Exam Code: AZ-100 (AZ-100 Free Practice Questions), Exam Name: Microsoft Azure Infrastructure and Deployment, Certification Provider: Microsoft Certifitcation, Free Today! Guaranteed Training- Pass AZ-100 Exam.
Free demo questions for Microsoft AZ-100 Exam Dumps Below:
NEW QUESTION 1
You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table.
You create two user accounts that are configured as shown in the following table.
To which groups do User1 and User2 belong? To answer. select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation: Box 1: Group 1 only First rule applies
Box 2: Group1 and Group2 only Both membership rules apply.
References: https://docs.microsoft.com/en-us/sccm/core/clients/manage/collections/create-collections
NEW QUESTION 2
You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation: Box 1: Yes
Contoso is moving the existing product blueprint files to Azure Blob storage.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these. Box 2: No
Box 3: No
NEW QUESTION 3
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to
ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to deploy several Azure virtual machines and to connect them to a virtual network named VNET1007.
You need to ensure that future virtual machines in VNET1007 can register their name in an internal DNS zone named corp7523690.com. The zone must NOT be hosted on a virtual machine.
What should you do from Azure Cloud Shell?
To complete this task, start Azure Cloud Shell and select PowerShell(Linux). Click Show Advanced Settings, and then enter corp7523690n1 in the Storage account text box and File1 in the File share text box. Click Create storage, and then complete the task.
Answer:
Explanation: Step 1: New-AzureRMResourceGroup -name MyResourceGroup
Before you create the DNS zone, create a resource group to contain the DNS zone.
Step 2: New-AzureRmDnsZone -Name corp7523690.com -ResourceGroupName MyResourceGroup A DNS zone is created by using the New-AzureRmDnsZone cmdlet. This creates a DNS zone called
corp7523690.com in the resource group called MyResourceGroup.
References: https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-powershell
NEW QUESTION 4
You create an Azure Storage account named contosostorage.
You plan to create a file share named data.
Users need to map a drive to the data file share from home computers that run Windows 10. Which port should be open between the home computers and the data file share?
- A. 80
- B. 443
- C. 445
- D. 3389
Answer: C
Explanation: Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked.
References: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
NEW QUESTION 5
You have an Azure subscription named Subscription1.
You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1.
What should you use?
- A. LAD 3.0
- B. Azure Analysis Services
- C. the AzurePerformanceDiagnostics extension
- D. Azure HDInsight
Answer: C
Explanation: You can use extensions to configure diagnostics on your VMs to collect additional metric data.
The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-monitoring
NEW QUESTION 6
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?
- A. Azure Active Directory (AD) Identity Protection and an Azure policy
- B. a Recovery Services vault and a backup policy
- C. an Azure Key Vault and an access policy
- D. an Azure Storage account and an access policy
Answer: C
Explanation: You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file.
References: https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/
NEW QUESTION 7
You have an Azure subscription named Subscription1.
You plan to deploy an Ubuntu Server virtual machine named VM1 to Subscription1.
You need to perform a custom deployment of the virtual machine. A specific trusted root certification authority (CA) must be added during the deployment.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation: Box 1: Unattend.xml
In preparation to deploy shielded VMs, you may need to create an operating system specialization answer file. On Windows, this is commonly known as the "unattend.xml" file. The New-ShieldingDataAnswerFile Windows PowerShell function helps you do this. Starting with Windows Server version 1709, you can run certain Linux guest OSes in shielded VMs. If you are using the System Center Virtual Machine Manager Linux agent to specialize those VMs, the New-ShieldingDataAnswerFile cmdlet can create compatible answer files for it.
Box 2: The Azure Portal
You can use the Azure portal to deploy a Linux virtual machine (VM) in Azure that runs Ubuntu.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-portal
NEW QUESTION 8
You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name should you use?
- A. Join the client computers in the Miami office to Azure AD.
- B. Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.
- C. Allow inbound TCP port 8080 to the domain controllers in the Miami office.
- D. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication
- E. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
Answer: BD
Explanation: Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as ‘alice@contoso.com.’ instead of 'alice@domain name.onmicrosoft.com'.
Scenario:
Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure
AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
NEW QUESTION 9
You have an Azure subscription named Subscription1.
You create an Azure Storage account named contosostorage, and then you create a file share named data. Which UNC path should you include in a script that references files from the data file share? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation: Box 1: contosostorage The name of account
Box 2: file.core.windows.net
Box 3: data
The name of the file share is data. Example:
References: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
NEW QUESTION 10
You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address. Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network interfaces and network security groups that you require? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation: Box 1: 10
One public and one private network interface for each of the five VMs. Box 2: 1
You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
NEW QUESTION 11
You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name should you use?
- A. ad.humongousinsurance.com
- B. humongousinsurance.onmicrosoft.com
- C. humongousinsurance.local
- D. humongousinsurance.com
Answer: D
Explanation: Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as ‘alice@contoso.com.’ instead of 'alice@domain name.onmicrosoft.com'.
Scenario:
Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure
AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
NEW QUESTION 12
You have an Azure Active Directory (Azure AD) tenant that has the initial domain name. You have a domain name of contoso.com registered at a third-party registrar.
You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Answer:
Explanation: The process is simple:
Add the custom domain name to your directory
Add a DNS entry for the domain name at the domain name registrar
Verify the custom domain name in Azure AD
References: https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain
NEW QUESTION 13
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button. You recently created a virtual machine named Web01.
You need to attach a new 80-GB standard data disk named Web01-Disk1 to Web01.
What should you do from the Azure portal?
Answer:
Explanation: Add a data disk
Step 1. In the Azure portal, from the menu on the left, selecVt irtual machines.
Step 2. Select the Web01 virtual machine from the list.
Step 3. On the Virtual machine
page, , in Essentials, selecDt isks.
Step 4. On the Disks
page, select the Web01-Disk1 from the list of existing disks.
Step 5. In the Disks pane, click + Add data disk.
Step 6. Click the drop-down menu for Name to view a list of existing managed disks accessible to your Azure subscription. Select the managed disk Web01-Disk1 to attach:
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/attach-disk-portal
NEW QUESTION 14
You have an Active Directory forest named contoso.com.
You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled.
You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.
You need to ensure that the synchronization completes successfully. What should you do?
- A. From Synchronization Service Manager, run a full import.
- B. Run Azure AD Connect and set the SSO method to Pass-through Authentication.
- C. From Azure PowerShell, run Start-AdSyncSyncCycle -PolicyType Initial.
- D. Run Azure AD Connect and disable staging mode.
Answer: D
Explanation: Staging mode must be disabled. If the Azure AD Connect server is in staging mode, password hash synchronization is temporarily disabled.
References:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-troubleshoot-p
NEW QUESTION 15
You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of 131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
Ensure that you can upload the disk files to account1.
Ensure that you can attach the disks to VM1.
Prevent all other access to account1.
Which two actions should you perform? Each correct selection presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
- B. From the Firewalls and virtual networks blade of account1, select Selected networks.
- C. From the Firewalls and virtual networks blade of acount1, add VNet1.
- D. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
- E. From the Service endpoints blade of VNet1, add a service endpoint.
Answer: BE
Explanation: B: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.
Azure portal
Navigate to the storage account you want to secure.
Click on the settings menu called Firewalls and virtual networks.
To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all networks, choose to allow access from 'All networks'.
Click Save to apply your changes. E: Grant access from a Virtual Network
Storage accounts can be configured to allow access only from specific Azure Virtual Networks.
By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each request.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
NEW QUESTION 16
You have an Azure subscription that contains the resources in the following table.
Store1 contains a file share named Data. Data contains 5,000 files.
You need to synchronize the files in Data to an on-premises server named Server1.
Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A. Download an automation script.
- B. Create a container instance.
- C. Create a sync group.
- D. Register Server1.
- E. Install the Azure File Sync agent on Server1.
Answer: CDE
Explanation: Step 1 (E): Install the Azure File Sync agent on Server1
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share
Step 2 (D): Register Server1.
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3 (C): Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.
References: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide
NEW QUESTION 17
You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs Windows Server 2021 and is part of an availability set.
VM1 has virtual machine-level backup enabled. VM1 is deleted.
You need to restore VM1 from the backup. VM1 must be part of the availability set.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
NEW QUESTION 18
You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.
You need to delete the Recovery Services vault. What should you do first?
- A. From the Recovery Service vault, stop the backup of each backup item.
- B. From the Recovery Service vault, delete the backup data.
- C. Modify the disaster recovery properties of each virtual machine.
- D. Modify the locks of each virtual machine.
Answer: A
Explanation: You can't delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can't, the vault is still configured to receive backup data.
Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.
References: https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault
100% Valid and Newest Version AZ-100 Questions & Answers shared by Dumpscollection, Get Full Dumps HERE: http://www.dumpscollection.net/dumps/AZ-100/ (New 106 Q&As)