Microsoft AZ-100 Dumps 2021

NEW QUESTION 1
You need to resolve the Active Directory issue. What should you do?

• A. From Active Directory Users and Computers, select the user accounts, and then modify the User PrincipalName value.
• B. Run idfix.exe, and then use the Edit action.
• C. From Active Directory Domains and Trusts, modify the list of UPN suffixes.
• D. From Azure AD Connect, modify the outbound synchronization rule.

Answer: B

Explanation: IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for migration to Azure Active Directory. IdFix is intended for the Active Directory administrators responsible for directory synchronization with Azure Active Directory.
Scenario: Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters. You suspect that some of the characters are unsupported in Azure AD.
References: https://www.microsoft.com/en-us/download/details.aspx?id=36832

NEW QUESTION 2
You sign up for Azure Active Directory (Azure AD) Premium.
You need to add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain.
What should you configure in Azure AD?

• A. Device settings from the Devices blade.
• B. General settings from the Groups blade.
• C. User settings from the Users blade.
• D. Providers from the MFA Server blade.

Answer: C

Explanation: When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following
security principles to the local administrators group on the device: The Azure AD global administrator role
The Azure AD device administrator role The user performing the Azure AD join
In the Azure portal, you can manage the device administrator role on the Devices page. To open the Devices page:
1. Sign in to your Azure portal as a global administrator or device administrator.
2. On the left navbar, click Azure Active Directory.
3. In the Manage section, click Devices.
4. On the Devices page, click Device settings.
5. To modify the device administrator role, configure Additional local administrators on Azure AD joined devices.
References: https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

NEW QUESTION 3
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.



When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
Another administrator attempts to establish connectivity between two virtual networks named VNET1 and VNET2.
The administrator reports that connections across the virtual networks fail.
You need to ensure that network connections can be established successfully between VNET1 and VNET2 as quickly as possible.
What should you do from the Azure portal?

Answer:

Explanation: You can connect one VNet to another VNet using either a Virtual network peering, or an Azure VPN Gateway.
To create a virtual network gateway
Step1 : In the portal, on the left side, click +Create a resource and type 'virtual network gateway' in search. Locate Virtual network gateway in the search return and click the entry. On the Virtual network gateway page, click Create at the bottom of the page to open the Create virtual network gateway page.
Step 2: On the Create virtual network gateway page, fill in the values for your virtual network gateway.


Name: Name your gateway. This is not the same as naming a gateway subnet. It's the name of the gateway object you are creating.
Gateway type: Select VPN. VPN gateways use the virtual network gateway type VPN.
Virtual network: Choose the virtual network to which you want to add this gateway. Click Virtual network to open the 'Choose a virtual network' page. Select the VNet. If you don't see your VNet, make sure the Location field is pointing to the region in which your virtual network is located.
Gateway subnet address range: You will only see this setting if you did not previously create a gateway subnet for your virtual network. If you previously created a valid gateway subnet, this setting will not appear.
Step 4: Select Create New to create a Gateway subnet.

Step 5: Click Create to begin creating the VPN gateway. The settings are validated and you'll see the "Deploying Virtual network gateway" tile on the dashboard. Creating a gateway can take up to 45 minutes. You may need to refresh your portal page to see the completed status.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal?

NEW QUESTION 4
You have an Azure subscription.
You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will be part of the same availability set.
You need to ensure that as many virtual machines as possible are available if the fabric fails or during servicing.
How should you configure the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Select two alternatives below.

• A. platformFaultDomainCount: 0
• B. platformFaultDomainCount: 1
• C. platformFaultDomainCount: 2
• D. platformFaultDomainCount: 3
• E. platformFaultDomainCount: 4
• F. platformUpdateDomainCount: 10
• G. platformUpdateDomainCount: 20
• H. platformUpdateDomainCount: 25
• I. platformUpdateDomainCount: 30
• J. platformUpdateDomainCount: 40
• K. platformUpdateDomainCount: 50

Answer: CG

Explanation: Use two fault domains.
2 or 3 is max, depending on which region you are in. Use 20 for platformUpdateDomainCount
Increasing the update domain (platformUpdateDomainCount) helps with capacity and availability planning when the platform reboots nodes. A higher number for the pool (20 is max) means that fewer of their nodes in any given availability set would be rebooted at once.
References:
https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domains-managed-disk https://github.com/Azure/acs-engine/issues/1030

NEW QUESTION 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company registers a domain name of contoso.com.
You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You create a PTR record for www in the contoso.com zone. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation: Modify the Name Server (NS) record.
References: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

NEW QUESTION 6
You have an Azure Linux virtual machine that is protected by Azure Backup. One week ago, two files were deleted from the virtual machine.
You need to restore the deleted files to an on-premises computer as quickly as possible.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation: To restore files or folders from the recovery point, go to the virtual machine and choose the desired recovery point.
Step 0. In the virtual machine's menu, click Backup to open the Backup dashboard. Step 1. In the Backup dashboard menu, click File Recovery.
Step 2. From the Select recovery point drop-down menu, select the recovery point that holds the files you want. By default, the latest recovery point is already selected.
Step 3: To download the software used to copy files from the recovery point, click Download Executable (for Windows Azure VM) or Download Script (for Linux Azure VM, a python script is generated).
Step 4: Copy the files by using AzCopy
AzCopy is a command-line utility designed for copying data to/from Microsoft Azure Blob, File, and Table storage, using simple commands designed for optimal performance. You can copy data between a file system and a storage account, or between storage accounts.
References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy

NEW QUESTION 7
You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table.

Subscription1 contains the virtual machines in the following table:

The firewalls on all the virtual machines are configured to allow all ICMP traffic. You add the peerings in the following table.

For each of the following statements, select Yest if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: Yes
Vnet1 and Vnet3 are peers. Box 2: Yes
Vnet2 and Vnet3 are peers. Box 3: No
Peering connections are non-transitive.
References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke

NEW QUESTION 8
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to allow connections between the VNET01-USEA2 and VNET01-USWE2 virtual networks.
You need to ensure that virtual machines can communicate across both virtual networks by using their private IP address. The solution must NOT require any virtual network gateways.
What should you do from the Azure portal?

Answer:

Explanation: Virtual network peering enables you to seamlessly connect two Azure virtual networks. Once peered, the virtual networks appear as one, for connectivity purposes.
Peer virtual networks
Step 1. In the Search box at the top of the Azure portal, begin typing VNET01-USEA2. When VNET01-USEA2 appears in the search results, select it.
Step 2. Select Peerings, under SETTINGS, and then select + Add, as shown in the following picture:

Step 3. Enter, or select, the following information, accept the defaults for the remaining settings, and then select OK.
Name: myVirtualNetwork1-myVirtualNetwork2 (for example) Subscription: elect your subscription.
Virtual network: VNET01-USWE2 - To select the VNET01-USWE2 virtual network, select Virtual network, then select VNET01-USWE2. You can select a virtual network in the same region or in a different region.
Now we need to repeat steps 1-3 for the other network VNET01-USWE2:
Step 4. In the Search box at the top of the Azure portal, begin typing VNET01- USEA2. When VNET01- USEA2 appears in the search results, select it.
Step 5. Select Peerings, under SETTINGS, and then select + Add. References:
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal

NEW QUESTION 9
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.






When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You need to deploy two Azure virtual machines named VM1003a and VM1003b based on the Ubuntu Server 17.10 image. The deployment must meet the following requirements:
Provide a Service Level Agreement (SLA) of 99.95 percent availability.
Use managed disks.
What should you do from the Azure portal?

Answer:

Explanation: 1. Open the Azure portal.
2. On the left menu, select All resources. You can sort the resources by Type to easily find your images.
3. Select the image you want to use from the list. The image Overview page opens.
4. Select Create VM from the menu.
5. Enter the virtual machine information.
Select VM1003a as the name for the first Virtual machine.The user name and password entered here will be used to log in to the virtual machine. When complete, select OK. You can create the new VM in an existing resource group, or choose Create new to create a new resource group to store the VM.
6. Select a size for the VM. To see more sizes, select View all or change the Supported disk type filter.
7. Under Settings, make changes as necessary and select OK.
8. On the summary page, you should see your image name listed as a Private image. Select Ok to start the virtual machine deployment.
Repeat the procedure for the second VM and name it VM1003b. References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-vm-generalized-managed

NEW QUESTION 10
You need to meet the user requirement for Admin1. What should you do?

• A. From the Subscriptions blade, select the subscription, and then modify the Properties.
• B. From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.
• C. From the Azure Active Directory blade, modify the Properties.
• D. From the Azure Active Directory blade, modify the Groups.

Answer: A

Explanation: Change the Service administrator for an Azure subscription
Sign in to Account Center as the Account administrator.
Select a subscription.
On the right side, select Edit subscription details.
Scenario: Designate a new user named Admin1 as the service administrator of the Azure subscription. References:
https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator

NEW QUESTION 11
You have an Active Directory forest named contoso.com.
You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled.
You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.
You need to ensure that the synchronization completes successfully. What should you do?

• A. From Synchronization Service Manager, run a full import.
• B. Run Azure AD Connect and set the SSO method to Pass-through Authentication.
• C. From Azure PowerShell, run Start-AdSyncSyncCycle -PolicyType Initial.
• D. Run Azure AD Connect and disable staging mode.

Answer: D

Explanation: Staging mode must be disabled. If the Azure AD Connect server is in staging mode, password hash synchronization is temporarily disabled.
References:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-troubleshoot-p

NEW QUESTION 12
You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.
You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources.
What should you do first?

• A. From the on-premises network, deploy Active Directory Federation Services (AD FS).
• B. From Azure AD, add and verify a custom domain name.
• C. From the on-premises network, request a new certificate that contains the Active Directory domain name.
• D. From the server that runs Azure AD Connect, modify the filtering options.

Answer: B

Explanation: Azure AD Connect lists the UPN suffixes that are defined for the domains and tries to match them with a custom domain in Azure AD. Then it helps you with the appropriate action that needs to be taken. The Azure AD sign-in page lists the UPN suffixes that are defined for on-premises Active Directory and displays the corresponding status against each suffix. The status values can be one of the following:
State: Verified
Azure AD Connect found a matching verified domain in Azure AD. All users for this domain can sign in by using their on-premises credentials.
State: Not verified
Azure AD Connect found a matching custom domain in Azure AD, but it isn't verified. The UPN suffix of the users of this domain will be changed to the default .onmicrosoft.com suffix after synchronization if the domain isn't verified.
Action Required: Verify the custom domain in Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-user-signin

NEW QUESTION 13
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to prevent users from accidentally deleting blob data from Azure.
You need to ensure that administrators can recover any blob data that is deleted accidentally from the storagelod8095859 storage account for 14 days after the deletion occurred.
What should you do from the Azure portal?

Answer:

Explanation: Task A: Create a Recovery Services vault (if a vault already exists skip this task, go to Task B below) A1. From Azure Portal, On the Hub menu, click All services and in the list of resources, type Recovery
Services and click Recovery Services vaults.

If there are recovery services vaults in the subscription, the vaults are listed. A2. On the Recovery Services vaults menu, click Add.

A3. The Recovery Services vault blade opens, prompting you to provide a Name, Subscription, Resource group, and Location
Task B. Create a backup goal
B1. On the Recovery Services vault blade (for the vault you just created), in the Getting Started section, click Backup, then on the Getting Started with Backup blade, select Backup goal.

The Backup Goal blade opens. If the Recovery Services vault has been previously configured, then the Backup Goal blades opens when you click Backup on the Recovery Services vault blade.
B2. From the Where is your workload running? drop-down menu, select Azure.

B3. From the What do you want to backup? menu, select Blob Storage, and click OK. B4. Finish the Wizard.
Task C. create a backup schedule
C1. Open the Microsoft Azure Backup agent. You can find it by searching your machine for Microsoft Azure Backup.

C2. In the Backup agent's Actions pane, click Schedule Backup to launch the Schedule Backup Wizard.

C3. On the Getting started page of the Schedule Backup Wizard, click Next. C4. On the Select Items to Backup page, click Add Items.
The Select Items dialog opens.
C5. Select Blob Storage you want to protect, and then click OK. C6.In the Select Items to Backup page, click Next.
On the Specify Backup Schedule page, specify Schedule a backup every day, and click Next.

C7. On the Select Retention Policy page, set it to 14 days, and click Next.

C8. Finish the Wizard. References:
https://docs.microsoft.com/en-us/azure/backup/backup-configure-vault

NEW QUESTION 14
You have a virtual network named VNet1 that has the configuration shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: Box 1: add a subnet
Your IaaS virtual machines (VMs) and PaaS role instances in a virtual network automatically receive a private IP address from a range that you specify, based on the subnet they are connected to. We need to add the 192.168.1.0/24 subnet.
Box 2: add a network interface
The 10.2.1.0/24 network exists. We need to add a network interface. References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-static-private-ip-arm-pportal

NEW QUESTION 15
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.



When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
Your on-premises network uses an IP address range of 131.107.2.0 to 131.107.2.255.
You need to ensure that only devices from the on-premises network can connect to the rg1lod7523691n1 storage account.
What should you do from the Azure portal?

Answer:

Explanation: Step 1: Navigate to the rg1lod7523691n1 storage account.
Step 2: Click on the settings menu called Firewalls and virtual networks.
Step 3: Ensure that you have elected to allow access from 'Selected networks'.
Step 4: To grant access to an internet IP range, enter the address range of 131.107.2.0 to 131.107.2.255 (in CIDR format) under Firewall, Address Ranges.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

NEW QUESTION 16
You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.
You need to delete the Recovery Services vault. What should you do first?

• A. From the Recovery Service vault, stop the backup of each backup item.
• B. From the Recovery Service vault, delete the backup data.
• C. Modify the disaster recovery properties of each virtual machine.
• D. Modify the locks of each virtual machine.

Answer: A

Explanation: You can't delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can't, the vault is still configured to receive backup data.
Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.

References: https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault

NEW QUESTION 17
You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name should you use?

• A. ad.humongousinsurance.com
• B. humongousinsurance.onmicrosoft.com
• C. humongousinsurance.local
• D. humongousinsurance.com

Answer: D

Explanation: Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as ‘alice@contoso.com.’ instead of 'alice@domain name.onmicrosoft.com'.
Scenario:
Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure
AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain

NEW QUESTION 18
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately.
Solution: From the Redeploy blade, you click Redeploy. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: When you redeploy a VM, it moves the VM to a new node within the Azure infrastructure and then powers it back on, retaining all your configuration options and associated resources.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node