Microsoft AZ-102 Exam Questions 2021

NEW QUESTION 1
A web developer creates a web application that you plan to deploy as an Azure web app. Users must enter credentials to access the web application.
You create a new web app named WebAppl1 and deploy the web application to WebApp1. You need to disable anonymous access to WebApp1.
What should you configure?

• A. Advanced Tools
• B. Authentication/ Authorization
• C. Access control (IAM)
• D. Deployment credentials

Answer: B

Explanation: Anonymous access is an authentication method. It allows users to establish an anonymous connection.
References:
https://docs.microsoft.com/en-us/biztalk/core/guidelines-for-resolving-iis-permissions-problems

NEW QUESTION 2
You need to prevent remote users from publishing via FTP to a function app named FunctionApplod7509087fa. Remote users must be able to publish via FTPS. What should you do from the Azure portal?

Answer:

Explanation: Step 1:
Locate and select the function app FunctionApplod7509087fa. Step 2:
Select Application Settings > FTP Access, change FTP access to FTPS Only, and click Save.

References:
https://blogs.msdn.microsoft.com/appserviceteam/2021/05/08/web-apps-making-changes-to-ftpdeployments/

NEW QUESTION 3
You have an Azure subscription that contains a virtual machine named VM1. VM1 hosts a line-ofbusiness application that is available 24 hours a day. VM1 has one network interface and one
managed disk. VM1 uses the D4s v3 size.
You plan to make the following changes to VM1: Change the size to D8s v3.
Add a 500-GB managed disk. Add the Puppet Agent extension.
Attach an additional network interface. Which change will cause downtime for VM1?

• A. Add a 500-GB managed disk.
• B. Attach an additional network interface.
• C. Add the Puppet Agent extension.
• D. Change the size to D8s v3.

Answer: D

Explanation: While resizing the VM it must be in a stopped state.
References: https://azure.microsoft.com/en-us/blog/resize-virtual-machines/

NEW QUESTION 4
You are the global administrator for an Azure Active Directory (Azure AD) tenet named adatum.com. You need to enable two-step verification for Azure users.
What should you do?

• A. Create a sign-in risk policy in Azure AD Identity Protection
• B. Enable Azure AD Privileged Identity Management.
• C. Create and configure the Identity Hub.
• D. Configure a security policy in Azure Security Cente

Answer: A

Explanation: With Azure Active Directory Identity Protection, you can: require users to register for multi-factor authentication handle risky sign-ins and compromised users
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/flows

NEW QUESTION 5
HOT SPOT
You plan to create an Azure Storage account in the Azure region of East US 2. You need to create a storage account that meets the following requirements: Replicates synchronously
Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2) ZRS only support GPv2.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs

NEW QUESTION 6
HOT SPOT
You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation: Scenario: You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
There is a virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet
Note: Azure DNS provides the following capabilities:
Automatic registration of virtual machines from a single virtual network that's linked to a private zone as a registration virtual network.
Forward DNS resolution is supported across virtual networks that are linked to the private zone as resolution virtual networks.
Reverse DNS lookup is supported within the virtual-network scope.
References:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview

NEW QUESTION 7
Which blade should you instruct the finance department auditors to use?

• A. invoices
• B. partner information
• C. cost analysis
• D. External services

Answer: A

NEW QUESTION 8
You have an Azure subscription named Subscription1 and two Azure Active Directory (Azure AD) tenants named Tenant1 and Tenant2.
Subscnption1 is associated to Tenant1 Multi-factor authentication (MFA) is enabled for all the users in Tenant1.
You need to enable MFA for the users in Tenant2. The solution must maintain MFA forTenant1. What should you do first?

• A. Transfer the administration of Subscription1 to a global administrator of Tenants.
• B. Configure the MFA Server setting in Tenant1.
• C. Create and link a subscription to Tenant2.
• D. Change the directory for Subscription1.

Answer: C

Explanation: Case Study: 12
ADatum Corporation Overview
A Datum Corporation is a financial company that has two main offices in New York and Los Angeles. A Datum has a subsidiary named Fabrikam, Inc. that shares the Los Angeles office.
A Datum is conducting an initial deployment of Azure services to host new line-of-business applications and is preparing to migrate its existing on-premises workloads to Azure.
A Datum uses Microsoft Exchange Online for email. On-Premises Environment
The on-premises workloads run on virtual machines hosted in a VMware vSphere 6 infrastructure. All the virtual machines are members of an Active Directory forest named adatum.com and run Windows Server 2021.
The New York office an IP address of 10.0.0.0/16. The Los Angeles office uses an IP address space of 10.10.0.0/16.
The offices connect by using a VPN provided by an ISP. Each office has one Azure ExpressRoute circuit that provides access to Azure services and Microsoft Online Services. Routing is implemented by using Microsoft peering.
The New York office has a virtual machine named VM1 that has the vSphere console installed. Azure Environment
You provision the Azure infrastructure by using the Azure portal. The infrastructure contains the resources shown in the following table.

AG1 has two backend pools named Pool11 and Pool12. AG2 has two backend pools named Pool21 and Pool22.
Planned Changes
ADatum plans to migrate the virtual machines from the New York office to the East US Azure region by using Azure Site Recovery.
Infrastructure Requirements
ADatum identifies the following infrastructure requirements:
? A new web app named App1 that will access third-parties for credit card processing must be deployed.
? A newly developed API must be implemented as an Azure function named App2. App2 will use a blob storage trigger. App2 must process new blobs immediately.
? The Azure infrastructure and the on-premises infrastructure and the on-premises infrastructure must be prepared for the migration of the VMware virtual machines to Azure.
? The sizes of the Azure virtual machines that will be used to migrate the on-premises workloads must be identified.
? All migrated and newly deployed Azure virtual machines must be joined to the adatum.com domain.
? AG1 must load balance incoming traffic in the following manner:
1. http://corporate.adatum.com/video/* will be load balanced across Pool11.
2. http://corporate.adatum.com/images/* will be load balanced across Pool12.
? AG2 must load balance incoming traffic in the following manner:
1. http://www.adatum.com will be load balanced across Pool21.
2. http://www.fabrikam.com will be load balanced across Pool22.
? ER1 must route traffic between the New York office and the platform as a service (PaaS) services in the East US Azure region, as long as ER1 is available.
? ER2 must route traffic between the Los Angeles office and the PaaS sevices in the West US region, as long as ER2 is available.
? ER1 and ER2 must be configured to fail over automatically. Application Requirements
App2 must be able to connect directly to the private IP addresses of the Azure virtual machines. App2 will be deployed directly to an Azure virtual network.
Inbound and outbound communications to App1 must be controlled by using NSGs. Pricing Requirements
ADatum identifies the following pricing requirements:
? The cost of App1 and App2 must be minimized.
? The transactional charges of Azure Storage account must be minimized.

NEW QUESTION 9
SIMULATION
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.






When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to create 100 Azure virtual machines on each of the following three virtual networks: VNET1005a
VNET1005b VNET1005c
All the network traffic between the three virtual networks will be routed through VNET1005a. You need to create the virtual networks, and then to ensure that all the Azure virtual machines can connect to other virtual machines by using their private IP address. The solution must NOT require any virtual network gateways and must minimize costs.
What should you do from the Azure portal before you configure IP routing?

Answer:

Explanation: Step 1: Click Create a resource in the portal.
Step 2: Enter Virtual network in the Search the Marketplace box at the top of the New pane that appears. Click Virtual network when it appears in the search results.
Step 3: Select Classic in the Select a deployment model box in the Virtual Network pane that appears, then click Create.
Step 4: Enter the following values on the Create virtual network (classic) pane and then click Create: Name: VNET1005a
Address space: 10.0.0.0/16 Subnet name: subnet0 Resource group: Create new
Subnet address range: 10.0.0.0/24
Subscription and location: Select your subscription and location.
Step 5: Repeat steps 3-5 for VNET1005b (10.1.0.0/16, 10.1.0.0/24), and for VNET1005c 10.2.0.0/16, 10.2.0.0/24).
References: https://docs.microsoft.com/en-us/azure/virtual-network/create-virtual-network-classic

NEW QUESTION 10
HOT SPOT
You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.

VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and Vnet2.
An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
You need to move the custom application to Vnet2. The solution must minimize administrative effort.
Which two actions should you perform? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: You can move a VM and its associated resources to another resource group using the portal. References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/move-vm

NEW QUESTION 11
Which blade should you instruct the finance department auditors to use?

• A. Partner information
• B. Overview
• C. Payment methods
• D. Invoices

Answer: D

Explanation: You can opt in and configure additional recipients to receive your Azure invoice in an email. This feature may not be available for certain subscriptions such as support offers, Enterprise Agreements, or Azure in Open.
Select your subscription from the Subscriptions page. Opt-in for each subscription you own. Click Invoices then Email my invoice.

Click Opt in and accept the terms.
Scenario: During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.
References: https://docs.microsoft.com/en-us/azure/billing/billing-download-azure-invoice-dailyusage- date

NEW QUESTION 12
SIMULATION
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.



When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to configure VM1 to be accessible from the Internet.
You need to add a public IP address to the network interface used by VM1. What should you do from Azure portal?

Answer:

Explanation: You can add private and public IP addresses to an Azure network interface by completing the steps that follow.
Step 1: In Azure portal, click More services > type virtual machines in the filter box, and then click Virtual machines.
Step 2: In the Virtual machines pane, click the VM you want to add IP addresses to. Click Network interfaces in the virtual machine pane that appears, and then select the network interface you want to add the IP addresses to. In the example shown in the following picture, the NIC named myNIC from the VM named myVM is selected:

Step 3: In the pane that appears for the NIC you selected, click IP configurations. Step 4: Click Create public IP address.

Step 5: In the Create public IP address pane that appears, enter a Name, select an IP address assignment type, a Subscription, a Resource group, and a Location, then click Create, as shown in the following picture:
References: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-multiple-ipaddresses- portal

NEW QUESTION 13
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Allow inbound TCP port 8080 to the domain controllers in the Miami office.
• B. Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miamioffice.
• C. Join the client computers in the Miami office to Azure AD.
• D. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
• E. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authenticatio

Answer: BE

Explanation: B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com
E: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start

Case Study: 2
Contoso Ltd Overview
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains. Existing Environment
Currently, Contoso uses multiple types of servers for business operations, including the following:
? File servers
? Domain controllers
? Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
? A SQL database
? A web front end
? A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only. Requirements
Planned Changes
Contoso plans to implement the following changes to the infrastructure: Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft Office 365 migration project. Technical Requirements
Contoso must meet the following technical requirements: Move all the virtual machines for App1 to Azure. Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups. Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier. Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure. Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible. User Requirements
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD. Designate a new user named Admin1 as the service administrator of the Azure subscription. Ensure that a new user named User3 can create network objects for the Azure subscription.

NEW QUESTION 14
You have an Azure Service Bus.
You need to implement a Service Bus queue that guarantees first in first-out (FIFO) delivery of messages.
What should you do?

• A. Set the Lock Duration setting to 10 seconds.
• B. Enable duplicate detection.
• C. Set the Max Size setting of the queue to 5 GB.
• D. Enable partitioning.
• E. Enable session

Answer: E

Explanation: Through the use of messaging sessions you can guarantee ordering of messages, that is first-in-firstout (FIFO) delivery of messages.
References:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-azure-and-service-busqueues- compared-contrasted

NEW QUESTION 15
You have an azure subscription that contain a virtual named VNet1. VNet1. contains four subnets named Gatesway, perimeter, NVA, and production.
The NVA contain two network virtual appliance (NVAs) that will network traffic inspection between the perimeter subnet and the production subnet.
You need o implement an Azure load balancer for the NVAs. The solution must meet the following requirements:
The NVAs must run in an active-active configuration that uses automatic failover.
The NVA must load balance traffic to two services on the Production subnet. The services have different IP addresses
Which three actions should you perform? Each correct answer presents parts of the solution. NOTE: Each correct selection is worth one point.

• A. Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
• B. Deploy a standard load balancer.
• C. Add a frontend IP configuration, two backend pools, and a health prob.
• D. Add a frontend IP configuration, a backend pool, and a health probe.
• E. Add two load balancing rules that have HA Ports and Floating IP enabled.
• F. Deploy a basic load balance

Answer: BCE

Explanation: A standard load balancer is required for the HA ports.
-Two backend pools are needed as there are two services with different IP addresses.
-Floating IP rule is used where backend ports are reused. Incorrect Answers:
F: HA Ports are not available for the basic load balancer. References:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview

NEW QUESTION 16
HOT SPOT
You have a virtual network named VNet1 that has the configuration shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: add a subnet
Your IaaS virtual machines (VMs) and PaaS role instances in a virtual network automatically receive a private IP address from a range that you specify, based on the subnet they are connected to. We
need to add the 192.168.1.0/24 subnet. Box 2: add a network interface
The 10.2.1.0/24 network exists. We need to add a network interface.
References: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-static-privateip- arm-pportal

NEW QUESTION 17
You have the Azure virtual networks shown in the following table.

To which virtual networks can you establish a peering connection from VNet1?

• A. VNet2 and VNet3 only
• B. VNet2 only
• C. VNet3 and VNet4 only
• D. VNet2, VNet3, and VNet4

Answer: C

Explanation: The virtual networks you peer must have non-overlapping IP address spaces. The VNet1 and VNhet2 address spaces overlap. The range of VNet2 is contained inside the range of VNet1.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-managepeering# requirements-and-constraints

NEW QUESTION 18
You plan to connect a virtual network named VNET1017 to your on-premises network by using both an Azure ExpressRoute and a site-to-site VPN connection.
You need to prepare the Azure environment for the planned deployment. The solution must maximize the IP address space available to Azure virtual machines.
What should you do from the Azure portal before you create the ExpressRoute are the VPN gateway?

Answer:

Explanation: We need to create a Gateway subnet Step 1:
Go to More Services > Virtual Networks Step 2:
Then click on the VNET1017, and click on subnets. Then click on gateway subnet.
Step 3:
In the next window define the subnet for the gateway and click OK

It is recommended to use /28 or /27 for gateway subnet.
As we want to maximize the IP address space we should use /27. References:
https://blogs.technet.microsoft.com/canitpro/2021/06/28/step-by-step-configuring-a-site-to-sitevpn- gateway-between-azure-and-on-premise/