AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 1

Choose the answer that provides the best description for a Application Security Group.


Options are :

  • Application Security Groups apply Network level Antivirus and Anti-malware to Azure-based applications
  • Application Security Groups are Microsoft created labels that represent a group of IP addresses.
  • Application Security Groups allow you to deploy resources to application groups and control the access to those resources.
  • Application Security Groups simplify NSG rule definition and allow you to create complex rules rather than having to create multiple simple rules

Answer : Application Security Groups allow you to deploy resources to application groups and control the access to those resources.

AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 5

You want to use Azure Network Watcher to diagnose network issues.

What do you need to configure so network monitor will work?


Options are :

  • Setup and enable secondary NIC for any VMs requiring diagnosing
  • Enable the Azure Network Watcher for your Azure region of the resources you want to "watch"
  • Add a NSG firewall to allow ICMP traffic to network watcher
  • Enable OMS

Answer : Enable the Azure Network Watcher for your Azure region of the resources you want to "watch"

When creating an Azure DNS Zone what two DNS records will be automatically created?

Select two.


Options are :

  • AAAA
  • Cname
  • A
  • NS
  • SOA

Answer : NS SOA

Examine the following statement regarding Network Security Groups rules.

"Rules are processed in priority order, with higher numbers processed before lower numbers. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (lower numbers) that have the same attributes as rules with higher priorities are not processed."

Is the statement is True or False?


Options are :

  • TRUE
  • FALSE

Answer : FALSE

AZ-104 Real Azure Administrator Practice Test Set 8

CycleShare.com uses Azure Active Directory.

You discover that several of your users are able to invite external users to view company online resources.

You need to prevent users from inviting external users in future.


Options are :

  • Configure the 'Guest users permissions are limited' setting in the external collaboration settings.
  • Configure the 'Guests can invite setting' in the external collaboration settings.
  • Configure the 'Members can invite setting' in the external collaboration settings.
  • Configure the 'Members can invite' setting in the external collaboration settings.

Answer : Configure the 'Members can invite' setting in the external collaboration settings.

What Azure Network Watcher PowerShell cmdlet will allow you see if there are any latency issues in an Azure region?


Options are :

  • Get-AzNetworkWatcherReachabilityProvidersList
  • Get-AzEffectiveNetworkSecurityGroup
  • Get-AzNetworkWatcherReachabilityReport
  • Test-AzNetworkWatcherIPFlow

Answer : Get-AzNetworkWatcherReachabilityReport

How many Azure Network Watcher packet captures can you run for Azure VMs located in the East US region?


Options are :

  • 100
  • 10
  • 20
  • 5

Answer : 10

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 3

You plan to deploy 3 Virtual Machines (VMs) that will run a web application named Webapp1.

Webapp1 must be made highly available in case one or more of the virtual machines fails.

What should you create to ensure that users can always access Webapp1?


Options are :

  • An Azure Load Balancer that contains three backend pools and three load balancing rules.
  • An Azure Load Balancer that contains one backend pool and one load balancing rule.
  • An Azure Load Balancer that contains three backend pools and one load balancing rule.
  • An Azure Load Balancer that contains one backend pool and three load balancing rules.

Answer : An Azure Load Balancer that contains one backend pool and one load balancing rule.

CycleShare.com uses Azure Active Directory, Azure and Microsoft 365.

HelpDesk1 is a user within the HelpDesk team who joins Windows 10 devices to your Azure Active Directory.

The HelpDesk1 reports that she can no longer join new devices.

What should you configure?


Options are :

  • In Azure Active Directory, configure the 'Maximum number of devices per user' setting.
  • Apply the Device Enrollment Manager (DEM) role to the user.
  • In Azure Active Directory, configure the 'Require Multi-Factor Authentication to join devices' setting.
  • Add the user to the Cloud Device Administrator role in Azure AD.
  • In Azure Active Directory, configure the 'Users may join devices to Azure AD' setting.

Answer : Apply the Device Enrollment Manager (DEM) role to the user.

