Skip to Content

AZ-900 Microsoft Azure Fundamentals Exam Questions and Answers – Page 3 Part 1

The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification.

Question 231

You have an Azure subscription named Subscription1.
Subscription1 contains a resource group named RG1.
RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment.
Does this meet the goal?

A. Yes
* B. No


The Azure Activity Log provides insight into subscription-level events that have occurred in Azure. This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events. The Activity Log was previously known as Audit Logs or Operational Logs, since the Administrative category reports control-plane events for your subscriptions.
Use the Activity Log, to determine the what, who, and when for any write operations (PUT, POST, DELETE) taken on the resources in your subscription. You can also understand the status of the operation and other relevant properties.
The Activity Log does not include read (GET) operations or operations for resources that use the Classic/RDFE model.

Question 232

You need to move the blueprint files to Azure.
What should you do?

* A. Use Azure Storage Explorer to copy the files.
B. Use the Azure Import/Export service.
C. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
D. Generate an access key. Map a drive, and then copy the files by using File Explorer.


Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can use it to upload and download data from Azure blob storage.

Question 233

You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.
You create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?

* A. From the Directory role blade, modify the directory role.
B. From the Licenses blade, assign a new license.
C. From the Groups blade, invite the user account to a new group.


Assign a role to a user

  1. Sign in to the Azure portal with an account that’s a global admin or privileged role admin for the directory.
  2. Select Azure Active Directory, select Users, and then select a specific user from the list.
  3. For the selected user, select Directory role, select Add role, and then pick the appropriate admin roles from the Directory roles list, such as Conditional access administrator.
  4. Press Select to save.

Question 234

You have an Azure Active Directory (Azure AD) tenant named
Your company has a public DNS zone for
You add as a custom domain name to Azure AD.
You need to ensure that Azure can verify the domain name.
Which type of DNS record should you create?

* A. TXT.


You can configure Azure DNS to host a custom domain for your web apps. For example, you can create an Azure web app and have your users access it using either or as a fully qualified domain name (FQDN).

To do this, you have to create three records:

  • * A root “A” record pointing to
  • A root “TXT” record for verification
  • A “CNAME” record for the www name that points to the A record

Question 235

You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

* A. A driveset CSV file.
B. A JSON configuration file.
C. A PowerShell PS1 file.
D. An XML manifest file.
* E. A dataset CSV file.


A. A driveset CSV file. Modify the driveset.csv file in the root folder where the tool resides.
E. A dataset CSV file. Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file.

Question 236

You create an Azure Storage account named contosostorage.
You plan to create a file share named data.
Users need to map a drive to the data file share from home computers that run Windows 10.
Which outbound port should you open between the home computers and the data file share?

A. 80.
B. 443.
* C. 445.
D. 3389.


Azure Files is Microsoft’s easy-to-use cloud file system. Azure file shares can be seamlessly used in Windows and Windows Server.

  • Storage account name: To mount an Azure file share, you will need the name of the storage account.
  • Storage account key: To mount an Azure file share, you will need the primary (or secondary) storage key. SAS keys are not currently supported for mounting.
  • Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked. You can check to see if your firewall is blocking port 445 with the Test-NetConnection cmdlet.

Question 237

You have an Azure subscription that contains the resources in the following table.
Name: RG1,????????????????????Type: Resource group
Name: Store1,?????????????????Type: Azure Storage Account
Name: Sync1,??????????????????Type: Azure File Sync
Store1 contains a file share named Data. Data contains 5,000 files.
You need to synchronize the files in Data to an on-premises server named Server1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Download an automation script.
* B. Register Server1.
* C. Create a sync group.
D. Create a container instance.
* E. Install the Azure File Sync agent on Server1.


Use Azure File Sync to centralize your organization’s file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share. You can use any protocol that’s available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.
Step 1: Install the Azure File Sync agent on Server1. The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share.
Step 2: Register Server1. Register Windows Server with Storage Sync Service. Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3: Create a sync group and a cloud endpoint. A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud , which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.

Question 238

You have the Azure virtual machines shown in the following table.
Name: VM1,????????????????????Azure Region: West Europe
Name: VM2,????????????????????Azure Region: West Europe
Name: VM3,????????????????????Azure Region: North Europe
Name: VM4,????????????????????Azure Region: North Europe
You have a Recovery Services vault that protects VM1 and VM2.
You need to protect VM3 and VM4 by using Recovery Services.
What should you do first?

A. Create a new backup policy.
B. Configure the extensions for VM3 and VM4.
C. Create a storage account.
* D. Create a new Recovery Services vault.


A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services.

Question 239

You have an Azure Active Directory (Azure AD) tenant named
You hire a temporary vendor. The vendor uses a Microsoft account that has a sign-in of [email protected].
You need to ensure that the vendor can authenticate to the tenant by using [email protected].
What should you do?

A. From the Azure portal, add a custom domain name, create a new Azure AD user, and then specify [email protected] as the username.
B. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the “?UserPrincipalName [email protected]” parameter.
C. From the Azure portal, add a new guest user, and then specify [email protected] as the email address.
* D. From Windows PowerShell, run the New-AzureADUser cmdlet and specify the “?UserPrincipalName [email protected]” parameter.


UserPrincipalName – contains the UserPrincipalName (UPN) of this user. The UPN is what the user will use when they sign in into Azure AD. The common structure is @, so for Abby Brown in, the UPN would be [email protected]
To create the user, call the New-AzureADUser cmdlet with the parameter values:
powershell New-AzureADUser -AccountEnabled $True -DisplayName "Abby Brown" -PasswordProfile $PasswordProfile -MailNickName "AbbyB" - UserPrincipalName "[email protected]"

Question 240

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.
You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

* A. Modify the extensionProfile section of the Azure Resource Manager template.
B. Create an automation account.
C. Upload a configuration script.
* D. Create a new virtual machine scale set in the Azure portal.
E. Create an Azure policy.


Virtual Machine Scale Sets can be used with the Azure Desired State Configuration (DSC) extension handler. Virtual machine scale sets provide a way to deploy and manage large numbers of virtual machines, and can elastically scale in and out in response to load. DSC is used to configure the VMs as they come online so they are running the production software.

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.