[Free] 2019(Nov) EnsurePass Microsoft AZ-103 Dumps with VCE and PDF 81-90

Get Full Version of the Exam
http://www.EnsurePass.com/AZ-103.html

Question No.81

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.

You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Deployments.

Does this meet the goal?

  1. Yes

  2. No

    Correct Answer: A

    Question No.82

    You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.

    You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.

    What should you create to store the password?

    1. Azure Active Directory (AD) Identity Protection and an Azure policy

    2. a Recovery Services vault and a backup policy

    3. an Azure Key Vault and an access policy

    4. an Azure Storage account and an access policy

Correct Answer: C

Explanation:

You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file.

References:

https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/

Question No.83

You create an Azure Storage account named contosostorage. You plan to create a file share named data.

A.

80

B.

443

C.

445

D.

3389

Users need to map a drive to the data file share from home computers that run Windows 10. Which port should be open between the home computers and the data file share?

Correct Answer: C

Explanation:

Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked.

References:

https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

Question No.84

Overview

The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn#39;t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

To start the lab

You may start the lab by clicking the Next button.

You plan to host several secured websites on Web01.

You need to allow HTTPS over TCP port 443 to Web01 and to prevent HTTP over TCP port 80 to Web01.

What should you do from the Azure portal?

Correct Answer: See explanation below.

Explanation:

You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

Step A: Create a network security group

A1. Search for and select the resource group for the VM, choose Add, then search for and select Network security group.

A2. Select Create.

image

The Create network security group window opens. A3. Create a network security group

Enter a name for your network security group.

Select or create a resource group, then select a location. A4. Select Create to create the network security group.

Step B: Create an inbound security rule to allows HTTPS over TCP port 443 B1. Select your new network security group.

B2. Select Inbound security rules, then select Add. B3. Add inbound rule

B4. Select Advanced.

From the drop-down menu, select HTTPS.

You can also verify by clicking Custom and selecting TCP port, and 443. B5. Select Add to create the rule.

Repeat step B2-B5 to deny TCP port 80

B6. Select Inbound security rules, then select Add.

B7. Add inbound rule B8. Select Advanced.

Clicking Custom and selecting TCP port, and 80. B9. Select Deny.

Step C: Associate your network security group with a subnet

Your final step is to associate your network security group with a subnet or a specific network interface.

C1. In the Search resources, services, and docs box at the top of the portal, begin typing Web01. When the Web01 VM appears in the search results, select it.

C2. Under SETTINGS, select Networking. Select Configure the application security groups, select the Security Group you created in Step A, and then select Save, as shown in the following picture:

image

References:

https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic

Question No.85

HOTSPOT

You have an Azure Storage accounts as shown in the following exhibit.

image

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

image

Correct Answer:

image

Question No.86

You have an Azure subscription that contains a storage account named account1.

You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of 131.107.1.0/24.

You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a

virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24. You need to configure account1 to meet the following requirements:

image

image

Ensure that you can upload the disk files to account1. Ensure that you can attach the disks to VM1.

image

Prevent all other access to account1.

Which two actions should you perform? Each correct selection presents part of the solution. NOTE: Each correct selection is worth one point.

  1. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address

    range.

  2. From the Firewalls and virtual networks blade of account1, select Selected networks.

  3. From the Firewalls and virtual networks blade of acount1, add VNet1.

  4. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.

  5. From the Service endpoints blade of VNet1, add a service endpoint.

Correct Answer: BE

Explanation:

B: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.

Azure portal

Navigate to the storage account you want to secure.

Click on the settings menu called Firewalls and virtual networks.

To deny access by default, choose to allow access from #39;Selected networks#39;. To allow traffic from all networks, choose to allow access from #39;All networks#39;.

Click Save to apply your changes.

E: Grant access from a Virtual Network

Storage accounts can be configured to allow access only from specific Azure Virtual Networks.

By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each request.

References:

https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

Question No.87

You have an Azure subscription that contains a resource group named RG1. RG1 contains 100 virtual machines.

Your company has three cost centers named Manufacturing, Sales, and Finance. You need to associate each virtual machine to a specific cost center.

What should you do?

  1. Add an extension to the virtual machines.

  2. Modify the inventory settings of the virtual machine.

  3. Assign tags to the virtual machines.

  4. Configure locks for the virtual machine.

Correct Answer: C

Explanation:

https://docs.microsoft.com/en-us/azure/billing/billing-getting-started https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

Question No.88

You plan to create an Azure Storage account in the Azure region of East US 2. You need to create a storage account that meets the following requirements:

image

Replicates synchronously

image

Remains available if a single data center in the region fails

How should you configure the storage account? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

image

Correct Answer:

image

Question No.89

You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2.

VM2 is protected by RSV1.

You need to use RSV2 to protect VM2. What should you do first?

  1. From the RSV1 blade, click Backup items and stop the VM2 backup.

  2. From the RSV1 blade, click Backup Jobs and export the VM2 backup.

  3. From the RSV1 blade, click Backup . From the Backup blade, select the backup for the virtual machine, and then click Backup .

  4. From the VM2 blade, click Disaster recovery , click Replication settings , and then select RSV2 as the Recovery Services vault.

Correct Answer: D

Explanation:

https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm

Question No.90

HOTSPOT

You have an Azure subscription named Subscription1. Subscription1 contains the virtual machines in the following table.

image

Subscription1 contains a virtual network named VNet1 that has the subnets in the following table.

image

VM3 has a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.

You create a route table named RT1. RT1 is associated to Subnet1 and Subnet2 and contains the routes in the following table.

image

You apply RT1 to Subnet1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

image

Correct Answer:

image

>>

Get Full Version of the Exam
AZ-103 Dumps
AZ-103 VCE and PDF

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.