It is more faster and easier to pass the AZ-102 Study Guides by using AZ-102 Exam Questions. Immediate access to the AZ-102 Exam Dumps and find the same core area AZ-102 Exam Questions and Answers with professionally verified answers, then PASS your exam with a high score now.
Free AZ-102 Demo Online For Microsoft Certifitcation:
NEW QUESTION 1
SIMULATION
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.
When you are finished performing all the tasks, click the ‘Next’ button.
Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You need to allow RDP connections over TCP port 3389 to VM1 from the internet. The solution must prevent connections from the Internet over all other TCP ports.
What should you do from the Azure portal?
Answer:
Explanation: Step 1: Create a new network security group Step 2: Select your new network security group.
Step 3: Select Inbound security rules, . Under Add inbound security rule, enter the following Destination: Select Network security group, and then select the security group you created previously.
Destination port ranges: 3389 Protocol: Select TCP
References: https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic
NEW QUESTION 2
Your Azure environment contains an application gateway and custom apps.
Another administrator modifies the application gateway and the apps to use HTTP over TCP port 8080.
Users report that they can no longer connect to the apps.
You suspect that the cause of the issue is a change in the configuration of the application gateway. You need to modify the application gateway to resolve the issue.
What should you do from the Azure portal?
Answer:
Explanation: Step 1:
Select Networking and then select Application Gateway in the Featured list, and select the application gateway, and select the settings.
Step 2:
Click HTTP for the protocol of the listener and make sure that the port is defined as 443.
References:
https://docs.microsoft.com/en-us/azure/application-gateway/create-ssl-portal
NEW QUESTION 3
You plan to deploy an application getaway named appgw1015 to load balance IP traffic to the Azure virtual machines connected to subnet0.
You need to configure a virtual network named VNET1015 to support the planned application gateway.
What should you do from the Azure portal?
Answer:
Explanation: Step 1:
Click Networking, Virtual Network, and select VNET1015. Step 2:
Click Subnets, and Click +Add on the VNET1015 - Subnets pane that appears. Step 3:
On the Subnets page, click +Gateway subnet at the top to open the Add subnet page.
Step 4:
Locate subnet0 and add it. References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resourcemanager- portal
NEW QUESTION 4
Note: This question is part of a series of Questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these Questions will not appear in the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Deployments.
Does this meet the goal?
Answer: A
NEW QUESTION 5
You have the Azure virtual networks shown in the following table.
To which virtual networks can you establish a peering connection from VNet1?
Answer: C
Explanation: The virtual networks you peer must have non-overlapping IP address spaces. The VNet1 and VNhet2 address spaces overlap. The range of VNet2 is contained inside the range of VNet1.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-managepeering# requirements-and-constraints
NEW QUESTION 6
Note: This questions is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. After you answer a questions in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You configure a custom policy definition, and then you assign the policy to the subscription. Does this meet the goal?
Answer: A
Explanation: Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources.
References: https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition
NEW QUESTION 7
DRAG DROP
You have an availability set named AS1 that contains three virtual machines named VM1, VM2, and VM3.
You attempt to reconfigure VM1 to use a larger size. The operation fails and you receive an allocation failure message.
You need to ensure that the resize operation succeeds.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
NEW QUESTION 8
You have an Azure Service Bus.
You create a queue named Queue1. Queue1 is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation: Box 1: deleted after two hours
All messages sent into a queue or topic are subject to a default expiration that is set at the entity level with the defaultMessageTimeToLive property and which can also be set in the portal during creation and adjusted later. The default expiration is used for all messages sent to the entity where TimeToLive is not explicitly set. The default expiration also functions as a ceiling for the TimeToLive value. Messages that have a longer TimeToLive expiration than the default value are silently adjusted to the defaultMessageTimeToLive value before being enqueued.
Box 2: deleted in one hour References:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/message-expiration
NEW QUESTION 9
You need to deploy an Azure load balancer named Ib 1015 to your Azure subscription. The solution must meet the following requirements:
-Support the load balancing of IP traffic from the Internet to Azure virtual machines connected to VNET1016 subnet0.
