AZ-103 Free Practice Test

You have an Azure subscription named Subscnption1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1. What should you do fit -

1. A. From the Azure portal modify the Access control (1AM) settings of VM1.
2. B. From the Azure portal, modify the Policies settings of RG1.
3. C. From the Azure portal, modify the value of the Managed Service Identity option for VM1.
4. D. From the Azure portal, modify the Access control (IAM) settings of RG1.

Correct Answer: C
A managed identity from Azure Active Directory allows your app to easily access other AAD-protected resources such as Azure Key Vault. The identity is managed by the Azure platform and does not require you to provision or rotate any secrets.
User assigned managed identities can be used on Virtual Machines and Virtual Machine Scale Sets. References:
https://docs.microsoft.com/en-us/azure/app-service/app-service-managed-service-identity

You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?

1. A. Azure Active Directory (AD) Identity Protection and an Azure policy
2. B. a Recovery Services vault and a backup policy
3. C. an Azure Key Vault and an access policy
4. D. an Azure Storage account and an access policy

Correct Answer: C
You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file.
References: https://azure.microsoft.com/en-us/resources/templates/101-vm-secure-password/

HOTSPOT
You have an Azure Active Directory (Azure AD) tenant.
You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal.
Which three settings should you configure? To answer, select the appropriate settings in the answer area.
Solution:
Box 1: Assignments, Users and Groups
When you configure the sign-in risk policy, you need to set:
The users and groups the policy applies to: Select Individuals and Groups
< ><>>>< ><>>>The type of access you want to be enforced when your sign-in risk level has been met:
<>>

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

You have an azure subscription that contain a virtual named VNet1. VNet1. contains four subnets named Gatesway, perimeter, NVA, and production.
The NVA contain two network virtual appliance (NVAs) that will network traffic inspection between the perimeter subnet and the production subnet.
You need o implement an Azure load balancer for the NVAs. The solution must meet the following requirements:
The NVAs must run in an active-active configuration that uses automatic failover.
The NVA must load balance traffic to two services on the Production subnet. The services have different IP addresses
Which three actions should you perform? Each correct answer presents parts of the solution.
NOTE: Each correct selection is worth one point.

1. A. Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
2. B. Deploy a standard load balancer.
3. C. Add a frontend IP configuration, two backend pools, and a health prob.
4. D. Add a frontend IP configuration, a backend pool, and a health probe.
5. E. Add two load balancing rules that have HA Ports and Floating IP enabled.
6. F. Deploy a basic load balancer.

Correct Answer: BCE
A standard load balancer is required for the HA ports.
-Two backend pools are needed as there are two services with different IP addresses.
-Floating IP rule is used where backend ports are reused. Incorrect Answers:
F: HA Ports are not available for the basic load balancer. References:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview

HOTSPOT
You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.
< ><>>< ><>>NOTE: Each correct selection is worth one point.

Solution:
Box 1: No
Azure DNS provides automatic registration of virtual machines from a single virtual network that's linked to a private zone as a registration virtual network. VM5 does not belong to the registration virtual network though.
Box 2: No
Forward DNS resolution is supported across virtual networks that are linked to the private zone as resolution virtual networks. VM5 does belong to a resolution virtual network.
Box 3: Yes
VM6 belongs to registration virtual network, and an A (Host) record exists for VM9 in the DNS zone. By default, registration virtual networks also act as resolution virtual networks, in the sense that DNS resolution against the zone works from any of the virtual machines within the registration virtual network.
References: https://docs.microsoft.com/en-us/azure/dns/private-dns-overview

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A