[Jan-2019]Free Microsoft 70Q AZ-101 PDF and VCE Dumps Braindump2go Offer(Q17-Q27)

January/2019 Braindump2go AZ-101 Exam Dumps with PDF and VCE New Updated Today! Following are some new AZ-101 Real Exam Questions:

1.|2019 Latest AZ-101 Exam Dumps (PDF & VCE) 70Q&As Download:

https://www.braindump2go.com/az-101.html

2.|2019 Latest AZ-101 Exam Questions & Answers Download:

https://drive.google.com/drive/folders/1KoBQez_BqgPlnBE-cCoz8OkAoozD-2g9?usp=sharing

QUESTION 17
Case Study 1 – Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Contoso are hosted on-premises.
Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
Contoso.com contains a user named User1.
All the offices connect by using private links.
Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.

Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.
The Azure subscription contains the resources in the following table.

The network security team implements several network security groups (NSGs).
Planned Changes
Contoso plans to implement the following changes:
– Deploy Azure ExpressRoute to the Montreal office.
– Migrate the virtual machines hosted on Server1 and Server2 to Azure.
– Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
– Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.
Technical requirements
Contoso must meet the following technical requirements:
– Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.
– Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
– Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
– Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
– Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com
– Connect the New York office to VNet1 over the Internet by using an encrypted connection.
– Create a workflow to send an email message when the settings of VM4 are modified.
– Create a custom Azure role named Role1 that is based on the Reader role.
– Minimize costs whenever possible.
You need to meet the technical requirement for VM4.
What should you create and configure?

A. an Azure Notification Hub
B. an Azure Event Hub
C. an Azure Logic App
D. an Azure Service Bus

Answer: B
Explanation:
Scenario: Create a workflow to send an email message when the settings of VM4 are modified.
You can start an automated logic app workflow when specific events happen in Azure resources or third- party resources. These resources can publish those events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks – without you writing any code.
References:
https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-grid-logic-app

QUESTION 18
Case Study 1 – Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Contoso are hosted on-premises.
Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
Contoso.com contains a user named User1.
All the offices connect by using private links.
Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.

Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.
The Azure subscription contains the resources in the following table.

The network security team implements several network security groups (NSGs).
Planned Changes
Contoso plans to implement the following changes:
– Deploy Azure ExpressRoute to the Montreal office.
– Migrate the virtual machines hosted on Server1 and Server2 to Azure.
– Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
– Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.
Technical requirements
Contoso must meet the following technical requirements:
– Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.
– Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
– Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
– Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
– Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com
– Connect the New York office to VNet1 over the Internet by using an encrypted connection.
– Create a workflow to send an email message when the settings of VM4 are modified.
– Create a custom Azure role named Role1 that is based on the Reader role.
– Minimize costs whenever possible.
You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.
What should you include in the recommendation?

A. Azure AD B2C
B. Azure AD Identity Protection
C. an Azure logic app and the Microsoft Identity Management (MIM) client
D. dynamic groups and conditional access policies

Answer: D
Explanation:
Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other conditions.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

QUESTION 19
Case Study 1 – Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Contoso are hosted on-premises.
Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
Contoso.com contains a user named User1.
All the offices connect by using private links.
Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.

Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.
The Azure subscription contains the resources in the following table.

The network security team implements several network security groups (NSGs).
Planned Changes
Contoso plans to implement the following changes:
– Deploy Azure ExpressRoute to the Montreal office.
– Migrate the virtual machines hosted on Server1 and Server2 to Azure.
– Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
– Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.
Technical requirements
Contoso must meet the following technical requirements:
– Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.
– Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
– Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
– Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
– Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com
– Connect the New York office to VNet1 over the Internet by using an encrypted connection.
– Create a workflow to send an email message when the settings of VM4 are modified.
– Create a custom Azure role named Role1 that is based on the Reader role.
– Minimize costs whenever possible.
Hotspot Question
You need to prepare the environment to implement the planned changes for Server2.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: Create a Recovery Services vault
Create a Recovery Services vault on the Azure Portal.
Box 2: Install the Azure Site Recovery Provider
Azure Site Recovery can be used to manage migration of on-premises machines to Azure.
Scenario: Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Server2 has the Hyper-V host role.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure

QUESTION 20
You have an on-premises network that contains a Hyper-V host named Host1. Host1 runs Windows Server 2016 and hosts 10 virtual machines that run Windows Server 2016.
You plan to replicate the virtual machines to Azure by using Azure Site Recovery.
You create a Recovery Services vault named ASR1 and a Hyper-V site named Site1.
You need to add Host1 to ASR1.
What should you do?

A. Download the installation file for the Azure Site Recovery Provider.
Download the vault registration key.
Install the Azure Site Recovery Provider on Host1 and register the server.
B. Download the installation file for the Azure Site Recovery Provider.
Download the storage account key.
Install the Azure Site Recovery Provider on Host1 and register the server.
C. Download the installation file for the Azure Site Recovery Provider.
Download the vault registration key.
Install the Azure Site Recovery Provider on each virtual machine and register the virtual machines.
D. Download the installation file for the Azure Site Recovery Provider.
Download the storage account key.
Install the Azure Site Recovery Provider on each virtual machine and register the virtual machines.

Answer: A
Explanation:
Download the Vault registration key. You need this when you install the Provider. The key is valid for five days after you generate it.
Install the Provider on each VMM server. You don’t need to explicitly install anything on Hyper-V hosts.
Incorrect Answers:
B, D: Use the Vault Registration Key, not the storage account key.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure

QUESTION 21
You plan to move services from your on-premises network to Azure.
You identify several virtual machines that you believe can be hosted in Azure. The virtual machines are shown in the following table.

Which two virtual machines can you access by using Azure migrate? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Sea-CA01
B. Hou-NW01
C. NYC-FS01
D. Sea-DC01
E. BOS-DB01

Answer: CE
Explanation:
The VMware VMs must be managed by vCenter Server (version 5.5, 6.0, or 6.5).
References:
https://docs.microsoft.com/en-us/azure/migrate/migrate-overview

QUESTION 22
You have an Azure subscription that contains a virtual network named VNet1. VNet 1 has two subnets named Subnet1 and Subnet2. VNet1 is in the West Europe Azure region.
The subscription contains the virtual machines in the following table.

You need to deploy an application gateway named AppGW1 to VNet1.
What should you do first?

A. Add a service endpoint.
B. Add a virtual network.
C. Move VM3 to Subnet1.
D. Stop VM1 and VM2.

Answer: D
Explanation:
If you have an existing virtual network, either select an existing empty subnet or create a new subnet in your existing virtual network solely for use by the application gateway.
Verify that you have a working virtual network with a valid subnet. Make sure that no virtual machines or cloud deployments are using the subnet. The application gateway must be by itself in a virtual network subnet.
References:
https://social.msdn.microsoft.com/Forums/azure/en-US/b09367f9-5d01-4cda-9127-b7a506a0a151/cant-create-application-gateway?forum=WAVirtualMachinesVirtualNetwork
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-gateway

QUESTION 23
You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.
The virtual machines host several applications that are accessible over port 443 to user on the Internet.
Your on-premises network has a site-to-site VPN connection to VNet1.
You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.
You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accessed by the Internet users.
What should you do?

A. Modify the address space of the local network gateway.
B. Remove the public IP addresses from the virtual machines.
C. Modify the address space of Subnet1.
D. Create a deny rule in a network security group (NSG) that is linked to Subnet1.

Answer: D
Explanation:
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

QUESTION 24
You have a public load balancer that balances ports 80 and 443 across three virtual machines.
You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only.
What should you configure?

A. an inbound NAT rule
B. a load balancing rule
C. a new public load balancer for VM3
D. a frontend IP configuration

Answer: A
Explanation:
To port forward traffic to a specific port on specific VMs use an inbound network address translation (NAT) rule.
Incorrect Answers:
B: Load-balancing rule to distribute traffic that arrives at frontend to backend pool instances.
References:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

QUESTION 25
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains four subnets named Gateway, Perimeter, NVA, and Production.
The NVA subnet contains two network virtual appliances (NVAs) that will perform network traffic inspection between the Perimeter subnet and the Production subnet.
You need to implement an Azure load balancer for the NVAs. The solution must meet the following requirements:
The NVAs must run in an active-active configuration that uses automatic failover. The NVA must load balance traffic to two services on the Production subnet. The services have different IP addresses
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
B. Deploy a standard load balancer.
C. Add a frontend IP configuration, two backend pools, and a health probe.
D. Add a frontend IP configuration, a backend pool, and a health probe.
E. Add two load balancing rules that have HA Ports and floating IP enabled.
F. Deploy a basic load balancer.

Answer: BCE
Explanation:
A standard load balancer is required for the HA ports.
Two backend pools are needed as there are two services with different IP addresses.
Floating IP rule is used where backend ports are reused.
Incorrect Answers:
F: HA Ports are not available for the basic load balancer.
References:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview

QUESTION 26
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?

A. Floating IP (direct server return) to Disabled
B. Session persistence to Client IP
C. a health probe
D. Session persistence to None

Answer: B
Explanation:
You can set the sticky session in load balancer rules with setting the session persistence as the client IP.
References:
https://cloudopszone.com/configure-azure-load-balancer-for-sticky-sessions/

QUESTION 27
You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1.
You need to ensure that you can configure a point-to-site connection from VNet1 to an on-premises computer.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Reset GW1.
B. Add a service endpoint to VNet1.
C. Add a connection to GW1.
D. Add a public IP address space to VNet1.
E. Delete GW1.
F. Create a route-based virtual network gateway.

Answer: EF
Explanation:
E: Policy-based VPN devices use the combinations of prefixes from both networks to define how traffic is encrypted/decrypted through IPsec tunnels. It is typically built on firewall devices that perform packet filtering. IPsec tunnel encryption and decryption are added to the packet filtering and processing engine.
F: A VPN gateway is used when creating a VPN connection to your on-premises network.
Route-based VPN devices use any-to-any (wildcard) traffic selectors, and let routing/forwarding tables direct traffic to different IPsec tunnels. It is typically built on router platforms where each IPsec tunnel is modeled as a network interface or VTI (virtual tunnel interface).
Incorrect Answers:
D: Point-to-Site connections do not require a VPN device or a public-facing IP address.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/create-routebased-vpn-gateway-portal
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps


!!!RECOMMEND!!!

1.|2019 Latest AZ-101 Exam Dumps (PDF & VCE) 70Q&As Download:

https://www.braindump2go.com/az-101.html

2.|2019 Latest AZ-101 Study Guide Video:

https://youtu.be/4qoOHoNxDFU