Microsoft AZ-101 Dumps Questions 2019

It is more faster and easier to pass the AZ-101 Dumps Questions by using AZ-101 Dumps. Immediate access to the AZ-101 Exam Questions and Answers and find the same core area AZ-101 Exam Questions and Answers with professionally verified answers, then PASS your exam with a high score now.

Free AZ-101 Demo Online For Microsoft Certifitcation:

NEW QUESTION 1
HOTSPOT
You create an Azure web app named WebApp1. WebApp1 has the autoscale settings shown in the following exhibit.
AZ-101 dumps exhibit
AZ-101 dumps exhibit
The scale out and scale in rules are configured to have a duration of 10 minutes and a cool down time of five minutes.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
AZ-101 dumps exhibit

    Answer:

    Explanation: AZ-101 dumps exhibit

    NEW QUESTION 2
    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
    You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
    You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
    Solution: On Subscription1, you assign the Logic App Operator role to the Developers group. Does this meet the goal?

    • A. Yes
    • B. No

    Answer: B

    Explanation: The Logic App Operator role only lets you read, enable and disable logic app. With it you can view the logic app and run history, and enable/disable. Cannot edit or update the definition.
    You would need the Logic App Contributor role. References:
    https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

    NEW QUESTION 3
    A web developer creates a web application that you plan to deploy as an Azure web app.
    Users must enter credentials to access the web application.
    You create a new web app named WebAppl1 and deploy the web application to WebApp1.
    You need to disable anonymous access to WebApp1. What should you configure?

    • A. Advanced Tools
    • B. Authentication/ Authorization
    • C. Access control (IAM)
    • D. Deployment credentials

    Answer: B

    Explanation: Anonymous access is an authentication method. It allows users to establish an anonymous connection.
    References:
    https://docs.microsoft.com/en-us/biztalk/core/guidelines-for-resolving-iis-permissions-problems

    NEW QUESTION 4
    You are configuring Azure Active Directory (AD) Privileged Identity Management.
    You need to provide a user named Admm1 with read access to a resource group named RG1 for only one month.
    The user role must be assigned immediately.
    What should you do?

    • A. Assign an active role.
    • B. Assign an eligible role.
    • C. Assign a permanently active role.
    • D. Create a custom role and a conditional access policy.

    Answer: B

    Explanation: Azure AD Privileged Identity Management introduces the concept of an eligible admin. Eligible admins should be users that need privileged access now and then, but not all-day, every day. The role is inactive until the user needs access, then they complete an activation process and become an active admin for a predetermined amount of time.
    References:
    https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

    NEW QUESTION 5
    Note This question is part of a series of questions that present the same seer Some question sets might have more than one correct solution, while others might not have a correct solution.
    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
    You manage a virtual network named VNet1 that is hosted in the West US Azure region.
    VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
    Solution: From Performance Monitor, you create a Data Collector Set (DCS) Does this meet the goal?

    • A. Yes
    • B. No

    Answer: B

    Explanation: You should use Azure Network Watcher. References:
    https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

    NEW QUESTION 6
    You have an Azure Active Directory (Azure AD) tenant.
    You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations.
    You need to ensure that members of the Global Administrators group will also be forced to use multi- factor authentication when authenticating from untrusted locations.
    What should you do?

    • A. From the multi-factor authentication page, modify the service settings.
    • B. From the multi-factor authentication page, modify the user settings.
    • C. From the Azure portal, modify grant control of Policy1.
    • D. From the Azure portal, modify session control of Policy1.

    Answer: C

    Explanation: There are two types of controls:
    Grant controls – To gate access
    Session controls – To restrict access to a session
    Grant controls oversee whether a user can complete authentication and reach the resource that
    they’re attempting to sign-in to. If you have multiple controls selected, you can configure whether all of them are required when your policy is processed. The current implementation of Azure Active Directory enables you to set the following grant control requirements:
    AZ-101 dumps exhibit
    References:
    https://blog.lumen21.com/2017/12/15/conditional-access-in-azure-active-directory/

    NEW QUESTION 7
    You recently deployed a web app named homepagelod7509087.
    You need to back up the code used for the web app and to store the code in the homepagelod7509Q87 storage account. The solution must ensure that a new backup is created daily.
    What should you do from the Azure portal?

      Answer:

      Explanation: Step 1:
      Locate and select the web app homepagelod7509087, select Backups. The Backups page is displayed.
      AZ-101 dumps exhibit
      Step 2:
      In the Backup page, Click Configure. Step 3:
      In the Backup Configuration page, click Storage: Not configured to configure a storage account.
      AZ-101 dumps exhibit
      Step 4:
      Choose your backup destination by selecting a Storage Account and Container. Select the homepagelod7509087 storage account.
      Step 5:
      In the Backup Configuration page that is still left open, select Scheduled backup On, and configure daily backups.
      AZ-101 dumps exhibit
      Step 6:
      In the Backup Configuration page, click Save. Step 7:
      In the Backups page, click Backup. References:
      https://docs.microsoft.com/en-us/azure/app-service/web-sites-backup

      NEW QUESTION 8
      Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
      After you answer a question in this section, you will NOT be able to return to it As a result these questions will not appear in the review screen.
      You have an Azure wet) app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
      You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day.
      Solution: You change the pricing tier of Plan1 to Shared. Does this meet the goal?

      • A. Yes
      • B. No

      Answer: B

      Explanation: You should switch to the Basic Tier.
      The Free Tier provides 60 CPU minutes / day. This explains why App1 is stops. The Shared Tier provides 240 CPU minutes / day. The Basic tier has no such cap.
      References:
      https://azure.microsoft.com/en-us/pricing/details/app-service/windows/

      NEW QUESTION 9
      You have five Azure virtual machines that run Windows Server 2016.
      You have an Azure load balancer named LB1 that provides load balancing se
      You need to ensure that visitors are serviced by the same web server for each request.
      What should you configure?

      • A. Floating IP (direct server return) to Disable
      • B. Session persistence to Client IP
      • C. a health probe
      • D. Session persistence to None

      Answer: B

      Explanation: You can set the sticky session in load balancer rules with setting the session persistence as the client IP.
      References:
      https://cloudopszone.com/configure-azure-load-balancer-for-sticky-sessions/

      NEW QUESTION 10
      Your company recently hired a user named janet-7509087@ExamUsers.com.
      You need to ensure that janet-7509087@ ExamUsers.com can connect to load balancer named Web-LAB. The solution must ensure that janet-7509087@ ExamUsers.com can modify the backend pools.
      What should you do from the Azure portal?

        Answer:

        Explanation: Step 1:
        In the navigation list, choose Load Balancer.
        AZ-101 dumps exhibit
        Step 2:
        Locate the load balancer named Web-ALB, and click the Access icon. Step3:
        In the Users blade, click Roles. In the Roles blade, click Add to add permissions for the user Janet- 7509087@ExamUsers.com.
        Step 4:
        Add permission to modify backend pools References:
        https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-manage-permissions

        NEW QUESTION 11
        HOTSPOT
        You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. You add the users in the following table.
        AZ-101 dumps exhibit
        Which user can perform each configuration? To answer, select the appropriate options in the answer area.
        NOTE: Each correct selection is worth one point.
        AZ-101 dumps exhibit

          Answer:

          Explanation: Box 1: User1 and User3 only.
          The Owner Role lets you manage everything, including access to resources.
          The Network Contributor role lets you manage networks, but not access to them. Box 2: User1 and User2 only
          The Security Admin role: In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations.
          References:
          https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

          NEW QUESTION 12
          You have an Azure subscription.
          You enable multi-factor authentication for all users.
          Some users report that the email applications on their mobile device cannot co browser and from Microsoft Outlook 2016 on their computer.
          You need to ensure that the users can use the email applications on their mobile device. What should you instruct the users to do?
          The users can access Exchange Online by using a web

          • A. Enable self-service password reset.
          • B. Create an app password.
          • C. Reset the Azure Active Directory (Azure AD) password.
          • D. Reinstall the Microsoft Authenticator app.

          Answer: A

          Explanation: References:
          https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks

          NEW QUESTION 13
          DRAG DROP
          You create an Azure Migrate project named TestMig in a resource group named test-migration.
          You need to discover which on-premises virtual machines to assess for migration. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
          AZ-101 dumps exhibit

            Answer:

            Explanation: Step 1: Download the OVA file for the collection appliance
            Azure Migrate uses an on-premises VM called the collector appliance, to discover information about your on-premises machines. To create the appliance, you download a setup file in Open Virtualization Appliance (.ova) format, and import it as a VM on your on-premises vCenter Server.
            Step 2: Create a migration group in the project
            For the purposes of assessment, you gather the discovered VMs into groups. For example, you might group VMs that run the same application. For more precise grouping, you can use dependency visualization to view dependencies of a specific machine, or for all machines in a group and refine the
            group.
            Step 3: Create an assessment in the project
            After a group is defined, you create an assessment for it. References:
            https://docs.microsoft.com/en-us/azure/migrate/migrate-overview

            Case Study: 6
            Mix Questions Set D (Implement advanced networking)

            NEW QUESTION 14
            HOTSPOT
            Your company has offices in New York and Los Angeles.
            You have an Azure subscription that contains an Azure virtual network named VNet1. Each office has a site-to-site VPN connection to VNet1.
            Each network uses the address spaces shown in the following table.
            AZ-101 dumps exhibit
            You need to ensure that all Internet-bound traffic from VNet1 is routed through the New York office.
            What should you do? To answer, select the appropriate options in the answer are a.
            NOTE: Each correct selection is worth one point.
            AZ-101 dumps exhibit

              Answer:

