Microsoft Azure Infrastructure and Deployment (AZ-100) Exam Questions & Exam Dumps. Share Microsoft Azure AZ-100 dumps and download AZ-100 PDF online for free, online practice tests help you easily upgrade your skills,
AZ-100 YouTube online to get the full AZ-100 exam dumps: https://www.leads4pass.com/az-100.html (Total questions:127 Q&A)
[PDF] Free Microsoft Azure AZ-100 pdf dumps download from Google Drive: https://drive.google.com/open?id=1C-wZtMlCtb-vBPFAcqWWD-KYI8e-M4F6
[PDF] Free Full Microsoft pdf dumps download from Google Drive: https://drive.google.com/open?id=1AwBFPqkvdpJBfxdZ3nGjtkHQZYdBsRVz
Exam AZ-100: Microsoft Azure Infrastructure and Deployment: https://www.microsoft.com/en-us/learning/exam-az-100.aspx
Latest effective Microsoft Azure AZ-100 Exam Practice Tests
QUESTION 1
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to
deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being
stored in plain text.
What should you create to store the password?
A. Azure Active Directory (AD) Identity Protection and an Azure policy
B. a Recovery Services vault and a backup policy
C. an Azure Key Vault and an access policy
D. an Azure Storage account and an access policy
Correct Answer: C
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a
Key Vault. Therefore, the password is never put in plain text in the template parameter file. References:
https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/
QUESTION 2
You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual
machines.
You need to delete the Recovery Services vault.
What should you do first?
A. From the Recovery Service vault, stop the backup of each backup item.
B. From the Recovery Service vault, delete the backup data.
C. Modify the disaster recovery properties of each virtual machine.
D. Modify the locks of each virtual machine.
Correct Answer: A
You can\\’t delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a
vault, but can\\’t, the vault is still configured to receive backup data.
Remove vault dependencies and delete vault
In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. In this menu, you can
stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual machines.References: https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault
QUESTION 3
You have an Azure Active Directory (Azure AD) domain that contains 5,000 user accounts. You create a new user
account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?
A. From the Directory role blade, modify the directory role.
B. From the Groups blade, invite the user account to a new group.
C. From the Licenses blade, assign a new license.
Correct Answer: A
Assign a role to a user
1.
Sign in to the Azure portal with an account that\\’s a global admin or privileged role admin for the directory.
2.
Select Azure Active Directory, select Users, and then select a specific user from the list.
3.
For the selected user, select Directory role, select Add role, and then pick the appropriate admin roles from the
Directory roles list, such as Conditional access administrator.
4.
Press Select to save.
References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-
azure-portal
QUESTION 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager
template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution: From the Update management blade, you click Enable.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You would need to Redeploy the VM.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node
QUESTION 5
You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an
on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted
multiple
times to sign in and are forced to use an account name that ends with onmicrosoft.com.
You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to
ensure that the users can use single-sign on (SSO) to access Azure resources.
What should you do first?
A. From the on-premises network, deploy Active Directory Federation Services (AD FS).
B. From Azure AD, add and verify a custom domain name.
C. From the on-premises network, request a new certificate that contains the Active Directory domain name.
D. From the server that runs Azure AD Connect, modify the filtering options.
Correct Answer: B
Azure AD Connect lists the UPN suffixes that are defined for the domains and tries to match them with a custom domain
in Azure AD. Then it helps you with the appropriate action that needs to be taken. The Azure AD sign-in page lists the
UPN suffixes that are defined for on-premises Active Directory and displays the corresponding status against each
suffix. The status values can be one of the following:
State: Verified
Azure AD Connect found a matching verified domain in Azure AD. All users for this domain can sign in by using their on-
premises credentials.
State: Not verified
Azure AD Connect found a matching custom domain in Azure AD, but it isn\\’t verified. The UPN suffix of the users of
this domain will be changed to the default .onmicrosoft.com suffix after synchronization if the domain isn\\’t verified.
Action Required: Verify the custom domain in Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-user-signin
QUESTION 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager
template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution: From the Overview blade, you move the virtual machine to a different resource group.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You should redeploy the VM.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node
QUESTION 7
Your company has an Azure subscription named Subscription1.
The company also has two on-premises servers named Server1 and Server2 that run Windows Server 2016. Server1 is
configured as a DNS server that has a primary DNS zone named adatum.com. Adatum.com contains 1,000 DNS
records.
You manage Server1 and Subscription1 from Server2. Server2 has the following tools installed:
The DNS Manager console
Azure PowerShell
Azure CLI 2.0
You need to move the adatum.com zone to Subscription1. The solution must minimize administrative effort.
What should you use?
A.
Azure PowerShell
B.
Azure CLI
C.
the Azure portal
D.
the DNS Manager console
Correct Answer: B
Azure DNS supports importing and exporting zone files by using the Azure command-line interface (CLI). Zone file
import is not currently supported via Azure PowerShell or the Azure portal. References: https://docs.microsoft.com/en-
us/azure/dns/dns-import-export
QUESTION 8
You have the Azure virtual machines shown in the following table.
You have a Recovery Services vault that protects VM1 and VM2. You need to protect VM3 and VM4 by using Recovery
Services. What should you do first?
A. Configure the extensions for VM3 and VM4.
B. Create a new Recovery Services vault.
C. Create a storage account.
D. Create a new backup policy.
Correct Answer: B
A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or
configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery
Services vaults to hold backup data for various Azure services
References: https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication
QUESTION 9
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE Each correct selection is worth one point.
A. Join the client computers in the Miami office to Azure AD.
B. Add http://autologon.microsoftazuread-sso.com to the intranet zone of each client computer in the Miami office.
C. Allow inbound TCP port 8080 to the domain controllers in the Miami office.
D. Install Azure AD Connect on a server in the Miami office and enable Pass-through Authentication
E. Install the Active Directory Federation Services (AD FS) role on a domain controller in the Miami office.
Correct Answer: BD
D: Seamless SSO works with any method of cloud authentication – Password Hash Synchronization or Pass-through
Authentication, and can be enabled via Azure AD Connect.
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or
selected users\\’ Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-
sso.com Incorrect Answers:
A: Seamless SSO needs the user\\’s device to be domain-joined, but doesn\\’t need for the device to be Azure AD
Joined.
C: Azure AD connect does not port 8080. It uses port 443.
E: Seamless SSO is not applicable to Active Directory Federation Services (ADFS).
Scenario: Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless
SSO) when accessing resources in Azure.
Planned Azure AD Infrastructure include: The on-premises Active Directory domain will be synchronized to Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso-quick-
start
QUESTION 10
You have an Azure subscription named Subscription1 that is used be several departments at your company.
Subscription1 contains the resources in the following table:
Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a
single Azure Resource Manager template.
You need to view the template used for the deployment.
From which blade can you view the template that was used for the deployment?
A. RG1
B. VM1
C. Storage1
D. Container1
Correct Answer: A
1.
View template from deployment history
Go to the resource group for your new resource group. Notice that the portal shows the result of the last deployment.
Select this link.
2.
You see a history of deployments for the group. In your case, the portal probably lists only one deployment. Select this
deployment. The portal displays a summary of the deployment. The summary includes the status of the deployment and its
operations and the values that you provided for parameters. To see the template that you used for the deployment,
select View template. References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template
QUESTION 11
You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1. You have
a computer named Computer1 that runs Windows 10. Computer1 is connected to the Internet. You add a network
interface named Interface1 to VM1 as shown in the exhibit (Click the Exhibit button.)From Computer1, you attempt to connect to VM1 by using Remote Desktop, but the connection fails.
You need to establish a Remote Desktop connection to VM1.
What should you do first?
A. Start VM1.
B. Attach a network interface.
C. Delete the DenyAllOutBound outbound port rule.
D. Delete the DenyAllInBound inbound port rule.
Correct Answer: A
Incorrect Answers:
B: The network interface has already been added to VM.
C: The Outbound rules are fine.
D: The inbound rules are fine. Port 3389 is used for Remote Desktop.
Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower
numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower
priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed. References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
QUESTION 12
You have 100 Azure subscriptions. All the subscriptions are associated to the same Azure Active Directory (Azure AD)
tenant named contoso.com.
You are a global administrator.
You plan to create a report that lists all the resources across all the subscriptions.
You need to ensure that you can view all the resources in all the subscriptions.
What should you do?
A. From the Azure portal, modify the profile settings of your account.
B. From Windows PowerShell, run the Add-AzureADAdministrativeUnitMember cmdlet.
C. From Windows PowerShell, run the New-AzureADUserAppRoleAssignment cmdlet.
D. From the Azure portal, modify the properties of the Azure AD tenant.
Correct Answer: C
The New-AzureADUserAppRoleAssignment cmdlet assigns a user to an application role in Azure Active Directory (AD).
Use it for the application report. References: https://docs.microsoft.com/en-us/powershell/module/azuread/new-
azureaduserapproleassignment?view=azureadps-2.0
QUESTION 13
You have an Active Directory forest named contoso.com.
You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method.
Staging mode is enabled.
You review the synchronization results and discover that the Synchronization Service Manager does not display any
sync jobs.
You need to ensure that the synchronization completes successfully. What should you do?
A. From Synchronization Service Manager, run a full import.
B. Run Azure AD Connect and set the SSO method to Pass-through Authentication.
C. From Azure PowerShell, run Start-AdSyncSyncCycle -PolicyType Initial.
D. Run Azure AD Connect and disable staging mode.
Correct Answer: D
Staging mode must be disabled. If the Azure AD Connect server is in staging mode, password hash synchronization is
temporarily disabled.
References: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-troublesh
oot-password-hash-synchronization#no-passwords-are-synchronized-troubleshoot-by-using-the-troubleshooting-task
QUESTION 14
You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual
machine named VM1 that runs Windows Server 2016. Storageaccount1 contains the disk files for VM1. You apply a
ReadOnly lock to RG1.
What can you do from the Azure portal?
A. Generate an automation script for RG1.
B. View the keys of storageaccount1.
C. Upload a blob to storageaccount1.
D. Start VM1.
Correct Answer: B
ReadOnly means authorized users can read a resource, but they can\\’t delete or update the resource. Applying this
lock is similar to restricting all authorized users to the permissions granted by the Reader role. References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
QUESTION 15
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource
groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You configure a custom policy definition, and then you assign the policy to the subscription.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization
by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and
more easily manage your resources.
References: https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition
QUESTION 16
You have an Azure subscription that contains a virtual machine named VM1. VM1 hosts a line-of-business application
that is available 24 hours a day. VM1 has one network interface and one managed disk. VM1 uses the D4s v3 size.
You plan to make the following changes to VM1:
Change the size to D8s v3.
Add a 500-GB managed disk.
Add the Puppet Agent extension.
Attach an additional network interface.
Which change will cause downtime for VM1?
A. Add a 500-GB managed disk.
B. Attach an additional network interface.
C. Add the Puppet Agent extension.
D. Change the size to D8s v3.
Correct Answer: D
While resizing the VM it must be in a stopped state.
References: https://azure.microsoft.com/en-us/blog/resize-virtual-machines/
QUESTION 17
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource
groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
How can I freeze or lock my production/critical Azure resources from accidental deletion? There is way to do this with
both ASM and ARM resources using Azure resource lock. References: https://blogs.msdn.microsoft.com/azureedu/2016
/04/27/using-azure-resource-manager-policy-and-azure-lock-to-control-your-azure-resources/
QUESTION 18
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource
groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Use a policy definition.
QUESTION 19
You have an Azure subscription that contains the resources in the following table.
Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1.
You need to apply ASG1 to VM1.
What should you do?
A. Modify the properties of NSG1.
B. Modify the properties of ASG1.
C. Associate NIC1 to ASG1.
Correct Answer: B
When you deploy VMs, make them members of the appropriate ASGs. You associate the ASG with a subnet.
References: https://azure.microsoft.com/en-us/blog/applicationsecuritygroups/
QUESTION 20
You have an Azure subscription that contains the resources in the following table.
VM1 and VM2 are deployed from the same template and host line-of-business applications accessed by using Remote
Desktop. You configure the network security group (NSG) shown in the exhibit. (Click the Exhibit button.)You need to prevent users of VM1 and VM2 from accessing websites on the Internet over TCP port 80. What should
you do?
A. Associate the NSG to Subnet1.
B. Disassociate the NSG from a network interface.
C. Change the DenyWebSites outbound security rule.
D. Change the Port_80 inbound security rule.
Correct Answer: A
You can associate or dissociate a network security group from a network interface or subnet.
The NSG has the appropriate rule to block users from accessing the Internet. We just need to associate it with Subnet1.
References: https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group
We offer more ways to make it easier for everyone to learn, and YouTube is the best tool in the video. Follow channels: https://www.youtube.com/channel/UCXg-xz6fddo6wo1Or9eHdIQ/videos get more useful exam content.
Latest Microsoft Azure AZ-100 YouTube videos:
Welcome to Examsdemo.com!
We share the (Cisco,microsoft,citrix,comptia) exam dumps for free. Share 20 of the latest Microsoft Azure AZ-100 exam dumps for free to enhance your skills and experience! Complete cisco AZ-100 dumps: https://www.leads4pass.com/az-100.html (Total questions:127 Q&A)
[PDF] Free Microsoft Azure AZ-100 pdf dumps download from Google Drive: https://drive.google.com/open?id=1C-wZtMlCtb-vBPFAcqWWD-KYI8e-M4F6
[PDF] Free Full Microsoft pdf dumps download from Google Drive: https://drive.google.com/open?id=1AwBFPqkvdpJBfxdZ3nGjtkHQZYdBsRVz
leads4pass Promo Code 12% Off
related: https://www.fulldumps.com/helpful-newest-cisco-ccna-wireless-200-355-dumps/