Microsoft AZ-101 Exam Questions 2019

Cause all that matters here is passing exam with AZ-101 Dumps. Cause all that you need is a high score of AZ-101 Study Guides. The only one thing you need to do is downloading AZ-101 Dumps Questions free now. We will not let you down with our money-back guarantee.

Free AZ-101 Demo Online For Microsoft Certifitcation:

NEW QUESTION 1
You need to deploy an application gateway named appgwl015 to meet the following requirements: Load balance internal IP traffic to the Azure virtual machines connected to subnet0.
Provide a Service Level Agreement (SLA) of 99.99 percent availability for the Azure virtual machines.
What should you do from the Azure portal?

    Answer:

    Explanation: Step 1:
    Click New found on the upper left-hand corner of the Azure portal.
    Step 2:
    Select Networking and then select Application Gateway in the Featured list.
    Step 3:
    Enter these values for the application gateway: appgw1015 - for the name of the application gateway. SKU Size: Standard_V2
    The new SKU [Standard_V2] offers autoscaling and other critical performance enhancements.
    AZ-101 dumps exhibit
    Step 4:
    Accept the default values for the other settings and then click OK.
    Step 5:
    Click Choose a virtual network, and select subnet0. References:
    https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-gateway- portal

    NEW QUESTION 2
    You plan to deploy a site-to-site VPN connection from on-premises network to your
    Azure environment. The VPN connection will be established to the VNET01-USEA2 virtual network.
    You need to create the required resources in Azure for the planned site-to-site VPN. The solution must minimize costs.
    What should you do from the Azure portal?
    NOTE: This task may a very long time to complete. You do NOT need to wait for the deployment to complete this task successfully.

      Answer:

      Explanation: We create a VPN gateway. Step 1:
      On the left side of the portal page, click + and type 'Virtual Network Gateway' in search. In Results, locate and click Virtual network gateway.
      Step 2:
      At the bottom of the 'Virtual network gateway' page, click Create. This opens the Create virtual network gateway page.
      Step 3:
      On the Create virtual network gateway page, specify the values for your virtual network gateway. Gateway type: Select VPN. VPN gateways use the virtual network gateway type VPN.
      Virtual network: Choose the existing virtual network VNET01-USEA2
      Gateway subnet address range: You will only see this setting if you did not previously create a gateway subnet for your virtual network.
      Step 4:
      Select the default values for the other setting, and click create.
      AZ-101 dumps exhibit
      The settings are validated and you'll see the "Deploying Virtual network gateway" tile on the dashboard. Creating a gateway can take up to 45 minutes.
      Note: This task may take a very long time to complete. You do NOT need to wait for the deployment to complete this task successfully.
      References:
      https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

      Case Study: 4 Contoso Case Study
      Overview
      Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
      The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
      All the resources used by Contoso are hosted on-premises.
      Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.
      Existing Environment
      The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
      Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
      Contoso.com contains a user named User1.
      All the offices connect by using private links.
      Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
      All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.
      AZ-101 dumps exhibit
      Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.
      The Azure subscription contains the resources in the following table.
      AZ-101 dumps exhibit
      The network security team implements several network security groups (NSGs).
      Planned Changes
      Contoso plans to implement the following changes:
      • Deploy Azure ExpressRoute to the Montreal office.
      • Migrate the virtual machines hosted on Server1 and Server2 to Azure.
      • Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
      • Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2.
      Technical requirements
      Contoso must meet the following technical requirements:
      • Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instance*.
      • Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
      • Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
      • Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
      • Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com.
      • Connect the New Your office to VNet1 over the Internet by using an encrypted connection.
      • Create a workflow to send an email message when the settings of VM4 are
      modified.
      • Cre3te a custom Azure role named Role1 that is based on the Reader role.
      • Minimize costs whenever possible.

      NEW QUESTION 3
      DRAG DROP
      You have an Azure subscription that contains an Azure Service Bus named Bus1.
      Your company plans to deploy two Azure web apps named App1 and App2. The web apps will create messages that have the following requirements:
      Each message created by App1 must be consumed by only a single consumer
      Each message created by App2 will be consumed by multiple consumers.
      Which resource should you create for each web app? To answer, drag the appropriate resources to the correct web apps. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
      NOTE: Each correct selection is worth one point.
      AZ-101 dumps exhibit

        Answer:

        Explanation: AZ-101 dumps exhibit

        NEW QUESTION 4
        You need to meet the technical requirement for VM4. What should you create and configure?

        • A. an Azure Notification Hub
        • B. an Azure Event Hub
        • C. an Azure Logic App
        • D. an Azure services Bus

        Answer: B

        Explanation: Scenario: Create a workflow to send an email message when the settings of VM4 are modified.
        You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources. These resources can publish those events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without you writing any code.
        References:
        https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-grid-logic- app

        NEW QUESTION 5
        A web developer creates a web application that you plan to deploy as an Azure web app.
        Users must enter credentials to access the web application.
        You create a new web app named WebAppl1 and deploy the web application to WebApp1.
        You need to disable anonymous access to WebApp1. What should you configure?

        • A. Advanced Tools
        • B. Authentication/ Authorization
        • C. Access control (IAM)
        • D. Deployment credentials

        Answer: B

        Explanation: Anonymous access is an authentication method. It allows users to establish an anonymous connection.
        References:
        https://docs.microsoft.com/en-us/biztalk/core/guidelines-for-resolving-iis-permissions-problems

        NEW QUESTION 6
        Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
        After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
        You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
        You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
        Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group. Does this meet the goal?

        • A. Yes
        • B. No

        Answer: B

        Explanation: DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest Labs.
        You would need the Logic App Contributor role. References:
        https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

        NEW QUESTION 7
        HOTSPOT
        You have an Azure web app named WebApp1 that runs in an Azure App Service plan named ASP1. ASP1 is based on the D1 pricing tier.
        You need to ensure that WebApp1 can be accessed only from computers on your on-premises network. The solution must minimize costs.
        What should you configure? To answer, select the appropriate options in the answer are a.
        NOTE: Each correct selection is worth one point.
        AZ-101 dumps exhibit

          Answer:

          Explanation: Box 1: B1
          B1 (Basic) would minimize cost compared P1v2 (premium) and S1 (standard). Box 2: Cross Origin Resource Sharing (CORS)
          Once you set the CORS rules for the service, then a properly authenticated request made against the service from a different domain will be evaluated to determine whether it is allowed according to the
          rules you have specified.
          Note: CORS (Cross Origin Resource Sharing) is an HTTP feature that enables a web application running under one domain to access resources in another domain. In order to reduce the possibility of cross-site scripting attacks, all modern web browsers implement a security restriction known as same-origin policy. This prevents a web page from calling APIs in a different domain. CORS provides a secure way to allow one origin (the origin domain) to call APIs in another origin.
          References:
          https://azure.microsoft.com/en-us/pricing/details/app-service/windows/ https://docs.microsoft.com/en-us/azure/cdn/cdn-cors

          NEW QUESTION 8
          You have a public load balancer that balancer ports 80 and 443 across three virtual machines.
          You need to direct all the Remote Desktop protocol (RDP) to VM3 only. What should you configure?

          • A. an inbound NAT rule
          • B. a load public balancing rule
          • C. a new public load balancer for VM3
          • D. a new IP configuration

          Answer: A

          Explanation: To port forward traffic to a specific port on specific VMs use an inbound network address translation (NAT) rule.
          Incorrect Answers:
          B: Load-balancing rule to distribute traffic that arrives at frontend to backend pool instances. References:
          https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

          NEW QUESTION 9
          HOTSPOT
          You have an on-premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
          You need to create a site-to-site VPN. The solution must ensure that is a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
          What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area.
          NOTE: Each correct selection is worth one point.
          AZ-101 dumps exhibit

            Answer:

            Explanation: Box 1: 4
            Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET. The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below.
            AZ-101 dumps exhibit
            Box 2: 2
            Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections.
            Box 3: 2
            Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks References:
            https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable

            NEW QUESTION 10
            You have an Azure App Service plan that hosts an Azure App Service named App1. You configure one production slot and four staging slots for App1.
            You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot.
            What should you add to Appl1?

            • A. slots to the Testing in production blade
            • B. a performance test
            • C. a WebJob
            • D. templates to the Automation script blade

            Answer: A

            Explanation: Besides swapping, deployment slots offer another killer feature: testing in production. Just like the name suggests, using this, you can actually test in production. This means that you can route a specific percentage of user traffic to one or more of your deployment slots.
            Example:
            AZ-101 dumps exhibit
            References:
            https://stackify.com/azure-deployment-slots/

