You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user
You purchase 10 Azure AD Premium P2 licenses for the tenant.
You need to ensure that 10 users can use all the Azure AD Premium features.
What should you do?
A. From the Groups blade of each user, invite the users to a group.
B. From the Licenses blade of Azure AD, assign a license.
C. From the Directory role blade of each user, modify the directory role.
D. From the Azure AD domain, add an enterprise application.
Correct Answer: B
To assign a license, under Azure Active Directory > Licenses > All Products, select one or more products, and then
select Assign on the command bar. References: https://docs.microsoft.com/en-us/azure/active-
From the MFA Server blade, you open the Block/unblock users blade as shown in the exhibit.
What caused AlexW to be blocked?
A. An administrator manually blocked the user.
B. The user reports a fraud alert when prompted for additional authentication.
C. The user account password expired.
D. The user entered an incorrect PIN four times within 10 minutes.
Correct Answer: B
pass4itsure az-102 dumps
You have an on-premises file server named Server1 that runs Windows Server 2016.
You have an Azure subscription that contains an Azure file share.
You deploy an Azure File Sync Storage Sync Service, and you create a sync group. examkraft.com
You need to synchronize files from Server1 to Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:
Step 1: Install the Azure File Sync agent on Server1
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file
Step 2: Register Server1.
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or
cluster) and the Storage Sync Service.
Step 3: Add a server endpoint
Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other.
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints.
A server endpoint represents a path on registered server.
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to
deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being
stored in plain text.
What should you create to store the password?
A. Azure Active Directory (AD) Identity Protection and an Azure policy
B. a Recovery Services vault and a backup policy
C. an Azure Key Vault and an access policy
D. an Azure Storage account and an access policy
Correct Answer: C
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a
Key Vault. Therefore, the password is never put in plain text in the template parameter file. References:
You have an Azure Linux virtual machine that is protected by Azure Backup.
One week ago, two files were deleted from the virtual machine.
You need to restore the deleted files to an on-premises computer as quickly as possible.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to
the answer area and arrange them in the correct order.
Select and Place:
To restore files or folders from the recovery point, go to the virtual machine and choose the desired recovery point.
Step 0. In the virtual machine\\'s menu, click Backup to open the Backup dashboard.
Step 1. In the Backup dashboard menu, click File Recovery.
Step 2. From the Select recovery point drop-down menu, select the recovery point that holds the files you want. By
default, the latest recovery point is already selected.
Step 3: To download the software used to copy files from the recovery point, click Download Executable (for Windows
Azure VM) or Download Script (for Linux Azure VM, a python script is generated).
Step 4: Copy the files by using AzCopy
AzCopy is a command-line utility designed for copying data to/from Microsoft Azure Blob, File, and Table storage, using
simple commands designed for optimal performance. You can copy data between a file system and a storage account,
between storage accounts.
You have an Azure DNS zone named adatum.com. You need to delegate a subdomain named research.adatum.com to
a different DNS server in Azure. What should you do?
A. Create an PTR record named research in the adatum.com zone.
B. Create an NS record named research in the adatum.com zone.
C. Modify the SOA record of adatum.com.
D. Create an A record named ".research in the adatum.com zone.
Correct Answer: D
Configure A records for the domains and sub domains.
You have an Azure subscription named Subscnption1 that contains an Azure virtual machine named VM1.
VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.
What should you do fit
A. From the Azure portal modify the Access control (1AM) settings of VM1.
B. From the Azure portal, modify the Policies settings of RG1.
C. From the Azure portal, modify the value of the Managed Service Identity option for VM1.
D. From the Azure portal, modify the Access control (IAM) settings of RG1.
Correct Answer: C
A managed identity from Azure Active Directory allows your app to easily access other AAD-protected resources such
as Azure Key Vault. The identity is managed by the Azure platform and does not require you to provision or rotate any
User assigned managed identities can be used on Virtual Machines and Virtual Machine Scale Sets.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription.
Does this meet the goal?
Correct Answer: B
How can I freeze or lock my production/critical Azure resources from accidental deletion? There is way to do this with
both ASM and ARM resources using Azure resource lock. References: https://blogs.msdn.microsoft.com/azureedu/2016