Microsoft AZ-101 Free Practice Questions

NEW QUESTION 1
HOTSPOT
You create an Azure web app named WebApp1. WebApp1 has the autoscale settings shown in the following exhibit.


The scale out and scale in rules are configured to have a duration of 10 minutes and a cool down time of five minutes.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 2
From the MFA Server blade, you open the Block/unblock users blade as shown in the exhibit.

What caused AlexW to be blocked?

• A. An administrator manually blocked the user.
• B. The user reports a fraud alert when prompted for additional authentication.
• C. The user account password expired.
• D. The user entered an incorrect PIN four times within 10 minutes.

Answer: B

NEW QUESTION 3
HOTSPOT
Your company has offices in New York and Los Angeles.
You have an Azure subscription that contains an Azure virtual network named VNet1. Each office has a site-to-site VPN connection to VNet1.
Each network uses the address spaces shown in the following table.

You need to ensure that all Internet-bound traffic from VNet1 is routed through the New York office.
What should you do? To answer, select the appropriate options in the answer are a.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: Incorrect Answers:
Not: New-AzureRmVirtualNetworkGatewayConnection
This command creates the Site-to-Site VPN connection between the virtual network gateway and the on-prem VPN device. We already have Site-to-Site VPN connections.
Box 2: 192.168.0.0/20
Specify the VNET1 address. References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.network/set- azurermvirtualnetworkgatewaydefaultsite

NEW QUESTION 4
You have an Azure Active Directory (Azure AD) tenant.
You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations.
You need to ensure that members of the Global Administrators group will also be forced to use multi- factor authentication when authenticating from untrusted locations.
What should you do?

• A. From the multi-factor authentication page, modify the service settings.
• B. From the multi-factor authentication page, modify the user settings.
• C. From the Azure portal, modify grant control of Policy1.
• D. From the Azure portal, modify session control of Policy1.

Answer: C

Explanation: There are two types of controls:
Grant controls – To gate access
Session controls – To restrict access to a session
Grant controls oversee whether a user can complete authentication and reach the resource that
they’re attempting to sign-in to. If you have multiple controls selected, you can configure whether all of them are required when your policy is processed. The current implementation of Azure Active Directory enables you to set the following grant control requirements:

References:
https://blog.lumen21.com/2021/12/15/conditional-access-in-azure-active-directory/

NEW QUESTION 5
You have an Azure Active Directory (Azure AD) tenant named Tenant1 and an Azure subscription named You enable Azure AD Privileged Identity Management.
You need to secure the members of the Lab Creator role. The solution must ensure that the lab creators request access when they create labs.
What should you do first?

• A. From Azure AD Privileged Identity Management, edit the role settings for Lab Creator.
• B. From Subscription1 edit the members of the Lab Creator role.
• C. From Azure AD Identity Protection, creates a user risk policy.
• D. From Azure AD Privileged Identity Management, discover the Azure resources of Conscription.

Answer: A

Explanation: As a Privileged Role Administrator you can:
Enable approval for specific roles
Specify approver users and/or groups to approve requests
View request and approval history for all privileged roles References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

NEW QUESTION 6
You recently deployed a web app named homepagelod7509087.
You need to back up the code used for the web app and to store the code in the homepagelod7509Q87 storage account. The solution must ensure that a new backup is created daily.
What should you do from the Azure portal?

Answer:

Explanation: Step 1:
Locate and select the web app homepagelod7509087, select Backups. The Backups page is displayed.

Step 2:
In the Backup page, Click Configure. Step 3:
In the Backup Configuration page, click Storage: Not configured to configure a storage account.

Step 4:
Choose your backup destination by selecting a Storage Account and Container. Select the homepagelod7509087 storage account.
Step 5:
In the Backup Configuration page that is still left open, select Scheduled backup On, and configure daily backups.

Step 6:
In the Backup Configuration page, click Save. Step 7:
In the Backups page, click Backup. References:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-backup

NEW QUESTION 7
You need to deploy an application gateway named appgwl015 to meet the following requirements: Load balance internal IP traffic to the Azure virtual machines connected to subnet0.
Provide a Service Level Agreement (SLA) of 99.99 percent availability for the Azure virtual machines.
What should you do from the Azure portal?

Answer:

Explanation: Step 1:
Click New found on the upper left-hand corner of the Azure portal.
Step 2:
Select Networking and then select Application Gateway in the Featured list.
Step 3:
Enter these values for the application gateway: appgw1015 - for the name of the application gateway. SKU Size: Standard_V2
The new SKU [Standard_V2] offers autoscaling and other critical performance enhancements.

Step 4:
Accept the default values for the other settings and then click OK.
Step 5:
Click Choose a virtual network, and select subnet0. References:
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-gateway- portal

NEW QUESTION 8
You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1. You need to ensure that you can configure a point-to-site connection from VNet1 to an on-premises computer. Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Reset GW1.
• B. Add a service endpoint to VNet1.
• C. Add a connection to GW1.
• D. Add a public IP address space to VNet1.
• E. Delete GWL
• F. Create a route-based virtual network gateway.

Answer: EF

Explanation: E: Policy-based VPN devices use the combinations of prefixes from both networks to define how traffic is encrypted/decrypted through IPsec tunnels. It is typically built on firewall devices that perform packet filtering. IPsec tunnel encryption and decryption are added to the packet filtering and processing engine.
F: A VPN gateway is used when creating a VPN connection to your on-premises network.
Route-based VPN devices use any-to-any (wildcard) traffic selectors, and let routing/forwarding tables direct traffic to different IPsec tunnels. It is typically built on router platforms where each IPsec tunnel is modeled as a network interface or VTI (virtual tunnel interface).
Incorrect Answers:
D: Point-to-Site connections do not require a VPN device or a public-facing IP address. References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/create-routebased-vpn-gateway-portal https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm- ps

Case Study: 7
Lab 2
Overview
This is a lab or performance-based testing (PBT) section.
The following section of the exam is a lab. In this section, you will perform a set of tasks m a live environment. While most liable to you as it would be m a live environment, some functionality (e g, copy and paste, ability to having sites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the lab9s0 and all other sections of the
exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab. you will NOT be able to return to the tab.



To connect to Azure portal, type https://portal.azure.com in te browser address bar.

NEW QUESTION 9
You are building a custom Azure function app to connect to Azure Event Grid.
You need to ensure that resources are allocated dynamically to the function app. Billing must be based on the executions of the app.
What should you configure when you create the function app?

• A. the Windows operating system and the Consumption plan hosting plan
• B. the Windows operating system and the App Service plan hosting plan
• C. the Docker container and an App Service plan that uses the Bl1 pricing tier
• D. the Docker container and an App Service plan that uses the SI pricing

Answer: A

Explanation: Azure Functions runs in two different modes: Consumption plan and Azure App Service plan. The Consumption plan automatically allocates compute power when your code is running. Your app is scaled out when needed to handle load, and scaled down when code is not running.
Incorrect Answers:
B: When you run in an App Service plan, you must manage the scaling of your function app. References:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-first-azure-function

NEW QUESTION 10
You need to meet the technical requirement for VM4. What should you create and configure?

• A. an Azure Notification Hub
• B. an Azure Event Hub
• C. an Azure Logic App
• D. an Azure services Bus

Answer: B

Explanation: Scenario: Create a workflow to send an email message when the settings of VM4 are modified.
You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources. These resources can publish those events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without you writing any code.
References:
https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-grid-logic- app

NEW QUESTION 11
You have an Azure subscription named Subscription1 and two Azure Active Directory (Azure AD) tenants named Tenant1 and Tenant2.
Subscnption1 is associated to Tenant1 Multi-factor authentication (MFA) is enabled for all the users in Tenant1.
You need to enable MFA for the users in Tenant2. The solution must maintain MFA forTenant1. What should you do first?

