100% Correct AZ-102 Exam Dumps 2021

NEW QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscript contains a resource group named Dev.d Subscription1. Adatum contains a group named Developers. Subscription!
You need to provide the Developers group with the ability to create Azure logic apps in the; Dev, resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

NEW QUESTION 2
HOT SPOT
You need to prepare the environment to implement the planned changes for Server2. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: Create a Recovery Services vault
Create a Recovery Services vault on the Azure Portal. Box 2: Install the Azure Site Recovery Provider
Azure Site Recovery can be used to manage migration of on-premises machines to Azure. Scenario: Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Server2 has the Hyper-V host role. References:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure

Case Study: 8
Mix Questions Set C (Evaluate and perform server migration to Azure)

NEW QUESTION 3
You plan to support many connections to your company's automatically uses up to five instances when CPU utilization on the instances exceeds 70 percent for 10 minutes. When CPU utilization decreases, the solution must automatically reduce the number of instances.
What should you do from the Azure portal?

Answer:

Explanation: Step 1:
Locate the Homepage App Service plan Step 2:
Click Add a rule, and enter the appropriate fields, such as below, and the click Add. Time aggregation: average
Metric Name: Percentage CPU Operator: Greater than Threshold 70
Duration: 10 minutes Operation: Increase count by Instance count: 4

Step 3:
We must add a scale in rule as well. Click Add a rule, and enter the appropriate fields, such as below, then click Add.
Operator: Less than
Threshold 70
Duration: 10 minutes Operation: Decrease count by Instance count: 4 References:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-setsautoscale- portal
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/insights-autoscale-bestpractices

NEW QUESTION 4
You need to create a web app named corp7509086n2 that can be scaled horizontally. The solution must use the lowest possible pricing tier for the App Service plan.
What should you do from the Azure portal?

Answer:

Explanation: Step 1:
In the Azure Portal, click Create a resource > Web + Mobile > Web App. Step 2:
Use the Webb app settings as listed below. Web App name: corp7509086n2
Hosting plan: Azure App Service plan Pricing tier of the Pricing Tier: Standard
Change your hosting plan to Standard, you can't setup auto-scaling below standard tier. Step 3:
Select Create to provision and deploy the Web app. References:
https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-web-how-to-createa- web-app-in-an-ase
https://azure.microsoft.com/en-us/pricing/details/app-service/plans/

NEW QUESTION 5
You are configuring serverless computing in Azure.
You need to receive an email message whenever a resource is created in or deleted from a resource group. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation: Step 1: Create an event subscription
When you subscribe to events for a resource group, your endpoint receives all events for that resource group. Step 2: Create an Azure Event Grid trigger
Step 3: Create conditions and actions References:
https://docs.microsoft.com/en-us/azure/event-grid/event-schema-resource-groups

NEW QUESTION 6
DRAG DROP
You have two Azure virtual machines named VM1 and VM2. VM1 has a single data disk named Disk1. You need to attach Disk1 to VM2. The solution must minimize downtime for both virtual machines.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation: Step 1: Stop VM1.
Step 2: Detach Disk1 from VM1. Step 3: Start VM1.
Detach a data disk using the portal
In the left menu, select Virtual Machines.
Select the virtual machine that has the data disk you want to detach and click Stop to deallocate the
VM.
In the virtual machine pane, select Disks. At the top of the Disks pane, select Edit.
In the Disks pane, to the far right of the data disk that you would like to detach, click the Detach button image detach button.
After the disk has been removed, click Save on the top of the pane.
In the virtual machine pane, click Overview and then click the Start button at the top of the pane to restart the VM.
The disk stays in storage but is no longer attached to a virtual machine. Step 4: Attach Disk1 to VM2
Attach an existing disk
Follow these steps to reattach an existing available data disk to a running VM. Select a running VM for which you want to reattach a data disk.
From the menu on the left, select Disks.
Select Attach existing to attach an available data disk to the VM. From the Attach existing disk pane, select OK.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/detach-disk https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-attach-detach-data-disk

NEW QUESTION 7
SIMULATION
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.



