PASS - TAKER : Anonymos

Microsoft Azure Administrator – Exam Guide AZ-103 2019 Packt - Mockup Test Questions

Correct : 24

50% Complete (success)

50 %

False : 24

50% Complete (success)

50 %



Anonymos 2019-10-09T13:01:28

Correct

You have an Azure subscription named Subscription1, which contains two resource groups named ResourceGroup1 and ResourceGroup2. You need to ensure that all global administrators can manage all the resources inside both resource groups. You enable access management for the Azure resources from the Azure Active Directory properties blade. Does this solution meet your goal?

Yes, this does meet your goal. The access management setting from the Azure Active Directory Properties blade ensures that Azure AD users assigned to the global administrator role maintain full control over all subscription resources.

Not Correct

You are creating a Windows Server Virtual Machine (VM) that you plan to use as an image for future deployments. You need to ensure that other administrators cannot make any changes to it until you complete the image. What should you do?

You need to set a read-only lock on the resource group level. This will ensure that administrators and all other users can't make changes to all the different Azure resources that are created for your VM, such as changes to virtual networks, disks, and more.

Correct

You determine that business units inside your organization have Azure resources spread across different Azure resource groups. You need to make sure that the resources are assigned to proper cost centers. What should you do?

You should create taxonomic tags and assign them to the resource level; because Azure resources are spread over different resource groups, you can't apply them to the resource group level.

Not Correct

You have an Azure subscription that has eight VMs deployed in it. You need to configure monitoring for this, and want to receive a notification when the Central Processing Unit (CPU) or available memory reaches a certain threshold value. The notification needs to be sent using an email and needs to create a new issue in the corporate issue tracker. What is the minimum number of action groups and alerts that you need to create to meet these requirements?

You should create one alert and one action group for this. One alert can contain multiple metrics-based conditions and a single action group can contain more than one notification or remediation step. So, you can create the metrics for both the CPU and memory in one alert. You can use one action group for sending out the email and creating an issue in the corporate issue tracker.

Not Correct

You have two Azure resource groups named ResourceGroup1 and ResourceGroup2. The ResourceGroup1 resource group contains 20 Windows Server VMs and all the VMs are connected to an Azure Log Analytics workspace named Workspace1. You need to write a log search query that collects all security events with the following properties: all security levels other than 8 and with Event ID 4672. How should you write your query?

The right query should be SecurityEvent | where Level <> 8 | where EventID == 4672.

Not Correct

Your company has an application that uses an Azure SQL Database for storing information. The company has also deployed System Center Service Manager. You need to configure an alert when the database reaches 80% of CPU usage. When this alert rises, you want your administrator to be notified using email and SMS. You also need to create a ticket in the corporate issue tracker automatically when the alert arises. Which two actions should you perform?

You need to create one action group and you need to configure the IT Service Management Connector (ITSMC). This connector connects System Center Service Manager with Azure.

Not Correct

You need to delegate some of the global administrator privileges to a new cloud engineer in your office. You decide to create a custom role using a JSON file and the following PowerShell cmdlet to add the custom role: New-AzureRmRoleDefinition -InputFile "C:\ARM_templates/customrole.json". Is this correct?

Yes, this is the right way to create a custom role using PowerShell.

Correct

Your company has an Azure AD tenant and an on-premises AD that are synced using Azure AD Connect. You have one subscription called Packt_Main. The helpdesk administrators are members of the Packt_HD group. You need to grant the helpdesk group the permissions to reset user passwords using the Azure portal, while using the least amount of permissions. What should you do?

You should grant the Packt_HD group the password administrator role in Azure AD. This role grants the right to reset non-admin passwords, which are the minimal permissions that are required.

Correct

You want to create a group of resource group managers in the Azure portal. Which RBAC role do you need to assign to them to manage all the resource groups in the Azure subscription?

You should assign the owner role to the group of resource group managers.

Not Correct

Your company is developing a .NET application that stores information in an Azure storage account. You need to ensure that the information is stored in a secure way. You ask the developers to use a shared access signature (SAS) when accessing the information. You need to make the required configurations on the storage account to follow security best practices. Which statement is true?

1—True, you need to configure a stored access policy. 2—True, to revoke an SAS, you can delete the stored access policy. 3—False, when you set the timer to now, there can be differences in the clock of the servers hosting your storage account. This can lead to access problems for a short period of time.

Correct

Your company has an application that requires data from a blob storage to be moved from the hot access tier to the archive access tier to reduce costs. Which type of storage account do you need to create?

You need to configure a general-purpose V2 storage account to move data between different access tiers.

Not Correct

Your company wants to deploy a storage account. You need to ensure that the data is available in the case of the failure of an entire data center. The solution must be the most cost effective. What should you do

You should configure a storage account with Zone Redundant Storage (ZRS) replication. This makes a synchronous copy of the data between three different zones in the same region.

Correct

Your company has developed a web application that uses dynamic and static content. The application is deployed in multiple regions to achieve the best performance. Users complain about the performance of the web application and report that it takes a lot of time before the images are loaded. You decide to configure a Content Delivery Network (CDN). Which two actions should you perform?

You should implement custom caching and dynamic site acceleration on the CDN. Dynamic site acceleration improves performance when delivering dynamic content. You can configure caching rules for static content.

Not Correct

Your company has developed a web application that uses dynamic and static content. The application is deployed in multiple regions to achieve the best performance. Users complain about the performance of the web application and report that it takes a lot of time before the images are loaded. You decide to configure a CDN. What are two possible ways to configure the CDN?

You can configure an Azure CDN Standard Akamai and an Azure CDN Standard Verizon endpoint, configure dynamic site acceleration, and configure caching rules Dynamic site acceleration improves performance when delivering dynamic content. You can configure caching rules for static content. You should not create an Azure CDN Standard Microsoft endpoint, because this doesn't support dynamic site acceleration. You also should not create an Azure CDN Premium Verizon endpoint, because caching is configured using a rule engine instead of caching rules.

Correct

Your company has a large amount of data stored inside on-premises databases and file servers (120 TB). This data needs to be uploaded to Azure. What is the fastest way to upload it to Azure?

You should order an Azure Data Box. You can copy all the data to it, and ship it back to Microsoft. Microsoft will then upload this data into the Azure data center directly from the device.

Not Correct

Your company has eight on-premises file servers and an Azure subscription, which includes a storage account. You are planning to implement an Azure file share in a hybrid configuration using Azure file share sync. Which of the following statements is true?

Azure File Share Sync reduces the storage footprint of the on-premise file servers by using cloud tiering. This generates a heat map on the on-premise file share and archives infrequently accessed files to Azure. It also provides fault tolerance for on-premise file shares. If a file server goes offline, you can easily restore its file shares to another file server.

Not Correct

You are configuring Azure file sync to sync on-premises file shares with Azure File storage. Which two actions must be complete to ensure that the service will operate successfully on your servers?

You need to make sure that Internet Explorer Enhanced Security is disabled for both administrators and users and you need to make sure that PowerShell version 5.1 or higher is deployed on the servers.

Correct

You are setting up backup and restore for your Azure file shares. To create a backup policy in PowerShell, which of the following cmdlets should you use?

When you create a new policy in PowerShell, you should use the New-AzRecoveryServicesBackupProtectionPolicy cmdlet. The Get-AzRecoveryServicesBackupSchedulePolicyObject cmdlet gets a reference to a base policy item. The Get-AzRecoveryServicesVault cmdlet gets a reference to the Recovery Services Vault and the Enable-AzRecoveryServicesBackupProtection cmdlet enables the backup policy after creation.

Correct

You have an Azure resource group named PacktResourceGroup1 that contains a Linux VM named PacktVM1. You need to automate the deployment of 30 additional Linux machines. The VMs should be based on the configuration of the PacktVM1 VM. Which of the following solutions will meet the goal?

You can deploy the ARM template of the virtual machine from the virtual machine's Automation script blade and you can deploy the template from the Templates blade in the Azure portal.

Not Correct

Your company has a VM that is stored inside a resource group. You need to deploy additional VMs in the same resource group. You are planning to deploy them using an ARM template. You need to create a template from the original VM using PowerShell. Which cmdlet should you use?

You should use the Export-AzResourceGroup cmdlet. This captures the specified resource group as a template and saves it to a JSON file.

Correct

You have a Windows Server 2016 machine deployed inside an availability set. You need to change the availability set assignment for the VM. What will you do?

You should redeploy the VM from a recovery point. VMs can only be assigned to an availability set during initial deployment.

Correct

Your company has two different Azure subscriptions named PacktSubscription1 and PacktSubscription2, which both have their own Azure Active Directory assigned. You have a VM deployed in a resource group called PacktResourceGroup1 in the PacktSubscription1 subscription. You want to move this VM to another resource group, which is deployed in PacktSubscription2. You get an error when you try to move the VM. What is most likely causing this error?

You cannot move the VM because the subscriptions are in different Azure AD tenants. One of the prerequisites for moving VMs is that the source and the destination subscriptions remain in the same Azure AD tenant.

Correct

You need to move a VM using PowerShell. Which cmdlet should you use?

You should use the Set-AzVM cmdlet, followed by the -Redeploy method.

Not Correct

You have a VM deployed in a resource group and want to add an additional data disk to it to increase storage. You want to add the disk using PowerShell. Which cmdlet should you use?

The Add-AzVMDataDisk cmdlet adds a data disk to a virtual machine. You can add a data disk when you create a virtual machine, or you can add a data disk to an existing virtual machine.

Correct

Your company has two Virtual Networks (VNets) deployed, VNet1 and VNet2. You need to connect both VNets together. What is the most cost effective solution?

VNet peering is the most cost-effective solution to connect different VNets.

Not Correct

A VM named PacktVM1 is deployed in a resource group named PacktResourceGroup1. The VM is connected to a VNet named PacktVNet1. You plan to connect the PacktVM1 VM to an additional VNet named PacktVNet2. You need to create an additional network interface on the PacktVM1 VM and connect it to the PacktVNet2 VNet. Which two Azure Command-line Interface (CLI) commands should you use?

You should use az vm nic add to create a new NIC. Then you should use az network nic create to attach the NIC to PacktVM1.

Correct

You need to assign a static IPv4 address for a Windows Server VM named PacktVM1 running in a VNet named PacktVNet1. What should you do?

You should modify the IP configuration of the virtual network interface associated with PacktVM1.

Not Correct

You are managing the network of your organization. The on-premises infrastructure consists of multiple subnets. A new branch office was recently added. The network devices in the new office are assigned to a 192.168.22.0/24 subnet. You need to configure the Azure VPN Gateway to make sure that all the network devices in the branch office are accessible from the Azure network as well. Which PowerShell cmdlet should you use?

You should use the Set-AzureRmLocalNetworkGateway cmdlet. You need to reconfigure the local network gateway for this.

Correct

You have an application running on an Azure VM. Your onpremises network connects to the Azure Virtual Network using an Azure VPN Gateway. The application cannot be exposed directly to the internet due to security requirements. Users of the marketing department should be able to access the application when they are traveling and are using their company laptop. Which kind of connection should you configure?

You should configure an Azure VPN gateway to accept point-to-site VPN connections from users' laptops.

Correct

Your organization has Azure resources deployed in the West US, West Europe, and East Australia regions. The company has four offices located in these regions. You need to provide connectivity between all the on-premises networks and all the resources in Azure using a private channel. You configure a VPN gateway for each Azure region and configure a site-to-site VPN for each office and connect to the nearest VPN gateway. You then configure virtual network peering. You need to ensure that users have the lowest traffic latency. Does this solution meet your goal?

Yes—because you configure a VPN gateway for each region, this solution meets the goals. This will result in the lowest traffic latency for your users.

Not Correct

You have a Windows Server that is deployed in Azure and uses an ExpressRoute connection. After two months of normal use without any issues, suddenly you receive feedback from the users that they are experiencing network issues when they attempt to connect to the server. What tool do you need to use to monitor the network traffic to the server?

You should use Network Performance Monitor to monitor network traffic. You can also use this to monitor network traffic across an ExpressRoute connection.

Not Correct

You have several VNets configured in several Azure regions. Your onpremises infrastructure is based in the East US region and has four subnets configured. You are experiencing network performance issues in your on-premises infrastructure and decide to use the Network Performance Monitor for troubleshooting. Do you need to install the Log Analytics agent on all on-premises servers?

You don't need to install the Log Analytics agent on all the on-premise servers. You only need to install the agent for each network subnet, so you need to install at least four agents.

Not Correct

Your organization has Azure resources deployed in the West US, West Europe, and East Australia regions. The company has four offices located in these regions. Each office is connected to the nearest available Azure region using a site-to-site VPN connection. The VNets from each region are connected using virtual network peering. You need to monitor the traffic between the networks. You configure the connection troubleshoot capability of Azure Network Watcher. Does this solution meet your goal?

No—the network monitor is only capable of monitoring traffic generated from Azure to the on-premise network and not the other way around. You need to monitor all of the traffic on all of your networks.

Correct

Your company plans to release a new web application. This application is deployed using an App Service in Azure and will be available for all users of the packtpub.com domain. You have already purchased the packtpub.com domain name. You configure the packtpub.com Azure Domain Name System (DNS) zone and delegate it to the Azure DNS. You need to ensure that the web application can be accessed by using the packtpub.com domain name. You decide to use PowerShell to accomplish this. Which command should you use?

Correct

Your company plans to release a new web application and it needs to be available for all users on the packtpub.com domain. You decide to configure a DNS zone in Azure and check whether the domain is still available. What is the first step that you have to take to configure Azure DNS for this web application?

You should purchase the packtpub.com domain from a third-party domain registrar first, before taking any other steps.

Correct

You design a virtual network topology with the following characteristics: web subnet: 3 web frontend VMs, app subnet: 3 application server VMs, data subnet: 3 database server VMs. Your company requires that inter-subnet network traffic be strictly controlled with Network Security Groups (NSGs). You need to design a solution that minimizes NSG rule creation and maintenance. What should you do?

You should define application security groups (ASGs) that align to each application tier. This simplifies network administration in Azure and makes rule maintenance more straightforward.

Not Correct

You have deployed an Azure Load Balancer, which is using the Basic tier and is load balancing a set of VMs in an availability set that is called PacktSet1. You now need to load balance a set of VMs that are deployed to an availability set called PacktSet2. What should you do?

You should deploy a second Load Balancer using the Basic tier and use this one to route traffic to the new availability set or delete the old Load Balancer and create a new one using the Standard tier. Only the Standard tier is allowed to route traffic to different availability sets.

Correct

You deploy an Azure public Load Balancer to load balance traffic to six virtual machines. You want to remotely access VM1 from the internet through the public Load Balancer using the Remote Desktop Protocol (RDP). What should you do?

You should configure an inbound network address translation (NAT) rule that maps TCP port 3389 to VM1. Inbound NAT rules are designed to map a port to an internal IP address of a VM.

Not Correct

You deploy an Azure internal Load Balancer to load balance traffic to the internal corporate portal. You want to ensure that users only view the most recent copy of the portal. You created a file called NewVersion.html and want to configure the Load Balancer to direct the traffic only to the VMs that contain these files. What should you do?

You should create a new health probe that uses HTTP as the protocol and include the path to the NewVersion.html file. Health probes are designed to test whether a port or file is accessible.

Not Correct

You are asked to create a new set of Azure Active Directory (AD) security groups that represent the entire hierarchy of a manager's team. This includes people that are managed by the manager. You need to implement the request using the least amount of administrative effort. What should you do?

You should create new groups using the Direct Reports rule. This will create a dynamic group, including all members who have the same ManagerID attribute. This will also handle updates to the group accordingly.

Correct

You need to grant access to an external consultant to some resources inside your Azure subscription. You plan to add this external user using PowerShell. Which cmdlet should you use?

You should use the New-AzureADMSInvitation cmdlet to add an external user to your Azure AD tenant using PowerShell.

Correct

You need to add another administrator who will be responsible for managing all Infrastructure-as-a-Service (IaaS) deployments in your Azure subscription. You create a new account in Azure AD for the user. You need to configure the user account to meet the following requirements: read and write access to all Azure IaaS deployments, readonly access to Azure AD, and no access to Azure subscription metadata. The solution must also minimize your access maintenance in the future. What should you do?

You should assign the Contributor role at the resource group level to the user account. This provides the user with full read/write access at the resource group level, but doesn't grant the user any permissions in the subscription or Azure AD levels.

Not Correct

You are asked to configure a solution that allows users to log into Office 365 applications without providing their passwords. Your company also wants to deploy cloud-based two-factor authentication for some user profiles. What should you do?

You should enable pass-through authentication. This enables SSO for users and enables the company to implement two-factor authentication using Azure MFA.

Not Correct

You use Azure AD Connect to synchronize all AD domain users and groups with Azure AD. As a result, all users can use Single Sign-on (SSO) to access applications. You should reconfigure the directory synchronization to exclude domain services accounts and user accounts that shouldn't have access to the application. What should you do?

You should rerun Azure AD Connect. This will perform OU filtering and refreshes the directory schema.

Correct

Your company wants to enable all user accounts to use SSO to log in to applications and Office 365. The company has an on-premises AD and uses smartcard authentication. Which solution do you need to deploy to allow users to login without providing a password?

You should deploy ADFS. Using this solution, users can log in using SSO and use smartcard authentication. Smartcard authentication is not supported for Azure AD Connect.

Not Correct

You deploy Multi-Factor Authentication (MFA) in your Azure AD tenant. You don't want your users to be required to enter any additional passwords or code in the browser when using MFA. Which two methods should you make available?

Both, call to phone and notification via mobile apps don't require the user to enter a code in a browser.

Not Correct

Your company has an Azure AD tenant and an on-premises AD that are synced using Azure AD Connect. Your on-premises environment is running a mix of Windows Server 2012 and Windows Server 2016 servers. You use Azure MFA for multi-factor authentication. Users report that they are required to use MFA while using company devices. You need to turn MFA off for domain-joined devices. What should you do?

You should create a conditional access rule to allow users to use either MFA or a domain-joined device when accessing applications. The rule will not force MFA when using a domain-joined device.

Correct

Your company has an Azure AD tenant and an on-premises AD that are synced using Azure AD Connect. The security department notices a high number of logins from various public IP addresses. What should you do to reduce these logins?

You should create a conditional access rule to require MFA authentication for all risky logins labeled medium-risk and above. Azure AD can apply risk levels to all sign-in attempts using a selection of parameters. You can use conditional access to enforce sign-in requirements based on those levels.