Act now and download your AZ-102 Dumps today! Do not waste time for the worthless AZ-102 Free Practice Questions tutorials. Download AZ-102 Exam Questions and Answers with real questions and answers and begin to learn AZ-102 Exam Questions with a classic professional.
Free demo questions for Microsoft AZ-102 Exam Dumps Below:
NEW QUESTION 1
You have an Azure Active Directory (Azure AD) tenant.
You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations.
You need to ensure that members of the Global Administrators group will also be forced to use multi- factor authentication when authenticating from untrusted locations.
What should you do?
- A. From the multi-factor authentication page, modify the service settings.
- B. From the multi-factor authentication page, modify the user settings.
- C. From the Azure portal, modify grant control of Policy1.
- D. From the Azure portal, modify session control of Policy1.
Answer: C
Explanation: There are two types of controls: Grant controls – To gate access
Session controls – To restrict access to a session
Grant controls oversee whether a user can complete authentication and reach the resource that they’re attempting to sign-in to. If you have multiple controls selected, you can configure whether all of them are required when your policy is processed. The current implementation of Azure Active Directory enables you to set the following grant control requirements:
References:
https://blog.lumen21.com/2021/12/15/conditional-access-in-azure-active-directory/
NEW QUESTION 2
DRAG DROP
You have an on-premises file server named Server1 that runs Windows Server 2021. You have an Azure subscription that contains an Azure file share.
You deploy an Azure File Sync Storage Sync Service, and you create a sync group. You need to synchronize files from Server1 to Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation: Step 1: Install the Azure File Sync agent on Server1
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share
Step 2: Register Server1.
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3: Add a server endpoint
Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server. References: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deploymentguide
NEW QUESTION 3
HOT SPOT
Your company has offices in New York and Los Angeles.
You have an Azure subscription that contains an Azure virtual network named VNet1. Each office has a site-to-site VPN connection to VNet1.
Each network uses the address spaces shown in the following table.
You need to ensure that all Internet-bound traffic from VNet1 is routed through the New York office. What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation: Incorrect Answers:
Not: New-AzureRmVirtualNetworkGatewayConnection
This command creates the Site-to-Site VPN connection between the virtual network gateway and the on-prem VPN device. We already have Site-to-Site VPN connections.
Box 2: 192.168.0.0/20
Specify the VNET1 address. References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.network/setazurermvirtualnetworkgatewaydefaultsite
NEW QUESTION 4
You need to move the blueprint files to Azure. What should you do?
- A. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
- B. Use the Azure Import/Export service.
- C. Generate an access ke
- D. Map a drive, and then copy the files by using File Explorer.
- E. Use Azure Storage Explorer to copy the file
Answer: D
Explanation: Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can use it to upload and download data from Azure blob storage.
Scenario:
Planned Changes include: move the existing product blueprint files to Azure Blob storage. Technical Requirements include: Copy the blueprint files to Azure over the Internet.
References: https://docs.microsoft.com/en-us/azure/machine-learning/team-data-scienceprocess/move-data-to-azure-blob-using-azure-storage-explorer
NEW QUESTION 5
Note: This question is part of a series of Questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these Questions will not appear in the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Deployments.
Does this meet the goal?
- A. Yes
- B. No
Answer: A
NEW QUESTION 6
You have an Azure subscription named Subscnption1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1. What should you do fit -
- A. From the Azure portal modify the Access control (1AM) settings of VM1.
- B. From the Azure portal, modify the Policies settings of RG1.
- C. From the Azure portal, modify the value of the Managed Service Identity option for VM1.
- D. From the Azure portal, modify the Access control (IAM) settings of RG1.
Answer: C
Explanation: A managed identity from Azure Active Directory allows your app to easily access other AADprotected
resources such as Azure Key Vault. The identity is managed by the Azure platform and does not require you to provision or rotate any secrets.
User assigned managed identities can be used on Virtual Machines and Virtual Machine Scale Sets. References:
https://docs.microsoft.com/en-us/azure/app-service/app-service-managed-service-identity
NEW QUESTION 7
Your marketing team creates a new website that you must load balance for 99.99 percent availability. You need to deploy and configure a solution for both machines in the Web-AS availability set to load balance the website over HTTP. The solution must use the load balancer your resource group.
What should you do from the Azure portal?
Answer:
Explanation: To distribute traffic to the VMs in the availability set, a back-end address pool contains the IP addresses of the virtual NICs that are connected to the load balancer. Create the back-end address pool to include the VMs in the availability set.
Step 1:
Select All resources on the left menu, and then select LoadBalancer from the resource list. Step 2:
Under Settings, select Backend pools, and then select Add. Step 3:
On the Add a backend pool page, select the Web-AS availability set, and then select OK:
References:
https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-create-basic-load-balancer-portal
NEW QUESTION 8
Which blade should you instruct the finance department auditors to use?
- A. invoices
- B. partner information
- C. cost analysis
- D. External services
Answer: A
NEW QUESTION 9
HOT SPOT
You have an Azure Storage accounts as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation: Box 1: storageaccount1 and storageaccount2 only Box 2: All the storage accounts
Note: The three different storage account options are: General-purpose v2 (GPv2) accounts, Generalpurpose v1 (GPv1) accounts, and Blob storage accounts.
General-purpose v2 (GPv2) accounts are storage accounts that support all of the latest features for blobs, files, queues, and tables.
Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs.
General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-options
NEW QUESTION 10
HOT SPOT
You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation: This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL Server on Windows for the data tier.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only. Technical requirements include:
Move all the virtual machines for App1 to Azure. Minimize the number of open ports between the App1 tiers.
References: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server
NEW QUESTION 11
You have an Azure App Service plan named AdatumASP1 that uses the P2v2 pricing tier. AdatumASP1 hosts Ml Azure web app named adatumwebapp1. You need to delegate the management of adatumwebapp1 to a group named Devs. Devs must be able to perform the following tasks:
• Add deployment slots.
• View the configuration of AdatumASP1.
• Modify the role assignment for adatumwebapp1. Which role should you assign to the Devs group?
- A. Owner
- B. Contributor
- C. Web Plan Contributor
- D. Website Contributor
Answer: B
Explanation: The Contributor role lets you manage everything except access to resources. Incorrect Answers:
A: The Owner role lets you manage everything, including access to resources.
C: The Web Plan Contributor role lets you manage the web plans for websites, but not access to them.
D: The Website Contributor role lets you manage websites (not web plans), but not access to them. References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
NEW QUESTION 12
Note: This question is part of a series of Questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.
Solution: From the Overview blade, you move the virtual machine to a different resource group. Does this meet the goal?
- A. Yes
- B. No
Answer: B
NEW QUESTION 13
HOT SPOT
You have an on-premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
You need to create a site-to-site VPN. The solution must ensure that is a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation: Box 1: 4
Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET. The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below.
Box 2: 2
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections.
Box 3: 2
Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
NEW QUESTION 14
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs.
What should you use?
- A. Diagram in VNet1
- B. the security recommendations in Azure Advisor
- C. Diagnostic settings in Azure Monitor
- D. Diagnose and solve problems in Traffic Manager Profiles
- E. IP flow verify in Azure Network Watcher
Answer: E
Explanation: Scenario: Contoso must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
NEW QUESTION 15
You plan to move services from your on-premises network to Azure.
You identify several virtual machines that you believe can be hosted in Azure. The virtual machines are shown in the following table.
Which two virtual machines can you access by using Azure migrate? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. Sea-CA0l
- B. Hou-NW01
- C. NYC-FS01
- D. Sea-DC01
- E. BOS-DB01
Answer: CE
NEW QUESTION 16
You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. an XML manifest file
- B. a driveset CSV file
- C. a dataset CSV file
- D. a PowerShell PS1 file
- E. a JSON configuration file
Answer: BC
Explanation: B: Modify the driveset.csv file in the root folder where the tool resides.
C: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-datato- files
NEW QUESTION 17
You recently deployed a web app named homepagelod7509087.
You need to back up the code used for the web app and to store the code in the homepagelod7509Q87 storage account. The solution must ensure that a new backup is created daily. What should you do from the Azure portal?
Answer:
Explanation: Step 1:
Locate and select the web app homepagelod7509087, select Backups. The Backups page is displayed.
Step 2:
In the Backup page, Click Configure. Step 3:
In the Backup Configuration page, click Storage: Not configured to configure a storage account.
Step 4:
Choose your backup destination by selecting a Storage Account and Container. Select the homepagelod7509087 storage account.
Step 5:
In the Backup Configuration page that is still left open, select Scheduled backup On, and configure daily backups.
Step 6:
In the Backup Configuration page, click Save. Step 7:
In the Backups page, click Backup.
References:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-backup
NEW QUESTION 18
SIMULATION
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You need to deploy an Azure virtual machine named VM1004a based on the Ubuntu Server 17.10 image, and then to configure VM1004a to meet the following requirements:
The virtual machine must contain data disks that can store at least 15 TB of data. The data disks must be able to provide at least 2,000 IOPS.
Storage costs must be minimized.
What should you do from the Azure portal?
Answer:
Explanation: 1. Open the Azure portal.
2. On the left menu, select All resources. You can sort the resources by Type to easily find your images.
3. Select the image you want to use from the list. The image Overview page opens.
4. Select Create VM from the menu.
5. Enter the virtual machine information.
Select VM1004a as the name for the first Virtual machine.
The user name and password entered here will be used to log in to the virtual machine. When complete, select OK. You can create the new VM in an existing resource group, or choose Create new to create a new resource group to store the VM.
6. Select a size for the VM. To see more sizes, select View all or change the Supported disk type filter. To support 15 TB of data you would need a Premium disk.
7. Under Settings, make changes as necessary and select OK.
8. On the summary page, you should see your image name listed as a Private image. Select Ok to start the virtual machine deployment.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-vmgeneralized- managed
NEW QUESTION 19
From the MFA Server blade, you open the Block/unblock users blade as shown in the exhibit. Block/unblock users
A blocked user will not receive Multi-Factor Authentication requests. Authentication attempts for that user will be automatically denied. A user will remain blocked for 90 days from the time they are blocked. To manually unblock a user, click the “Unblock” action.
What caused AlexW to be blocked?
- A. The user entered an incorrect PIN four times within 10 minutes.
- B. The user account password expired.
- C. An administrator manually blocked the user.
- D. The user reported a fraud alert when prompted for additional authenticatio
Answer: D
NEW QUESTION 20
HOT SPOT
You have an Azure subscription named Subscription1. Subscription1 contains two Azure virtual machines named VM1 and VM2. VM1 and VM2 run Windows Server 2021.
VM1 is backed up daily by Azure Backup without using the Azure Backup agent. VM1 is affected by ransomware that encrypts data.
You need to restore the latest backup of VM1.
To which location can you restore the backup? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation: Box 1: VM1 only
To restore files or folders from the recovery point, go to the virtual machine and choose the desired recovery point.
Box 2: A new Azure virtual machine only
On the Restore configuration blade, you have two choices: Create virtual machine
Restore disks References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms
P.S. Easily pass AZ-102 Exam with 195 Q&As Surepassexam Dumps & pdf Version, Welcome to Download the Newest Surepassexam AZ-102 Dumps: https://www.surepassexam.com/AZ-102-exam-dumps.html (195 New Questions)