Certified AZ-103 Secret 2019

Cause all that matters here is passing the Microsoft AZ-103 exam. Cause all that you need is a high score of AZ-103 Microsoft Azure Administrator exam. The only one thing you need to do is downloading Ucertify AZ-103 exam study guides now. We will not let you down with our money-back guarantee.

NEW QUESTION 1
HOTSPOT
You enable password reset for contoso.onmicrosoft.com as shown in the Password Reset exhibit (Click the Password Reset tab.)
AZ-103 dumps exhibit
You configure the authentication methods for password reset as shown in the Authentication Methods exhibit. (Click the Authentication Methods tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You enable password reset for contoso.onmicrosoft.com as shown in the Password Reset exhibit (Click the Password Reset tab.)
You configure the authentication methods for password reset as shown in the Authentication Methods exhibit. (Click the Authentication Methods tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
AZ-103 dumps exhibit
AZ-103 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
AZ-103 dumps exhibitExplanation:
Box 1: No
Two methods are required.
Box 2: No
Self-service password reset is only enabled for Group2, and User1 is not a member of Group2. Box 3: Yes
As a User Administrator User3 can add security questions to the reset process.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/quickstart-sspr https://docs.microsoft.com/en-us/azure/active-directory/authentication/active-directory-passwords-faq

NEW QUESTION 2
You have an Azure policy as shown in the following exhibit.
AZ-103 dumps exhibit
Which of the following statements are true?
Which of the following statements are true?

  • A. You can create Azure SQL servers in ContosoRG1.
  • B. You are prevented from creating Azure SQL servers anywhere in Subscription 1.
  • C. You are prevented from creating Azure SQL Servers in ContosoRG1 only.
  • D. You can create Azure SQL servers in any resource group within Subscription 1.

Answer: A

Explanation:
You are prevented from creating Azure SQL servers anywhere in Subscription 1 with the exception of ContosoRG1

NEW QUESTION 3
HOTSPOT
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. You add the users in the following table.
AZ-103 dumps exhibit
Which user can perform each configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-103 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: User1 and User3 only.
The Owner Role lets you manage everything, including access to resources.
The Network Contributor role lets you manage networks, but not access to them. Box 2: User1 and User2 only
The Security Admin role: In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

NEW QUESTION 4
Your company registers a domain name of contoso.com.
You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You modify the SOA record in the contoso.com zone Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Modify the NS record, not the SOA record.
Note: The SOA record stores information about the name of the server that supplied the data for the zone; the administrator of the zone; the current version of the data file; the number of seconds a secondary name server should wait before checking for updates; the number of seconds a secondary name server should wait before retrying a failed zone transfer; the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire; and a default number of seconds for the time-to-live file on resource records.
References: https://searchnetworking.techtarget.com/definition/start-of-authority-record

NEW QUESTION 5
DRAG DROP
You need to prepare the New York office infrastructure for the migration of the on-premises virtual machines to Azure.
Which four actions you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
AZ-103 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1:
1. From the Azure portal, download the OVF file.
2. In the vCenter Server, import the Collector appliance as a virtual machine using the Deploy OVF Template wizard.
3. In vSphere Client console, click File > Deploy OVF Template.
4. In the Deploy OVF Template Wizard > Source, specify the location for the .ovf file. Box 2: From VM1, connect to the collector virtual machine
After you've created the Collector virtual machine, connect to it and run the Collector. Box 3: From the ASRV1 blade in the Azure portal, select a protection goal.
Box 4: From VM1, register the configuration server. Register the configuration server in the vault
Scenario: The Azure infrastructure and the on-premises infrastructure and the on-premises infrastructure must be prepared for the migration of the VMware virtual machines to Azure. References:
Migrate Your Virtual Machines to Microsoft Azure, Includes guidance for optional data migration, Proof of Concept guide, September 2017 https://azuremigrate.blob.core.windows.net/publicpreview/Azure%20Migrate%20-%20Preview%20User%20Guide.pdf

NEW QUESTION 6
You create an Azure Storage account named contosostorage.
You plan to create a file share named dat a.
Users need to map a drive to the data file share from home computers that run Windows 10. Which port should be open between the home computers and the data file share?

  • A. 80
  • B. 443
  • C. 445
  • D. 3389

Answer: C

Explanation:
Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked.
References: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

NEW QUESTION 7
You have two Azure Active Directory (Azure AD) tenants named contoso.com and fabrikam.com. You have a Microsoft account that you use to sign in to both tenants.
You need to configure the default sign-in tenant for the Azure portal. What should you do?

  • A. From the Azure portal, configure the portal settings.
  • B. From the Azure portal, change the directory.
  • C. From Azure Cloud Shell, run Set-AzureRmContext.
  • D. From Azure Cloud Shell, run Set-AzureRmSubscription.

Answer: B

Explanation:
Change the subscription directory in the Azure portal.
The classic portal feature Edit Directory, that allows you to associate an existing subscription to your
Azure Active Directory (AAD), is now available in Azure portal. It used to be available only to Service Admins with Microsoft accounts, but now it's available to users with AAD accounts as well.
To get started:
1. Go to Subscriptions.
2. Select a subscription.
3. Select Change directory. Incorrect Answers:
C: The Set-AzureRmContext cmdlet sets authentication information for cmdlets that you run in the current session. The context includes tenant, subscription, and environment information.
References: https://azure.microsoft.com/en-us/updates/edit-directory-now-in-new-portal/

NEW QUESTION 8
You have an Azure subscription named Subscription1 that is used be several departments at your company. Subscription1 contains the resources in the following table:
AZ-103 dumps exhibit
Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template.
You need to view the template used for the deployment.
From which blade can you view the template that was used for the deployment?

  • A. RG1
  • B. VM1
  • C. Storage1
  • D. Container1

Answer: A

Explanation:
1. View template from deployment history
Go to the resource group for your new resource group. Notice that the portal shows the result of the last deployment. Select this link.
AZ-103 dumps exhibit
2. You see a history of deployments for the group. In your case, the portal probably lists only one deployment. Select this deployment.
AZ-103 dumps exhibit
The portal displays a summary of the deployment. The summary includes the status of the
deployment and its operations and the values that you provided for parameters. To see the template that you used for the deployment, select View template.
AZ-103 dumps exhibit
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template

NEW QUESTION 9
DRAG DROP
You have an Azure subscription that is used by four departments in your company. The subscription contains 10 resource groups. Each department uses resources in several resource groups.
You need to send a report to the finance department. The report must detail the costs for each department. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
AZ-103 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Assign a tag to each resource.
You apply tags to your Azure resources giving metadata to logically organize them into a taxonomy. After you apply tags, you can retrieve all the resources in your subscription with that tag name and value. Each resource or resource group can have a maximum of 15 tag name/value pairs. Tags applied to the resource group are not inherited by the resources in that resource group.
Box 2: From the Cost analysis blade, filter the view by tag
After you get your services running, regularly check how much they're costing you. You can see the current spend and burn rate in Azure portal.
1. Visit the Subscriptions blade in Azure portal and select a subscription.
2. You should see the cost breakdown and burn rate in the popup blade.
3. Click Cost analysis in the list to the left to see the cost breakdown by resource. Wait 24 hours after you add a service for the data to populate.
4. You can filter by different properties like tags, resource group, and timespan. Click Apply to confirm the filters and Download if you want to export the view to a Comma-Separated Values (.csv) file.
Box 3: Download the usage report References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags https://docs.microsoft.com/en-us/azure/billing/billing-getting-started

NEW QUESTION 10
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
AZ-103 dumps exhibit
AZ-103 dumps exhibit
AZ-103 dumps exhibit
AZ-103 dumps exhibit
AZ-103 dumps exhibit
AZ-103 dumps exhibit
When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You need to deploy two Azure virtual machines named VM1003a and VM1003b based on the Ubuntu Server 17.10 image. The deployment must meet the following requirements:
 Provide a Service Level Agreement (SLA) of 99.95 percent availability.
 Use managed disks.
What should you do from the Azure portal?