What is the limitation on a public facing Azure Load Balancers backend pool Virtual Machines?


Options are :

  • They must all be allocated.
  • They must be of the same size.
  • They must belong to an Availability Set.
  • They must belong to the same single Virtual Network.

Answer : They must belong to the same single Virtual Network.

AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 1

You receive reports from other administrators that they are finding it difficult to understand and modify new Network Security Group Rules between two Virtual Networks.

How can you simplify this situation for the Administrators in your organization?


Options are :

  • Implement Bounded Security Rules
  • Introduce a new Virtual Firewall Appliance from the Azure Marketplace.
  • Introduce Simple Security Rules
  • Implement Augmented Security Rules

Answer : Implement Augmented Security Rules

You need to retrieve VNet peering settings.

What is the correct PowerShell cmdlet that you can use to achieve this goal?


Options are :

  • Get-AzVirtualNetworkSubnetConfig
  • Get-AzVirtualNetworkPeering
  • Get-AzVirtualNetworkTap
  • Get-AzVirtualNetworkUsageList

Answer : Get-AzVirtualNetworkPeering

You want to use Azure Network Watcher to troubleshoot routing issues inside your Azure environment.

What feature of Network Watcher should you use?


Options are :

  • Next Hop
  • Security Group View
  • Network Subscription limit
  • IP Flow Verify

Answer : Next Hop

70-533 Implementing Microsoft Azure Infrastructure Solution Set 2

You are the Desktop Administrator for CycleShare.com.

Several users complain that they have to provide Azure Active Directory credentials every time they access company resources.

You need to improve the user experience and security of the Windows 10 client devices.

You need to check the device registration state.

What command must you run first?


Options are :

  • ipconfig /flushdns
  • devmgmt.msc
  • dsregcmd.exe /status
  • adregcmd.exe /status
  • psexec -i -s cmd.exe

Answer : psexec -i -s cmd.exe

Review the following statement:

"You can connect Virtual Networks that are in two different subscriptions."

Is the statement is TRUE or FALSE?


Options are :

  • TRUE
  • FALSE

Answer : TRUE

You are configuring an Azure Load Balancer.

You need to identify what can be added in a backend pool instance.

What should you identify?


Options are :

  • Single Virtual Machines and IPv4 addresses.
  • Availability Sets, Virtual Machine Scale Sets and single Virtual Machines.
  • Availability Sets and single Virtual Machines.
  • Virtual Machine Scale Sets, single Virtual Machines and IPv4 addresses.

Answer : Availability Sets, Virtual Machine Scale Sets and single Virtual Machines.

Ms Azure Administrator - Mock Test Set 6

To create and assign Azure Role Based Access (RBAC) you require the Microsoft.Authorization/roleAssignments/* permission.

Select which Azure Active Directory Roles grant Microsoft.Authorization/roleAssignments/* permission?

Choose all that apply.


Options are :

  • User Access Administrator
  • Owner
  • Virtual Machine Contributor
  • Security Reader
  • Conditional Access Administrator

Answer : User Access Administrator Owner

CycleShare.com maintains two networks in Azure:

10.20.0.0/1610.100.26.0/24

Choose one or more valid Azure Private IP addresses that fall within the CycleShare.com networks.


Options are :

  • 10.100.0.255
  • 10.100.26.242
  • 10.20.0.2
  • 10.100.0.3
  • 10.20.0.50

Answer : 10.100.26.242 10.20.0.50

Choose the best option that describes a Multi Factor Authentication One-time bypass?


Options are :

  • The one-time bypass feature allows a user to authenticate a single time without performing two-step verification. The bypass is temporary and expires after a specified number of seconds
  • The one-time bypass feature allows a user to authenticate a single time without performing two-step verification. The bypass is temporary and expires after a successful login is detected
  • The one-time bypass feature allows a user to authenticate a single time without performing two-step verification. The bypass is temporary and expires after one day
  • The one-time bypass feature allows a user to authenticate a single time without performing two-step verification. The bypass is temporary and expires after a specified number of minutes

Answer : The one-time bypass feature allows a user to authenticate a single time without performing two-step verification. The bypass is temporary and expires after a specified number of seconds

Azure AZ-500 Security Technologies Practice Test Set 8

You need to ensure that Production SQL servers in Subnet1 cannot talk to DMZ Web Servers in Subnet2.

What is the most cost effective solution to meet this requirement?


Options are :

  • Configure Route Tables on each VM to block traffic between Subnet1 and Subnet2
  • Configure an Firewall Appliance to block traffic between Subnet1 and Subnet2
  • Configure an Application Gateway to block traffic between Subnet1 and Subnet2
  • Configure NSGs to block traffic between Subnet1 and Subnet2

Answer : Configure NSGs to block traffic between Subnet1 and Subnet2

Examine the following PowerShell cmdlet and choose the answer that best describes its intended usage.

New-AzDnsRecordSet


Options are :

  • Creates multiple DNS records
  • Creates a single DNS record
  • Lists all DNS records in a zone
  • Creates a new DNS zone

Answer : Creates a single DNS record

What feature in Azure DNS can translate a IP address to a domain record name?


Options are :

  • An Alias record
  • Private DNS
  • DNS Zone
  • Reverse DNS

Answer : Reverse DNS

Azure AZ-500 Security Technologies Practice Test Set 6

Which is the correct Azure CLI cmdlet to create a Network Security Group (NSG)?


Options are :

  • az security nsg create
  • az sec nsg update
  • az nsg create
  • az network nsg create

Answer : az network nsg create

You have deployed an Azure Load Balancer that uses a backend pool that contains four virtual machines.

You notice that traffic from the load balancer is not equally being distributed across the four virtual machines.

Why is this?


Options are :

  • The load balancer is configured to use source IP affinity distribution mode.
  • The backend port is misconfigured in a load balancing rule.
  • The load balancer is configured to use hash-based distribution mode.
  • Traffic is originating from one IP address only.

Answer : The load balancer is configured to use source IP affinity distribution mode.

How many network peerings are possible when using the Azure Resource Manager portal?


Options are :

  • 500
  • 10000
  • 50
  • 200

Answer : 500

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 2

Review the following statement:

"Azure DNS supports zone transfers"

Is the statement True or False?


Options are :

  • TRUE
  • FALSE

Answer : FALSE

You need to configure a method of staff connecting remotely to Azure VNets.

Recommend the best method to facilitate this?


Options are :

  • ExpressRoute
  • VNet Peering
  • Site-to-Site VPN
  • Point-to-Site VPN

Answer : Point-to-Site VPN

You need to setup a connection to Azure from your on-premises datacenter.

Currently the datacenter hosts your development environment using Azure Stack.

What is the most cost-effective solution that you can implement to connect the on-premises datacenter with the Azure resources?


Options are :

  • ExpressRoute
  • Azure Site-to-Site VPN
  • Web Application Firewall Application Gateway
  • Site-to-Site VPN Gateway

Answer : Azure Site-to-Site VPN

Ms Azure Administrator - Mock Test Set 8

The DevOps Manager wants to use DNS for name resolution across your Azure estate.

This includes several VNets across two Azure regions.

You need to ensure that addresses are only resolvable for your resources and not across the internet.

What solution will satisfy your requirements?


Options are :

  • Private DNS
  • Reverse DNS
  • DNS with Traffic Manager
  • Public DNS

Answer : Private DNS

You need to configure a Site-to-Site VPN between an on-premises environment and Azure.

What do you require to configure the on-premises VPN element?


Options are :

  • Public IP Address of the Virtual Network Gateway and a Shared Key
  • Public IP Address of the Virtual Network Gateway, the BGP ASN and a Shared Key
  • Private IP Address of the Virtual Network Gateway and Azure Subscription name
  • Public IP Address of the Virtual Network Gateway and the BGP ASN

Answer : Public IP Address of the Virtual Network Gateway and a Shared Key

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions