Microsoft AZ-101 Exam Questions and Answers 2019

AZ-101 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library! Try it Free Today!

https://www.exambible.com/AZ-101-exam/

Product Description:
Exam Number/Code: AZ-101
Exam name: Microsoft Azure Integration and Security
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Free Certification Real IT AZ-101 Exam pdf Collection

We offers AZ-101 Exam Questions. "Microsoft Azure Integration and Security", also known as AZ-101 exam, is a Microsoft Certification. This set of posts, Passing the AZ-101 exam with AZ-101 Exam Questions and Answers, will help you answer those questions. The AZ-101 Dumps covers all the knowledge points of the real exam. 100% real AZ-101 Exam Questions and Answers and revised by experts!

Check AZ-101 free dumps before getting the full version:

NEW QUESTION 1
A web developer creates a web application that you plan to deploy as an Azure web app.
Users must enter credentials to access the web application.
You create a new web app named WebAppl1 and deploy the web application to WebApp1.
You need to disable anonymous access to WebApp1. What should you configure?

  • A. Advanced Tools
  • B. Authentication/ Authorization
  • C. Access control (IAM)
  • D. Deployment credentials

Answer: B

Explanation: Anonymous access is an authentication method. It allows users to establish an anonymous connection.
References:
https://docs.microsoft.com/en-us/biztalk/core/guidelines-for-resolving-iis-permissions-problems

NEW QUESTION 2
Your marketing team creates a new website that you must load balance for 99.99
percent availability.
You need to deploy and configure a solution for both machines in the Web-AS availability set to load balance the website over HTTP. The solution must use the load balancer your resource group.
What should you do from the Azure portal?

    Answer:

    Explanation: To distribute traffic to the VMs in the availability set, a back-end address pool contains the IP addresses of the virtual NICs that are connected to the load balancer. Create the back-end address pool to include the VMs in the availability set.
    Step 1:
    Select All resources on the left menu, and then select LoadBalancer from the resource list. Step 2:
    Under Settings, select Backend pools, and then select Add. Step 3:
    On the Add a backend pool page, select the Web-AS availability set, and then select OK:
    AZ-101 dumps exhibit
    References:
    https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-create-basic-load-balancer-portal

    NEW QUESTION 3
    You plan to deploy an application getaway named appgw1015 to load balance IP traffic to the Azure virtual machines connected to subnet0.
    You need to configure a virtual network named VNET1015 to support the planned application gateway.
    What should you do from the Azure portal?

      Answer:

      Explanation: Step 1:
      Click Networking, Virtual Network, and select VNET1015.
      Step 2:
      Click Subnets, and Click +Add on the VNET1015 - Subnets pane that appears.
      Step 3:
      On the Subnets page, click +Gateway subnet at the top to open the Add subnet page.
      AZ-101 dumps exhibit
      Step 4:
      Locate subnet0 and add it. References:
      https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource- manager-portal

      NEW QUESTION 4
      You have a public load balancer that balancer ports 80 and 443 across three virtual machines.
      You need to direct all the Remote Desktop protocol (RDP) to VM3 only. What should you configure?

      • A. an inbound NAT rule
      • B. a load public balancing rule
      • C. a new public load balancer for VM3
      • D. a new IP configuration

      Answer: A

      Explanation: To port forward traffic to a specific port on specific VMs use an inbound network address translation (NAT) rule.
      Incorrect Answers:
      B: Load-balancing rule to distribute traffic that arrives at frontend to backend pool instances. References:
      https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

      NEW QUESTION 5
      You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.
      What should you include in the recommended?

      • A. Azure AP B2C
      • B. Azure AD Identity Protection
      • C. an Azure logic app and the Microsoft Identity Management (MIM) client
      • D. dynamic groups and conditional access policies

      Answer: D

      Explanation: Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
      The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other conditions.
      References:
      https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

      NEW QUESTION 6
      You have an Azure Active Directory (Azure AD) tenant.
      You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations.
      You need to ensure that members of the Global Administrators group will also be forced to use multi- factor authentication when authenticating from untrusted locations.
      What should you do?

      • A. From the multi-factor authentication page, modify the service settings.
      • B. From the multi-factor authentication page, modify the user settings.
      • C. From the Azure portal, modify grant control of Policy1.
      • D. From the Azure portal, modify session control of Policy1.

      Answer: C

      Explanation: There are two types of controls:
      Grant controls – To gate access
      Session controls – To restrict access to a session
      Grant controls oversee whether a user can complete authentication and reach the resource that
      they’re attempting to sign-in to. If you have multiple controls selected, you can configure whether all of them are required when your policy is processed. The current implementation of Azure Active Directory enables you to set the following grant control requirements:
      AZ-101 dumps exhibit
      References:
      https://blog.lumen21.com/2017/12/15/conditional-access-in-azure-active-directory/

      NEW QUESTION 7
      You plan to support many connections to your company's automatically uses up to five instances when CPU utilization on the instances exceeds 70 percent for 10 minutes. When CPU utilization decreases, the solution must automatically reduce the number of instances.
      What should you do from the Azure portal?

        Answer:

        Explanation: Step 1:
        Locate the Homepage App Service plan Step 2:
        below.
        Click Add a rule, and enter the appropriate fields, such as below, and the click Add. Time aggregation: average
        Metric Name: Percentage CPU Operator: Greater than Threshold 70
        Duration: 10 minutes Operation: Increase count by Instance count: 4
        AZ-101 dumps exhibit
        Step 3:
        We must add a scale in rule as well. Click Add a rule, and enter the appropriate fields, such as below, then click Add.
        Operator: Less than Threshold 70
        Duration: 10 minutes Operation: Decrease count by Instance count: 4
        References:
        https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets- autoscale-portal
        https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/insights-autoscale-best-practices

        NEW QUESTION 8
        You create an Azure subscription that is associated to a basic Azure Active Directory (Azure AD) tenant. You need to receive an email notification when any user activates an administrative role.
        What should you do?

        • A. Purchase Azure AD Premium 92 and configure Azure AD Privileged Identity Management,
        • B. Purchase Enterprise Mobility + Security E3 and configure conditional access policies.
        • C. Purchase Enterprise Mobility + Security E5 and create a custom alert rule in Azure Security Center.
        • D. Purchase Azure AD Premium PI and enable Azure AD Identity Protection.

        Answer: A

        Explanation: When key events occur in Azure AD Privileged Identity Management (PIM), email notifications are sent. For example, PIM sends emails for the following events:
        When a privileged role activation is pending approval
        When a privileged role activation request is completed
        When a privileged role is activated
        When a privileged role is assigned
        When Azure AD PIM is enabled References:
        https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim- email-notifications

        NEW QUESTION 9
        You need to meet the technical requirement for VM4. What should you create and configure?

        • A. an Azure Notification Hub
        • B. an Azure Event Hub
        • C. an Azure Logic App
        • D. an Azure services Bus

        Answer: B

        Explanation: Scenario: Create a workflow to send an email message when the settings of VM4 are modified.
        You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources. These resources can publish those events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without you writing any code.
        References:
        https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-grid-logic- app

        NEW QUESTION 10
        HOTSPOT
        You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. You add the users in the following table.
        AZ-101 dumps exhibit
        Which user can perform each configuration? To answer, select the appropriate options in the answer area.
        NOTE: Each correct selection is worth one point.
        AZ-101 dumps exhibit

          Answer:

          Explanation: Box 1: User1 and User3 only.
          The Owner Role lets you manage everything, including access to resources.
          The Network Contributor role lets you manage networks, but not access to them. Box 2: User1 and User2 only
          The Security Admin role: In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations.
          References:
          https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

          NEW QUESTION 11
          Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
          After you answer a question in this section, you will NOT be able to return to it As a result these questions will not appear in the review screen.
          You have an Azure wet) app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
          You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day.
          Solution: You change the pricing tier of Plan1 to Shared. Does this meet the goal?

          • A. Yes
          • B. No

          Answer: B

          Explanation: You should switch to the Basic Tier.
          The Free Tier provides 60 CPU minutes / day. This explains why App1 is stops. The Shared Tier provides 240 CPU minutes / day. The Basic tier has no such cap.
          References:
          https://azure.microsoft.com/en-us/pricing/details/app-service/windows/

          NEW QUESTION 12
          You have an Azure Service Bus.
          You need to implement a Service Bus queue that guarantees first in first-out (FIFO) delivery of messages.
          What should you do?

          • A. Set the Lock Duration setting to 10 seconds.
          • B. Enable duplicate detection.
          • C. Set the Max Size setting of the queue to 5 GB.
          • D. Enable partitioning.
          • E. Enable sessions.

          Answer: E

          Explanation: Through the use of messaging sessions you can guarantee ordering of messages, that is first-in-first- out (FIFO) delivery of messages.
          References:
          https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-azure-and-service-bus- queues-compared-contrasted

          NEW QUESTION 13
          You are the global administrator for an Azure Active Directory (Azure AD) tenet named adatum.com. You need to enable two-step verification for Azure users.
          What should you do?

          • A. Create a sign-in risk policy in Azure AD Identity Protection
          • B. Enable Azure AD Privileged Identity Management.
          • C. Create and configure the Identity Hub.
          • D. Configure a security policy in Azure Security Center.

