The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification.
Question 221: Which Azure service should you use to correlate events from multiple resources into a centralized repository?
A. Azure Event Hubs
B. Azure Analysis Services
C. Azure Monitor
D. Azure Log Analytics
Explanation: Log Analytics is a web tool used to write and execute Azure Monitor log queries. Open it by selecting Logs in the Azure Monitor menu. It starts with a new blank query.
Question 222: Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that is configured for hybrid coexistence with the on-premises Active Directory Domain.
The tenant contains the users shown in the following users.
User1: User Type – Member, Source – AzureAD, Sign-in – User1@contoso.com.
User2: User Type – Member, Source – Windows Server Active Directory, Sign-in – User2@contoso.com.
User3: User Type – Guest, Source – Multiple, Sign-in – User3@outlook.com.
User4: User Type – Guest, Source – Multiple, Sign-in – User4@gmail.com.
Whenever possible, you need to enable Azure Multi-Factor Authentication (MFA) for the users in contoso.com.
Which users should you enable for Azure MFA?
A. User1 only.
B. User1, User2, and User3 only.
C. User1 and User2 only.
D. User1, User2, User3, and User4.
E. User2 only.
Question 223: You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the firstname.lastname@example.org sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: ?Unable to invite user.
User1@outlook.com ? Generic authorization exception.?.
You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?
A. From the Roles and administrators blade, assign the Security administrator role to Admin1.
B. From the Organizational relationships blade, add an identity provider.
C. From the Custom domain names blade, add a custom domain.
D. From the Users blade, modify the External collaboration settings.
Explanation: By default, all users and guests in your directory can invite guests even if they’re not assigned to an admin role. External collaboration settings let you turn guest invitations on or off for different types of users in your organization. You can also delegate invitations to individual users by assigning roles that allow them to invite guests.
Question 224: You have an Azure DNS zone named adatum.com.
You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure.
What should you do?
A. Create an A record named *.research in the adatum.com zone.
B. Create a PTR record named research in the adatum.com zone.
C. Modify the SOA record of adatum.com.
D. Create an NS record named research in the adatum.com zone.
Explanation: The NS records identify the name servers, responsible for your DNS zone. In order to have a valid DNS configuration, the NS records configured in the DNS zone must be exactly the same as these configured as name servers at your domain name provider.
Question 225: Your company has a main office in London that contains 100 client computers.
Three years ago, you migrated to Azure Active Directory (Azure AD).
The company’s security policy states that all personal devices and corporate-owned devices must be registered or joined to Azure AD.
A remote user named User1 is unable to join a personal device to Azure AD from a home network.
You verify that other users can join their devices to Azure AD.
You need to ensure that User1 can join the device to Azure AD.
What should you do?
A. From the Device settings blade, modify the Users may join devices to Azure AD setting.
B. From the Device settings blade, modify the Maximum number of devices per user setting.
C. Create a point-to-site VPN from the home network of User1 to Azure.
D. Assign the User administrator role to User1.
Explanation: Maximum number of devices – This setting enables you to select the maximum number of devices that a user can have in Azure AD. If a user reaches this quota, they are not be able to add additional devices until one or more of the existing devices are removed. The device quota is counted for all devices that are either Azure AD joined or Azure AD registered today. The default value is 20. Maximum number of devices setting does not apply to hybrid Azure AD joined devices.
Question 226: You set the multi-factor authentication status for a user named email@example.com to Enabled.
Admin1 accesses the Azure portal by using a web browser.
Which additional security verifications can Admin1 use when accessing the Azure portal?
A. A phone call, a text message that contains a verification code, and a notification or a verification code sent from the Microsoft Authenticator app.
B. An app password, a text message that contains a verification code, and a notification sent from the Microsoft Authenticator app.
C. An app password, a text message that contains a verification code, and a verification code sent from the Microsoft Authenticator app.
D. A phone call, an email message that contains a verification code, and a text message that contains an app password.
Explanation: Verification methods: Call to phon, Text message to phone, Notification through mobile app, and Verification code from mobile app or hardware token.
Question 227: You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal?
Explanation: You can permit only specific users or groups to run specific operations, such as managing, editing, and viewing logic apps. To control their permissions, use Azure Role-Based Access Control (RBAC) to assign customized or built-in roles to members in your Azure subscription:
Logic App Contributor: Lets you manage logic apps, but you can’t change access to them.
Logic App Operator: Lets you read, enable, and disable logic apps, but you can’t edit or update them.
To prevent others from changing or deleting your logic app, you can use Azure Resource Lock, which prevents others from changing or deleting production resources.
Question 228: You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error events from a table named Event.
Which query should you run in Workspace1?
A. Get-Event Event | where ($_.EventType ?eq “error”).
B. Get-Event Event | where ($_.EventType == “error”).
C. Search in (Event) * | where EventType ?eq “error”.
D. Search in (Event) “error”.
E. Select *from Event where EventType == “error”.
F. Event | where EventType is “error”.
Explanation: Table scoping: To search a term in a specific table, add in (table-name) just after the search operator:
Search in table Event: search in (Event) “error”| take 100
Search in multiple tables: search in (Event, SecurityEvent) “error”| take 100
Question 229: You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.
Name: RG1,????????????????????Azure region: West Europe,????Policy: Policy1
Name: RG2,????????????????????Azure region: North Europe,???Policy: Policy2
Name: RG3,????????????????????Azure region: France Central,?Policy: Policy3
RG1 has a web app named WebApp1. WebApp1 is located in West Europe.
You move WebApp1 to RG2.
What is the effect of the move?
A. The App Service plan for WebApp1 moves to North Europe. Policy2 applies to WebApp1.
B. The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.
C. The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1.
D. The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1.
Explanation: You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group and geographical region. The region in which your app runs is the region of the App Service plan it’s in. However, you cannot change an App Service plan’s region.
Question 230: You have an Azure subscription that contains a resource group named RG1. RG1 contains 100 virtual machines.
Your company has three cost centers named Manufacturing, Sales, and Finance.
You need to associate each virtual machine to a specific cost center.
What should you do?
A. Configure locks for the virtual machine.
B. Add an extension to the virtual machines.
C. Assign tags to the virtual machines.
D. Modify the inventory settings of the virtual machine.
Explanation: Billing Tags Policy Initiative: Requires specified tag values for cost center and product name. Uses built-in policies to apply and enforce required tags. You specify the required values for the tags.
Keyword: AZ-900 Free Exam Dumps, AZ-900 Exam Questions, AZ-900 Exam Dumps, AZ-900 Braindumps, AZ-900 Real Questions, AZ-900 Practice Test, AZ-900 Practice Exam, AZ-900 Free Test, AZ-900 Free Questions, AZ-900 Real Exam Questions and Answers, AZ-900 VCE Dumps, AZ-900 ETE Dumps, AZ-900 PDF Dumps, and AZ-900 Study Guide.