Refined AZ-101 Exam Questions and Answers 2019

Want to know AZ-101 Exam Dumps features? Want to lear more about AZ-101 Dumps experience? Study AZ-101 Exam Dumps. Gat a success with an absolute guarantee to pass Microsoft AZ-101 (Microsoft Azure Integration and Security) test on your first attempt.

Microsoft AZ-101 Free Dumps Questions Online, Read and Test Now.

NEW QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer
a question in this section, you will NOT be able to return to it As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscript contains a resource group named Dev.
d Subscription1. Adatum contains a group named Developers. Subscription!
You need to provide the Developers group with the ability to create Azure logic apps in the; Dev, resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: A

Explanation: The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

NEW QUESTION 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Monitor, you create a metric on Network In and Network Out. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation: You should use Azure Network Watcher. References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

Case Study: 2
Mix Questions Set B (Implement advanced networking)

NEW QUESTION 3
Another administrator reports that she is unable to configure a web app named
corplod7509086n3 to prevent all connections from an IP address of 11.0.0.11.
You need to modify corplod7509086n3 to successfully prevent the connections from the IP address. The solution must minimize Azure-related costs.
What should you do from the Azure portal?

    Answer:

    Explanation: Step 1:
    Find and select application corplod7509086n3:
    1. In the Azure portal, on the left navigation panel, click Azure Active Directory.
    2. In the Azure Active Directory blade, click Enterprise applications. Step 2:
    To add an IP restriction rule to your app, use the menu to open Network>IP Restrictions and click on Configure IP Restrictions
    AZ-101 dumps exhibit
    Step 3:
    Click Add rule
    You can click on [+] Add to add a new IP restriction rule. Once you add a rule, it will become effective immediately.
    AZ-101 dumps exhibit
    Step 4:
    Add name, IP address of 11.0.0.11, select Deny, and click Add Rule
    AZ-101 dumps exhibit
    References:
    https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions

    NEW QUESTION 4
    HOTSPOT
    You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.
    Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
    You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
    What should you do? To answer, select the appropriate options in the answer area.
    NOTE: Each correct selection is worth one point.
    AZ-101 dumps exhibit

      Answer:

      Explanation: Box 1: An Azure Log Analytics workspace
      In the Azure portal you can set up a Log Analytics workspace, which is a unique Log Analytics environment with its own data repository, data sources, and solutions
      Box 2: ILB1
      References:
      https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-create-workspace https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics

      NEW QUESTION 5
      You plan to connect a virtual network named VNET1017 to your on-premises network by using both an Azure ExpressRoute and a site-to-site VPN connection.
      You need to prepare the Azure environment for the planned deployment. The solution must maximize the IP address space available to Azure virtual machines.
      What should you do from the Azure portal before you create the ExpressRoute are the VPN gateway?

        Answer:

        Explanation: We need to create a Gateway subnet Step 1:
        Go to More Services > Virtual Networks Step 2:
        Then click on the VNET1017, and click on subnets. Then click on gateway subnet.
        Step 3:
        In the next window define the subnet for the gateway and click OK
        AZ-101 dumps exhibit
        It is recommended to use /28 or /27 for gateway subnet.
        As we want to maximize the IP address space we should use /27. References:
        https://blogs.technet.microsoft.com/canitpro/2017/06/28/step-by-step-configuring-a-site-to-site-vpn- gateway-between-azure-and-on-premise/

        NEW QUESTION 6
        You have an Azure subscription named Subscnption1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.
        VM1 runs services that will be used to deploy resources to RG1.
        You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1. What should you do fit -

        • A. From the Azure portal modify the Access control (1AM) settings of VM1.
        • B. From the Azure portal, modify the Policies settings of RG1.
        • C. From the Azure portal, modify the value of the Managed Service Identity option for VM1.
        • D. From the Azure portal, modify the Access control (IAM) settings of RG1.

        Answer: C

        Explanation: A managed identity from Azure Active Directory allows your app to easily access other AAD-protected resources such as Azure Key Vault. The identity is managed by the Azure platform and does not require you to provision or rotate any secrets.
        User assigned managed identities can be used on Virtual Machines and Virtual Machine Scale Sets. References:
        https://docs.microsoft.com/en-us/azure/app-service/app-service-managed-service-identity

        NEW QUESTION 7
        You need to create a function app named corp7509086nl that supports sticky sessions. The solution must minimize the Azure-related costs of the App Service plan.
        What should you do from the Azure portal?

          Answer:

          Explanation: Step 1:
          Select the New button found on the upper left-hand corner of the Azure portal, then select Compute > Function App.
          Step 2:
          Use the function app settings as listed below. App name: corp7509086n1
          Hosting plan: Azure App Service plan
          (need this for the sticky sessions)
          Pricing tier of the the App Service plan: Shared compute: Free Step 3:
          Select Create to provision and deploy the function app. References:
          https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-function-app-portal

          NEW QUESTION 8
          You have an on-premises network that contains a Hyper-V host named Host1. Host1 runs Windows Server 2016 and hosts 10 virtual machines that run Windows Server 2016.
          You plan to replicate the virtual machines to Azure by using Azure Site Recovery. You create a Recovery Services vault named ASR1 and a Hyper-V site named
          Site1.
          You need to add Host1 to ASR1. What should you do?

          • A. Download the installation file for the Azure Site Recovery Provide
          • B. Download the vault registration key.Install the Azure Site Recovery Provider on Host1 and register the server.
          • C. Download the installation file for the Azure Site Recovery Provide
          • D. Download the storage account key.Install the Azure Site Recovery Provider on Host1 and register the server.
          • E. Download the installation file for the Azure Site Recovery Provide
          • F. Download the vault registration key.Install the Azure Site Recovery Provider on each virtual machine and register the virtual machines.
          • G. Download the installation file for the Azure Site Recovery Provide
          • H. Download the storage account key.Install the Azure Site Recovery Provider on each virtual machine and register the virtual machines.

          Answer: A

          Explanation: Download the Vault registration key. You need this when you install the Provider. The key is valid for five days after you generate it.
          Install the Provider on each VMM server. You don't need to explicitly install anything on Hyper-V hosts.
          Incorrect Answers:
          B, D: Use the Vault Registration Key, not the storage account key. References:
          https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure

          NEW QUESTION 9
          Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
          After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
          You have an Azure web app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
          You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day.
          Solution: You change the pricing tier of Plan1 to Basic. Does this meet the goal?

          • A. Yes
          • B. No

          Answer: A

          Explanation: The Free Tier provides 60 CPU minutes / day. This explains why App1 is stops. The Basic tier has no such cap.
          References:
          https://azure.microsoft.com/en-us/pricing/details/app-service/windows/

          NEW QUESTION 10
          Note: This question is part of a series of questions that present the same scenario
          goals. Some question sets might have more than one correct solution, while others ion in the series contains a unique solution that might meet the stated not have a correct solution.
          After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
          You have an Azure web app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
          You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day.
          Solution: You add a triggered WebJob to App1. Does this meet the goal?

          • A. Yes
          • B. No

          Answer: B

          Explanation: You need to change to Basic pricing Tier.
          Note: The Free Tier provides 60 CPU minutes / day. This explains why App1 is stops. The Basic tier has no such cap.
          References:
          https://azure.microsoft.com/en-us/pricing/details/app-service/windows/

          NEW QUESTION 11
          You are the global administrator for an Azure Active Directory (Azure AD) tenet named adatum.com. You need to enable two-step verification for Azure users.
          What should you do?

          • A. Create a sign-in risk policy in Azure AD Identity Protection
          • B. Enable Azure AD Privileged Identity Management.
          • C. Create and configure the Identity Hub.
          • D. Configure a security policy in Azure Security Center.

          Answer: A

          Explanation: With Azure Active Directory Identity Protection, you can:
          require users to register for multi-factor authentication
          handle risky sign-ins and compromised users References:
          https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/flows

          NEW QUESTION 12
          You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.
          The virtual machines host several applications that are accessible over port 443 to user on the Internet.
          Your on-premises network has a site-to-site VPN connection to VNet1.
          You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.
          You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.
          What should you do?

          • A. Modify the address space of the local network gateway.
          • B. Remove the public IP addresses from the virtual machines.
          • C. Modify the address space of Subnet1.
          • D. Create a deny rule in a network security group (NSG) that is linked to Subnet1.

          Answer: D

          Explanation: You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
          References:
          https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

          NEW QUESTION 13
          You plan to support many connections to your company's automatically uses up to five instances when CPU utilization on the instances exceeds 70 percent for 10 minutes. When CPU utilization decreases, the solution must automatically reduce the number of instances.
          What should you do from the Azure portal?