-Prov.de 4 Service level Agreement (SWJ of 99.99 percent ability for the Azure virtual machines.
-Minimize Azure-related costs.
What should you do from the Azure portal?
To complete this task, you do NOT need to wait for the deployment to complete. Once the deployment start in Azure, you can move to the next task.
Answer:
Explanation: Step 1:
On the top left-hand side of the screen, click Create a resource > Networking > Load Balancer. Step 2:
In the Create a load balancer page enter these values for the load balancer: myLoadBalancer - for the name of the load balancer.
Internal - for the type of the load balancer. Basic - for SKU version.
Microsoft guarantees that apps running in a customer subscription will be available 99.99% of the time.
VNET1016subnet0 - for subnet that you choose from the list of existing subnets.
Step 3: Accept the default values for the other settings and click Create to create the load balancer.
NEW QUESTION 10
You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2021. Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1. What can you do from the Azure portal?
Answer: B
Explanation: ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lockresources
NEW QUESTION 11
You sign up for Azure Active Directory (Azure AD) Premium.
You need to add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain.
What should you configure in Azure AD?
Answer: C
Explanation: When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principles to the local administrators group on the device:
The Azure AD global administrator role The Azure AD device administrator role
The user performing the Azure AD join In the Azure portal, you can manage the device administrator role on the Devices page. To open the Devices
page: 1. Sign in to your Azure portal as a global administrator or device administrator.
2. On the left navbar, click Azure Active Directory.
3. In the Manage section, click Devices.
4. On the Devices page, click Device settings.
5. To modify the device administrator role, configure Additional local administrators on Azure AD joined
devices.
References: https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin
NEW QUESTION 12
You need to deploy an application gateway named appgwl015 to meet the following requirements: Load balance internal IP traffic to the Azure virtual machines connected to subnet0.
Provide a Service Level Agreement (SLA) of 99.99 percent availability for the Azure virtual machines. What should you do from the Azure portal?
Answer:
Explanation: Step 1:
Click New found on the upper left-hand corner of the Azure portal. Step 2:
Select Networking and then select Application Gateway in the Featured list. Step 3:
Enter these values for the application gateway: appgw1015 - for the name of the application gateway. SKU Size: Standard_V2
The new SKU [Standard_V2] offers autoscaling and other critical performance enhancements.
Step 4:
Accept the default values for the other settings and then click OK. Step 5:
Click Choose a virtual network, and select subnet0.
References:
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-gatewayportal
NEW QUESTION 13
HOT SPOT
You plan to use Azure Network Watcher to perform the following tasks:
Task1: Identify a security rule that prevents a network packet from reaching an Azure virtual machine.
Task2: Validate outbound connectivity from an Azure virtual machine to an external host.
Which feature should you use for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation: Task 1: IP flow verify
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
Task 2:
With the addition of Connection Troubleshoot, Network Watcher will see an incremental increase in its capabilities and ways for you to utilize it in your day to day operations. You can now, for example, check connectivity between source (VM) and destination (VM, URI, FQDN, IP Address). References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview https://azure.microsoft.com/en-us/blog/network-watcher-connection-troubleshoot-now-generallyavailable/
NEW QUESTION 14
HOT SPOT
You have an Azure web app named WebApp1.
You need to provide developers with a copy of WebApp1 that they can modify without affecting the production WebApp1. When the developers finish testing their changes, you must be able to switch the current line version of WebApp1 to the new version.
Which command should you run prepare the environment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation: Box 1: New-AzureRmWebAppSlot
The New-AzureRmWebAppSlot cmdlet creates an Azure Web App Slot in a given a resource group that uses the specified App Service plan and data center.
Box 2: -SourceWebApp References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.websites/new-azurermwebappslot
NEW QUESTION 15
You have an Azure subscription that contains the resources in the following table.
Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1. You need to apply ASG1 to VM1.
What should you do?
