AZ-100 Exam Questions PDF - Microsoft AZ-100 Top dumps
                     Microsoft
AZ-100
Microsoft Azure
Infrastructure and
Deployment
Version: Demo
[ Total Questions: 10]
https://www.dumpsforsure.com/microsoft/az-100-dumps.html
Microsoft - AZ-100
Exam Topic Breakdown
Exam Topic Number of Questions
Topic 2 : Contoso Ltd 4
Topic 1 : Humongous Insurance 4
Topic 3 : Mix Questions 2
TOTAL 10
1 of 16
Microsoft - AZ-100
Topic 2, Contoso Ltd
Overview
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner
organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.
Existing Environment
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are
joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Requirements
Planned Changes
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.
Technical Requirements
Contoso must meet the following technical requirements:
2 of 16
Microsoft - AZ-100
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure.
Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile
phone to verify their identity.
Minimize administrative effort whenever possible.
User Requirements
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service administrator of the Azure subscription.
Ensure that a new user named User3 can create network objects for the Azure subscription.
Question #:1 - (Exam Topic 2)
You need to move the blueprint files to Azure.
What should you do?
A.  Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
B.  Use the Azure Import/Export service.
C.  Generate an access key. Map a drive, and then copy the files by using File Explorer.
D.  Use Azure Storage Explorer to copy the files.
Answer: D
Explanation
Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on
3 of 16
Microsoft - AZ-100
Windows, macOS, and Linux. You can use it to upload and download data from Azure blob storage.
Scenario:
Planned Changes include: move the existing product blueprint files to Azure Blob storage.
Technical Requirements include: Copy the blueprint files to Azure over the Internet.
References:
https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science-process/move-data-to-azure-blob-using-azure-storage-explorer
Question #:2 - (Exam Topic 2)
You need to recommend an identify solution that meets the technical requirements.
What should you recommend?
A.  federated single-on (SSO) and Active Directory Federation Services (AD FS)
B.  password hash synchronization and single sign-on (SSO)
C.  cloud-only user accounts
D.  Pass-through Authentication and single sign-on (SSO)
Answer: A
Explanation
Active Directory Federation Services is a feature and web service in the Windows Server Operating System
that allows sharing of identity information outside a company’s network.
Scenario: Technical Requirements include:
Prevent user passwords or hashes of passwords from being stored in Azure.
References: https://www.sherweb.com/blog/active-directory-federation-services/
Question #:3 - (Exam Topic 2)
You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you recommend?
A.  Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.
4 of 16
Microsoft - AZ-100
B.  Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
C.  Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that
contains the web servers.
D.  Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that
contains the web servers.
Answer: C
Explanation
As App1 is public-facing we need an incoming security rule, related to the access of the web servers.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a
SQL database, a web front end, and a processing middle tier.
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Question #:4 - (Exam Topic 2)
You need to recommend a solution for App1. The solution must meet the technical requirements. What should
you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
5 of 16
Microsoft - AZ-100
Explanation
This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier
application, using SQL Server on Windows for the data tier.
6 of 16
Microsoft - AZ-100
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Technical requirements include:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
References: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server
7 of 16
Microsoft - AZ-100
Topic 1, Humongous Insurance
Overview
Existing Environment
Active Directory Environment
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com. The
functional level of the forest is Windows Server 2012.
You recently provisioned an Azure Active Directory (Azure AD) tenant.
Network Infrastructure
Each office has a local data center that contains all the servers for that office. Each office has a dedicated
connection to the Internet.
Each office has several link load balancers that provide access to the servers.
Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.
Licensing Issue
You attempt to assign a license in Azure to several users and receive the following error message: "Licenses
not assigned. License agreement failed for one user."
You verify that the Azure subscription has the available licenses.
Requirements
Planned Changes
Humongous Insurance plans to open a new office in Paris. The Paris office will contain 1,000 users who will
be hired during the next 12 months. All the resources used by the Paris office users will be hosted in Azure.
Planned Azure AD Infrastructure
The on-premises Active Directory domain will be synchronized to Azure AD.
All client computers in the Paris office will be joined to an Azure AD domain.
Planned Azure Networking Infrastructure
8 of 16
Microsoft - AZ-100
You plan to create the following networking resources in a resource group named All_Resources:
Default Azure system routes that will be the only routes used to route traffic
A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2
A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet
A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and Subnet4
You plan to enable peering between Paris-VNet and AllOffices-VNet. You will enable the Use remote
gateways setting for the Paris-VNet peerings.
You plan to create a private DNS zone named humongousinsurance.local and set the registration network to
the ClientResources-VNet virtual network.
Planned Azure Computer Infrastructure
Each subnet will contain several virtual machines that will run either Windows Server 2012 R2, Windows
Server 2016, or Red Hat Linux.
Department Requirements
Humongous Insurance identifies the following requirements for the company's departments:
Web administrators will deploy Azure web apps for the marketing department. Each web app will be
added to a separate resource group. The initial configuration of the web apps will be identical. The web
administrators have permission to deploy web apps to resource groups.
During the testing phase, auditors in the finance department must be able to review all Azure costs from
the past week.
Authentication Requirements
Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless
SSO) when accessing resources in Azure.
Question #:5 - (Exam Topic 1)
You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly
as possible.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of
actions to the answer area and arrange them in the correct order.
9 of 16
Microsoft - AZ-100
Answer:
10 of 16
Microsoft - AZ-100
Explanation
Step 1:
First you create a storage account using the Azure portal.
Step 2:
Select Automation options at the bottom of the screen. The portal shows the template on the Template tab.
Deploy: Deploy the Azure storage account to Azure.
Step 3:
Share the template.
Scenario: Web administrators will deploy Azure web apps for the marketing department. Each web app will be
added to a separate resource group. The initial configuration of the web apps will be identical. The web
administrators have permission to deploy web apps to resource groups.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-quickstart-create-templates-use-the-portal
Question #:6 - (Exam Topic 1)
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE Each correct selection is worth one point.
A.  Azure Active Directory (AD) Identity Protection and an Azure policy
B.  a Recovery Services vault and a backup policy
C.  an Azure Key Vault and an access policy
D.  
11 of 16
Microsoft - AZ-100
D.  an Azure Storage account and an access policy
Answer: B D
Explanation
D: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or
Pass-through Authentication, and can be enabled via Azure AD Connect.
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL
to all or selected users' Intranet zone settings by using Group Policy in Active Directory:
https://autologon.microsoftazuread-sso.com
Question #:7 - (Exam Topic 1)
Which blade should you instruct the finance department auditors to use?
A.  Partner information
B.  Overview
C.  Payment methods
D.  Invoices
Answer: D
Explanation
You can opt in and configure additional recipients to receive your Azure invoice in an email. This feature may
not be available for certain subscriptions such as support offers, Enterprise Agreements, or Azure in Open.
Select your subscription from the Subscriptions page. Opt-in for each subscription you own. Click
Invoices then Email my invoice.
Click Opt in and accept the terms.
Scenario: During the testing phase, auditors in the finance department must be able to review all Azure costs
from the past week.
References: https://docs.microsoft.com/en-us/azure/billing/billing-download-azure-invoice-daily-usage-date
Question #:8 - (Exam Topic 1)
You need to define a custom domain name for Azure AD to support the planned infrastructure.
Which domain name should you use?
A.  ad.humongousinsurance.com
12 of 16
Microsoft - AZ-100
B.  humongousinsurance.onmicrosoft.com
C.  humongousinsurance.local
D.  humongousinsurance.com
Answer: D
Explanation
Every Azure AD directory comes with an initial domain name in the form of domainname.onmicrosoft.com.
The initial domain name cannot be changed or deleted, but you can add your corporate domain name to Azure
AD as well. For example, your organization probably has other domain names used to do business and users
who sign in using your corporate domain name. Adding custom domain names to Azure AD allows you to
assign user names in the directory that are familiar to your users, such as ‘[email protected].’ instead of
'alice@domain name.onmicrosoft.com'.
Scenario:
Network Infrastructure: Each office has a local data center that contains all the servers for that office. Each
office has a dedicated connection to the Internet.
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com
Planned Azure AD Infrastructure: The on-premises Active Directory domain will be synchronized to Azure
AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
13 of 16
Microsoft - AZ-100
Topic 3, Mix Questions
Question #:9 - (Exam Topic 3)
You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each correct answer
presents part of the solution.
NOTE: Each correct selection is worth one point.
A.  an XML manifest file
B.  a driveset CSV file
C.  a dataset CSV file
D.  a PowerShell PS1 file
E.  a JSON configuration file
Answer: B C
Explanation
B: Modify the driveset.csv file in the root folder where the tool resides.
C: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to
import a file or folder or both, add entries in the dataset.csv file
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files
Question #:10 - (Exam Topic 3)
You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address.
Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network interfaces and network security groups that you require? To answer,
select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
14 of 16
Microsoft - AZ-100
Answer:
Explanation
15 of 16
Microsoft - AZ-100
Box 1: 10
One public and one private network interface for each of the five VMs.
Box 2: 1
You can associate zero, or one, network security group to each virtual network subnet and network interface in
a virtual machine. The same network security group can be associated to as many subnets and network
interfaces as you choose.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
https://www.dumpsforsure.com/microsoft/az-100-dumps.html
16 of 16