AZ-100 | Microsoft AZ-100 Exam Questions 2021

AZ-100 Exam Questions are updated and AZ-100 Study Guides are verified by experts. Once you have completely prepared with our AZ-100 Exam Questions and Answers you will be ready for the real AZ-100 exam without a problem. We have AZ-100 Braindumps. PASSED AZ-100 Dumps First attempt! Here What I Did.

Also have AZ-100 free dumps questions for you:

NEW QUESTION 1
You have an Azure Storage accounts as shown in the following exhibit.
AZ-100 dumps exhibit
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
AZ-100 dumps exhibit

    Answer:

    Explanation: Box 1: storageaccount1 and storageaccount2 only Box 2: All the storage accounts
    Note: The three different storage account options are: General-purpose v2 (GPv2) accounts, General-purpose v1 (GPv1) accounts, and Blob storage accounts.
    AZ-100 dumps exhibit General-purpose v2 (GPv2) accounts are storage accounts that support all of the latest features for blobs, files, queues, and tables.
    AZ-100 dumps exhibit Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs.
    AZ-100 dumps exhibit General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.
    References: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-options

    NEW QUESTION 2
    You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
    NOTE: Each correct selection is worth one point.
    AZ-100 dumps exhibit

      Answer:

      Explanation: This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL Server on Windows for the data tier.
      AZ-100 dumps exhibit
      Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
      A SQL database
      A web front end
      A processing middle tier
      Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
      Technical requirements include:
      Move all the virtual machines for App1 to Azure.
      Minimize the number of open ports between the App1 tiers.
      References: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server

      NEW QUESTION 3
      Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
      After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
      You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
      You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Automation script.
      Does this meet the goal?

      • A. Yes
      • B. No

      Answer: B

      NEW QUESTION 4
      You have an Azure subscription that contains two resource groups named RG1 and RG2. RG2 does not contain any resources. RG1 contains the resources in the following table.
      AZ-100 dumps exhibit
      Which resource can you move to RG2?

      • A. W10_OsDisk
      • B. VNet1
      • C. VNet3
      • D. W10

      Answer: B

      Explanation: When moving a virtual network, you must also move its dependent resources. For example, you must move gateways with the virtual network. VM W10, which is in Vnet1, is not a dependent resource.

      NEW QUESTION 5
      You have the Azure virtual machines shown in the following table.
      AZ-100 dumps exhibit
      You have a Recovery Services vault that protects VM1 and VM2. You need to protect VM3 and VM4 by using Recovery Services. What should you do first?

      • A. Configure the extensions for VM3 and VM4.
      • B. Create a new Recovery Services vault.
      • C. Create a storage account.
      • D. Create a new backup policy.

      Answer: B

      Explanation: A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services
      References: https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication

      NEW QUESTION 6
      You are planning the move of App1 to Azure. You create a network security group (NSG).
      You need to recommend a solution to provide users with access to App1. What should you recommend?

      • A. Create an outgoing security rule for port 443 from the Interne
      • B. Associate the NSG to all the subnets.
      • C. Create an incoming security rule for port 443 from the Interne
      • D. Associate the NSG to all the subnets.
      • E. Create an incoming security rule for port 443 from the Interne
      • F. Associate the NSG to the subnet that contains the web servers.
      • G. Create an outgoing security rule for port 443 from the Interne
      • H. Associate the NSG to the subnet thatcontains the web servers.

      Answer: C

      Explanation: As App1 is public-facing we need an incoming security rule, related to the access of the web servers. Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier.
      Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

      NEW QUESTION 7
      You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.
      AZ-100 dumps exhibit
      VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and Vnet2.
      An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
      You need to move the custom application to Vnet2. The solution must minimize administrative effort. Which two actions should you perform? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
      AZ-100 dumps exhibit

        Answer:

        Explanation: You can move a VM and its associated resources to another resource group using the portal. References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/move-vm

        NEW QUESTION 8
        You have an Azure subscription that contains a storage account named account1.
        You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of 131.107.1.0/24.
        You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
        You need to configure account1 to meet the following requirements:
        AZ-100 dumps exhibit Ensure that you can upload the disk files to account1.
        AZ-100 dumps exhibit Ensure that you can attach the disks to VM1.
        AZ-100 dumps exhibit Prevent all other access to account1.
        Which two actions should you perform? Each correct selection presents part of the solution.
        NOTE: Each correct selection is worth one point.

        • A. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
        • B. From the Firewalls and virtual networks blade of account1, select Selected networks.
        • C. From the Firewalls and virtual networks blade of acount1, add VNet1.
        • D. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
        • E. From the Service endpoints blade of VNet1, add a service endpoint.

        Answer: BE

        Explanation: B: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.
        Azure portal
        AZ-100 dumps exhibit Navigate to the storage account you want to secure.
        AZ-100 dumps exhibit Click on the settings menu called Firewalls and virtual networks.
        AZ-100 dumps exhibit To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all networks, choose to allow access from 'All networks'.
        AZ-100 dumps exhibit Click Save to apply your changes. E: Grant access from a Virtual Network
        Storage accounts can be configured to allow access only from specific Azure Virtual Networks.
        By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each request.
        References: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

        NEW QUESTION 9
        Overview
        The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
        Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
        Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
        Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
        To start the lab
        You may start the lab by clicking the Next button. You plan to host several secured websites on Web01.
        You need to allow HTTPS over TCP port 443 to Web01 and to prevent HTTP over TCP port 80 to Web01. What should you do from the Azure portal?

          Answer:

          Explanation: You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
          A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
          Step A: Create a network security group
          A1. Search for and select the resource group for the VM, choose Add, then search for and select Network security group.
          A2. Select Create.
          AZ-100 dumps exhibit
          The Create network security group window opens. A3. Create a network security group
          Enter a name for your network security group.
          Select or create a resource group, then select a location. A4. Select Create to create the network security group.
          Step B: Create an inbound security rule to allows HTTPS over TCP port 443 B1. Select your new network security group.
          B2. Select Inbound security rules, then select Add. B3. Add inbound rule
          B4. Select Advanced.
          From the drop-down menu, select HTTPS.
          You can also verify by clicking Custom and selecting TCP port, and 443. B5. Select Add to create the rule.
          Repeat step B2-B5 to deny TCP port 80
          B6. Select Inbound security rules, then select Add. B7. Add inbound rule
          B8. Select Advanced.
          Clicking Custom and selecting TCP port, and 80. B9. Select Deny.
          Step C: Associate your network security group with a subnet
          Your final step is to associate your network security group with a subnet or a specific network interface. C1. In the Search resources, services, and docs box at the top of the portal, begin typing Web01. When the
          Web01 VM appears in the search results, select it.
          C2. Under SETTINGS, select Networking. Select Configure the application security groups, select the Security Group you created in Step A, and then select Save, as shown in the following picture:
          AZ-100 dumps exhibit
          References:
          https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic

          NEW QUESTION 10
          You have an Azure tenant that contains two subscriptions named Subscription1 and Subscription2.
          In Subscription1, you deploy a virtual machine named Server1 that runs Windows Server 2021. Server1 uses managed disks.
          You need to move Server1 to Subscription2. The solution must minimize administration effort. What should you do first?

          • A. In Subscription2, create a copy of the virtual disk.
          • B. From Azure PowerShell, run the Move-AzureRmResource cmdlet.
          • C. Create a snapshot of the virtual disk.
          • D. Create a new virtual machine in Subscription2.

          Answer: B

          Explanation: To move existing resources to another resource group or subscription, use the Move-AzureRmResource cmdlet.
          References:
          https://docs.microsoft.com/en-in/azure/azure-resource-manager/resource-group-move-resources#moveresources

          NEW QUESTION 11
          You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.
          Subscription1 contains a virtual network named VNet1.VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.
          Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24.
          You need to connect VNet1 to VNet2. What should you do first?

          • A. Move VNet1 to Subscription2.
          • B. Modify the IP address space of VNet2.
          • C. Provision virtual network gateways.
          • D. Move VM1 to Subscription2.

          Answer: C

          Explanation: The virtual networks can be in the same or different regions, and from the same or different subscriptions. When connecting VNets from different subscriptions, the subscriptions do not need to be associated with the same Active Directory tenant.
          Configuring a VNet-to-VNet connection is a good way to easily connect VNets. Connecting a virtual network to another virtual network using the VNet-to-VNet connection type (VNet2VNet) is similar to creating a
          Site-to-Site IPsec connection to an on-premises location. Both connectivity types use a VPN gateway to provide a secure tunnel using IPsec/IKE, and both function the same way when communicating.
          The local network gateway for each VNet treats the other VNet as a local site. This lets you specify additional address space for the local network gateway in order to route traffic.
          References:
          https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal

          NEW QUESTION 12
          You have an Azure subscription named Subscrption1 that is associated to an Azure Active Directory (Azure AD) tenant named AAD1.
          Subscription1 contains the objects in the following table:
          AZ-100 dumps exhibit
          You plan to create a single backup policy for Vault1. To answer, select the appropriate options in the answer area.
          NOTE: Each correct selection is worth one point.
          AZ-100 dumps exhibit

            Answer:

            Explanation: Box 1: RG1 only Box 2: 99 years
            With the latest update to Azure Backup, customers can retain their data for up to 99 years in Azure.
            Note: A backup policy defines a matrix of when the data snapshots are taken, and how long those snapshots are retained.
            The backup policy interface looks like this:
            AZ-100 dumps exhibit
            References:
            https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm#defining-a-backup-policy
            https://blogs.microsoft.com/firehose/2015/02/16/february-update-to-azure-backup-includes-data-retention-up-to-

            NEW QUESTION 13
            You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs Windows Server 2021 and is part of an availability set.
            VM1 has virtual machine-level backup enabled. VM1 is deleted.
            You need to restore VM1 from the backup. VM1 must be part of the availability set.
            Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
            AZ-100 dumps exhibit

              Answer:

              Explanation: AZ-100 dumps exhibit

              NEW QUESTION 14
              You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name should you use?

              • A. ad.humongousinsurance.com
              • B. humongousinsurance.onmicrosoft.com
              • C. humongousinsurance.local
              • D. humongousinsurance.com

              Answer: D

              Explanation: Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as ‘alice@contoso.com.’ instead of 'alice@domain name.onmicrosoft.com'.
              Scenario:
              Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
              Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure
              AD.
              References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain

              NEW QUESTION 15
              Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
              After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
              You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
              Another administrator plans to create several network security groups (NSGs) in the subscription.
              You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
              Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider. Does this meet the goal?

              • A. Yes
              • B. No

              Answer: B

              NEW QUESTION 16
              Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com.
              Adatum.com contains the user accounts in the following table.
              AZ-100 dumps exhibit
              Adatum.onmicrosoft.com contains the user accounts in the following table.
              AZ-100 dumps exhibit
              You need to implement Azure AD Connect. The solution must follow the principle of least privilege.
              Which user accounts should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
              AZ-100 dumps exhibit

                Answer:

                Explanation: Box 1: User5
                In Express settings, the installation wizard asks for the following: AD DS Enterprise Administrator credentials
                Azure AD Global Administrator credentials
                The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in Active Directory can be set in all domains.
                Box 2: UserA
                Azure AD Global Admin credentials credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.
                References:
                https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissio

                NEW QUESTION 17
                Your company has an Azure subscription named Subscription1.
                The company also has two on-premises servers named Server1 and Server2 that run Windows Server 2021. Server1 is configured as a DNS server that has a primary DNS zone named adatum.com. Adatum.com contains 1,000 DNS records.
                You manage Server1 and Subscription1 from Server2. Server2 has the following tools installed:
                AZ-100 dumps exhibit The DNS Manager console
                AZ-100 dumps exhibit Azure PowerShell
                AZ-100 dumps exhibit Azure CLI 2.0
                You need to move the adatum.com zone to Subscription1. The solution must minimize administrative effort. What should you use?

                • A. Azure PowerShell
                • B. Azure CLI
                • C. the Azure portal
                • D. the DNS Manager console

                Answer: B

                Explanation: Azure DNS supports importing and exporting zone files by using the Azure command-line interface (CLI). Zone file import is not currently supported via Azure PowerShell or the Azure portal.
                References: https://docs.microsoft.com/en-us/azure/dns/dns-import-export

                NEW QUESTION 18
                Your company registers a domain name of contoso.com.
                You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
                You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address. You need to resolve the name resolution issue.
                Solution: You add an NS record to the contoso.com zone. Does this meet the goal?

                • A. Yes
                • B. No

                Answer: A

                Explanation: Before you can delegate your DNS zone to Azure DNS, you need to know the name servers for your zone. The NS record set contains the names of the Azure DNS name servers assigned to the zone.
                References: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

                Thanks for reading the newest AZ-100 exam dumps! We recommend you to try the PREMIUM DumpSolutions AZ-100 dumps in VCE and PDF here: https://www.dumpsolutions.com/AZ-100-dumps/ (106 Q&As Dumps)