            NEW QUESTION 11
            HOTSPOT
            You have an Azure subscription named Subscription1 that contains the resources in the following table.
            AZ-101 dumps exhibit
            VM1 and VM2 run the websites in the following table.
            AZ-101 dumps exhibit
            AppGW1 has the backend pools in the following table.
            AZ-101 dumps exhibit
            DNS resolves site1.contoso.com, site2.contoso.com, and site3.contoso.com to the IP address of
            AppGW1.
            AppGW1 has the listeners in the following table.
            AZ-101 dumps exhibit
            AppGW1 has the rules in the following table.
            AZ-101 dumps exhibit
            For each of the following statements, select Yes if the statement is true. Otherwise, select No.
            NOTE: Each correct selection is worth one point.
            AZ-101 dumps exhibit

              Answer:

              Explanation: Vm1 is in Pool1. Rule2 applies to Pool1, Listener 2, and site2.contoso.com

              NEW QUESTION 12
              You have an azure subscription that contain a virtual named VNet1. VNet1. contains four subnets named Gatesway, perimeter, NVA, and production.
              The NVA contain two network virtual appliance (NVAs) that will network traffic inspection between the perimeter subnet and the production subnet.
              You need o implement an Azure load balancer for the NVAs. The solution must meet the following requirements:
              The NVAs must run in an active-active configuration that uses automatic failover.
              The NVA must load balance traffic to two services on the Production subnet. The services have different IP addresses
              Which three actions should you perform? Each correct answer presents parts of the solution.
              NOTE: Each correct selection is worth one point.

              • A. Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
              • B. Deploy a standard load balancer.
              • C. Add a frontend IP configuration, two backend pools, and a health prob.
              • D. Add a frontend IP configuration, a backend pool, and a health probe.
              • E. Add two load balancing rules that have HA Ports and Floating IP enabled.
              • F. Deploy a basic load balancer.

              Answer: BCE

              Explanation: A standard load balancer is required for the HA ports.
              -Two backend pools are needed as there are two services with different IP addresses.
              -Floating IP rule is used where backend ports are reused. Incorrect Answers:
              F: HA Ports are not available for the basic load balancer. References:
              https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview

              NEW QUESTION 13
              You are the global administrator for an Azure Active Directory (Azure AD) tenet named adatum.com. You need to enable two-step verification for Azure users.
              What should you do?

              • A. Create a sign-in risk policy in Azure AD Identity Protection
              • B. Enable Azure AD Privileged Identity Management.
              • C. Create and configure the Identity Hub.
              • D. Configure a security policy in Azure Security Center.

              Answer: A

              Explanation: With Azure Active Directory Identity Protection, you can:
              require users to register for multi-factor authentication
              handle risky sign-ins and compromised users References:
              https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/flows

              NEW QUESTION 14
              Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
              After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
              You have an Azure web app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
              You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day.
              Solution: You change the pricing tier of Plan1 to Basic. Does this meet the goal?

              • A. Yes
              • B. No

              Answer: A

              Explanation: The Free Tier provides 60 CPU minutes / day. This explains why App1 is stops. The Basic tier has no such cap.
              References:
              https://azure.microsoft.com/en-us/pricing/details/app-service/windows/

              NEW QUESTION 15
              You need to prevent remote users from publishing via FTP to a function app named FunctionApplod7509087fa. Remote users must be able to publish via FTPS. What should you do from the Azure portal?

                Answer:

                Explanation: Step 1:
                Locate and select the function app FunctionApplod7509087fa.
                Step 2:
                Select Application Settings > FTP Access, change FTP access to FTPS Only, and click Save.
                AZ-101 dumps exhibit
                References:
                https://blogs.msdn.microsoft.com/appserviceteam/2018/05/08/web-apps-making-changes-to-ftp- deployments/

                NEW QUESTION 16
                You are configuring Azure Active Directory (AD) Privileged Identity Management.
                You need to provide a user named Admm1 with read access to a resource group named RG1 for only one month.
                The user role must be assigned immediately.
                What should you do?

                • A. Assign an active role.
                • B. Assign an eligible role.
                • C. Assign a permanently active role.
                • D. Create a custom role and a conditional access policy.

                Answer: B

                Explanation: Azure AD Privileged Identity Management introduces the concept of an eligible admin. Eligible admins should be users that need privileged access now and then, but not all-day, every day. The role is inactive until the user needs access, then they complete an activation process and become an active admin for a predetermined amount of time.
                References:
                https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

                Thanks for reading the newest AZ-101 exam dumps! We recommend you to try the PREMIUM Certleader AZ-101 dumps in VCE and PDF here: https://www.certleader.com/AZ-101-dumps.html (67 Q&As Dumps)