              Explanation: Incorrect Answers:
              Not: New-AzureRmVirtualNetworkGatewayConnection
              This command creates the Site-to-Site VPN connection between the virtual network gateway and the on-prem VPN device. We already have Site-to-Site VPN connections.
              Box 2: 192.168.0.0/20
              Specify the VNET1 address. References:
              https://docs.microsoft.com/en-us/powershell/module/azurerm.network/set- azurermvirtualnetworkgatewaydefaultsite

              NEW QUESTION 15
              HOTSPOT
              You have an on-premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
              You need to create a site-to-site VPN. The solution must ensure that is a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
              What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area.
              NOTE: Each correct selection is worth one point.
              AZ-101 dumps exhibit

                Answer:

                Explanation: Box 1: 4
                Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET. The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below.
                AZ-101 dumps exhibit
                Box 2: 2
                Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections.
                Box 3: 2
                Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks References:
                https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable

                NEW QUESTION 16
                You are building a custom Azure function app to connect to Azure Event Grid.
                You need to ensure that resources are allocated dynamically to the function app. Billing must be based on the executions of the app.
                What should you configure when you create the function app?

                • A. the Windows operating system and the Consumption plan hosting plan
                • B. the Windows operating system and the App Service plan hosting plan
                • C. the Docker container and an App Service plan that uses the Bl1 pricing tier
                • D. the Docker container and an App Service plan that uses the SI pricing

                Answer: A

                Explanation: Azure Functions runs in two different modes: Consumption plan and Azure App Service plan. The Consumption plan automatically allocates compute power when your code is running. Your app is scaled out when needed to handle load, and scaled down when code is not running.
                Incorrect Answers:
                B: When you run in an App Service plan, you must manage the scaling of your function app. References:
                https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-first-azure-function

                NEW QUESTION 17
                You plan to deploy a site-to-site VPN connection from on-premises network to your
                Azure environment. The VPN connection will be established to the VNET01-USEA2 virtual network.
                You need to create the required resources in Azure for the planned site-to-site VPN. The solution must minimize costs.
                What should you do from the Azure portal?
                NOTE: This task may a very long time to complete. You do NOT need to wait for the deployment to complete this task successfully.

                  Answer:

                  Explanation: We create a VPN gateway. Step 1:
                  On the left side of the portal page, click + and type 'Virtual Network Gateway' in search. In Results, locate and click Virtual network gateway.
                  Step 2:
                  At the bottom of the 'Virtual network gateway' page, click Create. This opens the Create virtual network gateway page.
                  Step 3:
                  On the Create virtual network gateway page, specify the values for your virtual network gateway. Gateway type: Select VPN. VPN gateways use the virtual network gateway type VPN.
                  Virtual network: Choose the existing virtual network VNET01-USEA2
                  Gateway subnet address range: You will only see this setting if you did not previously create a gateway subnet for your virtual network.
                  Step 4:
                  Select the default values for the other setting, and click create.
                  AZ-101 dumps exhibit
                  The settings are validated and you'll see the "Deploying Virtual network gateway" tile on the dashboard. Creating a gateway can take up to 45 minutes.
                  Note: This task may take a very long time to complete. You do NOT need to wait for the deployment to complete this task successfully.
                  References:
                  https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

                  Case Study: 4 Contoso Case Study
                  Overview
                  Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
                  The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
                  All the resources used by Contoso are hosted on-premises.
                  Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.
                  Existing Environment
                  The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
                  Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
                  Contoso.com contains a user named User1.
                  All the offices connect by using private links.
                  Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
                  All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.
                  AZ-101 dumps exhibit
                  Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.
                  The Azure subscription contains the resources in the following table.
                  AZ-101 dumps exhibit
                  The network security team implements several network security groups (NSGs).
                  Planned Changes
                  Contoso plans to implement the following changes:
                  • Deploy Azure ExpressRoute to the Montreal office.
                  • Migrate the virtual machines hosted on Server1 and Server2 to Azure.
                  • Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
                  • Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2.
                  Technical requirements
                  Contoso must meet the following technical requirements:
                  • Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instance*.
                  • Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
                  • Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
                  • Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
                  • Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com.
                  • Connect the New Your office to VNet1 over the Internet by using an encrypted connection.
                  • Create a workflow to send an email message when the settings of VM4 are
                  modified.
                  • Cre3te a custom Azure role named Role1 that is based on the Reader role.
                  • Minimize costs whenever possible.

                  NEW QUESTION 18
                  You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs.
                  What should you use?

                  • A. Diagram in VNet1
                  • B. the security recommendations in Azure Advisor
                  • C. Diagnostic settings in Azure Monitor
                  • D. Diagnose and solve problems in Traffic Manager Profiles
                  • E. IP flow verify in Azure Network Watcher

                  Answer: E

                  Explanation: Scenario: Contoso must meet technical requirements including:
                  Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
                  IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
                  References:
                  https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

                  P.S. Easily pass AZ-101 Exam with 67 Q&As Surepassexam Dumps & pdf Version, Welcome to Download the Newest Surepassexam AZ-101 Dumps: https://www.surepassexam.com/AZ-101-exam-dumps.html (67 New Questions)