• A. Transfer the administration of Subscription1 to a global administrator of Tenants.
• B. Configure the MFA Server setting in Tenant1.
• C. Create and link a subscription to Tenant2.
• D. Change the directory for Subscription1.

Answer: C

NEW QUESTION 12
You plan to support many connections to your company's automatically uses up to five instances when CPU utilization on the instances exceeds 70 percent for 10 minutes. When CPU utilization decreases, the solution must automatically reduce the number of instances.
What should you do from the Azure portal?

Answer:

Explanation: Step 1:
Locate the Homepage App Service plan Step 2:
below.
Click Add a rule, and enter the appropriate fields, such as below, and the click Add. Time aggregation: average
Metric Name: Percentage CPU Operator: Greater than Threshold 70
Duration: 10 minutes Operation: Increase count by Instance count: 4

Step 3:
We must add a scale in rule as well. Click Add a rule, and enter the appropriate fields, such as below, then click Add.
Operator: Less than Threshold 70
Duration: 10 minutes Operation: Decrease count by Instance count: 4
References:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets- autoscale-portal
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/insights-autoscale-best-practices

NEW QUESTION 13
You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com. From the Azure Active Directory blade, you assign the Conditional Access Administrator role to a user You need to ensure that Admin1 has just-in-time access as a conditional access administrator.
What should you do next?

• A. Enable Azure AD Multi-Factor Authentication (MFA).
• B. Set Admin1 as Eligible for the Privileged Role Administrator role.
• C. Admin1 as Eligible for the Conditional Access Administrator role.
• D. Enable Azure AD Identity Protection.

Answer: A

Explanation: Require MFA for admins is a baseline policy that requires MFA for the following directory roles:
Global administrator 
SharePoint administrator 
Exchange administrator 
Conditional access administrator 
Security administrator References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/baseline-protection

NEW QUESTION 14
DRAG DROP
You have an Azure subscription that contains the following resources:
• a virtual network named VNet1
• a replication policy named ReplPolicy1
• a Recovery Services vault named Vault1
• an Azure Storage account named Storage1
You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows Server
You need to migrate VM1 to VNet1 by using Azure Site Recovery.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation: Step 1: Deploy an EC2 virtual machine as a configuration server Prepare source include:
Use an EC2 instance that's running Windows Server 2012 R2 to create a configuration server and register it with your recovery vault.
Configure the proxy on the EC2 instance VM you're using as the configuration server so that it can access the service URLs.
Step 2: Install Azure Site Recovery Unified Setup.
Download Microsoft Azure Site Recovery Unified Setup. You can download it to your local machine and then copy it to the VM you're using as the configuration server.
Step 3: Enable replication for VM1.
Enable replication for each VM that you want to migrate. When replication is enabled, Site Recovery automatically installs the Mobility service.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-aws-azure

NEW QUESTION 15
You have an Azure App Service plan named AdatumASP1 that uses the P2v2 pricing tier. AdatumASP1 hosts Ml Azure web app named adatumwebapp1. You need to delegate the management of adatumwebapp1 to a group named Devs. Devs must be able to perform the following tasks:
• Add deployment slots.
• View the configuration of AdatumASP1.
• Modify the role assignment for adatumwebapp1. Which role should you assign to the Devs group?

• A. Owner
• B. Contributor
• C. Web Plan Contributor
• D. Website Contributor

Answer: B

Explanation: The Contributor role lets you manage everything except access to resources. Incorrect Answers:
A: The Owner role lets you manage everything, including access to resources.
C: The Web Plan Contributor role lets you manage the web plans for websites, but not access to them.
D: The Website Contributor role lets you manage websites (not web plans), but not access to them. References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

NEW QUESTION 16
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer
a question in this section, you will NOT be able to return to it As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscript contains a resource group named Dev.
d Subscription1. Adatum contains a group named Developers. Subscription!
You need to provide the Developers group with the ability to create Azure logic apps in the; Dev, resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app