ホームページ / AZ-101 問題集  / AZ-101 問題練習

Microsoft AZ-101 問題練習

Microsoft Azure Integration and Security 試験

最新更新時間: 2020/11/17,合計27問。

いい買物の日:AZ-101 最新真題を買う時、日本語版と英語版両方を同時に獲得できます。


さらに試験準備時間の35%を節約するには、AZ-101 問題集を使用してください。

 / 2

Question No : 1
You plan to move services from your on-premises network to Azure.
You identify several virtual machines that you believe can be hosted in Azure. The virtual machines are shown in the following table.

Which two virtual machines can you access by using Azure migrate? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

The VMware VMs must be managed by vCenter Server (version 5.5, 6.0, or 6.5).

Question No : 2
You have an on-premises network that contains a Hyper-V host named Host1. Host1 runs Windows Server
2016 and hosts 10 virtual machines that run Windows Server 2016.
You plan to replicate the virtual machines to Azure by using Azure Site Recovery.
You create a Recovery Services vault named ASR1 and a Hyper-V site named Site1. You need to add Host1 to ASR1.
What should you do?

Download the Vault registration key. You need this when you install the Provider. The key is valid for five days after you generate it.
Install the Provider on each VMM server. You don't need to explicitly install anything on Hyper-V hosts. Incorrect Answers:
B, D: Use the Vault Registration Key, not the storage account key.

Question No : 3
You need to migrate VM1 to VNet1 by using Azure Site Recovery.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:


Step 1: Deploy an EC2 virtual machine as a configuration server
Prepare source include:

Question No : 4
You need to prepare the environment to implement the planned changes for Server2.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:


Box 1: Create a Recovery Services vault
Create a Recovery Services vault on the Azure Portal.
Box 2: Install the Azure Site Recovery Provider
Azure Site Recovery can be used to manage migration of on-premises machines to Azure.
Scenario: Migrate the virtual machines hosted on Server1 and Server2 to Azure. Server2 has the Hyper-V host role.

Question No : 5
You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements.
What should you include in the recommendation?

Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications, or other conditions.

Question No : 6
You need to meet the technical requirement for VM4.
What should you create and configure?

Scenario: Create a workflow to send an email message when the settings of VM4 are modified.
You can start an automated logic app workflow when specific events happen in Azure resources or third- party resources. These resources can publish those events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without you writing any code.

Question No : 7
You discover that VM3 does NOT meet the technical requirements.
You need to verify whether the issue relates to the NSGs.
What should you use?

Scenario: Contoso must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.

Question No : 8
You have a Microsoft SQL Server Always On availability group on Azure virtual machines.
You need to configure an Azure internal load balancer as a listener for the availability group.
What should you do?

Explanation: Incorrect Answers:
D: The Health probe is created with the TCP protocol, not with the HTTP protocol.
Explanations: alwayson-int-listener
Testlet 1
Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case.
However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to Explanation information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each
is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first
in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the
button to return to the question.
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Contoso are hosted on-premises.
Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named The tenant uses the P1 pricing tier.
Existing Environment
The network contains an Active Directory forest named All domain controllers are configured as DNS servers and host the DNS zone.
Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently. contains a user named User1. All the offices connect by using private links.
Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.

Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.
The Azure subscription contains the resources in the following table.

The network security team implements several network security groups (NSGs).
Planned Changes
Contoso plans to implement the following changes:

Deploy Azure ExpressRoute to the Montreal office.

Migrate the virtual machines hosted on Server1 and Server2 to Azure. Synchronize on-premises Active Directory to Azure Active Directory (Azure AD). Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.
Technical requirements
Contoso must meet the following technical requirements:

Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.

Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.

Ensure that routing information is exchanged automatically between Azure and the routers in the
Montreal office.

Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only. Ensure that can be accessed by using the name Connect the New York office to VNet1 over the Internet by using an encrypted connection. Create a workflow to send an email message when the settings of VM4 are modified.

Create a custom Azure role named Role1 that is based on the Reader role. Minimize costs whenever possible.

Question No : 9
You have an Azure Service Bus.
You need to implement a Service Bus queue that guarantees first-in-first-out (FIFO) delivery of messages.
What should you do?

Through the use of messaging sessions you can guarantee ordering of messages, that is first-in-first-out
(FIFO) delivery of messages.
Explanations: queues-compared-contrasted

Question No : 10
You have an Azure App Service plan that hosts an Azure App Service named App1.
You configure one production slot and four staging slots for App1.
You need to allocate 10 percent of the traffic to each staging slot and 60 percent of the traffic to the production slot.
What should you add to App1?

Besides swapping, deployment slots offer another killer feature: testing in production. Just like the name suggests, using this, you can actually test in production. This means that you can route a specific percentage of user traffic to one or more of your deployment slots.


Question No : 11
You have an Azure web app named WebApp1.
You need to provide developers with a copy of WebApp1 that they can modify without affecting the production WebApp1. When the developers finish testing their changes, you must be able to switch the current line version of WebApp1 to the new version.
Which command should you run prepare the environment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:


Box 1: New-AzureRmWebAppSlot
The New-AzureRmWebAppSlot cmdlet creates an Azure Web App Slot in a given a resource group that uses the specified App Service plan and data center.
Box 2: -SourceWebApp

Question No : 12
You have an Azure web app named WebApp1 that runs in an Azure App Service plan named ASP1. ASP1 is based on the D1 pricing tier.
You need to ensure that WebApp1 can be accessed only from computers on your on-premises network. The solution must minimize costs.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:


Box 1: B1
B1 (Basic) would minimize cost compared P1v2 (premium) and S1 (standard).
Box 2: Cross Origin Resource Sharing (CORS)
Once you set the CORS rules for the service, then a properly authenticated request made against the service from a different domain will be evaluated to determine whether it is allowed according to the rules you have specified.
Note: CORS (Cross Origin Resource Sharing) is an HTTP feature that enables a web application running under one domain to access resources in another domain. In order to reduce the possibility of cross-site scripting attacks, all modern web browsers implement a security restriction known as same-origin policy. This prevents a web page from calling APIs in a different domain. CORS provides a secure way to allow one origin (the origin domain) to call APIs in another origin.

Question No : 13
You have an Azure App Service plan named AdatumASP1 that uses the P2v2 pricing tier. AdatunASP1 hosts an Azure web app named adatumwebapp1.
You need to delegate the management of adatumwebapp1 to a group named Devs. Devs must be able to perform the following tasks:

Add deployment slots.

View the configuration of AdatunASP1.

Modify the role assignment for adatumwebapp1.
Which role should you assign to the Devs group?

The Contributor role lets you manage everything except access to resources.
Incorrect Answers:
A: The Owner role lets you manage everything, including access to resources.
C: The Web Plan Contributor role lets you manage the web plans for websites, but not access to them. D: The Website Contributor role lets you manage websites (not web plans), but not access to them.

Question No : 14
You are building a custom Azure function app to connect to Azure Event Grid.
You need to ensure that resources are allocated dynamically to the function app. Billing must be based on the executions of the app.
What should you configure when you create the function app?

Azure Functions runs in two different modes: Consumption plan and Azure App Service plan. The Consumption plan automatically allocates compute power when your code is running. Your app is scaled out when needed to handle load, and scaled down when code is not running.
Incorrect Answers:
B: When you run in an App Service plan, you must manage the scaling of your function app.

Question No : 15
A web developer creates a web application that you plan to deploy as an Azure web app.
Users must enter credentials to access the web application.
You create a new web app named WebApp1 and deploy the web application to WebApp1. You need to disable anonymous access to WebApp1.
What should you configure?

Anonymous access is an authentication method. It allows users to establish an anonymous connection.

 / 2