AZ-103 Real Exam Dumps Questions and answers 41-50

Get Full Version of the Exam
http://www.EnsurePass.com/AZ-103.html

Question No.41

You have an Azure subscription that contains a storage account named account1.

You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of 131.107.1.0/24.

You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a

virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24. You need to configure account1 to meet the following requirements:

Ensure that you can upload the disk files to account1.

image

Ensure that you can attach the disks to VM1.

image

Prevent all other access to account1.

image

A.

From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.

B.

From the Firewalls and virtual networks blade of account1, select Selected networks.

C.

From the Firewalls and virtual networks blade of acount1, add VNet1.

D.

From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this st

E.

From the Service endpoints blade of VNet1, add a service endpoint.

Which two actions should you perform? Each correct selection presents part of the solution. NOTE: Each correct selection is worth one point.

Answer: BE

Explanation:

B: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.

Azure portal

Navigate to the storage account you want to secure.

Click on the settings menu called Firewalls and virtual networks.

To deny access by default, choose to allow access from #39;Selected networks#39;. To allow traffic from all networks, choose to allow access from #39;All networks#39;.

Click Save to apply your changes.

E: Grant access from a Virtual Network

Storage accounts can be configured to allow access only from specific Azure Virtual Networks.

By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each request.

References:

https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

Question No.42

You have an Azure subscription that contains a resource group named RG1. RG1 contains 100 virtual machines.

Your company has three cost centers named Manufacturing, Sales, and Finance. You need to associate each virtual machine to a specific cost center.

What should you do?

A.

Add an extension to the virtual machines.

B.

Modify the inventory settings of the virtual machine.

C.

Assign tags to the virtual machines.

D.

Configure locks for the virtual machine.

Answer: C

Explanation:

https://docs.microsoft.com/en-us/azure/billing/billing-getting-started https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

Question No.43

You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2.

VM2 is protected by RSV1.

A.

From the RSV1 blade, click Backup items and stop the VM2 backup.

B.

From the RSV1 blade, click Backup Jobs and export the VM2 backup.

C.

From the RSV1 blade, click Backup . From the Backup blade, select the backup for the virtual machine, and then c

D.

From the VM2 blade, click Disaster recovery , click Replication settings , and then select RSV2 as the Recovery Se

You need to use RSV2 to protect VM2. What should you do first?

Answer: D

Explanation:

https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm

Question No.44

You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.)

image

No devices are connected to VNet1.

You plan to peer VNet1 to another virtual network named VNet2 in the same region. VNet2 has an address space of 10.2.0.0/16.

You need to create the peering. What should you do first?

A.

Configure a service endpoint on VNet2.

B.

Modify the address space of VNet1.

C.

Add a gateway subnet to VNet1.

D.

Create a subnet on VNet1 and VNet2.

Answer: B

Explanation:

The virtual networks you peer must have non-overlapping IP address spaces. The exhibit indicates that VNet1 has an address space of 10.2.0.0/16, which is the same as VNet2, and thus overlaps. We need to change the address space for VNet1.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage- peering#requirements-and-constraints

Question No.45

You have an Azure subscription named Subscription1.

You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1.

What should you use?

A.

LAD 3.0

B.

Azure Analysis Services

C.

the AzurePerformanceDiagnostics extension

D.

Azure HDInsight

Answer: C

Explanation:

You can use extensions to configure diagnostics on your VMs to collect additional metric data.

The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM.

References:

https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-monitoring

Question No.46

You have an Azure subscription named Subscription1.

You have 5 TB of data that you need to transfer to Subscription. You plan to use an Azure Import/Export job.

What can you use as the destination of the imported data?

A.

Azure SQL Database

B.

Azure Data Factory

C.

A virtual machine

D.

Azure Blob storage

Answer: D

Explanation:

https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service

Question No.47

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You create a resource lock, and then you assign the lock to the subscription. Does this meet the goal?

A.

Yes

B.

No

Answer: B

Explanation:

How can I freeze or lock my production/critical Azure resources from accidental deletion? There is way to do this with both ASM and ARM resources using Azure resource lock.

References:

https://blogs.msdn.microsoft.com/azureedu/2016/04/27/using-azure-resource-manager-policy- and-azure-lock-to-control-your-azure-resources/

Question No.48

Your company registers a domain name of contoso.com.

You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

You need to resolve the name resolution issue.

Solution: You modify the SOA record in the contoso.com zone Does this meet the goal?

A.

Yes

B.

No

Answer: B

Explanation:

Modify the NS record, not the SOA record.

Note:

The SOA record stores information about the name of the server that supplied the data for the zone; the administrator of the zone; the current version of the data file; the number of seconds a secondary name server should wait before checking for updates; the number of seconds a secondary name server should wait before retrying a failed zone transfer; the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire; and a default number of seconds for the time-to-live file on resource records.

References:

https://searchnetworking.techtarget.com/definition/start-of-authority-record

Question No.49

You have an Azure subscription that contains the resources in the following table.

image

Store1 contains a file share named Data. Data contains 5,000 files.

You need to synchronize the files in Data to an on-premises server named Server1.

Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A.

Download an automation script.

B.

Create a container instance.

C.

Create a sync group.

D.

Register Server1.

E.

Install the Azure File Sync agent on Server1.

Answer: CDE

Explanation:

Step 1 (E): Install the Azure File Sync agent on Server1

The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share

Step 2 (D): Register Server1.

Register Windows Server with Storage Sync Service

Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.

Step 3 (C): Create a sync group and a cloud endpoint.

A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.

References:

https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

Question No.50

You have an Azure subscription that contains three virtual networks named VNet1, VNet2, VNet3. VNet2 contains a virtual appliance named VM2 that operates as a router.

You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network.

You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3. You need to provide connectivity between VNet1 and VNet3 through VNet2.

Which two configurations should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A.

On the peering connections, allow forwarded traffic.

B.

On the peering connections, allow gateway transit.

C.

Create route tables and assign the table to subnets.

D.

Create a route filter.

E.

On the peering connections, use remote gateways.

Answer: BE

Explanation:

Allow gateway transit: Check this box if you have a virtual network gateway attached to this virtual network and want to allow traffic from the peered virtual network to flow through the gateway.

The peered virtual network must have the Use remote gateways checkbox checked when setting up the peering from the other virtual network to this virtual network.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage- peering#requirements-and-constraints

Get Full Version of AZ-103 Dumps