AZ-103: Practice Questions

You recently created a virtual machine named Web01. You need to attach a new 80-GB standard data disk named Web01-Disk1 to Web01. What should you do from the Azure portal?

Add a data disk - Step 1: In the Azure portal, from the menu on the left, select Virtual machines. Step 2: Select the Web01 virtual machine from the list. Step 3: On the Virtual machine page, in Essentials, select Disks. Step 4: On the Disks page, select the Web01-Disk1 from the list of existing disks. Step 5: In the Disks pane, click + Add data disk. Step 6: Click the drop-down menu for Name to view a list of existing managed disks accessible to your Azure subscription. Select the managed disk Web01-Disk1 to attach References: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/attach-disk-portal

You have an Azure virtual machine named VM1 that you use for testing. VM1 is protected by Azure Backup. You delete VM1. You need to remove the backup data stored for VM1. What should you do first? A. Delete the Recovery Services vault. B. Delete the storage account. C. Stop the backup D. Modify the backup policy.

*Delete the backup in Recovery Services vault???* Answer : D Explanation: Azure Backup provides backup for virtual machines created through both the classic deployment model and the Azure Resource Manager deployment model by using custom-defined backup policies in a Recovery Services vault.With the release of backup policy management, customers can manage backup policies and model them to meet their changing requirements from a single window. Customers can edit a policy, associate more virtual machines to a policy, and delete unnecessary policies to meet their compliance requirements. Incorrect Answers:A: You can't delete a Recovery Services vault if it is registered to a server and holds backup data. If you try to delete a vault, but can't, the vault is still configured to receive backup data. References: https://azure.microsoft.com/en-in/updates/azure-vm-backup-policy-management/

You create an Azure Storage account named contosostorage. You plan to create a file share named data. Users need to map a drive to the data file share from home computers that run Windows 10. Which outbound port should you open between the home computers and the data file share? A. 80 B. 443 C. 445 D. 3389

Answer : C Explanation: Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked. References: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

You have an Azure subscription that contains 100 virtual machines.You regularly create and delete virtual machines.You need to identify unattached disks that can be deleted.What should you do? A. From Microsoft Azure Storage Explorer, view the Account Management properties. B. From the Azure portal, configure the Advisor recommendations. C. From Azure Cost Management, view Advisor Recommendations. D. From Azure Cost Management, view Cost Analysis.

Answer : A Explanation: You can find unused disks in the Azure Storage Explorer console. Once you drill down to the Blob containers under a storage account, you can see the lease state of the residing VHD (the lease state determines if the VHD is being used by any resource) and the VM to which it is leased out. If you find that the lease state and the VM fields are blank, it means that the VHD in question is unused. The screenshot below shows two active VHDs being used by VMs as data and OS disks.The name of the VM and lease state are shown in the "VM Name" and "Lease State" columns, respectively. Reference: https://cloud.netapp.com/blog/reduce-azure-storage-costs

You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.What should you create to store the password? A. an Azure Key Vault and an access policy B. a Recovery Services vault and a backup policy C. Azure Active Directory (AD) Identity Protection and an Azure policy D. an Azure Storage account and an access policy

Answer : A Explanation: You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore, the password is never put in plain text in the template parameter file. References: https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/

You have an Azure subscription named Subscription1. You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1. What should you use? A. the AzurePerformanceDiagnostics extension B. Azure HDInsight C. Linux Diagnostic Extension (LAD) 3.0 D. Azure Analysis Services

Answer : A Explanation: You can use extensions to configure diagnostics on your VMs to collect additional metric data.The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM. References: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-monitoring

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Modify the extensionProfile section of the Azure Resource Manager template. B. Create an automation account. C. Upload a configuration script. D. Create a new virtual machine scale set in the Azure portal. E. Create an Azure policy.

Answer : A,D Explanation: Virtual Machine Scale Sets can be used with the Azure Desired State Configuration (DSC) extension handler. Virtual machine scale sets provide a way to deploy and manage large numbers of virtual machines, and can elastically scale in and out in response to load. DSC is used to configure the VMs as they come online so they are running the production software. References: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-dsc

You plan to use the Azure Import/Export service to copy files to a storage account. Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. a driveset CSV file B. a JSON configuration file C. a PowerShell PS1 file D. an XML manifest file E. a dataset CSV file

Answer : A,E Explanation: A: Modify the driveset.csv file in the root folder where the tool resides. E: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file References: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files

You have an Azure subscription that contains a virtual machine named VM1. VM1 hosts a line-of-business application that is available 24 hours a day. VM1 has one network interface and one managed disk. VM1 uses the D4s v3 size.You plan to make the following changes to VM1: -> Change the size to D8s v3. -> Add a 500-GB managed disk. -> Add the Puppet Agent extension. -> Attach an additional network interface. Which change will cause downtime for VM1? A. Add the Puppet Agent extension. B. Change the size to D8s v3. C. Add a 500-GB managed disk. D. Attach an additional network interface.

Answer : B Explanation: While resizing the VM it must be in a stopped state. References: https://azure.microsoft.com/en-us/blog/resize-virtual-machines/

You have the Azure virtual machines shown in the following table. *Name* - - - *Azure Region* VM1 - - - - - West Europe VM2 - - - - - West Europe VM3 - - - - - West Europe VM4 - - - - - West Europe You have a Recovery Services vault that protects VM1 and VM2.You need to protect VM3 and VM4 by using Recovery Services.What should you do first? A. Create a new backup policy. B. Configure the extensions for VM3 and VM4. C. Create a storage account. D. Create a new Recovery Services vault.

Answer : D Explanation: A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines(VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services References: https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication

You have two Azure virtual machines named VM1 and VM2. You have two Recovery Services vaults named RSV1 and RSV2. VM2 is protected by RSV1. You need to use RSV2 to protect VM2. What should you do first? A. From the VM2 blade, click Disaster recovery, click Replication settings, and then select RSV2 as the Recovery Services vault. B. From the RSV2 blade, click Backup. From the Backup blade, select the backup for the virtual machine, and then click Backup. C. From the RSV1 blade, click Backup Jobs and export the VM2 job. D. From the RSV1 blade, click Backup items and stop the VM2 backup.

Answer : D Back up must be stopped "first" Reference: https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm

DRAG DROP - You have two Azure virtual machines named VM1 and VM2. VM1 has a single data disk named Disk1. You need to attach Disk1 to VM2. The solution must minimize downtime for both virtual machines. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place: - Detach Disk1 from VM1 - Start VM1 - Stop VM1 - Attach Disk1 to VM2

Step 1: Stop VM1. Step 2: Detach Disk1 from VM1. Step 3: Attach Disk1 to VM2 Step 4: Start VM1. References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/detach-disk https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-attach-detach-data-disk

You have an Azure subscription that contains a storage account. You have an on-premises server named Server1 that runs Windows Server 2016. Server1 has 2 TB of data. You need to transfer the data to the storage account by using the Azure Import/Export service. In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select. Select and Place: - From the Azure portal, update the import job - From the Azure portal, create an import job - Attach an external disk - Detach the external disks

Answer : Explanation At a high level, an import job involves the following steps: *Step 1*: Attach an external disk to Server1 and then run waimportexport.exe. Determine data to be imported, number of drives you need, destination blob location for your data in Azure storage. Use the WAImportExport tool to copy data to disk drives. Encrypt the disk drives with BitLocker. *Step 2*: From the Azure portal, create an import job. Create an import job in your target storage account in Azure portal. Upload the drive journal files. *Step 3*: Detach the external disks from Server1 and ship the disks to an Azure data center. Provide the return address and carrier account number for shipping the drives back to you. Ship the disk drives to the shipping address provided during job creation. *Step 4*: From the Azure portal, update the import job Update the delivery tracking number in the import job details and submit the import job. The drives are received and processed at the Azure data center. The drives are shipped using your carrier account to the return address provided in the import job. References: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service

HOTSPOT - You have an Azure subscription named Subscription1 that is associated to an Azure Active Directory (Azure AD) tenant named AAD1. Subscription1 contains the objects in the following table. *Name* -------- *Type* Share1 ----- Azure file share Account1 - Azure Storage account RG1 -------- Resource group Vault1 --- Recovery Services vault You plan to create a single backup policy for Vault1. To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

Answer : Explanation Box 1: Share1 only - Box 2: 99 years - With the latest update to Azure Backup, customers can retain their data for up to 99 years in Azure.Note: A backup policy defines a matrix of when the data snapshots are taken, and how long those snapshots are retained. The backup policy interface looks like this: References: https://docs.microsoft.com/en-us/azure/backup/backup-azure-files https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm#defining-a-backup-policy https://blogs.microsoft.com/firehose/2015/02/16/february-update-to-azure-backup-includes-data-retention-up-to-99-years-offline-backup-and-more/

Your company plans to store several documents on a public website. You need to create a container named bios that will host the documents in the storagelod9272261 storage account. The solution must ensure anonymous access and must ensure that users can browse folders in the container. What should you do from the Azure portal?

Azure portal create public container To create a container in the Azure portal, follow these steps: Step 1: Navigate to your new storage account in the Azure portal. Step 2: In the left menu for the storage account, scroll to the blob service section, then select Blobs. Select the + Container button. Type a name for your new container: bios Set the level of public access to the container: Select anonymous access. Step 3: Select OK to create the container. References: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-portal

HOTSPOT - You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1. You install and configure a web server and a DNS server on VM1. VM1 has the effective network security rules shown in the following exhibit.

