Pinpoint AZ-100 Exam Questions and Answers 2021

Exam Code: AZ-100 (AZ-100 Exam Questions and Answers), Exam Name: Microsoft Azure Infrastructure and Deployment, Certification Provider: Microsoft Certifitcation, Free Today! Guaranteed Training- Pass AZ-100 Exam.

Check AZ-100 free dumps before getting the full version:

NEW QUESTION 1
You create an Azure Storage account named contosostorage.
You plan to create a file share named data.
Users need to map a drive to the data file share from home computers that run Windows 10. Which port should be open between the home computers and the data file share?

  • A. 80
  • B. 443
  • C. 445
  • D. 3389

Answer: C

Explanation: Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked.
References: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

NEW QUESTION 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You configure a custom policy definition, and then you assign the policy to the subscription.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: A

Explanation: Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources.
References: https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition

NEW QUESTION 3
You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of 131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
AZ-100 dumps exhibit Ensure that you can upload the disk files to account1.
AZ-100 dumps exhibit Ensure that you can attach the disks to VM1.
AZ-100 dumps exhibit Prevent all other access to account1.
Which two actions should you perform? Each correct selection presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
  • B. From the Firewalls and virtual networks blade of account1, select Selected networks.
  • C. From the Firewalls and virtual networks blade of acount1, add VNet1.
  • D. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
  • E. From the Service endpoints blade of VNet1, add a service endpoint.

Answer: BE

Explanation: B: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.
Azure portal
AZ-100 dumps exhibit Navigate to the storage account you want to secure.
AZ-100 dumps exhibit Click on the settings menu called Firewalls and virtual networks.
AZ-100 dumps exhibit To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all networks, choose to allow access from 'All networks'.
AZ-100 dumps exhibit Click Save to apply your changes. E: Grant access from a Virtual Network
Storage accounts can be configured to allow access only from specific Azure Virtual Networks.
By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each request.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

NEW QUESTION 4
You have an Azure subscription that contains the resources in the following table.
AZ-100 dumps exhibit
VM1 and VM2 are deployed from the same template and host line-of-business applications accessed by using Remote Desktop. You configure the network security group (NSG) shown in the exhibit. (Click the Exhibit button.)
AZ-100 dumps exhibit
You need to prevent users of VM1 and VM2 from accessing websites on the Internet.
What should you do?

  • A. Associate the NSG to Subnet1.
  • B. Disassociate the NSG from a network interface.
  • C. Change the DenyWebSites outbound security rule.
  • D. Change the Port_80 inbound security rule.

Answer: A

Explanation: You can associate or dissociate a network security group from a network interface or subnet.
The NSG has the appropriate rule to block users from accessing the Internet. We just need to associate it with Subnet1.
References: https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group

NEW QUESTION 5
You have an Azure subscription named Subscription1.
You create an Azure Storage account named contosostorage, and then you create a file share named data. Which UNC path should you include in a script that references files from the data file share? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
AZ-100 dumps exhibit

    Answer:

    Explanation: Box 1: contosostorage The name of account
    Box 2: file.core.windows.net
    Box 3: data
    The name of the file share is data. Example:
    References: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

    NEW QUESTION 6
    You have an Azure subscription named Subscription1.
    You have 5 TB of data that you need to transfer to Subscription. You plan to use an Azure Import/Export job.
    What can you use as the destination of the imported data?

    • A. Azure SQL Database
    • B. Azure Data Factory
    • C. A virtual machine
    • D. Azure Blob storage

    Answer: D

    Explanation: References:
    https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service

    NEW QUESTION 7
    You need to identify the storage requirements for Contoso.
    For each of the following statements, select Yes if the statement is true. Otherwise, select No.
    NOTE: Each correct selection is worth one point.
    AZ-100 dumps exhibit

      Answer:

      Explanation: Box 1: Yes
      Contoso is moving the existing product blueprint files to Azure Blob storage.
      Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these. Box 2: No
      Box 3: No

      NEW QUESTION 8
      You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
      You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
      What should you create to store the password?

      • A. Azure Active Directory (AD) Identity Protection and an Azure policy
      • B. a Recovery Services vault and a backup policy
      • C. an Azure Key Vault and an access policy
      • D. an Azure Storage account and an access policy

      Answer: C

      Explanation: You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file.
      References: https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/

      NEW QUESTION 9
      You plan to back up an Azure virtual machine named VM1.
      You discover that the Backup Pre-Check status displays a status of Warning. What is a possible cause of the Warning status?

      • A. VM1 does not have the latest version of WaAppAgent.exe installed.
      • B. VM1 has an unmanaged disk.
      • C. VM1 is stopped.
      • D. A Recovery Services vault is unavailable.

      Answer: A

      Explanation: The Warning state indicates one or more issues in VM’s configuration that might lead to backup failures and provides recommended steps to ensure successful backups. Not having the latest VM Agent installed, for example, can cause backups to fail intermittently and falls in this class of issues.
      References:
      https://azure.microsoft.com/en-us/blog/azure-vm-backup-pre-checks/

      NEW QUESTION 10
      You have an Azure subscription that is used by four departments in your company. The subscription contains 10 resource groups. Each department uses resources in several resource groups.
      You need to send a report to the finance department. The report must detail the costs for each department. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
      AZ-100 dumps exhibit

        Answer:

        Explanation: Box 1: Assign a tag to each resource.
        You apply tags to your Azure resources giving metadata to logically organize them into a taxonomy. After you apply tags, you can retrieve all the resources in your subscription with that tag name and value. Each resource or resource group can have a maximum of 15 tag name/value pairs. Tags applied to the resource group are not inherited by the resources in that resource group.
        Box 2: From the Cost analysis blade, filter the view by tag
        After you get your services running, regularly check how much they're costing you. You can see the current spend and burn rate in Azure portal.
        AZ-100 dumps exhibit Visit the Subscriptions blade in Azure portal and select a subscription.
        AZ-100 dumps exhibit You should see the cost breakdown and burn rate in the popup blade.
        AZ-100 dumps exhibit Click Cost analysis in the list to the left to see the cost breakdown by resource. Wait 24 hours after you add a service for the data to populate.
        AZ-100 dumps exhibit You can filter by different properties like tags, resource group, and timespan. Click Apply to confirm the filters and Download if you want to export the view to a Comma-Separated Values (.csv) file.
        Box 3: Download the usage report References:
        https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags https://docs.microsoft.com/en-us/azure/billing/billing-getting-started

        NEW QUESTION 11
        You have an availability set named AS1 that contains three virtual machines named VM1, VM2, and VM3. You attempt to reconfigure VM1 to use a larger size. The operation fails and you receive an allocation failure message.
        You need to ensure that the resize operation succeeds.
        Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
        AZ-100 dumps exhibit

          Answer:

          Explanation: AZ-100 dumps exhibit

          NEW QUESTION 12
          Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
          After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
          You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
          You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Automation script.
          Does this meet the goal?

          • A. Yes
          • B. No

          Answer: B

          NEW QUESTION 13
          You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.
          You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources.
          What should you do first?

          • A. From the on-premises network, deploy Active Directory Federation Services (AD FS).
          • B. From Azure AD, add and verify a custom domain name.
          • C. From the on-premises network, request a new certificate that contains the Active Directory domain name.
          • D. From the server that runs Azure AD Connect, modify the filtering options.