Answer: B
Explanation: When you deploy VMs, make them members of the appropriate ASGs. You associate the ASG with a subnet.
References: https://azure.microsoft.com/en-us/blog/applicationsecuritygroups/
NEW QUESTION 16
You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of 131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24. You need to configure account1 to meet the following requirements:
Ensure that you can upload the disk files to account1. Ensure that you can attach the disks to VM1. Prevent all other access to account1.
Which two actions should you perform? Each correct selection presents part of the solution. NOTE: Each correct selection is worth one point.
Answer: BE
Explanation: B: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.
Azure portal
Navigate to the storage account you want to secure.
Click on the settings menu called Firewalls and virtual networks.
To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all networks, choose to allow access from 'All networks'.
Click Save to apply your changes.
E: Grant access from a Virtual Network
Storage accounts can be configured to allow access only from specific Azure Virtual Networks. By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each request.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
NEW QUESTION 17
Another administrator reports that she is unable to configure a web app named corplod7509086n3 to prevent all connections from an IP address of 11.0.0.11.
You need to modify corplod7509086n3 to successfully prevent the connections from the IP address. The solution must minimize Azure-related costs.
What should you do from the Azure portal?
Answer:
Explanation: Step 1:
Find and select application corplod7509086n3:
1. In the Azure portal, on the left navigation panel, click Azure Active Directory.
2. In the Azure Active Directory blade, click Enterprise applications. Step 2:
To add an IP restriction rule to your app, use the menu to open Network>IP Restrictions and click on Configure IP Restrictions
Step 3:
Click Add rule
You can click on [+] Add to add a new IP restriction rule. Once you add a rule, it will become effective immediately.
Step 4:
Add name, IP address of 11.0.0.11, select Deny, and click Add Rule
References:
https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions
NEW QUESTION 18
HOT SPOT
Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com.
Adatum.com contains the user accounts in the following table.
Adatum.onmicrosoft.com contains the user accounts in the following table.
You need to implement Azure AD Connect. The solution must follow the principle of least privilege. Which user accounts should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation: Box 1: User5
In Express settings, the installation wizard asks for the following: AD DS Enterprise Administrator credentials
Azure AD Global Administrator credentials
The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has
completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in Active Directory can be set in all domains.
Box 2: UserA
Azure AD Global Admin credentials credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD. References: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directoryaadconnect- accounts-permissions
NEW QUESTION 19
DRAG DROP
You have two Azure virtual machines named VM1 and VM2. VM1 has a single data disk named Disk1. You need to attach Disk1 to VM2. The solution must minimize downtime for both virtual machines.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation: Step 1: Stop VM1.
Step 2: Detach Disk1 from VM1. Step 3: Start VM1.
Detach a data disk using the portal
In the left menu, select Virtual Machines.
Select the virtual machine that has the data disk you want to detach and click Stop to deallocate the
VM.
In the virtual machine pane, select Disks. At the top of the Disks pane, select Edit.
In the Disks pane, to the far right of the data disk that you would like to detach, click the Detach button image detach button.
After the disk has been removed, click Save on the top of the pane.
In the virtual machine pane, click Overview and then click the Start button at the top of the pane to restart the VM.
The disk stays in storage but is no longer attached to a virtual machine. Step 4: Attach Disk1 to VM2
Attach an existing disk
Follow these steps to reattach an existing available data disk to a running VM. Select a running VM for which you want to reattach a data disk.
From the menu on the left, select Disks.
Select Attach existing to attach an available data disk to the VM. From the Attach existing disk pane, select OK.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/detach-disk https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-attach-detach-data-disk
NEW QUESTION 20
You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name should you use?
Answer: D
Explanation: Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as ‘alice@contoso.com.’ instead of 'alice@domain name.onmicrosoft.com'.
Scenario:
Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-customdomain
P.S. prep-labs.com now are offering 100% pass ensure AZ-102 dumps! All AZ-102 exam questions have been updated with correct answers: https://www.prep-labs.com/dumps/AZ-102/ (195 New Questions)