2019/March Braindump2go AZ-102 Exam Dumps with PDF and VCE New Updated Today! Following are some new AZ-102 Real Exam Questions:
1.|2019 Latest Braindump2go AZ-102 Exam Dumps (PDF & VCE) Instant Download:
https://www.braindump2go.com/az-102.html
2.|2019 Latest Braindump2go AZ-102 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/1yGAgUGAZkiDyL4FP1-97kh4N_hjURby9?usp=sharing
QUESTION 34
Your company registers a domain name of contoso.com.
You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.
You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.
You need to resolve the name resolution issue.
Solution: You modify the SOA record in the contoso.com zone.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Modify the NS record, not the SOA record.
Note: The SOA record stores information about the name of the server that supplied the data for the zone; the administrator of the zone; the current version of the data file; the number of seconds a secondary name server should wait before checking for updates; the number of seconds a secondary name server should wait before retrying a failed zone transfer; the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire; and a default number of seconds for the time-to-live file on resource records.
References: https://searchnetworking.techtarget.com/definition/start-of-authority-record
QUESTION 35
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1.
Solution: From the RG1 blade, you click Automation script.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 36
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution: From the Overview blade, you move the virtual machine to a different resource group.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 37
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution: From the Update management blade, you click enable.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
You would need to Redeploy the VM.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node
QUESTION 38
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.
Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD.
You need to ensure that Azure can verify the domain name.
Which type of DNS record should you create?
A. PTR
B. MX
C. NSEC3
D. RRSIG
Answer: B
QUESTION 39
You manage an Azure Windows Server virtual machine (VM) that hosts several SQL Server databases.
You need to configure backup and retention policies for the VM. The backup policy must include transaction log backups.
What should you do?
A. Configure point-in-time and long-term retention policies from the SQL Servers Azure portal blade.
B. Configure a SQL Server in Azure VM backup policy from the Recovery Services Azure portal blade.
C. Configure a continuous delivery deployment group from the Virtual Machine Azure portal blade.
D. Configure a point-in-time snapshot from the Disks Azure portal blade.
Answer: B
Explanation:
You should configure a SQL Server in Azure VM backup policy from the Recovery Services Azure portal blade.
The Azure Recovery Services vault has three default policy templates:
Azure Virtual Machine
Azure File Share
SQL Server in Azure VM
Because you need to back up both the SQL Server databases as well as transaction logs, you should create a SQL Server in Azure VM backup policy. These policies also enable you to specify backup retention durations at the daily, weekly, monthly, and yearly scopes.
You should not configure point-in-time and long-term retention policies from the SQL Servers Azure portal blade. These backup and retention policies are available for the Azure SQL Database platform-as-a-service (PaaS) offering, and not for Azure virtual machines hosting SQL Server databases.
You should not configure a continuous delivery deployment group from the Virtual Machine Azure portal blade. This feature is unrelated to VM backup and recovery, and allows you to integrate a VM in a Visual Studio Team Services (VSTS) continuous integration/continuous deployment (Cl/CD) workflow.
You should not configure a point-in-time snapshot from the Disks Azure portal blade. The snapshot functionality in Azure does not have formal policy associated with it, nor does it back up VM configuration.
QUESTION 40
The development team asks you to provision an Azure storage account for their use.
To remain in compliance with IT security policy, you need to ensure that the new Azure storage account meets the following requirements:
– Data must be encrypted at rest.
– Access keys must facilitate automatic rotation.
– The company must manage the access keys.
What should you do?
A. Create a service endpoint between the storage account and a virtual network (VNet).
B. Require secure transfer for the storage account.
C. Enable Storage Service Encryption (SSE) on the storage account.
D. Configure the storage account to store its keys in Azure Key Vault.
Answer: D
Explanation:
You should configure the storage account to store its keys in Azure Key Vault. Azure Key Vault provides a mechanism to store secrets, such as storage account keys, user credentials, and digital certificates, securely in the Microsoft Azure cloud. You can access the underlying Representational State Transfer (REST) application programming interface (API) to rotate or retrieve the secrets in your source code.
You should not enable SSE on the storage account for two reasons. First, SSE is enabled automatically on all Azure storage accounts and encrypts all storage account data at rest. Second, SSE in its native form uses Microsoft-managed access keys, which violates the scenario constraint for customer-managed keys.
You should not require secure transfer for the storage account. Secure transfer forces all REST API calls to use HTTPS instead of HTTP. This feature has nothing to do with either access keys or their management and rotation.
