AZ-301 Exam Dumps, AZ-301 Exam Questions, AZ-301 PDF Dumps, AZ-301 VCE Dumps, Microsoft Exam

(2020-May-New)Braindump2go AZ-301 PDF and AZ-301 VCE Dumps Free Download(145-157)

May/2020 New Braindump2go AZ-301 PDF and AZ-301 VCE Dumps Free Updated Today! Following are some new AZ-301 Exam Questions,

QUESTION 145
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM).
Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant.
The company is developing an application named Application1. Application1 will be hosted in Azure by using 10 virtual machines that run Windows Server 2016. Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks.
You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption (BitLocker).
Solution: Deploy one Azure Key Vault to each region. Create two Azure AD service principals. Configure the virtual machines to use Azure Disk Encryption and specify a different service principal for the virtual machines in each region.
Does this meet the goal?

A. Yes
B. No

Answer: B
Explanation:
You would also have to import Import the security keys from the HSM into each Azure key vault.
References:
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-prerequisites-aad

QUESTION 146
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM).
Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant.
The company is developing an application named Application1. Application1 will be hosted in Azure by using 10 virtual machines that run Windows Server 2016. Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks.
You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption (BitLocker).
Solution: Export a security key from the on-premises HSM. Create one Azure AD service principal. Configure the virtual machines to use Azure Storage Service Encryption.
Does this meet the goal?

A. Yes
B. No

Answer: B
Explanation:
We use the Azure Premium Key Vault with Hardware Security Modules (HSM) backed keys.
The Key Vault has to be in the same region as the VM that will be encrypted.
References:
https://www.ciraltos.com/azure-disk-encryption-v2/

QUESTION 147
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM).
Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant.
The company is developing an application named Application1. Application1 will be hosted in Azure by using 10 virtual machines that run Windows Server 2016. Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks.
You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption (BitLocker).
Solution:
– Deploy one Azure key vault to each region
– Export two security keys from the on-premises HSM
– Import the security keys from the HSM into each Azure key vault
– Create two Azure AD service principals
– Configure the virtual machines to use Azure Disk Encryption
– Specify a different service principal for the virtual machines in each region
Does this meet the goal?

A. Yes
B. No

Answer: A
Explanation:
We use the Azure Premium Key Vault with Hardware Security Modules (HSM) backed keys.
The Key Vault has to be in the same region as the VM that will be encrypted.
Note: If you want to use a key encryption key (KEK) for an additional layer of security for encryption keys, add a KEK to your key vault. Use the Add-AzKeyVaultKey cmdlet to create a key encryption key in the key vault. You can also import a KEK from your on-premises key management HSM.
References:
https://www.ciraltos.com/azure-disk-encryption-v2/
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-prerequisites-aad

QUESTION 148
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use Azure Advisor to analyze the network traffic.
Does the solution meet the goal?

A. Yes
B. No

Answer: B
Explanation:
Instead use Azure Network Watcher to run IP flow verify to analyze the network traffic.
Note: Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources.
With Advisor, you can:
Get proactive, actionable, and personalized best practices recommendations.
Improve the performance, security, and high availability of your resources, as you identify opportunities to reduce your overall Azure spend.
Get recommendations with proposed actions inline.
References:
https://docs.microsoft.com/en-us/azure/advisor/advisor-overview

QUESTION 149
Your network contains an Active Directory domain named contoso.com that is federated to an Azure Active Directory (Azure AD) tenant. The on-premises domain contains a VPN server named Server1 that runs Windows Server 2016.
You have a single on-premises location that uses an address space of 172.16.0.0/16.
You need to implement two-factor authentication for users who establish VPN connections to Server1.
What should you include in the implementation?

A. In Azure AD, create a conditional access policy and a trusted named location
B. Install and configure Azure MFA Server on-premises
C. Configure an Active Directory Federation Services (AD FS) server on-premises
D. In Azure AD, configure the authentication methods.
From the multi-factor authentication (MFA) service settings, create a trusted IP range

Answer: B
Explanation:
You need to download, install and configure the MFA Server.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-deploy

QUESTION 150
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases.
You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting.
Solution: Create a resources group for each resource type. Assign tags to each resource group.
Does this meet the goal?

A. Yes
B. No

Answer: A
Explanation:
Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

QUESTION 151
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases.
You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting.
Solution: Place all resources in the same resource group. Assign tags to each resource.
Does this meet the goal?

A. Yes
B. No

Answer: B
Explanation:
Instead, create a resources group for each resource type. Assign tags to each resource Note: Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

QUESTION 152
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases.
You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting.
Solution: Create a new subscription for each department.
Does this meet the goal?

A. Yes
B. No

Answer: B
Explanation:
Instead, create a resources group for each resource type. Assign tags to each resource Note: Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

QUESTION 153
You plan to store data in Azure Blob storage for many years. The stored data will be accessed rarely.
You need to ensure that the data in Blob storage is always available for immediate access. The solution must minimize storage costs.
Which storage tier should you use?

A. Cool
B. Archive
C. Hot

Answer: A
Explanation:
Azure cool tier is equivalent to the Amazon S3 Infrequent Access (S3-IA) storage in AWS that provides a low cost high performance storage for infrequently access data.
Note: Azure’s cool storage tier, also known as Azure cool Blob storage, is for infrequently-accessed data that needs to be stored for a minimum of 30 days. Typical use cases include backing up data before tiering to archival systems, legal data, media files, system audit information, datasets used for big data analysis and more.
The storage cost for this Azure cold storage tier is lower than that of hot storage tier. Since it is expected that the data stored in this tier will be accessed less frequently, the data access charges are high when compared to hot tier. There are no additional changes required in your applications as these tiers can be accessed using APIs in the same manner that you access Azure storage.
Incorrect Answers:
B: Even though Azure archive storage offers the lowest cost in terms of data storage, its data retrieval charges are higher than that of hot and cool tiers. In fact, the data in the archive tier remains offline until the tier of the data is changed using a process called hydration. The process of hydrating data in the archive storage tier and moving it to either hot or cool tier could take up to 15 hours and, hence, it is only intended for data that can afford that kind of access delay.
C: The storage cost for this Azure cold storage tier is lower than that of hot storage tier.
References:
https://cloud.netapp.com/blog/low-cost-storage-options-on-azure

QUESTION 154
You manage an application instance. The application consumes data from multiple databases. Application code references database tables using a combination of the server, database, and table name.
You need to migrate the application instance to Azure.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. SQL Server Stretch Database
B. SQL Server in an Azure virtual machine
C. Azure SQL Database
D. SQL Managed Instance

Answer: AD
Explanation:
A: Access your SQL Server data seamlessly regardless of whether it’s on-premises or stretched to the cloud. You set the policy that determines where data is stored, and SQL Server handles the data movement in the background. The entire table is always online and queryable. And, Stretch Database doesn’t require any changes to existing queries or applications – the location of the data is completely transparent to the application.
D: The managed instance deployment model is designed for customers looking to migrate a large number of apps from on-premises or IaaS, self-built, or ISV provided environment to fully managed PaaS cloud environment, with as low migration effort as possible. Using the fully automated Data Migration Service (DMS) in Azure, customers can lift and shift their on-premises SQL Server to a managed instance that offers compatibility with SQL Server on-premises and complete isolation of customer instances with native VNet support.
References:
https://docs.microsoft.com/en-us/sql/sql-server/stretch-database/stretch-database https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance

QUESTION 155
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are migrating an on-premises application to Azure. One component of the application is a legacy Windows native executable that performs image processing.
The image processing application must run every hour. During times that the image processing application is not running, it should not be consuming any Azure compute resources.
You need to ensure that the image processing application runs correctly every hour.
Solution: Create an Azure Batch application that runs the image processing application every hour.
Does the solution meet the goal?

A. Yes
B. No

Answer: B
Explanation:
Instead use an Azure Logic Apps, which helps you automate workflows that run on a schedule.
References:
https://docs.microsoft.com/en-us/azure/logic-apps/tutorial-build-schedule-recurring-logic-app-workflow

QUESTION 156
You plan to run an image rendering workload in Azure. The workload uses parallel compute processes.
What is the best service to use to run the workload? More than one answer choice may achieve the goal.
Select the BEST answer.

A. an Azure virtual machine scale set
B. Azure Kubernetes Service (AKS)
C. Azure Batch
D. Azure Container Service

Answer: C
Explanation:
Azure Batch works well with intrinsically parallel (also known as “embarrassingly parallel”) workloads.
Intrinsically parallel workloads are those where the applications can run independently, and each instance completes part of the work. When the applications are executing, they might access some common data, but they do not communicate with other instances of the application. Intrinsically parallel workloads can therefore run at a large scale, determined by the amount of compute resources available to run applications simultaneously.
References:
https://docs.microsoft.com/en-us/azure/batch/batch-technical-overview

QUESTION 157
You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployments in your subscription.
What should you include in the recommendation?

A. the Change Tracking management solution
B. Azure Activity Log
C. Azure Monitor action groups
D. Azure Advisor

Answer: B
Explanation:
The Azure Activity Log provides insight into subscription-level events that have occurred in Azure. This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events.
Activity logs are kept for 90 days. You can query for any range of dates, as long as the starting date isn’t more than 90 days in the past.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-audit


Resources From:

1.2020 Latest Braindump2go AZ-301 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/az-301.html

2.2020 Latest Braindump2go AZ-301 PDF and AZ-301 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1PXo2CdJp-RE3hybnjjGiHV7uk7r2geY-?usp=sharing

3.2020 Free Braindump2go AZ-301 PDF Download:
https://www.braindump2go.com/free-online-pdf/AZ-301-Dumps(130-140).pdf
https://www.braindump2go.com/free-online-pdf/AZ-301-PDF(152-163).pdf
https://www.braindump2go.com/free-online-pdf/AZ-301-PDF-Dumps(108-118).pdf
https://www.braindump2go.com/free-online-pdf/AZ-301-VCE(141-151).pdf
https://www.braindump2go.com/free-online-pdf/AZ-301-VCE-Dumps(119-129).pdf

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!