AZ-900 Microsoft Azure Fundamentals Exam Questions and Answers – Page 3

The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification.

AZ-900 Microsoft Azure Fundamentals Exam Questions and Answers

Exam Question 231

You have an Azure subscription named Subscription1.
Subscription1 contains a resource group named RG1.
RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment.
Does this meet the goal?

A. Yes
B. No
Correct Answer:
B. No
Answer Description:
The Azure Activity Log provides insight into subscription-level events that have occurred in Azure. This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events. The Activity Log was previously known as Audit Logs or Operational Logs, since the Administrative category reports control-plane events for your subscriptions.
Use the Activity Log, to determine the what, who, and when for any write operations (PUT, POST, DELETE) taken on the resources in your subscription. You can also understand the status of the operation and other relevant properties.
The Activity Log does not include read (GET) operations or operations for resources that use the Classic/RDFE model.
References:
Microsoft Docs > Overview of Azure Activity log

Exam Question 232

You need to move the blueprint files to Azure.
What should you do?

A. Use Azure Storage Explorer to copy the files.
B. Use the Azure Import/Export service.
C. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
D. Generate an access key. Map a drive, and then copy the files by using File Explorer.

Correct Answer:
A. Use Azure Storage Explorer to copy the files.
Answer Description:
Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can use it to upload and download data from Azure blob storage.
References:
Microsoft Docs > Move data to and from Azure Blob Storage using Azure Storage Explorer

Exam Question 233

You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.
You create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?

A. From the Directory role blade, modify the directory role.
B. From the Licenses blade, assign a new license.
C. From the Groups blade, invite the user account to a new group.

Correct Answer:
A. From the Directory role blade, modify the directory role.
Answer Description:
Assign a role to a user

  1. Sign in to the Azure portal with an account that’s a global admin or privileged role admin for the directory.
  2. Select Azure Active Directory, select Users, and then select a specific user from the list.
  3. For the selected user, select Directory role, select Add role, and then pick the appropriate admin roles from the Directory roles list, such as Conditional access administrator.
  4. Press Select to save.

References:
Microsoft Docs > Assign administrator and non-administrator roles to users with Azure Active Directory

Exam Question 234

You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.
Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD.
You need to ensure that Azure can verify the domain name.
Which type of DNS record should you create?

A. TXT.
B. SRV.
C. DNSKEY.
D. NSEC.
E. RRSIG.
F. PTR.
Correct Answer:
A. TXT.
Answer Description:
You can configure Azure DNS to host a custom domain for your web apps. For example, you can create an Azure web app and have your users access it using either www.contoso.com or contoso.com as a fully qualified domain name (FQDN).

To do this, you have to create three records:

  • * A root “A” record pointing to contoso.com
  • A root “TXT” record for verification
  • A “CNAME” record for the www name that points to the A record

References:
Microsoft Docs > Tutorial: Create DNS records in a custom domain for a web app

Exam Question 235

You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. A driveset CSV file.
B. A JSON configuration file.
C. A PowerShell PS1 file.
D. An XML manifest file.
E. A dataset CSV file.
Correct Answer:
A. A driveset CSV file. Modify the driveset.csv file in the root folder where the tool resides.
E. A dataset CSV file. Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file.
References:
Microsoft Docs > Use Azure Import/Export service to import data to Azure Files

Exam Question 236

You create an Azure Storage account named contosostorage.
You plan to create a file share named data.
Users need to map a drive to the data file share from home computers that run Windows 10.
Which outbound port should you open between the home computers and the data file share?

A. 80.
B. 443.
C. 445.
D. 3389.

Correct Answer:
C. 445.
Answer Description:
Azure Files is Microsoft’s easy-to-use cloud file system. Azure file shares can be seamlessly used in Windows and Windows Server.
Prerequisites:

  • Storage account name: To mount an Azure file share, you will need the name of the storage account.
  • Storage account key: To mount an Azure file share, you will need the primary (or secondary) storage key. SAS keys are not currently supported for mounting.
  • Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked. You can check to see if your firewall is blocking port 445 with the Test-NetConnection cmdlet.

References:
Microsoft Docs > Use an Azure file share with Windows

Exam Question 237

You have an Azure subscription that contains the resources in the following table.
***
Name: RG1,????????????????????Type: Resource group
Name: Store1,?????????????????Type: Azure Storage Account
Name: Sync1,??????????????????Type: Azure File Sync
***
Store1 contains a file share named Data. Data contains 5,000 files.
You need to synchronize the files in Data to an on-premises server named Server1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Download an automation script.
B. Register Server1.
C. Create a sync group.
D. Create a container instance.
E. Install the Azure File Sync agent on Server1.
Correct Answer:
B. Register Server1.
C. Create a sync group.
E. Install the Azure File Sync agent on Server1.
Answer Description:
Use Azure File Sync to centralize your organization’s file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share. You can use any protocol that’s available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.
Step 1: Install the Azure File Sync agent on Server1. The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share.
Step 2: Register Server1. Register Windows Server with Storage Sync Service. Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3: Create a sync group and a cloud endpoint. A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud , which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.
References:
Microsoft Docs > Deploy Azure File Sync

Exam Question 238

You have the Azure virtual machines shown in the following table.
***
Name: VM1,????????????????????Azure Region: West Europe
Name: VM2,????????????????????Azure Region: West Europe
Name: VM3,????????????????????Azure Region: North Europe
Name: VM4,????????????????????Azure Region: North Europe
***
You have a Recovery Services vault that protects VM1 and VM2.
You need to protect VM3 and VM4 by using Recovery Services.
What should you do first?

A. Create a new backup policy.
B. Configure the extensions for VM3 and VM4.
C. Create a storage account.
D. Create a new Recovery Services vault.
Correct Answer:
D. Create a new Recovery Services vault.
Answer Description:
A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services.
References:
Microsoft Docs > Set up disaster recovery for Azure VMs

Exam Question 239

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You hire a temporary vendor. The vendor uses a Microsoft account that has a sign-in of [email protected]
You need to ensure that the vendor can authenticate to the tenant by using [email protected]
What should you do?

A. From the Azure portal, add a custom domain name, create a new Azure AD user, and then specify [email protected] as the username.
B. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the “?UserPrincipalName [email protected]” parameter.
C. From the Azure portal, add a new guest user, and then specify [email protected] as the email address.
D. From Windows PowerShell, run the New-AzureADUser cmdlet and specify the “?UserPrincipalName [email protected]” parameter.
Correct Answer:
D. From Windows PowerShell, run the New-AzureADUser cmdlet and specify the “?UserPrincipalName [email protected]” parameter.
Answer Description:
UserPrincipalName – contains the UserPrincipalName (UPN) of this user. The UPN is what the user will use when they sign in into Azure AD. The common structure is @, so for Abby Brown in Contoso.com, the UPN would be [email protected]
To create the user, call the New-AzureADUser cmdlet with the parameter values:
powershell New-AzureADUser -AccountEnabled $True -DisplayName "Abby Brown" -PasswordProfile $PasswordProfile -MailNickName "AbbyB" - UserPrincipalName "[email protected]"
References:
Microsoft Docs > Creating a new user in Azure AD

Exam Question 240

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.
You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Modify the extensionProfile section of the Azure Resource Manager template.
B. Create an automation account.
C. Upload a configuration script.
D. Create a new virtual machine scale set in the Azure portal.
E. Create an Azure policy.
Correct Answer:
A. Modify the extensionProfile section of the Azure Resource Manager template.
D. Create a new virtual machine scale set in the Azure portal.
Answer Description:
Virtual Machine Scale Sets can be used with the Azure Desired State Configuration (DSC) extension handler. Virtual machine scale sets provide a way to deploy and manage large numbers of virtual machines, and can elastically scale in and out in response to load. DSC is used to configure the VMs as they come online so they are running the production software.
References:
Microsoft Docs > Using Virtual Machine Scale Sets with the Azure DSC Extension