          Answer: A

          Explanation: With Azure Active Directory Identity Protection, you can:
          require users to register for multi-factor authentication
          handle risky sign-ins and compromised users References:
          https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/flows

          NEW QUESTION 14
          Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
          After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
          You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
          You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Monitor, you create a metric on Network In and Network Out. Does this meet the goal?

          • A. Yes
          • B. No

          Answer: B

          Explanation: You should use Azure Network Watcher. References:
          https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

          Case Study: 2
          Mix Questions Set B (Implement advanced networking)

          NEW QUESTION 15
          You plan to deploy a site-to-site VPN connection from on-premises network to your
          Azure environment. The VPN connection will be established to the VNET01-USEA2 virtual network.
          You need to create the required resources in Azure for the planned site-to-site VPN. The solution must minimize costs.
          What should you do from the Azure portal?
          NOTE: This task may a very long time to complete. You do NOT need to wait for the deployment to complete this task successfully.

            Answer:

            Explanation: We create a VPN gateway. Step 1:
            On the left side of the portal page, click + and type 'Virtual Network Gateway' in search. In Results, locate and click Virtual network gateway.
            Step 2:
            At the bottom of the 'Virtual network gateway' page, click Create. This opens the Create virtual network gateway page.
            Step 3:
            On the Create virtual network gateway page, specify the values for your virtual network gateway. Gateway type: Select VPN. VPN gateways use the virtual network gateway type VPN.
            Virtual network: Choose the existing virtual network VNET01-USEA2
            Gateway subnet address range: You will only see this setting if you did not previously create a gateway subnet for your virtual network.
            Step 4:
            Select the default values for the other setting, and click create.
            AZ-101 dumps exhibit
            The settings are validated and you'll see the "Deploying Virtual network gateway" tile on the dashboard. Creating a gateway can take up to 45 minutes.
            Note: This task may take a very long time to complete. You do NOT need to wait for the deployment to complete this task successfully.
            References:
            https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

            Case Study: 4 Contoso Case Study
            Overview
            Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
            The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
            All the resources used by Contoso are hosted on-premises.
            Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.
            Existing Environment
            The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
            Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
            Contoso.com contains a user named User1.
            All the offices connect by using private links.
            Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
            All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.
            AZ-101 dumps exhibit
            Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.
            The Azure subscription contains the resources in the following table.
            AZ-101 dumps exhibit
            The network security team implements several network security groups (NSGs).
            Planned Changes
            Contoso plans to implement the following changes:
            • Deploy Azure ExpressRoute to the Montreal office.
            • Migrate the virtual machines hosted on Server1 and Server2 to Azure.
            • Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
            • Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2.
            Technical requirements
            Contoso must meet the following technical requirements:
            • Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instance*.
            • Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
            • Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
            • Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
            • Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com.
            • Connect the New Your office to VNet1 over the Internet by using an encrypted connection.
            • Create a workflow to send an email message when the settings of VM4 are
            modified.
            • Cre3te a custom Azure role named Role1 that is based on the Reader role.
            • Minimize costs whenever possible.

            NEW QUESTION 16
            You have five Azure virtual machines that run Windows Server 2016.
            You have an Azure load balancer named LB1 that provides load balancing se
            You need to ensure that visitors are serviced by the same web server for each request.
            What should you configure?

            • A. Floating IP (direct server return) to Disable
            • B. Session persistence to Client IP
            • C. a health probe
            • D. Session persistence to None

            Answer: B

            Explanation: You can set the sticky session in load balancer rules with setting the session persistence as the client IP.
            References:
            https://cloudopszone.com/configure-azure-load-balancer-for-sticky-sessions/

            NEW QUESTION 17
            You need to deploy an Azure load balancer named Ib 1015 to your Azure subscription. The solution must meet the following requirements:
            -Support the load balancing of IP traffic from the Internet to Azure virtual machines connected to VNET1016 \subnet0.
            -Prov.de 4 Service level Agreement (SWJ of 99.99 percent ability for the Azure virtual machines.
            -Minimize Azure-related costs.
            What should you do from the Azure portal?
            To complete this task, you do NOT need to wait for the deployment to complete. Once the deployment start in Azure, you can move to the next task.

              Answer:

              Explanation: Step 1:
              On the top left-hand side of the screen, click Create a resource > Networking > Load Balancer. Step 2:
              In the Create a load balancer page enter these values for the load balancer: myLoadBalancer - for the name of the load balancer.
              Internal - for the type of the load balancer. Basic - for SKU version.
              Microsoft guarantees that apps running in a customer subscription will be available 99.99% of the time.
              VNET1016\subnet0 - for subnet that you choose from the list of existing subnets.
              Step 3: Accept the default values for the other settings and click Create to create the load balancer.

              Recommend!! Get the Full AZ-101 dumps in VCE and PDF From Surepassexam, Welcome to Download: https://www.surepassexam.com/AZ-101-exam-dumps.html (New 67 Q&As Version)