            Answer:

            Explanation: Step 1:
            Locate the Homepage App Service plan Step 2:
            below.
            Click Add a rule, and enter the appropriate fields, such as below, and the click Add. Time aggregation: average
            Metric Name: Percentage CPU Operator: Greater than Threshold 70
            Duration: 10 minutes Operation: Increase count by Instance count: 4
            AZ-101 dumps exhibit
            Step 3:
            We must add a scale in rule as well. Click Add a rule, and enter the appropriate fields, such as below, then click Add.
            Operator: Less than Threshold 70
            Duration: 10 minutes Operation: Decrease count by Instance count: 4
            References:
            https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets- autoscale-portal
            https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/insights-autoscale-best-practices

            NEW QUESTION 14
            You create an Azure subscription that is associated to a basic Azure Active Directory (Azure AD) tenant. You need to receive an email notification when any user activates an administrative role.
            What should you do?

            • A. Purchase Azure AD Premium 92 and configure Azure AD Privileged Identity Management,
            • B. Purchase Enterprise Mobility + Security E3 and configure conditional access policies.
            • C. Purchase Enterprise Mobility + Security E5 and create a custom alert rule in Azure Security Center.
            • D. Purchase Azure AD Premium PI and enable Azure AD Identity Protection.

            Answer: A

            Explanation: When key events occur in Azure AD Privileged Identity Management (PIM), email notifications are sent. For example, PIM sends emails for the following events:
            When a privileged role activation is pending approval
            When a privileged role activation request is completed
            When a privileged role is activated
            When a privileged role is assigned
            When Azure AD PIM is enabled References:
            https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim- email-notifications

            NEW QUESTION 15
            You need to deploy an application gateway named appgwl015 to meet the following requirements: Load balance internal IP traffic to the Azure virtual machines connected to subnet0.
            Provide a Service Level Agreement (SLA) of 99.99 percent availability for the Azure virtual machines.
            What should you do from the Azure portal?

              Answer:

              Explanation: Step 1:
              Click New found on the upper left-hand corner of the Azure portal.
              Step 2:
              Select Networking and then select Application Gateway in the Featured list.
              Step 3:
              Enter these values for the application gateway: appgw1015 - for the name of the application gateway. SKU Size: Standard_V2
              The new SKU [Standard_V2] offers autoscaling and other critical performance enhancements.
              AZ-101 dumps exhibit
              Step 4:
              Accept the default values for the other settings and then click OK.
              Step 5:
              Click Choose a virtual network, and select subnet0. References:
              https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-gateway- portal

              NEW QUESTION 16
              You have an Azure App Service plan that hosts an Azure App Service named App1. You configure one production slot and four staging slots for App1.
              You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot.
              What should you add to Appl1?

              • A. slots to the Testing in production blade
              • B. a performance test
              • C. a WebJob
              • D. templates to the Automation script blade

              Answer: A

              Explanation: Besides swapping, deployment slots offer another killer feature: testing in production. Just like the name suggests, using this, you can actually test in production. This means that you can route a specific percentage of user traffic to one or more of your deployment slots.
              Example:
              AZ-101 dumps exhibit
              References:
              https://stackify.com/azure-deployment-slots/

              NEW QUESTION 17
              HOTSPOT
              You plan to create a new Azure Active Directory (Azure AD) role.
              You need to ensure that the new role can view all the resources in the Azure subscription and issue support requests to Microsoft. The solution must use the principle of least privilege.
              How should you complete the JSON definition? To answer, select the appropriate options in the answer are
              a.
              NOTE: Each correct selection is worth one point.
              AZ-101 dumps exhibit

                Answer:

                Explanation: Box 1: "*/read",
                */read lets you view everything, but not make any changes. Box 2: " Microsoft.Support/*"
                The action Microsoft.Support/* enables creating and management of support tickets. References:
                https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

                NEW QUESTION 18
                You have an Azure App Service plan named AdatumASP1 that uses the P2v2 pricing tier. AdatumASP1 hosts Ml Azure web app named adatumwebapp1. You need to delegate the management of adatumwebapp1 to a group named Devs. Devs must be able to perform the following tasks:
                • Add deployment slots.
                • View the configuration of AdatumASP1.
                • Modify the role assignment for adatumwebapp1. Which role should you assign to the Devs group?

                • A. Owner
                • B. Contributor
                • C. Web Plan Contributor
                • D. Website Contributor

                Answer: B

                Explanation: The Contributor role lets you manage everything except access to resources. Incorrect Answers:
                A: The Owner role lets you manage everything, including access to resources.
                C: The Web Plan Contributor role lets you manage the web plans for websites, but not access to them.
                D: The Website Contributor role lets you manage websites (not web plans), but not access to them. References:
                https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

                Thanks for reading the newest AZ-101 exam dumps! We recommend you to try the PREMIUM 2passeasy AZ-101 dumps in VCE and PDF here: https://www.2passeasy.com/dumps/AZ-101/ (67 Q&As Dumps)