual network named VNet1 that uses an address space of 10.0.0.0/16. VNet1 contains a subnet named Subnet1 that uses an address space of 10.0.0.0/24.
You need to create a site-to-site VPN to Azure.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Note: More than one order of answer choices is correct.
Creating a local gateway (a logical object that represents the on-premise router) can be done at step 1, step 2 or step 3. The other three steps must be done in order: create gateway subnet then create VPN gateway then create the VPN connection. The VPN connection is a connection between the VPN gateway and the Local gateway.

NEW QUESTION 28
HOTSPOT
You plan to deploy 20 Azure virtual machines by using an Azure Resource Manager template. The virtual machines will run the latest version of Windows Server 2021 Datacenter by using an Azure Marketplace image.
You need to complete the storageProfile section of the template.
How should you complete the storageProfile section? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
… "storageProfile": {
"imageReference": {
"publisher": "MicrosoftWindowsServer", "offer": "WindowsServer",
"sku": "2021-Datacenter", "version": "latest"
},
… References:
https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/createorupdate

NEW QUESTION 29
......