Box 1: Rule2 blocks ports 50-60, which includes port 53, the DNS port. Internet users can reach the Web server, since it uses port 80. Box 2: If Rule2 is removed internet users can reach the DNS server as well.Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed. References: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit.

Box 1: The Autoscale scale out rule increases the number of VMs by 2 if the CPU threshold is 80% or higher. The initial instance count is 4 and rises to 6 when the 2 extra instances of VMs are added. Box 2: The Autoscale scale in rule decreases the number of VMs by 4 if the CPU threshold is 30% or lower. The initial instance count is 4 and thus cannot be reduced to0 as the minimum instances is set to 2. Instances are only added when the CPU threshold reaches 80%. References: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-overview https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-common-scale-patterns

You have several Azure virtual machines on a virtual network named VNet1. You configure an Azure Storage account as shown in the following exhibit.

Box 1: always -Endpoint status is enabled. Box 2: Never -After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network restricted storage account. Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-accounts-secured-with-azure-storage-firewalls-and-virtual-networks/

Task5 -You plan to connect several virtual machines to the VNET01-USEA2 virtual network.In the Web-RGlod9272261 resource group, you need to create a virtual machine that uses the Standard_B2ms size named Web01 that runs Windows Server2016. Web01 must be added to an availability set. What should you do from the Azure portal?

Step 1: Choose Create a resource in the upper left-hand corner of the Azure portal. Select Virtual Machine. Step 2: In the Basics tab, under Project details, make sure the correct subscription is selected and then choose Web-RGlod9272261 resource group Step 3: Under Instance details type/select: Virtual machine name: Web01 - Image: Windows Server 2016 - Size: Standard_B2ms size - Leave the other defaults. Step 4: Finish the Wizard -

Your company plans to host in Azure the source files of several line-of-business applications. You need to create an Azure file share named corpsoftware in the storagelod9272261 storage account. The solution must ensure that corpsoftware can store only up to 250 GB of data. What should you do from the Azure portal?

Step 1: Go to the Storage Account blade on the Azure portal Step 2: Click on add File Share button Step 3: Provide Name (storagelod9272261) and Quota (250 GB).

DRAG DROP - You have an on-premises file server named Server1 that runs Windows Server 2016. You have an Azure subscription that contains an Azure file share. You deploy an Azure File Sync Storage Sync Service, and you create a sync group.You need to synchronize files from Server1 to Azure. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place: - Register Server1 - Add a server endpoint - Install the Azure File Sync agent on Server1

Step 1: Install the Azure File Sync agent on Server1 The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share Step 2: Register Server1. Register Windows Server with Storage Sync ServiceRegistering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service. Step 3: Add a server endpoint - Create a sync group and a cloud endpoint.A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server. References: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

You plan to protect on-premises virtual machines and Azure virtual machines by using Azure Backup.You need to prepare the backup infrastructure in Azure. The solution must minimize the cost of storing the backups in Azure. What should you do from the Azure portal?

Step 1: On the left-hand menu, select All services and in the services list, type Recovery Services. As you type, the list of resources filters. When you seeRecovery Services vaults in the list, select it to open the Recovery Services vaults menu. Step 2: In the Recovery Services vaults menu, click Add to open the Recovery Services vault menu. Step 3: In the Recovery Services vault menu Type myRecoveryServicesVault in Name.The current subscription ID appears in Subscription. If you have additional subscriptions, you could choose another subscription for the new vault.For Resource group select Use existing and choose myResourceGroup. If myResourceGroup doesn't exist, select Create new and type myResourceGroup.From the Location drop-down menu, choose West Europe.Click Create to create your Recovery Services vault.

You need to deploy two Azure virtual machines named VM1003a and VM1003b based on an Ubuntu Server image. The deployment must meet the following requirements: -> Provide a Service Level Agreement (SLA) of 99.95 percent availability. -> Use managed disks. What should you do from the Azure portal?

Step 1: Open the Azure portal. Step 2: On the left menu, select All resources. You can sort the resources by Type to easily find your images. Step 3: Select the image you want to use from the list. The image Overview page opens. Step 4: Select Create VM from the menu. Step 5: Enter the virtual machine information.Select VM1003a as the name for the first Virtual machine.The user name and password entered here will be used to log in to the virtual machine. When complete, select OK. You can create the new VM in an existing resource group, or choose Create new to create a new resource group to store the VM. Step 6: Select a size for the VM. To see more sizes, select View all or change the Supported disk type filter. Step 7: Under Settings, make changes as necessary and select OK. Step 8: On the summary page, you should see your image name listed as a Private image. Select Ok to start the virtual machine deployment.Repeat the procedure for the second VM and name it VM1003b. References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-vm-generalized-managed

You need to deploy an Azure virtual machine named VM1004a based on an Ubuntu Server image, and then configure VM1004a to meet the following requirements: -> The virtual machine must contain data disks that can store at least 15 TB of data. -> The data disks must be able to provide at least 2.000 IOPS. -> Storage costs must be minimized. What should you do from the Azure portal?

Step 1: Open the Azure portal. Step 2: On the left menu, select All resources. You can sort the resources by Type to easily find your images. Step 3: Select the image you want to use from the list. The image Overview page opens. Step 4: Select Create VM from the menu. Step 5: Enter the virtual machine information.Select VM1004a as the name for the first Virtual machine.The user name and password entered here will be used to log in to the virtual machine. When complete, select OK. You can create the new VM in an existing resource group, or choose Create new to create a new resource group to store the VM. Step 6: Select a size for the VM. To see more sizes, select View all or change the Supported disk type filter.To meet the requirements select Standard SSD E70.Standard SSD E70: Up to 16 TB, IOPS up to 4000, $1,228.80/monthStandard SSD Managed Disks, a low-cost SSD offering, are optimized for test and entry-level production workloads requiring consistent latency. Step 7: Under Settings, make changes as necessary and select OK. Step 8: On the summary page, you should see your image name listed as a Private image. Select Ok to start the virtual machine deployment. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-vm-generalized-managed

You plan to back up all the Azure virtual machines in your Azure subscription at 02:00 Coordinated Universal Time (UTC) daily. You need to prepare the Azure environment to ensure that any new virtual machines can be configured quickly for backup. The solution must ensure that all the daily backups performed at 02:00 UTC are stored for only 90 days. What should you do from your Recovery Services vault on the Azure portal?

Task A: Create a Recovery Services vault (if a vault already exists skip this task, go to Task B below) A1. From Azure Portal, On the Hub menu, click All services and in the list of resources, type Recovery Services and click Recovery Services vaults.If there are recovery services vaults in the subscription, the vaults are listed. A2. On the Recovery Services vaults menu, click Add. A3. The Recovery Services vault blade opens, prompting you to provide a Name, Subscription, Resource group, and Location Task B. B1. On the Recovery Services vault blade (for the vault you just created), in the Getting Started section, click Backup, then on the Getting Started with Backup blade, select Backup goal. The Backup Goal blade opens. If the Recovery Services vault has been previously configured, then the Backup Goal blades opens when you click Backup on theRecovery Services vault blade. B2. From the Where is your workload running? drop-down menu, select Azure. B3. From the What do you want to backup? menu, select Virtual Machine, and click OK. B4. Finish the Wizard. Task C. create a backup schedule C1. Open the Microsoft Azure Backup agent. You can find it by searching your machine for Microsoft Azure Backup. C2. In the Backup agent's Actions pane, click Schedule Backup to launch the Schedule Backup Wizard. C3. On the Getting started page of the Schedule Backup Wizard, click Next. C4. On the Select Items to Backup page, click Add Items.The Select Items dialog opens. C5. Select Blob Storage you want to protect, and then click OK. C6. In the Select Items to Backup page, click Next. C7. On the Select Retention Policy page, set it to 90 days, and click Next. C8. Finish the Wizard. References: https://docs.microsoft.com/en-us/azure/backup/backup-configure-vault

You plan to prevent users from accidentally deleting blob data from Azure.You need to ensure that administrators can recover any blob data that is deleted accidentally from the storagelod9272261 storage account for 14 days after the deletion occurred.What should you do from the Azure portal?

Task A: Create a Recovery Services vault - A1. From Azure Portal, On the Hub menu, click All services and in the list of resources, type Recovery Services and click Recovery Services vaults. A2. On the Recovery Services vaults menu, click Add. A3. The Recovery Services vault blade opens, prompting you to provide a Name, Subscription, Resource group, and Location Task B. Create a backup goal - B1. On the Recovery Services vault blade (for the vault you just created), in the Getting Started section, click Backup, then on the Getting Started with Backup blade, select Backup goal. B2. From the Where is your workload running? drop-down menu, select Azure. B3. From the What do you want to backup? menu, select Blob Storage, and click OK. B4. Finish the Wizard. Task C. Create a backup schedule - C1. Open the Microsoft Azure Backup agent. You can find it by searching your machine for Microsoft Azure Backup. C2. In the Backup agent's Actions pane, click Schedule Backup to launch the Schedule Backup Wizard. C3. On the Getting started page of the Schedule Backup Wizard, click Next. C4. On the Select Items to Backup page, click Add Items.The Select Items dialog opens. C5. Select Blob Storage you want to protect, and then click OK. C6. In the Select Items to Backup page, click Next. C7. On the Select Retention Policy page, set it to 14 days, and click Next. C8. Finish the Wizard.