AZ-102 | Precise AZ-102 Exam Questions 2021

NEW QUESTION 1
You have an Azure subscription that contains 100 virtual machines. You regularly create and delete virtual machines.
You need to identify unused disks that can be deleted. What should you do?

• A. From Microsoft Azure Storage Explorer, view the Account Management properties.
• B. From the Azure portal, configure the Advisor recommendations.
• C. From Cloudyn, open the Optimizer tab and create a report.
• D. From Cloudyn, create a Cost Management repor

Answer: A

Explanation: You can find unused disks in the Azure Storage Explorer console. Once you drill down to the Blob containers under a storage account, you can see the lease state of the residing VHD (the lease state determines if the VHD is being used by any resource) and the VM to which it is leased out. If you find that the lease state and the VM fields are blank, it means that the VHD in question is unused.
Note: The ManagedBy property stores the Id of the VM to which Managed Disk is attached to. If the ManagedBy property is $null then it means that the Managed Disk is not attached to a VM References:
https://cloud.netapp.com/blog/reduce-azure-storage-costs

NEW QUESTION 2
You are planning the move of App1 to Azure. You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1. What should you recommend?

• A. Create an outgoing security rule for port 443 from the Interne
• B. Associate the NSG to all the subnets.
• C. Create an incoming security rule for port 443 from the Interne
• D. Associate the NSG to all the subnets.
• E. Create an incoming security rule for port 443 from the Interne
• F. Associate the NSG to the subnet thatcontains the web servers.
• G. Create an outgoing security rule for port 443 from the Interne
• H. Associate the NSG to the subnet thatcontains the web server

Answer: C

Explanation: As App1 is public-facing we need an incoming security rule, related to the access of the web servers. Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier.
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

NEW QUESTION 3
You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com.
You need to enable two-step verification for Azure users. What should you do?

• A. Configure a playbook in Azure AD conditional access policy.
• B. Create an Azure AD conditional access policy.
• C. Create and configure the Identify Hub.
• D. Install and configure Azure AD Connec

Answer: B

Explanation: References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

NEW QUESTION 4
You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.
What should you include in the recommended?

• A. Azure AP B2C
• B. Azure AD Identity Protection
• C. an Azure logic app and the Microsoft Identity Management (MIM) client
• D. dynamic groups and conditional access policies

Answer: D

Explanation: Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other conditions.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

NEW QUESTION 5
You have an Azure subscription that contains 10 virtual machines.
You need to ensure that you receive an email message when any virtual machines are powered off, restarted, or deallocated.
What is the minimum number of rules and action groups that you require?

• A. three rules and three action groups
• B. one rule and one action group
• C. three rules and one action group
• D. one rule and three action groups

Answer: C

Explanation: An action group is a collection of notification preferences defined by the user. Azure Monitor and Service
Health alerts are configured to use a specific action group when the alert is triggered. Various alerts may use the same action group or different action groups depending on the user's requirements. References: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-actiongroups

NEW QUESTION 6
You have an Azure App Service plan named AdatumASP1 that uses the P2v2 pricing tier. AdatumASP1 hosts Ml Azure web app named adatumwebapp1. You need to delegate the management of adatumwebapp1 to a group named Devs. Devs must be able to perform the following tasks:
• Add deployment slots.
• View the configuration of AdatumASP1.
• Modify the role assignment for adatumwebapp1. Which role should you assign to the Devs group?

• A. Owner
• B. Contributor
• C. Web Plan Contributor
• D. Website Contributor

Answer: B

Explanation: The Contributor role lets you manage everything except access to resources. Incorrect Answers:
A: The Owner role lets you manage everything, including access to resources.
C: The Web Plan Contributor role lets you manage the web plans for websites, but not access to them.
D: The Website Contributor role lets you manage websites (not web plans), but not access to them. References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

NEW QUESTION 7
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com. Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD You need to ensure that Azure can verify the domain name. Which type of DNS record should you create?

• A. PTR
• B. MX
• C. NSEC3
• D. RRSIG

Answer: B

Explanation: To verify your custom domain name (example)
Sign in to the Azure portal using a Global administrator account for the directory. Select Azure Active Directory, and then select Custom domain names.
On the Fabrikam - Custom domain names page, select the custom domain name, Contoso.
On the Contoso page, select Verify to make sure your custom domain is properly registered and is valid for Azure AD. Use either the TXT or the MX record type.

References:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain

NEW QUESTION 8
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs.
What should you use?

• A. Diagram in VNet1
• B. the security recommendations in Azure Advisor
• C. Diagnostic settings in Azure Monitor
• D. Diagnose and solve problems in Traffic Manager Profiles
• E. IP flow verify in Azure Network Watcher

Answer: E

Explanation: Scenario: Contoso must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

NEW QUESTION 9
You sign up for Azure Active Directory (Azure AD) Premium.
You need to add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain.
What should you configure in Azure AD?

• A. Device settings from the Devices blade.
• B. General settings from the Groups blade.
• C. User settings from the Users blade.
• D. Providers from the MFA Server blade.

Answer: C

Explanation: When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principles to the local administrators group on the device:
The Azure AD global administrator role The Azure AD device administrator role
The user performing the Azure AD join In the Azure portal, you can manage the device administrator role on the Devices page. To open the Devices
page: 1. Sign in to your Azure portal as a global administrator or device administrator.
2. On the left navbar, click Azure Active Directory.
3. In the Manage section, click Devices.
4. On the Devices page, click Device settings.
5. To modify the device administrator role, configure Additional local administrators on Azure AD joined
devices.
References: https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

NEW QUESTION 10
SIMULATION
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.






When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You need to deploy two Azure virtual machines named VM1003a and VM1003b based on the Ubuntu Server 17.10 image. The deployment must meet the following requirements:
Provide a Service Level Agreement (SLA) of 99.95 percent availability. Use managed disks.
What should you do from the Azure portal?

Answer:

Explanation: 1. Open the Azure portal.
2. On the left menu, select All resources. You can sort the resources by Type to easily find your images.
3. Select the image you want to use from the list. The image Overview page opens.
4. Select Create VM from the menu.
5. Enter the virtual machine information.
Select VM1003a as the name for the first Virtual machine.
The user name and password entered here will be used to log in to the virtual machine. When complete, select OK. You can create the new VM in an existing resource group, or choose Create new to create a new resource group to store the VM.
6. Select a size for the VM. To see more sizes, select View all or change the Supported disk type filter.
7. Under Settings, make changes as necessary and select OK.
8. On the summary page, you should see your image name listed as a Private image. Select Ok to start the virtual machine deployment.
Repeat the procedure for the second VM and name it VM1003b.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-vmgeneralized- managed

NEW QUESTION 11
DRAG DROP
You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs Windows Server 2021 and is part of an availability set.
VM1 has virtual machine-level backup enabled. VM1 is deleted.
You need to restore VM1 from the backup. VM1 must be part of the availability set.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

NEW QUESTION 12
DRAG DROP
You have an Azure subscription. The subscription includes a virtual network named VNet1. Currently, VNet1 does not contain any subnets.
You plan to create subnets on VNet1 and to use application security groups to restrict the traffic between the subnets. You need to create the application security groups and to assign them to the
subnets.
Which four cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

Answer:

Explanation: Step 1: New-AzureRmNetworkSecurityRuleConfig
Step 2: New-AzureRmNetworkSecurityGroup
Step 3: New-AzureRmVirtualNetworkSubnetConfig
Step 4: New-AzureRmVirtualNetwork
Example: Create a virtual network with a subnet referencing a network security group New-AzureRmResourceGroup -Name TestResourceGroup -Location centralus
$rdpRule = New-AzureRmNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" - Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix Internet - SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389
$networkSecurityGroup = New-AzureRmNetworkSecurityGroup -ResourceGroupName TestResourceGroup -Location centralus -Name "NSG-FrontEnd" -SecurityRules $rdpRule
$frontendSubnet = New-AzureRmVirtualNetworkSubnetConfig -Name frontendSubnet - AddressPrefix "10.0.1.0/24" -NetworkSecurityGroup $networkSecurityGroup
$backendSubnet = New-AzureRmVirtualNetworkSubnetConfig -Name backendSubnet - AddressPrefix "10.0.2.0/24" -NetworkSecurityGroup $networkSecurityGroup
New-AzureRmVirtualNetwork -Name MyVirtualNetwork -ResourceGroupName TestResourceGroup - Location centralus -AddressPrefix "10.0.0.0/16" -Subnet $frontendSubnet,$backendSubnet References: https://docs.microsoft.com/en-us/powershell/module/azurerm.network/newQuestions
& Answers PDF P-44 azurermvirtualnetwork?view=azurermps-6.7.0

NEW QUESTION 13
HOT SPOT
You have an Azure subscription named Subscrption1 that is associated to an Azure Active Directory (Azure AD) tenant named AAD1.
Subscription1 contains the objects in the following table:

You plan to create a single backup policy for Vault1. To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: RG1 only Box 2: 99 years
With the latest update to Azure Backup, customers can retain their data for up to 99 years in Azure. Note: A backup policy defines a matrix of when the data snapshots are taken, and how long those snapshots are retained.
The backup policy interface looks like this:

References: https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-lookarm# defining-a-backup-policy
https://blogs.microsoft.com/firehose/2015/02/16/february-update-to-azure-backup-includes-dataretention- up-to-99-years-offline-backup-and-more/

NEW QUESTION 14
Your Azure environment contains an application gateway and custom apps.
Another administrator modifies the application gateway and the apps to use HTTP over TCP port 8080.
Users report that they can no longer connect to the apps.
You suspect that the cause of the issue is a change in the configuration of the application gateway. You need to modify the application gateway to resolve the issue.
What should you do from the Azure portal?

Answer:

Explanation: Step 1:
Select Networking and then select Application Gateway in the Featured list, and select the application gateway, and select the settings.
Step 2:
Click HTTP for the protocol of the listener and make sure that the port is defined as 443.

References:
https://docs.microsoft.com/en-us/azure/application-gateway/create-ssl-portal

NEW QUESTION 15
HOT SPOT
You configure the multi-factor authentication status for three users as shown in the following table.

You create a group named Group1 and add Admin1, Admin2, and Admin3 to the group.
For all cloud apps, you create a conditional access policy that includes Group1. The policy requires multi-factor authentication.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: No
Disabled is the default state for a new user not enrolled in Azure MFA. Box 2: Yes
Enforced: The user has been enrolled and has completed the registration process for Azure MFA. Web browser apps require login in this case.
Box 3: Yes
Enabled: The user has been enrolled in Azure MFA, but has not registered. They receive a prompt to register the next time they sign in.
Web browser apps require login in this case. References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

NEW QUESTION 16
DRAG DROP
You have an on-premises file server named Server1 that runs Windows Server 2021. You have an Azure subscription that contains an Azure file share.
You deploy an Azure File Sync Storage Sync Service, and you create a sync group. You need to synchronize files from Server1 to Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation: Step 1: Install the Azure File Sync agent on Server1
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share
Step 2: Register Server1.
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3: Add a server endpoint
Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server. References: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deploymentguide

NEW QUESTION 17
You have an Azure Service Bus.
You need to implement a Service Bus queue that guarantees first in first-out (FIFO) delivery of messages.
What should you do?

• A. Set the Lock Duration setting to 10 seconds.
• B. Enable duplicate detection.
• C. Set the Max Size setting of the queue to 5 GB.
• D. Enable partitioning.
• E. Enable session

Answer: E

Explanation: Through the use of messaging sessions you can guarantee ordering of messages, that is first-in-firstout (FIFO) delivery of messages.
References:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-azure-and-service-busqueues- compared-contrasted