When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
Your on-premises network uses an IP address range of 131.107.2.0 to 131.107.2.255. You need to ensure that only devices from the on-premises network can connect to the rg1lod7523691n1 storage account.
What should you do from the Azure portal?

Answer:

Explanation: Step 1: Navigate to the rg1lod7523691n1 storage account.
Step 2: Click on the settings menu called Firewalls and virtual networks. Step 3: Ensure that you have elected to allow access from 'Selected networks'.
Step 4: To grant access to an internet IP range, enter the address range of 131.107.2.0 to 131.107.2.255 (in CIDR format) under Firewall, Address Ranges.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

NEW QUESTION 8
You have an Azure subscription.
You enable multi-factor authentication for all users.
Some users report that the email applications on their mobile device cannot co browser and from Microsoft Outlook 2021 on their computer.
You need to ensure that the users can use the email applications on their mobile device. What should you instruct the users to do?
The users can access Exchange Online by using a web

• A. Enable self-service password reset.
• B. Create an app password.
• C. Reset the Azure Active Directory (Azure AD) password.
• D. Reinstall the Microsoft Authenticator app.

Answer: A

Explanation: References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks

NEW QUESTION 9
You sign up for Azure Active Directory (Azure AD) Premium.
You need to add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain.
What should you configure in Azure AD?

• A. Device settings from the Devices blade.
• B. General settings from the Groups blade.
• C. User settings from the Users blade.
• D. Providers from the MFA Server blade.

Answer: C

Explanation: When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principles to the local administrators group on the device:
The Azure AD global administrator role The Azure AD device administrator role
The user performing the Azure AD join In the Azure portal, you can manage the device administrator role on the Devices page. To open the Devices
page: 1. Sign in to your Azure portal as a global administrator or device administrator.
2. On the left navbar, click Azure Active Directory.
3. In the Manage section, click Devices.
4. On the Devices page, click Device settings.
5. To modify the device administrator role, configure Additional local administrators on Azure AD joined
devices.
References: https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

NEW QUESTION 10
You have an Azure Active Directory (Azure AD) tenant.
All administrators must enter a verification code to access the Azure portal.
You need to ensure that the administrators can access the Azure portal only from your on-premises network. What should you configure?

• A. the multi-factor authentication service settings
• B. an Azure AD Identity Protection user risk policy
• C. the default for all the roles in Azure AD Privileged Identity Management
• D. an Azure AD Identity Protection sign-in risk policy

Answer: A

NEW QUESTION 11
Note: This question is part of a series questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named Vnet1 that is hosted in the West US Azure region. VNet hosts two virtual machines named VM1 and VM2 run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Network Watcher, you create a connection monitor.
Does this meet the goal?

• A. YES
• B. NO

Answer: A

Explanation: Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network.
Capture packets to and from a VM
Advanced filtering options and fine-tuned controls, such as the ability to set time and size limitations, provide versatility. The capture can be stored in Azure Storage, on the VM's disk, or both. You can then analyze the capture file using several standard network capture analysis tools.
Network Watcher variable packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine. Packet capture helps to diagnose network anomalies both reactively and proactivity.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

NEW QUESTION 12
You have an Azure subscription that contains the resources in the following table.

Store1 contains a file share named Data. Data contains 5,000 files.
You need to synchronize the files in Data to an on-premises server named Server1.
Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Download an automation script.
• B. Create a container instance.
• C. Create a sync group.
• D. Register Server1.
• E. Install the Azure File Sync agent on Server1.

Answer: CDE

Explanation: Step 1 (E): Install the Azure File Sync agent on Server1
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share
Step 2 (D): Register Server1.
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3 (C): Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server. References: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deploymentguide

NEW QUESTION 13
You have the Azure virtual machines shown in the following table.