          Answer: B

          Explanation: Azure AD Connect lists the UPN suffixes that are defined for the domains and tries to match them with a custom domain in Azure AD. Then it helps you with the appropriate action that needs to be taken. The Azure AD sign-in page lists the UPN suffixes that are defined for on-premises Active Directory and displays the corresponding status against each suffix. The status values can be one of the following:
          State: Verified
          Azure AD Connect found a matching verified domain in Azure AD. All users for this domain can sign in by using their on-premises credentials.
          State: Not verified
          Azure AD Connect found a matching custom domain in Azure AD, but it isn't verified. The UPN suffix of the users of this domain will be changed to the default .onmicrosoft.com suffix after synchronization if the domain isn't verified.
          Action Required: Verify the custom domain in Azure AD.
          References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-user-signin

          NEW QUESTION 14
          You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
          NOTE: Each correct selection is worth one point.
          AZ-100 dumps exhibit

            Answer:

            Explanation: This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL Server on Windows for the data tier.
            AZ-100 dumps exhibit
            Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
            A SQL database
            A web front end
            A processing middle tier
            Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
            Technical requirements include:
            Move all the virtual machines for App1 to Azure.
            Minimize the number of open ports between the App1 tiers.
            References: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server

            NEW QUESTION 15
            You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com. Your company has a public DNS zone for contoso.com.
            You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name. Which type of DNS record should you create?

            • A. PTR
            • B. MX
            • C. NSEC3
            • D. RRSIG

            Answer: B

            NEW QUESTION 16
            Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
            AZ-100 dumps exhibit
            AZ-100 dumps exhibit
            AZ-100 dumps exhibit
            When you are finished performing all the tasks, click the ‘Next’ button.
            Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
            Overview
            The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
            Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
            Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
            To start the lab
            You may start the lab by clicking the Next button.
            Another administrator attempts to establish connectivity between two virtual networks named VNET1 and VNET2.
            The administrator reports that connections across the virtual networks fail.
            You need to ensure that network connections can be established successfully between VNET1 and VNET2 as quickly as possible.
            What should you do from the Azure portal?

              Answer:

              Explanation: You can connect one VNet to another VNet using either a Virtual network peering, or an Azure VPN Gateway.
              To create a virtual network gateway
              Step1 : In the portal, on the left side, click +Create a resource and type 'virtual network gateway' in search. Locate Virtual network gateway in the search return and click the entry. On the Virtual network gateway page, click Create at the bottom of the page to open the Create virtual network gateway page.
              Step 2: On the Create virtual network gateway page, fill in the values for your virtual network gateway.
              AZ-100 dumps exhibit
              AZ-100 dumps exhibit
              Name: Name your gateway. This is not the same as naming a gateway subnet. It's the name of the gateway object you are creating.
              Gateway type: Select VPN. VPN gateways use the virtual network gateway type VPN.
              Virtual network: Choose the virtual network to which you want to add this gateway. Click Virtual network to open the 'Choose a virtual network' page. Select the VNet. If you don't see your VNet, make sure the Location field is pointing to the region in which your virtual network is located.
              Gateway subnet address range: You will only see this setting if you did not previously create a gateway subnet for your virtual network. If you previously created a valid gateway subnet, this setting will not appear.
              Step 4: Select Create New to create a Gateway subnet.
              AZ-100 dumps exhibit
              Step 5: Click Create to begin creating the VPN gateway. The settings are validated and you'll see the "Deploying Virtual network gateway" tile on the dashboard. Creating a gateway can take up to 45 minutes. You may need to refresh your portal page to see the completed status.
              References:
              https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal?

              NEW QUESTION 17
              You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2.
              VM2 is protected by RSV1.
              You need to use RSV2 to protect VM2. What should you do first?

              • A. From the RSV1 blade, click Backup items and stop the VM2 backup.
              • B. From the RSV1 blade, click Backup Jobs and export the VM2 backup.
              • C. From the RSV1 blade, click Backu
              • D. From the Backup blade, select the backup for the virtual machine, and then click Backup.
              • E. From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault.

              Answer: D

              Explanation: References:
              https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm

              Recommend!! Get the Full AZ-100 dumps in VCE and PDF From Simply pass, Welcome to Download: https://www.simply-pass.com/Microsoft-exam/AZ-100-dumps.html (New 106 Q&As Version)