AZ-103 Exam Dumps 2019 - Latest Exam Collection AZ-103 study materials


Vicky114

Uploaded on Aug 31, 2019

Category Education

You must take help from AZ-103 dumps pdf to ace your exam by the first attempt. You will never find a material which is so authentic and to-the-point. You will have a comprehensive view after the completion of AZ-103 dumps. This study material is easy to be downloaded from realexamdumps with money back guarantee. You can check the quality of the demo questions free of cost. You can bring the best results out of your efforts with the help of AZ-103 dumps pdf. For more info:https://www.realexamdumps.com/microsoft/az-103-practice-test.html

Category Education

Comments

                     

AZ-103 Exam Dumps 2019 - Latest Exam Collection AZ-103 study materials

M i c r o s o f t AZ-103 Dumps PDF Microsoft Azure Administrator Exam For More Info: https://www.realexamdumps.com/microsoft/az-103-practice-test.html Case Study: 1 Humongous Insurance Overview Existing Environment Active Directory Environment Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com. The functional level of the forest is Windows Server 2012. You recently provisioned an Azure Active Directory (Azure AD) tenant. Network Infrastructure Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet. Each office has several link load balancers that provide access to the servers. Active Directory Issue Several users in humongousinsurance.com have UPNs that contain special characters. You suspect that some of the characters are unsupported in Azure AD. Licensing Issue You attempt to assign a license in Azure to several users and receive the following error message: "Licenses not assigned. License agreement failed for one user." You verify that the Azure subscription has the available licenses. Requirements Planned Changes Humongous Insurance plans to open a new office in Paris. The Paris office will contain 1,000 users who will be hired during the next 12 months. All the resources used by the Paris office users will be hosted in Azure. Planned Azure AD Infrastructure The on-premises Active Directory domain will be synchronized to Azure AD. All client computers in the Paris office will be joined to an Azure AD domain. Planned Azure Networking Infrastructure You plan to create the following networking resources in a resource group named All_Resources: •Default Azure system routes that will be the only routes used to route traffic •A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2 •A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet •A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and Subnet4 You plan to enable peering between Paris-VNet and AllOffices-VNet. You will enable the Use remote gateways setting for the Paris-VNet peerings. You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network. Planned Azure Computer Infrastructure Each subnet will contain several virtual machines that will run either Windows Server 2012 R2, Windows Server 2016, or Red Hat Linux. Department Requirements Humongous Insurance identifies the following requirements for the company's departments: •Web administrators will deploy Azure web apps for the marketing department. Each web app will be added to a separate resource group. The initial configuration of the web apps will be identical. The web administrators have permission to deploy web apps to resource groups. •During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week. Authentication Requirements Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure. Question: 1 DRAG DROP You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer: Explanation: Step 1: First you create a storage account using the Azure portal. Step 2: Select Automation options at the bottom of the screen. The portal shows the template on the Template tab. Deploy: Deploy the Azure storage account to Azure. Step 3: Share the template. Scenario: Web administrators will deploy Azure web apps for the marketing department. Each web app will be added to a separate resource group. The initial configuration of the web apps will be identical. The web administrators have permission to deploy web apps to resource groups. References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager- quickstart-create-templates-use-the-portal Question: 2 Which blade should you instruct the finance department auditors to use? A. Partner information B. Overview C. Payment methods D. Invoices Answer: D Explanation: You can opt in and configure additional recipients to receive your Azure invoice in an email. This feature may not be available for certain subscriptions such as support offers, Enterprise Agreements, or Azure in Open. Select your subscription from the Subscriptions page. Opt-in for each subscription you own. Click Invoices then Email my invoice. Click Opt in and accept the terms. Scenario: During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week. References: https://docs.microsoft.com/en-us/azure/billing/billing-download-azure-invoice-daily-usage- date Question: 3 You need to prepare the environment to meet the authentication requirements. Which two actions should you perform? Each correct answer presents part of the solution. NOTE Each correct selection is worth one point. A. Azure Active Directory (AD) Identity Protection and an Azure policy B. a Recovery Services vault and a backup policy C. an Azure Key Vault and an access policy D. an Azure Storage account and an access policy Answer: BD Explanation: D: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect. B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com Incorrect Answers: A: Seamless SSO needs the user's device to be domain-joined, but doesn't need for the device to be Azure AD Joined. C: Azure AD connect does not port 8080. It uses port 443. E: Seamless SSO is not applicable to Active Directory Federation Services (ADFS). Scenario: Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure. Planned Azure AD Infrastructure include: The on-premises Active Directory domain will be synchronized to Azure AD. References: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory- aadconnect-sso-quick-start Question: 4 You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name should you use? A. Join the client computers in the Miami office to Azure AD. B. Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office. C. Allow inbound TCP port 8080 to the domain controllers in the Miami office. D. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication E. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office. Answer: BD Explanation: Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as ‘[email protected].’ instead of 'alice@domain name.onmicrosoft.com'. Scenario: Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet. Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD. References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom- domain Question: 5 You need to resolve the Active Directory issue. What should you do? A. From Active Directory Users and Computers, select the user accounts, and then modify the User Principal Name value. B. Run idfix.exe, and then use the Edit action. C. From Active Directory Domains and Trusts, modify the list of UPN suffixes. D. From Azure AD Connect, modify the outbound synchronization rule. Answer: B IdFix is used to perform discovery and remediation of identity objects and their attributes in an on- premises Active Directory environment in preparation for migration to Azure Active Directory. IdFix is intended for the Active Directory administrators responsible for directory synchronization with Azure Active Directory. Scenario: Active Directory Issue Several users in humongousinsurance.com have UPNs that contain special characters. You suspect that some of the characters are unsupported in Azure AD. References: https://www.microsoft.com/en-us/download/details.aspx?id=36832 Question: 6 Which blade should you instruct the finance department auditors to use? A. invoices B. partner information C. cost analysis D. External services Answer: A Question: 7 You need to define a custom domain name for Azure AD to support the planned infrastructure. Which domain name should you use? A. ad.humongousinsurance.com B. humongousinsurance.onmicrosoft.com C. humongousinsurance.local D. humongousinsurance.com Answer: D Explanation: Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com. The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure AD as well. For example, your organization probably has other domain names used to do business and users who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to assign user names in the directory that are familiar to your users, such as ‘[email protected].’ instead of 'alice@domain name.onmicrosoft.com'. Scenario: Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet. Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure AD. References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom- domain Question: 8 You need to prepare the environment to meet the authentication requirements. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Allow inbound TCP port 8080 to the domain controllers in the Miami office. B. Add http://autogon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office. C. Join the client computers in the Miami office to Azure AD. D. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office. E. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication. Answer: BE Explanation: B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com E: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect. References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start Question: 9 DRAG DROP You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks. The virtual networks have the address spaces and the subnets configured as shown in the following table. You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer: Explanation: Step 1: Remove peering between Vnet1 and VNet2. You can't add address ranges to, or delete address ranges from a virtual network's address space once a virtual network is peered with another virtual network. To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering. Step 2: Add the 10.44.0.0/16 address space to VNet1. Step 3: Recreate peering between VNet1 and VNet2 References: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering Question: 10 You need to resolve the licensing issue before you attempt to assign the license again. What should you do? A. From the Groups blade, invite the user accounts to a new group. B. From the Profile blade, modify the usage location. C. From the Directory role blade, modify the directory role. Answer: A Explanation: License cannot be assigned to a user without a usage location specified. Scenario: Licensing Issue You attempt to assign a license in Azure to several users and receive the following error message: "Licenses not assigned. License agreement failed for one user." You verify that the Azure subscription has the available licenses. Question: 11 HOT SPOT You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure. For each of the following statements, select Yes if the statement is true. Otherwise, select No. Answer: Case Study: 9 Lab 1 SIMULATION The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task. Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided. Please, note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab. To start the lab You may start lab by clicking the Next button Tasks Click to expand each objective To connect to the Azure portal, type https:/portal.azure.com in the browser address bar. Instructions Performance Based Lab This type of question asks you to perform tasks in a virtual environment. The screen for this type of question includes a virtual machine window and a tasks pane. The window is a remotely connected live environment where you perform tasks on real software and applications. On the right is a Tasks pane that lists the tasks you need to perform in the lab. Each task can be expanded or collapsed using the “+” or “-” symbols. A checkbox is provided for each task. This is provided for convenience, so you can mark each task as you complete it. Tasks Click to expand each objective -Configure servers Add the “Print and Document Services” role to server LON-SVR1, installing any required management features and enabling both Print and LPD Services. +Configure file and share access When you are finished performing all the tasks, click the ‘Next’ button. Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam. Comments Once the exam completes, the comment period will begin and you will have the opportunity to provide comments to Microsoft about the exam questions. To launch the comment period, click the “Finish” and then “Comment” buttons. To skip the comment period and the exam, click Exit. You can navigate to a question from the Review screen to provide a comment. Please, see the Review Screen tab in the Review Screen help Menu (which can be accessed from the Review Screen) for details on accessing questions from the Review Screen. To comment on a question, navigate to that question and click the Give Feedback icon. When you have entered your comment in the comment window, click Submit to close the window. To navigate to the Review screen again, click the Review button. You may navigate through all questions using the Next and Previous buttons. To skip commenting, go to the Review Screen by selecting the Review Screen button in the upper left-hand corner and from the Review Screen, select “Finished”. Controls Available For any question, one or more of the following controls might be available. Keyboard Shortcuts Available Exam features may be accessed using keyboard shortcuts. The following table describes the keyboard shortcuts that are available during this exam. Some keyboard shortcuts require that you press two or more keys at the same time. These keys are separated by a plus sign (+) in the table below. Question: 12 You need to prevent remote users from publishing via FTP to a function app named FunctionApplod7509087fa. Remote users must be able to publish via FTPS. What should you do from the Azure portal? Answer: See explanation below. Explanation: Step 1: Locate and select the function app FunctionApplod7509087fa. Step 2: Select Application Settings > FTP Access, change FTP access to FTPS Only, and click Save. References: https://blogs.msdn.microsoft.com/appserviceteam/2018/05/08/web-apps-making-changes-to-ftp- deployments/ Question: 13 You plan to support many connections to your company's automatically uses up to five instances when CPU utilization on the instances exceeds 70 percent for 10 minutes. When CPU utilization decreases, the solution must automatically reduce the number of instances. What should you do from the Azure portal? Answer: See explanation below. Explanation: Step 1: Locate the Homepage App Service plan Step 2: Click Add a rule, and enter the appropriate fields, such as below, and the click Add. Time aggregation: average Metric Name: Percentage CPU Operator: Greater than Threshold 70 Duration: 10 minutes Operation: Increase count by Instance count: 4 Step 3: We must add a scale in rule as well. Click Add a rule, and enter the appropriate fields, such as below, then click Add. Operator: Less than Threshold 70 Duration: 10 minutes Operation: Decrease count by Instance count: 4 References: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets- autoscale-portal https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/insights-autoscale-best-practices Question: 14 You recently deployed a web app named homepagelod7509087. You need to back up the code used for the web app and to store the code in the homepagelod7509Q87 storage account. The solution must ensure that a new backup is created daily. What should you do from the Azure portal? Answer: See explanation below. Explanation: Step 1: Locate and select the web app homepagelod7509087, select Backups. The Backups page is displayed. Step 2: In the Backup page, Click Configure. Step 3: In the Backup Configuration page, click Storage: Not configured to configure a storage account. Step 4: Choose your backup destination by selecting a Storage Account and Container. Select the homepagelod7509087 storage account. Step 5: In the Backup Configuration page that is still left open, select Scheduled backup On, and configure daily backups. Step 6: In the Backup Configuration page, click Save. Step 7: In the Backups page, click Backup. References: https://docs.microsoft.com/en-us/azure/app-service/web-sites-backup Question: 15 Your company recently hired a user named [email protected]. You need to ensure that janet-7509087@ ExamUsers.com can connect to load balancer named Web- LAB. The solution must ensure that janet-7509087@ ExamUsers.com can modify the backend pools. What should you do from the Azure portal? Answer: See explanation below. Explanation: Step 1: In the navigation list, choose Load Balancer. Step 2: Locate the load balancer named Web-ALB, and click the Access icon. Step3: In the Users blade, click Roles. In the Roles blade, click Add to add permissions for the user Janet- [email protected]. Step 4: Add permission to modify backend pools References: https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-manage-permissions Question: 16 Your marketing team creates a new website that you must load balance for 99.99 percent availability. You need to deploy and configure a solution for both machines in the Web-AS availability set to load balance the website over HTTP. The solution must use the load balancer your resource group. What should you do from the Azure portal? Answer: See explanation below. Explanation: To distribute traffic to the VMs in the availability set, a back-end address pool contains the IP addresses of the virtual NICs that are connected to the load balancer. Create the back-end address pool to include the VMs in the availability set. Step 1: Select All resources on the left menu, and then select LoadBalancer from the resource list. Step 2: Under Settings, select Backend pools, and then select Add. Step 3: On the Add a backend pool page, select the Web-AS availability set, and then select OK: References: https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-create-basic-load-balancer-portal Question: 17 Your Azure environment contains an application gateway and custom apps. Another administrator modifies the application gateway and the apps to use HTTP over TCP port 8080. Users report that they can no longer connect to the apps. You suspect that the cause of the issue is a change in the configuration of the application gateway. You need to modify the application gateway to resolve the issue. What should you do from the Azure portal? Answer: See explanation below. Explanation: Step 1: Select Networking and then select Application Gateway in the Featured list, and select the application gateway, and select the settings. Step 2: Click HTTP for the protocol of the listener and make sure that the port is defined as 443. References: https://docs.microsoft.com/en-us/azure/application-gateway/create-ssl-portal Question: 18 You plan to deploy a site-to-site VPN connection from on-premises network to your Azure environment. The VPN connection will be established to the VNET01-USEA2 virtual network. You need to create the required resources in Azure for the planned site-to-site VPN. The solution must minimize costs. What should you do from the Azure portal? NOTE: This task may a very long time to complete. You do NOT need to wait for the deployment to complete this task successfully. Answer: See explanation below. Explanation: We create a VPN gateway. Step 1: On the left side of the portal page, click + and type 'Virtual Network Gateway' in search. In Results, locate and click Virtual network gateway. Step 2: At the bottom of the 'Virtual network gateway' page, click Create. This opens the Create virtual network gateway page. Step 3: On the Create virtual network gateway page, specify the values for your virtual network gateway. Gateway type: Select VPN. VPN gateways use the virtual network gateway type VPN. Virtual network: Choose the existing virtual network VNET01-USEA2 Gateway subnet address range: You will only see this setting if you did not previously create a gateway subnet for your virtual network. Step 4: Select the default values for the other setting, and click create. The settings are validated and you'll see the "Deploying Virtual network gateway" tile on the dashboard. Creating a gateway can take up to 45 minutes. Note: This task may take a very long time to complete. You do NOT need to wait for the deployment to complete this task successfully. References: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource- manager-portal Case Study: 2 Contoso Case Study Overview Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees. All the resources used by Contoso are hosted on-premises. Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier. Existing Environment The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone. Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently. Contoso.com contains a user named User1. All the offices connect by using private links. Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device. All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table. Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory. The Azure subscription contains the resources in the following table. The network security team implements several network security groups (NSGs). Planned Changes Contoso plans to implement the following changes: •Deploy Azure ExpressRoute to the Montreal office. •Migrate the virtual machines hosted on Server1 and Server2 to Azure. •Synchronize on-premises Active Directory to Azure Active Directory (Azure AD). •Migrate App1 and App2 to two Azure web apps named webApp1 and WebApp2. Technical requirements Contoso must meet the following technical requirements: • Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instance*. • Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office. • Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office. • Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only. • Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com. • Connect the New Your office to VNet1 over the Internet by using an encrypted connection. • Create a workflow to send an email message when the settings of VM4 are modified. • Cre3te a custom Azure role named Role1 that is based on the Reader role. • Minimize costs whenever possible. Question: 19 You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use? A. Diagram in VNet1 B. the security recommendations in Azure Advisor C. Diagnostic settings in Azure Monitor D. Diagnose and solve problems in Traffic Manager Profiles E. IP flow verify in Azure Network Watcher Answer: E Explanation: Scenario: Contoso must meet technical requirements including: Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office. IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment. References: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview Question: 20 You need to meet the technical requirement for VM4. What should you create and configure? A. an Azure Notification Hub B. an Azure Event Hub C. an Azure Logic App D. an Azure services Bus Answer: B Explanation: Scenario: Create a workflow to send an email message when the settings of VM4 are modified. You can start an automated logic app workflow when specific events happen in Azure resources or third- party resources. These resources can publish those events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without you writing any code. References: https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-grid-logic- app Question: 21 You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements. What should you include in the recommended? A. Azure AP B2C B. Azure AD Identity Protection C. an Azure logic app and the Microsoft Identity Management (MIM) client D. dynamic groups and conditional access policies Answer: D Explanation: Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only. The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other conditions. References: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates