AZ-104 Real Azure Administrator Practice Test Set 2

Azure does not offer a rich ecosystem of governance controls with user-level and platform-level controls in the form of role-based access control (RBAC) and Azure Policy.


Options are :

  • TRUE
  • FALSE (Correct)

Answer :FALSE

AZ-300 Microsoft Azure Architect Technologies Prc. Tests Set 2

You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.VM1 hosts a frontend application that connects to VM2 to retrieve data.Users report that the frontend application is slower than usual.You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.Which Azure Network Watcher feature should you use?


Options are :

  • Connection troubleshoot
  • Network Security Groups flow logs
  • IP flow verify
  • Connection monitor (Correct)

Answer :Connection monitor

You have an Azure subscription that contains a virtual network named VNet1.

VNet1 contains four subnets named Gateway, Perimeter, NVA, and Production.

The NVA subnet contains two network virtual appliances (NVAs) that will perform network traffic inspection between the Perimeter subnet and the Production subnet.

You need to implement an Azure load balancer for the NVAs. The solution must meet the following requirements:

? The NVAs must run in an active-active configuration that uses automatic failover.

? The NVAs must load balance traffic to two services on the Production subnet.

The services have different IP addresses.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.


Options are :

  • Deploy a standard load balancer. (Correct)
  • Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
  • Add two load balancing rules that have HA Ports and Floating IP enabled. (Correct)
  • Add a frontend IP configuration, two backend pools, and a health probe. (Correct)
  • Deploy a basic load balancer.

Answer :Deploy a standard load balancer. Add two load balancing rules that have HA Ports and Floating IP enabled. Add a frontend IP configuration, two backend pools, and a health probe.

Azure Policy is a service that lets you create, manage, and apply policy to Azure resources at a subscription, resource group, or resource level. Policies enforce different rules over your Azure resources, so those resources remain compliant with your organization's standards.


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

AZ-400 Microsoft Azure DevOps Solutions Practice Tests Set 6

You have an Active Directory forest named contoso.com. You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled.You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs. You need to ensure that the synchronization completes successfully and that exports, imports and synchronization could run. What should you do?


Options are :

  • Run Azure AD Connect and set the SSO method to Pass-through Authentication.
  • Run Azure AD Connect and disable staging mode. (Correct)
  • From Azure PowerShell, run Start-AdSyncSyncCycle "PolicyType Initial.
  • From Synchronization Service Manager, run a full import.

Answer :Run Azure AD Connect and disable staging mode.

A resource is simply a single service instance in Azure. Most services in Azure can be represented as a resource. For example, a Web App instance is a resource. An App Service Plan is also a resource. Even a SQL Database instance is a resource.


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

The Standard performance tier uses


Options are :

  • solid-state disks and is only used for unmanaged VM disks. (Correct)
  • magnetic disks and supports all services.

Answer :solid-state disks and is only used for unmanaged VM disks.

Azure AZ-500 Security Technologies Practice Test Set 3

You have an Azure subscription that contains the resources in the following table.

VM1 and VM2 are deployed from the same template and host line-of-business applications accessed by using Remote Desktop.You configure the network security group (Network Security Groups) shown in the picture.

You need to prevent users of VM1 and VM2 from accessing websites on the Internet over TCP port 80. What should you do?


Options are :

  • Disassociate the Network Security Groups from a network interface.
  • Associate the Network Security Groups to Subnet1. (Correct)
  • Change the Port_80 inbound security rule.
  • Change the DenyWebSites outbound security rule.

Answer :Associate the Network Security Groups to Subnet1.

You have five Azure virtual machines that run Windows Server 2016.

The virtual machines are configured as web servers.

You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.

You need to ensure that visitors are serviced by the same web server for each request.

What should you configure?


Options are :

  • Session persistence to None
  • Protocol to UDP
  • Idle Time-out (minutes) to 20
  • Session persistence to Client IP (Correct)

Answer :Session persistence to Client IP

You have the Azure virtual networks shown in the following table.

To which virtual networks can you establish a peering connection from VNet1?


Options are :

  • VNet3 and VNet4 only
  • VNet2 only
  • VNet2, VNet3, and VNet4 (Correct)
  • VNet2 and VNet3 only

Answer :VNet2, VNet3, and VNet4

70-533 Implementing Microsoft Azure Infrastructure Solution Set 7

You sign up for Azure Active Directory (Azure AD) Premium.You need to add a user named [email protected] as an administrator on all the computers that will be joined to the Azure AD domain.What should you configure in Azure AD?


Options are :

  • Providers from the MFA Server blade
  • General settings from the Groups blade
  • Device settings from the Devices blade
  • User settings from the Users blade (Correct)

Answer :User settings from the Users blade

Blob storage supports ... types of blobs, and ... access tiers.


Options are :

  • 2
  • 3 (Correct)
  • 1
  • 4

Answer :3

You have an Azure virtual machine named VM1. The network interface for VM1 is configured as shown in the picture.

You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol.

VM1 is used as a web server only.

You need to ensure that users can connect to the website from the internet. What should you do?


Options are :

  • Modify the protocol of Rule4.
  • Delete Rule1.
  • For Rule5, change the Action to Allow and change the priority to 401. (Correct)
  • Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a priority of 501.

Answer :For Rule5, change the Action to Allow and change the priority to 401.

AZ-203 Microsoft Certified Azure Developer practice exams Set 14

You have an Azure Active Directory (Azure AD) tenant. You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the GlobalAdministrators group authenticate to Azure AD from untrusted locations.You need to ensure that members of the Global Administrators group will also be forced to use multi-factor authentication when authenticating from untrusted locations.What should you do?


Options are :

  • From the Azure portal, modify grant control of Policy1. (Correct)
  • From the Azure portal, modify session control of Policy1.
  • From the multi-factor authentication page, modify the service settings.
  • From the multi-factor authentication page, modify the user settings.

Answer :From the Azure portal, modify grant control of Policy1.

You have an Azure subscription named Subscription1 that contains two Azure virtual networks named VNet1 and VNet2. VNet1 contains a VPN gateway namedVPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1.On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1.You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2.You need to ensure that you can connect Client1 to VNet2.What should you do?


Options are :

  • Select Allow gateway transit on VNet1.
  • Download and re-install the VPN client configuration package on Client1. (Correct)
  • Enable BGP on VPNGW1.
  • Select Allow gateway transit on VNet2.

Answer :Download and re-install the VPN client configuration package on Client1.

You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1.You need to ensure that you can configure a point-to-site connection from VNet1 to an on-premises computer.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.


Options are :

  • Create a route-based virtual network gateway. (Correct)
  • Add a public IP address space to VNet1.
  • Reset GW1.
  • Add a connection to GW1.
  • Delete GW1. (Correct)

Answer :Create a route-based virtual network gateway. Delete GW1.

AZ-104 Real Azure Administrator Practice Test Set 5

You have a virtual network named VNet1 as shown in the picture.

No devices are connected to VNet1.

You plan to peer VNet1 to another virtual network named VNet2 in the same region. 

VNet2 has an address space of 10.2.0.0/16.

You need to create the peering.

What should you do first?


Options are :

  • Create a subnet on VNet1 and VNet2.
  • Modify the address space of VNet1. (Correct)
  • Add a gateway subnet to VNet1.
  • Configure a service endpoint on VNet2.

Answer :Modify the address space of VNet1.

You have an Azure DNS zone named adatum.com.You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure.What should you do?


Options are :

  • Create an NS record named research in the adatum.com zone. (Correct)
  • Create an A record named *.research in the adatum.com zone.
  • Create a PTR record named research in the adatum.com zone.
  • Modify the SOA record of adatum.com.

Answer :Create an NS record named research in the adatum.com zone.

You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.You have a computer named Computer1 that runs Windows 10. Computer1 is connected to the Internet.

You add a network interface named Interface1 to VM1 as shown in the picture.

From Computer1, you attempt to connect to VM1 by using Remote Desktop, but the connection fails.