You should not create a service endpoint between the storage account and a VNet. A service endpoint allows you limit traffic to a storage account from resources residing on an Azure VNet.
QUESTION 41
You have several Windows Server and Ubuntu Linux virtual machines (VMs) distributed across two virtual networks (VNets):
– prod-vnet-west (West US region)
– prod-vnet-east (East US region)
You need to allow VMs in either VNet to connect and to share resources by using only the Azure backbone network.
Your solution must minimize cost, complexity, and deployment time.
What should you do?
A. Add a service endpoint to each VNet.
B. Configure peering between prod-vnet-west and prod-vnet-west.
C. Create a private zone in Azure DNS.
D. Deploy a VNet-to-VNet virtual private network (VPN).
Answer: B
Explanation:
You should configure peering between prod-vnet-west and prod-vnet-west. Peering enables VMs located on two different Azure VNets to be grouped logically together and thereby connect and share resources. Traditional VNet peering involves two VNets located in the same region. However, global VNet peering, generally available in summer 2018, supports VNets distributed across any Azure public region.
You should not deploy a VNet-to-VNet VPN. First, global VNet peering means that you are no longer required to use a VPN gateway to link VNets located in different Azure regions. Second, the scenario requires that you minimize cost and complexity.
You should not create a private zone in Azure DNS. This action would be necessary for resources in peered VNets to resolve each other’s DNS host names. However, the scenario makes no requirement for private host name resolution.
You should not add a service endpoint to each VNet. Service endpoints allow you to limit access to certain Azure resources, such as storage accounts and Azure SQL databases, to resources located on a single VNet. Thus, this feature cannot be used to link two VNets as the scenario mandates.
QUESTION 42
Your company’s local environment consists of a single Active Directory Domain Services (AD DS) domain.
You plan to offer your users single sign-on (SSO) access to Azure-hosted software-as-a-service (SaaS) applications that use Azure Active Directory (Azure AD) authentication.
The tenant’s current domain name is companycom.onmicrosoft.com.
You need to configure Azure AD to use company.com, the organization’s owned public domain name.
What should you do?
A. Add a company.com user principal name (UPN) suffix to the AD DS domain.
B. Run Azure AD Connect from a domain member server and specify the custom installation option.
C. Remove the companycom.onmicrosoft.com domain name from the Azure AD tenant.
D. Add a DNS verification record at the domain registrar.
Answer: D
Explanation:
You should add a Domain Name System (DNS) verification record at the domain registrar. This step is required to verify to Microsoft that you own the public DNS domain name in question. You perform the validation by creating either a text (TXT) or mail exchanger (MX) record in your DNS zone file at the registrar’s website, using Microsoft-provided values. You can delete the verification record after Azure validates the domain for use with Azure AD.
You should not remove the companycom.onmicrosoft.com domain name from the Azure AD tenant. In fact, you cannot remove this domain name because Azure uses it to identify your directory uniquely across the entire Microsoft Azure global ecosystem.
You should not add a company.com user principal name (UPN) suffix to the AD DS domain. If you use a non-routable DNS domain in AD DS, then you may indeed be required to perform this action. However, the scenario does not specify what AD DS domain name is currently defined.
You should not run Azure AD Connect from a domain member server and specify the custom installation option. Configuring the proper public and private DNS domain names is one of the prerequisite steps that needs to be completed before you run the Azure AD Connect wizard for the first time.
QUESTION 43
Drag and Drop Question
You have an Azure subscription that contains a storage account.
You have an on-premises server named Server1 that runs Window Server 2016. Server1 has 2 TB of data.
You need to transfer the data to the storage account by using the Azure Import/Export service.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Answer:
QUESTION 44
Hotspot Question
You have an Azure subscription named Subscription1.
In Subscription1, you create an Azure file share named share1.
You create a shared access signature (SAS) named SAS1 as shown in the following exhibit.
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: Will be prompted for credentials
Azure Storage Explorer is a standalone app that enables you to easily work with Azure Storage data on Windows, macOS, and Linux. It is used for connecting to and managing your Azure storage accounts.
Box 2: Will have read, write, and list access
The net use command is used to connect to file shares.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1
https://docs.microsoft.com/en-us/azure/vs-azure-tools-storage-manage-with-storage-explorer?tabs=windows
!!!RECOMMEND!!!
1.|2019 Latest Braindump2go AZ-102 Exam Dumps (PDF & VCE) Instant Download:
https://www.braindump2go.com/az-102.html
2.|2019 Latest Braindump2go AZ-102 Study Guide Video Download: