★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Proper study guides for AZ-102 Microsoft Azure Administrator Certification Transition certified begins with AZ-102 Dumps Questions preparation products which designed to deliver the AZ-102 Dumps by making you pass the AZ-102 test at your first time. Try the free AZ-102 Dumps Questions right now.
Also have AZ-102 free dumps questions for you:
NEW QUESTION 1
Your company registers a domain name of contoso.com.
You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 22.214.171.124.
You discover that Internet hosts are unable to resolve www.contoso.com to the 126.96.36.199 IP address.
You need to resolve the name resolution issue.
Solution: You add an NS record to the contoso.com zone. Does this meet the goal?
- A. Yes
- B. No
Explanation: Before you can delegate your DNS zone to Azure DNS, you need to know the name servers for your
zone. The NS record set contains the names of the Azure DNS name servers assigned to the zone. References: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns
NEW QUESTION 2
You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.
The virtual machines host several applications that are accessible over port 443 to user on the Internet.
Your on-premises network has a site-to-site VPN connection to VNet1.
You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.
You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.
What should you do?
- A. Modify the address space of the local network gateway.
- B. Remove the public IP addresses from the virtual machines.
- C. Modify the address space of Subnet1.
- D. Create a deny rule in a network security group (NSG) that is linked to Subnet1.
Explanation: You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
NEW QUESTION 3
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?
- A. Azure Active Directory (AD) Identity Protection and an Azure policy
- B. a Recovery Services vault and a backup policy
- C. an Azure Key Vault and an access policy
- D. an Azure Storage account and an access policy
Explanation: You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file.
NEW QUESTION 4
You have an Azure subscription that contains three virtual networks named VNet1, VNet2, VNet3.
VNet2 contains a virtual appliance named VM2 that operates as a router.
You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network.
You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3. You need to provide connectivity between VNet1 and VNet3 through VNet2.
Which two configurations should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A. On the peering connections, allow forwarded traffic.
- B. On the peering connections, allow gateway transit.
- C. Create route tables and assign the table to subnets.
- D. Create a route filter.
- E. On the peering connections, use remote gateway
Explanation: Allow gateway transit: Check this box if you have a virtual network gateway attached to this virtual network and want to allow traffic from the peered virtual network to flow through the gateway. The peered virtual network must have the Use remote gateways checkbox checked when setting up the peering from the other virtual network to this virtual network.
NEW QUESTION 5
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.
You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE Each correct selection is worth one point.
- A. Modify the extensionProfile section of the Azure Resource Manager template.
- B. Create a new virtual machine scale set in the Azure portal.
- C. Create an Azure policy.
- D. Create an automation account.
- E. Upload a configuration scrip
Explanation: Virtual Machine Scale Sets can be used with the Azure Desired State Configuration (DSC) extension handler. Virtual machine scale sets provide a way to deploy and manage large numbers of virtual machines, and can elastically scale in and out in response to load. DSC is used to configure the VMs as they come online so they are running the production software.
References: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machinescale- sets-dsc
NEW QUESTION 6
You need to meet the technical requirement for VM4. What should you create and configure?
- A. an Azure Notification Hub
- B. an Azure Event Hub
- C. an Azure Logic App
- D. an Azure services Bus
Explanation: Scenario: Create a workflow to send an email message when the settings of VM4 are modified. You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources. These resources can publish those events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without you writing any code.
NEW QUESTION 7
You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2016. Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1. What can you do from the Azure portal?
- A. Generate an automation script for RG1.
- B. View the keys of storageaccount1.
- C. Upload a blob to storageaccount1.
- D. Start VM1.
Explanation: ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
NEW QUESTION 8
You have an Azure subscription named Subscription1.
You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1.
What should you use?
- A. LAD 3.0
- B. Azure Analysis Services
- C. the AzurePerformanceDiagnostics extension
- D. Azure HDInsight
Explanation: You can use extensions to configure diagnostics on your VMs to collect additional metric data.
The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM.
NEW QUESTION 9
You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name should you use?
- A. ad.humongousinsurance.com
- B. humongousinsurance.onmicrosoft.com
- C. humongousinsurance.local
- D. humongousinsurance.com
Explanation: Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as ‘email@example.com.’ instead of 'alice@domain name.onmicrosoft.com'.
Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD.
NEW QUESTION 10
Note: This question is part of a series of Questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these Questions will not appear in the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Deployments.
Does this meet the goal?
- A. Yes
- B. No
NEW QUESTION 11
Note: This questions is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. After you answer a questions in this section, you will NOT be able to return to it. As a result, these Questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider. Does this meet the goal?
- A. Yes
- B. No
NEW QUESTION 12
You have peering configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Explanation: Box 1: vNET6 only
Box 2: Modify the address space
The virtual networks you peer must have non-overlapping IP address spaces.
NEW QUESTION 13
You have an Azure subscription named Subscription1 that has the following providers registered: Authorization
Automation Resources Compute KeyVault Network Storage Billing Web
Subscription1 contains an Azure virtual machine named VM1 that has the following configurations: Private IP address: 10.0.0.4 (dynamic)
Network security group (NSG): NSG1 Public IP address: None
Availability set: AVSet Subnet: 10.0.0.0/24 Managed disks: No Location: East US
You need to record all the successful and failed connection attempts to VM1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Register the Microsoft.Insights resource provider
- B. Add an Azure Network Watcher connection monitor
- C. Register the Microsoft.LogAnalytics provider
- D. Enable Azure Network Watcher in the East US Azure region
- E. Create an Azure Storage account
- F. Enable Azure Network Watcher flow logs
Step 1: (D)
We must have a network watcher enabled in the East US region Step 2: (A+F)
A: NSG flow logging requires the Microsoft.Insights provider, which must be registered.
F: Network security groups (NSG) allow or deny inbound or outbound traffic to a network interface in a VM. The NSG flow log capability allows you to log the source and destination IP address, port, protocol, and whether traffic was allowed or denied by an NSG.
NEW QUESTION 14
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the Logic App Operator role to the Developers group. Does this meet the goal?
- A. Yes
- B. No
Explanation: The Logic App Operator role only lets you read, enable and disable logic app. With it you can view the logic app and run history, and enable/disable. Cannot edit or update the definition.
You would need the Logic App Contributor role. References:
NEW QUESTION 15
Another administrator reports that she is unable to configure a web app named corplod7509086n3 to prevent all connections from an IP address of 188.8.131.52.
You need to modify corplod7509086n3 to successfully prevent the connections from the IP address. The solution must minimize Azure-related costs.
What should you do from the Azure portal?
Explanation: Step 1:
Find and select application corplod7509086n3:
1. In the Azure portal, on the left navigation panel, click Azure Active Directory.
2. In the Azure Active Directory blade, click Enterprise applications. Step 2:
To add an IP restriction rule to your app, use the menu to open Network>IP Restrictions and click on Configure IP Restrictions
Click Add rule
You can click on [+] Add to add a new IP restriction rule. Once you add a rule, it will become effective immediately.
Add name, IP address of 184.108.40.206, select Deny, and click Add Rule
NEW QUESTION 16
You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table.
Subscription1 contains the virtual machines in the following table:
The firewalls on all the virtual machines are configured to allow all ICMP traffic. You add the peerings in the following table.
For each of the following statements, select Yest if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation: Box 1: Yes
Vnet1 and Vnet3 are peers. Box 2: Yes
Vnet2 and Vnet3 are peers. Box 3: No
Peering connections are non-transitive.
References: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybridnetworking/ hub-spoke
Recommend!! Get the Full AZ-102 dumps in VCE and PDF From Certleader, Welcome to Download: https://www.certleader.com/AZ-102-dumps.html (New 195 Q&As Version)