You have a Recovery Services vault that protects VM1 and VM2. You need to protect VM3 and VM4 by using Recovery Services. What should you do first?

• A. Configure the extensions for VM3 and VM4.
• B. Create a new Recovery Services vault.
• C. Create a storage account.
• D. Create a new backup polic

Answer: B

Explanation: A Recovery Services vault is a storage entity in Azure that houses dat
A. The data is typically copies of
data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services
References: https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enablereplication

NEW QUESTION 14
HOT SPOT
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. You add the users in the following table.

Which user can perform each configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: User1 and User3 only.
The Owner Role lets you manage everything, including access to resources. The Network Contributor role lets you manage networks, but not access to them. Box 2: User1 and User2 only
The Security Admin role: In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

NEW QUESTION 15
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE Each correct selection is worth one point.

• A. Azure Active Directory (AD) Identity Protection and an Azure policy
• B. a Recovery Services vault and a backup policy
• C. an Azure Key Vault and an access policy
• D. an Azure Storage account and an access policy

Answer: BD

Explanation: D: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com
Incorrect Answers:
A: Seamless SSO needs the user's device to be domain-joined, but doesn't need for the device to be Azure AD Joined.
C: Azure AD connect does not port 8080. It uses port 443.
E: Seamless SSO is not applicable to Active Directory Federation Services (ADFS).
Scenario: Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.
Planned Azure AD Infrastructure include: The on-premises Active Directory domain will be synchronized to Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directoryaadconnect-sso-quick-start

NEW QUESTION 16
HOT SPOT
You plan to create an Azure Storage account in the Azure region of East US 2. You need to create a storage account that meets the following requirements: Replicates synchronously
Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2) ZRS only support GPv2.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs

NEW QUESTION 17
You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2021. Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1. What can you do from the Azure portal?

• A. Generate an automation script for RG1.
• B. View the keys of storageaccount1.
• C. Upload a blob to storageaccount1.
• D. Start VM1.

Answer: B

Explanation: ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lockresources

NEW QUESTION 18
You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.

RG1 has a web app named WebApp1. WebApp1 is located in West Europe. You move WebApp1 to RG2. What is the effect of the move?

• A. The App Service plan to WebApp1 moves to North Europ
• B. Policy2 applies to WebApp1.
• C. The App Service plan to WebApp1 moves to North Europ
• D. Policy1 applies to WebApp1.
• E. The App Service plan to WebApp1 remains to West Europ
• F. Policy2 applies to WebApp1.
• G. The App Service plan to WebApp1 remains to West Europ
• H. Policy1 applies to WebApp1.

Answer: C

NEW QUESTION 19
You need to implement a backup solution for App1 after the application is moved. What should you create first?

• A. a recovery plan
• B. an Azure Backup Server
• C. a backup policy
• D. a Recovery Services vault

Answer: D

Explanation: A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault.
Scenario:
There are three application tiers, each with five virtual machines.
Move all the virtual machines for App1 to Azure.
Ensure that all the virtual machines for App1 are protected by backups.
References: https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal

NEW QUESTION 20
You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of 131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24. You need to configure account1 to meet the following requirements:
Ensure that you can upload the disk files to account1. Ensure that you can attach the disks to VM1. Prevent all other access to account1.
Which two actions should you perform? Each correct selection presents part of the solution. NOTE: Each correct selection is worth one point.

• A. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
• B. From the Firewalls and virtual networks blade of account1, select Selected networks.
• C. From the Firewalls and virtual networks blade of acount1, add VNet1.
• D. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services toaccess this storage account.
• E. From the Service endpoints blade of VNet1, add a service endpoin

Answer: BE

Explanation: B: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.
Azure portal
Navigate to the storage account you want to secure.
Click on the settings menu called Firewalls and virtual networks.
To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all networks, choose to allow access from 'All networks'.
Click Save to apply your changes.
E: Grant access from a Virtual Network
Storage accounts can be configured to allow access only from specific Azure Virtual Networks. By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each request.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security