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
1. Open the Azure portal.
2. On the left menu, select All resources. You can sort the resources by Type to easily find your images.
3. Select the image you want to use from the list. The image Overview page opens.
4. Select Create VM from the menu.
5. Enter the virtual machine information.
Select VM1003a as the name for the first Virtual machine. The user name and password entered here will be used to log in to the virtual machine. When complete, select OK. You can create the new VM in an existing resource group, or choose Create new to create a new resource group to store the VM.
6. Select a size for the VM. To see more sizes, select View all or change the Supported disk type filter.
7. Under Settings, make changes as necessary and select OK.
8. On the summary page, you should see your image name listed as a Private image. Select Ok to start the virtual machine deployment.
Repeat the procedure for the second VM and name it VM1003b.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-vm-generalized-managed

NEW QUESTION 11
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You create a PTR record for www in the contoso.com zone. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Modify the Name Server (NS) record.
References: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

NEW QUESTION 12
HOTSPOT
You have an Azure subscription named Subscription1. Subscription1 contains the virtual machines in the following table.
AZ-103 dumps exhibit
Subscription1 contains a virtual network named VNet1 that has the subnets in the following table.
AZ-103 dumps exhibit
VM3 has a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.
You create a route table named RT1. RT1 is associated to Subnet1 and Subnet2 and contains the routes in the following table.
AZ-103 dumps exhibit
You apply RT1 to Subnet1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
AZ-103 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
Traffic from VM1 and VM2 can reach VM3 thanks to the routing table, and as IP forwarding is enabled on VM3, traffic from VM3 can reach VM1.
Box 2: No
VM3, which has IP forwarding, must be turned on, in order for traffic from VM2 to reach VM1. Box 3: Yes
The traffic from VM1 will reach VM3, which thanks to IP forwarding, will send the traffic to VM2.
References: https://www.quor a.com/What-is-IP-forwarding

NEW QUESTION 13
You recently deployed a web app named homepagelod7509087.
You need to back up the code used for the web app and to store the code in the homepagelod7509Q87 storage account. The solution must ensure that a new backup is created daily.
What should you do from the Azure portal?

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Step 1:
Locate and select the web app homepagelod7509087, select Backups. The Backups page is displayed.
AZ-103 dumps exhibit
Step 2:
In the Backup page, Click Configure. Step 3:
In the Backup Configuration page, click Storage: Not configured to configure a storage account.
AZ-103 dumps exhibit
Step 4:
Choose your backup destination by selecting a Storage Account and Container. Select the homepagelod7509087 storage account.
Step 5:
In the Backup Configuration page that is still left open, select Scheduled backup On, and configure daily backups.
AZ-103 dumps exhibit
Step 6:
In the Backup Configuration page, click Save. Step 7:
In the Backups page, click Backup. References:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-backup

NEW QUESTION 14
HOTSPOT
You need to the appropriate sizes for the Azure virtual for Server2.
What should you do? To answer, select the appropriate options in the answer are a.
NOTE: Each correct selection is worth one point.
AZ-103 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Create a Recovery Services vault
Create a Recovery Services vault on the Azure Portal. Box 2: Install the Azure Site Recovery Provider
Azure Site Recovery can be used to manage migration of on-premises machines to Azure. Scenario: Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Server2 has the Hyper-V host role. References:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure
Case Study: 4
Lab 1
SIMULATION
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task. Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please, note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start lab by clicking the Next button
Tasks
Click to expand each objective
To connect to the Azure portal, type https:/portal.azure.com in the browser address bar.
Instructions
Performance Based Lab
This type of question asks you to perform tasks in a virtual environment.
The screen for this type of question includes a virtual machine window and a tasks pane.
The window is a remotely connected live environment where you perform tasks on real software and applications.
On the right is a Tasks pane that lists the tasks you need to perform in the lab. Each task can be expanded or collapsed using the “+” or “-” symbols. A checkbox is provided for each task. This is provided for convenience, so you can mark each task as you complete it.
Tasks
Click to expand each objective
-Configure servers
Add the “Print and Document Services” role to server LON-SVR1, installing any required management features and enabling both Print and LPD Services.
+Configure file and share access
When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Comments
Once the exam completes, the comment period will begin and you will have the opportunity to provide comments to Microsoft about the exam questions. To launch the comment period, click the “Finish” and then “Comment” buttons. To skip the comment period and the exam, click Exit.
You can navigate to a question from the Review screen to provide a comment. Please, see the Review Screen tab in the Review Screen help Menu (which can be accessed from the Review Screen) for details on accessing questions from the Review Screen.
To comment on a question, navigate to that question and click the Give Feedback icon. When you have entered your comment in the comment window, click Submit to close the window. To navigate to the Review screen again, click the Review button. You may navigate through all questions using the Next and Previous buttons. To skip commenting, go to the Review Screen by selecting the Review Screen button in the upper left-hand corner and from the Review Screen, select “Finished”.
Controls Available
For any question, one or more of the following controls might be available.
AZ-103 dumps exhibit
Keyboard Shortcuts Available
Exam features may be accessed using keyboard shortcuts. The following table describes the keyboard shortcuts that are available during this exam.
Some keyboard shortcuts require that you press two or more keys at the same time. These keys are separated by a plus sign (+) in the table below.
AZ-103 dumps exhibit
AZ-103 dumps exhibit
AZ-103 dumps exhibit

NEW QUESTION 15
You plan to connect a virtual network named VNET1017 to your on-premises network by using both an Azure ExpressRoute and a site-to-site VPN connection.
You need to prepare the Azure environment for the planned deployment. The solution must maximize the IP address space available to Azure virtual machines.
What should you do from the Azure portal before you create the ExpressRoute are the VPN gateway?

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
We need to create a Gateway subnet Step 1:
Go to More Services > Virtual Networks Step 2:
Then click on the VNET1017, and click on subnets. Then click on gateway subnet. Step 3:
In the next window define the subnet for the gateway and click OK
AZ-103 dumps exhibit
It is recommended to use /28 or /27 for gateway subnet.
As we want to maximize the IP address space we should use /27. References:
https://blogs.technet.microsoft.com/canitpro/2017/06/28/step-by-step-configuring-a-site-to-site-vpn- gateway-between-azure-and-on-premise/

NEW QUESTION 16
HOTSPOT
You need to implement App2 to meet the application? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-103 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Standard
Not Shared: A Shared plan does not support Always on. Box 2: Always on
If your function app is on the Consumption plan, there can be up to a 10-minute delay in processing new blobs if a function app has gone idle. To avoid this cold-start delay, you can switch to an App Service plan with Always On enabled, or use a different trigger type.
Scenario: A newly developed API must be implemented as an Azure function named App2. App2 will use a blob storage trigger. App2 must process new blobs immediately.
App2 must be able to connect directly to the private IP addresses of the Azure virtual machines. App2
will be deployed directly to an Azure virtual network. The cost of App1 and App2 must be minimized. References:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-storage-blob https://azure.microsoft.com/en-us/pricing/details/app-service/plans/

NEW QUESTION 17
DRAG DROP
You have an on-premises file server named Server1 that runs Windows Server 2016. You have an Azure subscription that contains an Azure file share.
You deploy an Azure File Sync Storage Sync Service, and you create a sync group. You need to synchronize files from Server1 to Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
AZ-103 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Step 1: Install the Azure File Sync agent on Server1
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share
Step 2: Register Server1.
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3: Add a server endpoint
Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server. References: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

NEW QUESTION 18
You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of 131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
 Ensure that you can upload the disk files to account1.
 Ensure that you can attach the disks to VM1.
 Prevent all other access to account1.
Which two actions should you perform? Each correct selection presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
  • B. From the Firewalls and virtual networks blade of account1, select Selected networks.
  • C. From the Firewalls and virtual networks blade of acount1, add VNet1.
  • D. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
  • E. From the Service endpoints blade of VNet1, add a service endpoint.

Answer: BE

Explanation:
B: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.
Azure portal
1. Navigate to the storage account you want to secure.
2. Click on the settings menu called Firewalls and virtual networks.
3. To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all networks, choose to allow access from 'All networks'.
4. Click Save to apply your changes. E: Grant access from a Virtual Network
Storage accounts can be configured to allow access only from specific Azure Virtual Networks.
By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each request.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

NEW QUESTION 19
You plan to grant the member of a new Azure AD group named crop 75099086 the right to delegate administrative access to any resource in the resource group named 7509086.
You need to create the Azure AD group and then to assign the correct to e to the group. The solution must use the principle of least privilege and minimize the number of role assignments.
What should you do from the Azure portal?

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Step 1:
Click Resource groups from the menu of services to access the Resource Groups blade
AZ-103 dumps exhibit
Step 2:
Click Add (+) to create a new resource group. The Create Resource Group blade appears. Enter corp7509086 as the Resource group name, and click the Create button.
AZ-103 dumps exhibit
Step 3:
Select Create.
Your group is created and ready for you to add members. Now we need to assign a role to this resource group scope. Step 4:
Choose the newly created Resource group, and Access control (IAM) to see the current list of role assignments at the resource group scope. Click +Add to open the Add permissions pane.
AZ-103 dumps exhibit
Step 5:
In the Role drop-down list, select a role Delegate administration, and select Assign access to: resource group corp7509086
AZ-103 dumps exhibit
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal https://www.juniper.net/documentation/en_US/vsrx/topics/task/multi-task/security-vsrx-azure- marketplace-resource-group.html
Case Study: 3 Contoso Case Study
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Contoso are hosted on-premises.
Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
Contoso.com contains a user named User1. All the offices connect by using private links.
Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.
AZ-103 dumps exhibit
Contoso uses two web applications named App1 and App2. Each instance on each web application
requires 1GB of memory.
The Azure subscription contains the resources in the following table.
AZ-103 dumps exhibit
The network security team implements several network security groups (NSGs).
Planned Changes
Contoso plans to implement the following changes:
• Deploy Azure ExpressRoute to the Montreal office.
• Migrate the virtual machines hosted on Server1 and Server2 to Azure.
• Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
• Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2.
Technical requirements
Contoso must meet the following technical requirements:
• Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instance*.
• Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
• Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
• Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
• Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com.
• Connect the New Your office to VNet1 over the Internet by using an encrypted connection.
• Create a workflow to send an email message when the settings of VM4 are modified.
• Cre3te a custom Azure role named Role1 that is based on the Reader role.
• Minimize costs whenever possible.

NEW QUESTION 20
You have an Azure subscription that contains two resource groups named RG1 and RG2. RG2 does not contain any resources. RG1 contains the resources in the following table.
AZ-103 dumps exhibit
Which resource can you move to RG2?

  • A. W10_OsDisk
  • B. VNet1
  • C. VNet3
  • D. W10

Answer: B

Explanation:
When moving a virtual network, you must also move its dependent resources. For example, you must move gateways with the virtual network. VM W10, which is in Vnet1, is not a dependent resource. Incorrect Answers:
A: Managed disks don't support move.
C: Virtual networks (classic) can't be moved.
D: Virtual machines with the managed disks cannot be moved.
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move- resources#virtual-machines-limitations

NEW QUESTION 21
You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve dat a.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2. Which Azure Network Watcher feature should you use?

  • A. NSG flow logs
  • B. Connection troubleshoot
  • C. IP flow verify
  • D. Connection monitor

Answer: D

Explanation:
The Connection Monitor feature in Azure Network Watcher is now generally available in all public regions. Connection Monitor provides you RTT values on a per-minute granularity. You can monitor a direct TCP connection from a virtual machine to a virtual machine, FQDN, URI, or IPv4 address. References:
https://azure.microsoft.com/en-us/updates/general-availability-azure-network-watcher-connection- monitor-in-all-public-regions/

NEW QUESTION 22
Which blade should you instruct the finance department auditors to use?

  • A. invoices
  • B. partner information
  • C. cost analysis
  • D. External services

Answer: A

NEW QUESTION 23
You have an Azure DNS zone named adatum.com. You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure. What should you do?

  • A. Create an PTR record named research in the adatum.com zone.
  • B. Create an NS record named research in the adatum.com zone.
  • C. Modify the SOA record of adatum.com.
  • D. Create an A record named “.research in the adatum.com zone.

Answer: D

Explanation:
Configure A records for the domains and sub domains.
References: http://www.stefanjohansson.org/2012/12/how-to-configure-custom-dns-names-for- multiple-subdomain-based-azure-web-sites/

NEW QUESTION 24
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
AZ-103 dumps exhibit
AZ-103 dumps exhibit
AZ-103 dumps exhibit
When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task. Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to store media files in the rg1lod7523691n1 storage account.
You need to configure the storage account to store the media files. The solution must ensure that only users who have access keys can download the media files and that the files are accessible only over HTTPS.
What should you do from Azure portal?

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
We should create an Azure file share.
Step 1: In the Azure portal, select All services. In the list of resources, type Storage Accounts. As you begin typing, the list filters based on your input. Select Storage Accounts.
On the Storage Accounts window that appears.
Step 2: Locate the rg1lod7523691n1 storage account.
Step 3: On the storage account page, in the Services section, select Files.
AZ-103 dumps exhibit
Step 4: On the menu at the top of the File service page, click + File share. The New file share page
drops down.
Step 5: In Name type myshare. Click OK to create the Azure file share.
References: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-portal

NEW QUESTION 25
You have a public load balancer that balancer ports 80 and 443 across three virtual machines.
You need to direct all the Remote Desktop protocol (RDP) to VM3 only. What should you configure?

  • A. an inbound NAT rule
  • B. a load public balancing rule
  • C. a new public load balancer for VM3
  • D. a new IP configuration

Answer: A

Explanation:
To port forward traffic to a specific port on specific VMs use an inbound network address translation (NAT) rule.
Incorrect Answers:
B: Load-balancing rule to distribute traffic that arrives at frontend to backend pool instances. References:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

NEW QUESTION 26
HOTSPOT
You are creating an Azure load balancer.
You need to add an IPv6 load balancing rule to the load balancer.
How should you complete the Azure PowerShell script? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-103 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-ipv6-internet-ps

NEW QUESTION 27
HOTSPOT
Your company has offices in New York and Los Angeles.
You have an Azure subscription that contains an Azure virtual network named VNet1. Each office has a site-to-site VPN connection to VNet1.
Each network uses the address spaces shown in the following table.
AZ-103 dumps exhibit
You need to ensure that all Internet-bound traffic from VNet1 is routed through the New York office.
What should you do? To answer, select the appropriate options in the answer are a.
NOTE: Each correct selection is worth one point.
AZ-103 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Incorrect Answers:
Not: New-AzureRmVirtualNetworkGatewayConnection
This command creates the Site-to-Site VPN connection between the virtual network gateway and the on-prem VPN device. We already have Site-to-Site VPN connections.
Box 2: 192.168.0.0/20
Specify the VNET1 address. References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.network/set-
azurermvirtualnetworkgatewaydefaultsite

NEW QUESTION 28
HOTSPOT
You have an on-premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
You need to create a site-to-site VPN. The solution must ensure that is a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-103 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: 4
Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET. The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below.
AZ-103 dumps exhibit
Box 2: 2
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections.
Box 3: 2
Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable

NEW QUESTION 29
......

Thanks for reading the newest AZ-103 exam dumps! We recommend you to try the PREMIUM Certifytools AZ-103 dumps in VCE and PDF here: https://www.certifytools.com/AZ-103-exam.html (303 Q&As Dumps)