You need to establish a Remote Desktop connection to VM1.

What should you do first?


Options are :

  • Attach a network interface.
  • Change the priority of the RDP rule.
  • Delete the DenyAllInBound rule.
  • Start VM1. (Correct)

Answer :Start VM1.

AZ-203 Microsoft Certified Azure Developer practice exams Set 11

A resource group are multiple resources in one group, not necessary a logical grouping.


Options are :

  • TRUE
  • FALSE (Correct)

Answer :FALSE

A template allows you to configure multiple resources simultaneously and use variables/parameters/functions to create dependencies between resources.


Options are :

  • TRUE (Correct)
  • FALSE

Answer :TRUE

Azure Management Groups can be used to control policy and RBAC for multiple subscriptions. Management groups enable organizational alignment for your Azure subscriptions through custom hierarchies and groupings.


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

AZ-300 Microsoft Azure Architect Technologies Prc. Tests Set 6

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (Network Security Groupss) in the subscription.

You need to ensure that when an Network Security Groups is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You create a resource lock, and then you assign the lock to the subscription.Does this meet the goal?


Options are :

  • No (Correct)
  • Yes

Answer :No

You can create resources only from the Azure Resource Manager templates.


Options are :

  • FALSE (Correct)
  • TRUE

Answer :FALSE

You have an Azure subscription named Subscription1 that contains the resource groups shown in the following table.

In RG1, you create a virtual machine named VM1 in the East Asia location.

You plan to create a virtual network named VNET1.

You need to create VNET1, and then connect VM1 to VNET1.

What are two possible ways to achieve this goal? 

Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.


Options are :

  • Create VNET1 in RG2, and then set East Asia as the location. (Correct)
  • Create VNET1 in RG2, and then set East US as the location.
  • Create VNET1 in a new resource group in the West US location, and then set West US as the location.
  • Create VNET1 in RG1, and then set East Asia as the location. (Correct)
  • Create VNET1 in RG1, and then set East US as the location.

Answer :Create VNET1 in RG2, and then set East Asia as the location. Create VNET1 in RG1, and then set East Asia as the location.

AZ-400 Microsoft Azure DevOps Solutions Practice Tests Set 1

You manage a virtual network named VNet1 that is hosted in the West US Azure region.VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.Solution: From Performance Monitor, you create a Data Collector Set (DCS).Does this meet the goal?


Options are :

  • Yes
  • No (Correct)

Answer :No

Tags in Azure can be used to logically organize resources by categories. Each tag is a name and a value pair. However, tags can not be shared across multiple resources.


Options are :

  • FALSE (Correct)
  • TRUE

Answer :FALSE

Azure Log Analytics can consolidate machine data from on-premises and cloud-based workloads and this data is indexed and categorized for quick searching. Data can be collected only from Windows machines.


Options are :

  • TRUE
  • FALSE (Correct)

Answer :FALSE

AZ-300 Microsoft Azure Architect Technologies Prc. Tests Set 2

You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table.

Each virtual machine uses a static IP address.You need to create network security groups (Network Security Groupss) to meet following requirements:

? Allow web requests from the internet to VM3, VM4, VM5, and VM6.

? Allow all connections between VM1 and VM2.

? Allow Remote Desktop connections to VM1.

Prevent all other network traffic to VNET1.What is the minimum number of Network Security Groupss you should create?


Options are :

  • 3
  • 12
  • 4 (Correct)
  • 1

Answer :4

You have two Azure Active Directory (Azure AD) tenants named contoso.com and fabrikam.com.You have a Microsoft account that you use to sign in to both tenants.You need to configure the default sign-in tenant for the Azure portal.What should you do?


Options are :

  • From the Azure portal, configure the portal settings.
  • From Azure Cloud Shell, run Set-AzureRmSubscription.
  • From Azure Cloud Shell, run Set-AzureRmContext. (Correct)
  • From the Azure portal, change the directory.

Answer :From Azure Cloud Shell, run Set-AzureRmContext.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions