Refined AZ-102 Free Practice Questions 2021

NEW QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it As a result these questions will not appear in the review screen.
You have an Azure wet) app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.
You discover that App1 stops each day after running continuously for 60 minutes. You need to ensure that App1 can run continuously for the entire day.
Solution: You change the pricing tier of Plan1 to Shared. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation: You should switch to the Basic Tier.
The Free Tier provides 60 CPU minutes / day. This explains why App1 is stops. The Shared Tier provides 240 CPU minutes / day. The Basic tier has no such cap.
References:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/

NEW QUESTION 2
You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com. From the Azure Active Directory blade, you assign the Conditional Access Administrator role to a user You need to ensure that Admin1 has just-in-time access as a conditional access administrator.
What should you do next?

• A. Enable Azure AD Multi-Factor Authentication (MFA).
• B. Set Admin1 as Eligible for the Privileged Role Administrator role.
• C. Admin1 as Eligible for the Conditional Access Administrator role.
• D. Enable Azure AD Identity Protectio

Answer: A

Explanation: Require MFA for admins is a baseline policy that requires MFA for the following directory roles: Global administrator
SharePoint administrator Exchange administrator Conditional access administrator Security administrator References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/baseline-protection

NEW QUESTION 3
You need to create a function app named corp7509086nl that supports sticky sessions. The solution must minimize the Azure-related costs of the App Service plan.
What should you do from the Azure portal?

Answer:

Explanation: Step 1:
Select the New button found on the upper left-hand corner of the Azure portal, then select Compute
> Function App. Step 2:
Use the function app settings as listed below. App name: corp7509086n1
Hosting plan: Azure App Service plan (need this for the sticky sessions)
Pricing tier of the the App Service plan: Shared compute: Free Step 3:
Select Create to provision and deploy the function app. References:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-function-app-portal

NEW QUESTION 4
You need to move the blueprint files to Azure. What should you do?

• A. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
• B. Use the Azure Import/Export service.
• C. Generate an access ke
• D. Map a drive, and then copy the files by using File Explorer.
• E. Use Azure Storage Explorer to copy the file

Answer: D

Explanation: Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can use it to upload and download data from Azure blob storage.
Scenario:
Planned Changes include: move the existing product blueprint files to Azure Blob storage. Technical Requirements include: Copy the blueprint files to Azure over the Internet.
References: https://docs.microsoft.com/en-us/azure/machine-learning/team-data-scienceprocess/move-data-to-azure-blob-using-azure-storage-explorer

NEW QUESTION 5
You have an Azure App Service plan that hosts an Azure App Service named App1.
You configure one production slot and four staging slots for App1.
You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot.
What should you add to Appl1?

• A. slots to the Testing in production blade
• B. a performance test
• C. a WebJob
• D. templates to the Automation script blade

Answer: A

Explanation: Besides swapping, deployment slots offer another killer feature: testing in production. Just like the name suggests, using this, you can actually test in production. This means that you can route a specific percentage of user traffic to one or more of your deployment slots.
Example:

References:
https://stackify.com/azure-deployment-slots/

NEW QUESTION 6
SIMULATION
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.






When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to create several virtual machines in different availability zones, and then to configure the virtual machines for load balanced connections from the Internet.
You need to create an IP address resource named ip1006 to support the planned load balancing solution. The solution must minimize costs.
What should you do from the Azure portal?

Answer:

Explanation: We should create a public IP address.
At the top, left corner of the portal, select + Create a resource.
Enter public ip address in the Search the Marketplace box. When Public IP address appears in the search results, select it.
Under Public IP address, select Create.
Enter, or select values for the following settings, under Create public IP address, then select Create: Name: ip1006
SKU: Basic SKU IP Version: IPv6
IP address assignment: Dynamic Subscription: Select appropriate Resource group: Select appropriate
References: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-public-ipaddress

NEW QUESTION 7
You plan to deploy an application getaway named appgw1015 to load balance IP traffic to the Azure virtual machines connected to subnet0.
You need to configure a virtual network named VNET1015 to support the planned application gateway.
What should you do from the Azure portal?

Answer:

Explanation: Step 1:
Click Networking, Virtual Network, and select VNET1015. Step 2:
Click Subnets, and Click +Add on the VNET1015 - Subnets pane that appears. Step 3:
On the Subnets page, click +Gateway subnet at the top to open the Add subnet page.

Step 4:
Locate subnet0 and add it. References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resourcemanager- portal

NEW QUESTION 8
You have a virtual network named VNet1 as shown in the exhibit.

No devices are connected to VNet1.
You plan to peer VNet1 to another virtual network named Vnet2 in the same region. VNet2 has an address space of 10.2.0.0/16.
You need to create the peering. What should you do first?

• A. Modify the address space of VNet1.
• B. Configure a service endpoint on VNet2
• C. Add a gateway subnet to VNet1.
• D. Create a subnet on VNet1 and VNet2.

Answer: A

Explanation: The virtual networks you peer must have non-overlapping IP address spaces. References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-managepeering# requirements-and-constraints

NEW QUESTION 9
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to these questions will not appear m the review screen.
You manage a virtual network named VNetl1 that is hosted in the West US Azure region. VNetl1 hosts two virtual machines named VM1 and VM2 that run Windows Server. You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Network Watcher, you create a packet capture.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network.
Capture packets to and from a VM
Advanced filtering options and fine-tuned controls, such as the ability to set time and size limitations, provide versatility. The capture can be stored in Azure Storage, on the VM's disk, or both. You can then analyze the capture file using several standard network capture analysis tools.
Network Watcher variable packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine. Packet capture helps to diagnose network anomalies both reactively and proactivity.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

NEW QUESTION 10
HOT SPOT
You have an Azure subscription named Subscription1. Subscription1 contains the virtual machines in the following table.

Subscription1 contains a virtual network named VNet1 that has the subnets in the following table.

VM3 has a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.
You create a route table named RT1. RT1 is associated to Subnet1 and Subnet2 and contains the routes in the following table.

You apply RT1 to Subnet1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: Yes
Traffic from VM1 and VM2 can reach VM3 thanks to the routing table, and as IP forwarding is enabled on VM3, traffic from VM3 can reach VM1.
Box 2: No
VM3, which has IP forwarding, must be turned on, in order for traffic from VM2 to reach VM1. Box 3: Yes
The traffic from VM1 will reach VM3, which thanks to IP forwarding, will send the traffic to VM2. References: https://www.quora.com/What-is-IP-forwarding

NEW QUESTION 11
You need to recommend an identify solution that meets the technical requirements. What should you recommend?

• A. federated single-on (SSO) and Active Directory Federation Services (AD FS)
• B. password hash synchronization and single sign-on (SSO)
• C. cloud-only user accounts
• D. Pass-through Authentication and single sign-on (SSO)

Answer: A

Explanation: Active Directory Federation Services is a feature and web service in the Windows Server Operating System that allows sharing of identity information outside a company’s network.
Scenario: Technical Requirements include:
Prevent user passwords or hashes of passwords from being stored in Azure.
References: https://www.sherweb.com/blog/active-directory-federation-services/

NEW QUESTION 12
SIMULATION
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.






When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to migrate a large amount of corporate data to Azure Storage and to back up files stored on old hardware to Azure Storage.
You need to create a storage account named corpdata7523690n1 in the corpdatalog7523690 resource group. The solution must meet the following requirements:
Corpdata7523690n1 must be able to host the virtual disk files for Azure virtual machines. The cost of accessing the files must be minimized.
Replication costs must be minimized. What should you do from the Azure portal?

Answer:

Explanation: Step 1: In the Azure portal, click All services. In the list of resources, type Storage Accounts. As you begin typing, the list filters based on your input. Select Storage Accounts.
Step 2: On the Storage Accounts window that appears, choose Add. Step 3: Select the subscription in which to create the storage account. Step 4: Under the Resource group field, select corpdatalog7523690.

Step 5: Enter a name for your storage account: corpdata7523690n1
Step 6: For Account kind select: General-purpose v2 accounts (recommended for most scenarios) General-purpose v2 accounts is recommended for most scenarios. . General-purpose v2 accounts deliver the lowest per-gigabyte capacity prices for Azure Storage, as well as industry-competitive transaction prices.
Step 7: For replication select: Read-access geo-redundant storage (RA-GRS)
Read-access geo-redundant storage (RA-GRS) maximizes availability for your storage account. RA-GRS provides read-only access to the data in the secondary location, in addition to geo-replication across
two regions. References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-quickstart-create-account https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview

NEW QUESTION 13
HOT SPOT
You have a virtual network named VNet1 that has the configuration shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: add a subnet
Your IaaS virtual machines (VMs) and PaaS role instances in a virtual network automatically receive a private IP address from a range that you specify, based on the subnet they are connected to. We
need to add the 192.168.1.0/24 subnet. Box 2: add a network interface
The 10.2.1.0/24 network exists. We need to add a network interface.
References: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-static-privateip- arm-pportal

NEW QUESTION 14
You have an Azure subscription named Subscription1 that is used be several departments at your company. Subscription1 contains the resources in the following table:

Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template.
You need to view the template used for the deployment.
From which blade can you view the template that was used for the deployment?

• A. RG1
• B. VM1
• C. Storage1
• D. Container1

Answer: A

Explanation: 1. View template from deployment history
Go to the resource group for your new resource group. Notice that the portal shows the result of the last deployment. Select this link.

2. You see a history of deployments for the group. In your case, the portal probably lists only one deployment. Select this deployment.

The portal displays a summary of the deployment. The summary includes the status of the deployment and its operations and the values that you provided for parameters. To see the template that you used for the deployment, select View template.

References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-managerexport- template

NEW QUESTION 15
Note: This questions is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. After you answer a questions in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You assign a built-in policy definition to the subscription. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 16
You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.
The virtual networks have the address spaces and the subnets configured as shown in the following table.

You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation: Step 1: Remove peering between Vnet1 and VNet2.
You can't add address ranges to, or delete address ranges from a virtual network's address space once a virtual network is peered with another virtual network. To add or remove address ranges, delete the peering, add or
remove the address ranges, then re-create the peering. Step 2: Add the 10.44.0.0/16 address space to VNet1. Step 3: Recreate peering between VNet1 and VNet2 References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering

NEW QUESTION 17
Note: This questions is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. After you answer a questions in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation: How can I freeze or lock my production/critical Azure resources from accidental deletion? There is way to do this with both ASM and ARM resources using Azure resource lock.
References: https://blogs.msdn.microsoft.com/azureedu/2021/04/27/using-azure-resourcemanager-policy-and-azure-lock-to-control-your-azure-resources/

NEW QUESTION 18
HOT SPOT
You have an Azure subscription named Subscription1.
You plan to deploy an Ubuntu Server virtual machine named VM1 to Subscription1.
You need to perform a custom deployment of the virtual machine. A specific trusted root certification authority (CA) must be added during the deployment.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: Unattend.xml
In preparation to deploy shielded VMs, you may need to create an operating system specialization answer file. On Windows, this is commonly known as the "unattend.xml" file. The New-
ShieldingDataAnswerFile Windows PowerShell function helps you do this. Starting with Windows Server version 1709, you can run certain Linux guest OSes in shielded VMs. If you are using the System Center Virtual Machine Manager Linux agent to specialize those VMs, the New- ShieldingDataAnswerFile cmdlet can create compatible answer files for it.
Box 2: The Azure Portal
You can use the Azure portal to deploy a Linux virtual machine (VM) in Azure that runs Ubuntu. References: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-portal