NEW QUESTION 1

You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains the users shown in the following table.

Adatum.com has the following configurations: Users may join devices to Azure AD is set to User1.
Additional local administrators on Azure AD joined devices is set to None.
You deploy Windows 10 to a computer named Computer. User1 joins Computer1 to adatum.com. You need to identify which users are added to the local Administrators group on Computer1.

• A. User1 only
• B. User1, User2, and User3 only
• C. User1 and User2 only
• D. User1, User2, User3, and User4
• E. User2 only

Answer: C

Explanation:
Users may join devices to Azure AD - This setting enables you to select the users who can register their devices as Azure AD joined devices. The default is All.
Additional local administrators on Azure AD joined devices - You can select the users that are granted local administrator rights on a device. Users added here are added to the Device Administrators role in Azure AD. Global administrators, here User2, in Azure AD and device owners are granted local administrator rights by default.
References:
https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal

NEW QUESTION 2

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant contains 500 user accounts.
You deploy Microsoft Office 365. You configure Office 365 to use the user accounts in adatum.com. You configure 60 users to connect to mailboxes in Microsoft Exchange Online.
You need to ensure that the 60 users use Azure Multi-Factor Authentication (MFA) to connect to the Exchange Online mailboxes. The solution must only affect connections to the Exchange Online mailboxes.
What should you do?

• A. From the multi-factor authentication page, configure the Multi-Factor Auth status for each user
• B. From Azure Active Directory admin center, create a conditional access policy
• C. From the multi-factor authentication page, modify the verification options
• D. From the Azure Active Directory admin center, configure an authentication method

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

NEW QUESTION 3

You need to the appropriate sizes for the Azure virtual for Server2.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Create a Recovery Services vault
Create a Recovery Services vault on the Azure Portal. Box 2: Install the Azure Site Recovery Provider
Azure Site Recovery can be used to manage migration of on-premises machines to Azure. Scenario: Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Server2 has the Hyper-V host role. References:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure

NEW QUESTION 4

You have an Azure subscription that includes data in following locations:

You plan to export data by using Azure import/export job named Export1. You need to identify the data that can be exported by using Export1. Which data should you identify?

• A. DB1
• B. Table1
• C. container1
• D. Share1

Answer: D

Explanation:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service

NEW QUESTION 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1 that runs Windows Server 2021.
You need to create an alert in Azure when more than two error events are logged to the System log on VM1 within an hour.
Solution: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
Alerts in Azure Monitor can identify important information in your Log Analytics repository. They are created by alert rules that automatically run log searches at regular intervals, and if results of the log search match particular criteria, then an alert record is created and it can be configured to perform an automated response.
The Log Analytics agent collects monitoring data from the guest operating system and workloads of virtual machines in Azure, other cloud providers, and on-premises. It collects data into a Log Analytics workspace.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-response https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview

NEW QUESTION 6

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

NEW QUESTION 7

You have an Azure subscription that contains the resource groups shown in the following table.

RG1 contains the resources shown in the following table.

RG2 contains the resources shown in the following table.

You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1.
Which resources should you identify? To answer, select the appropriate options in the answer area.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking

NEW QUESTION 8

You need to resolve the licensing issue before you attempt to assign the license again. What should you do?

• A. From the Groups blade, invite the user accounts to a new group.
• B. From the Profile blade, modify the usage location.
• C. From the Directory role blade, modify the directory role.

Answer: A

Explanation:
License cannot be assigned to a user without a usage location specified. Scenario: Licensing Issue
You attempt to assign a license in Azure to several users and receive the following error message: "Licenses not assigned. License agreement failed for one user."
You verify that the Azure subscription has the available licenses.

NEW QUESTION 9

You have an Azure subscription that contains an Azure Storage account.
You plan to copy an on-premises virtual machine image to a container named vmimages. You need to create the container for the planned image.
Which command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
azcopy make 'https://<storage-account-name>.file.core.windows.net/<file-share-name><SAS-token>'

NEW QUESTION 10

You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in external.contoso.com.onmicrosoft.com.
Solution: You instruct User3 to create the user accounts.

• A. Yes
• B. No

Answer: B

Explanation:
Only a global administrator can add users to this tenant.
References:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad

NEW QUESTION 11

You plan to create an Azure virtual machine named VM1 that will be configured as shown in the following exhibit.
The planned disk configurations for VM1 are shown in the following exhibit.




You need to ensure that VM1 can be created in an Availability Zone.
Which two settings should you modify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Use managed disks
• B. Availability options
• C. OS disk type
• D. Size
• E. Image

Answer: AE

NEW QUESTION 12

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2. Solution: You export the client certificate from Computer1 and install the certificate on Computer2. Does this meet this goal?

• A. Yes
• B. No

Answer: A

Explanation:
Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate is not installed, authentication fails.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site

NEW QUESTION 13

You have an Azure subscription that contains an Azure Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory domain. The domain contains the users shown in the following table.

You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:
Number of methods required to reset: 2
Methods available to users: Mobile phone, Security questions
Number of questions required to register: 3
Number of questions required to reset: 3 You select the following security questions:
What is your favorite food?
In what city was your first job?
What was the name of your first pet?
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: No
Administrator accounts are special accounts with elevated permissions. To secure them, the following restrictions apply to changing passwords of administrators:
On-premises enterprise administrators or domain administrators cannot reset their password through
Self-service password reset (SSPR). They can only change their password in their on-premises environment. Thus, we recommend not syncing on-prem AD admin accounts to Azure AD.
An administrator cannot use secret Questions & Answers as a method to reset password. Box 2: Yes
Self-service password reset (SSPR) is an Azure Active Directory feature that enables employees to reset their passwords without needing to contact IT staff.
Box 3: Yes References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment

NEW QUESTION 14

You have Azure subscription that includes following Azure file shares: You have the following on-premises servers:
You create a Storage Sync Service named Sync1 and an Azure File Sync group named Group1. Group1 uses share1 as a cloud endpoint.
You register Server1 and Server2 in Sync1. You add D:Folder1 on Server1 as a server endpoint of Group1. For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: No
Group1 already has a cloud endpoint named Share1.
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
Box 2: Yes
Yes, one or more server endpoints can be added to the sync group. Box 3: Yes
Yes, one or more server endpoints can be added to the sync group. References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

NEW QUESTION 15

You have an Azure subscription that contains a user account named User1.
You need to ensure that User1 can assign a policy to the tenant root management group. What should you do?

• A. Assign the Owner role to User1, and then instruct User1 to configure access management for Azure resources.
• B. Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.
• C. Assign the Global administrator role to User1, and then modify the default conditional access policies.
• D. Assign the Owner role to User1, and then modify the default conditional access policies.

Answer: A

NEW QUESTION 16

You create an App Service plan named App1 and an Azure web app named webapp1. You discover that the option to create a staging slot is unavailable. You need to create a staging slot for App1.
What should you do first?

• A. From webapp1, modify the Application settings.
• B. From webapp1, add a custom domain.
• C. From App1, scale up the App Service plan.
• D. From App1, scale out the App Service plan.

Answer: C

Explanation:
https://docs.microsoft.com/en-us/azure/app-service/manage-scale-up

NEW QUESTION 17

You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2.
VM2 is protected by RSV1.
You need to use RSV2 to protect VM2. What should you do first?

• A. From the RSV1 blade, click Backup items and stop the VM2 backup.
• B. From the RSV1 blade, click Backup Jobs and export the VM2 backup.
• C. From the RSV1 blade, click Backu
• D. From the Backup blade, select the backup for the virtual machine, and then click Backup.
• E. From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault.

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm

NEW QUESTION 18

You need to meet the technical requirement for VM4. What should you create and configure?

• A. an Azure Notification Hub
• B. an Azure Event Hub
• C. an Azure Logic App
• D. an Azure services Bus

Answer: B

Explanation:
Scenario: Create a workflow to send an email message when the settings of VM4 are modified.
You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources. These resources can publish those events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without you writing any code.
References:
https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-grid-logic-app

NEW QUESTION 19

You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: An Azure Log Analytics workspace
In the Azure portal you can set up a Log Analytics workspace, which is a unique Log Analytics environment with its own data repository, data sources, and solutions
Box 2: ILB1
References:
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-create-workspace
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics

NEW QUESTION 20

You have an Azure subscription that contains an Azure Availability Set named WEBPROD-AS-USE2 as shown in the following exhibit.

You add 14 virtual machines to WEBPROD-AS-USE2.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 21

You manage two Azure subscriptions named Subscription1 and Subscription2. Subscription1 has the following virtual networks:

The virtual networks contain the following subnets:

Subscription2 contains the following virtual network:
Name: VNETA
Address space: 10.10.128.0/17
Location: Canada Central
VNETA contains the following subnets:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
With VNet-to-VNet you can connect Virtual Networks in Azure across Different regions. Box 2: Yes
Azure supports the following types of peering:
Virtual network peering: Connect virtual networks within the same Azure region. Global virtual network peering: Connecting virtual networks across Azure regions. Box 3: No
The virtual networks you peer must have non-overlapping IP address spaces. References:
https://azure.microsoft.com/en-us/blog/vnet-to-vnet-connecting-virtual-networks-in-azure-across-different-regio https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-cons

NEW QUESTION 22

You have an Azure subscription that contains the following resources:
100 Azure virtual machines
20 Azure SQL databases
50 Azure file shares
You need to create a daily backup of all the resources by using Azure Backup. What is the minimum number of backup policies that you must create?

• A. 1
• B. 2
• C. 3
• D. 150
• E. 170

Answer: C

Explanation:
There is a limit of 100 VMs that can be associated to the same backup policy from portal. We recommend that for more than 100 VMs, create multiple backup policies with same schedule or different schedule.
One policy for VMS, one for SQL databases, and one for the file shares. References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vm-backup-faq

NEW QUESTION 23

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest Labs.
You would need the Logic App Contributor role. References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

NEW QUESTION 24

You have peering configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: vNET6 only
Box 2: Modify the address space
The virtual networks you peer must have non-overlapping IP address spaces. References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-cons

NEW QUESTION 25
......