2020/February New Braindump2go AZ-103 Exam Dumps with PDF and VCE New Updated Today! Following are some new AZ-103 Exam Questions!

New Question
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains four subnets named Gateway, Perimeter, NVA, and Production.
The NVA subnet contains two network virtual appliances (NVAs) that will perform network traffic inspection between the Perimeter subnet and the Production subnet.
You need to implement an Azure load balancer for the NVAs. The solution must meet the following requirements:
The NVAs must run in an active-active configuration that uses automatic failover. The NVA must load balance traffic to two services on the Production subnet. The services have different IP addresses
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A.    Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
B.    Deploy a standard load balancer.
C.    Add a frontend IP configuration, two backend pools, and a health probe.
D.    Add a frontend IP configuration, a backend pool, and a health probe.
E.    Add two load balancing rules that have HA Ports and floating IP enabled.
F.    Deploy a basic load balancer.

Answer: BCE
Explanation:
A standard load balancer is required for the HA ports.
Two backend pools are needed as there are two services with different IP addresses.
Floating IP rule is used where backend ports are reused.
Incorrect Answers:
F: HA Ports are not available for the basic load balancer.
References:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview

New Question
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?

A.    Floating IP (direct server return) to Disabled
B.    Session persistence to Client IP
C.    a health probe
D.    Session persistence to None

Answer: B
Explanation:
You can set the sticky session in load balancer rules with setting the session persistence as the client IP.
References:
https://cloudopszone.com/configure-azure-load-balancer-for-sticky-sessions/

New Question
You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1.
You need to ensure that you can configure a point-to-site connection from VNet1 to an on-premises computer.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A.    Reset GW1.
B.    Add a service endpoint to VNet1.
C.    Add a connection to GW1.
D.    Add a public IP address space to VNet1.
E.    Delete GW1.
F.    Create a route-based virtual network gateway.

Answer: EF
Explanation:
E: From: https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about

***We do not support Point-to-Site for static routing VPN gateways or PolicyBased VPN gateways.
As in the questions it says: policy-based virtual network gateway named GW1 will not be valid with the config.
F: A VPN gateway is used when creating a VPN connection to your on-premises network.
Route-based VPN devices use any-to-any (wildcard) traffic selectors, and let routing/forwarding tables direct traffic to different IPsec tunnels. It is typically built on router platforms where each IPsec tunnel is modeled as a network interface or VTI (virtual tunnel interface).
Incorrect Answers:
D: Point-to-Site connections do not require a VPN device or a public-facing IP address.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/create-routebased-vpn-gateway-portal

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps

New Question
From the MFA Server blade, you open the Block/unblock users blade as shown in the exhibit.
 
What caused AlexW to be blocked?

A.    An administrator manually blocked the user.
B.    The user reported a fraud alert when prompted for additional authentication.
C.    The user account password expired.
D.    The user entered an incorrect PIN four times within 10 minutes.

Answer: B

New Question
You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com.
From the Azure Active Directory blade, you assign the Conditional Access Administrator role to a user named Admin1.
You need to ensure that Admin1 has just-in-time access as a conditional access administrator.
What should you do next?

A.    Enable Azure AD Multi-Factor Authentication (MFA).
B.    Set Admin1 as Eligible for the Privileged Role Administrator role.
C.    Set Admin1 as Eligible for the Conditional Access Administrator role.
D.    Enable Azure AD Identity Protection.

Answer: A
Explanation:
Require MFA for admins is a baseline policy that requires MFA for the following directory roles:
Global administrator
SharePoint administrator
Exchange administrator
Conditional access administrator
Security administrator
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/baseline-protection

New Question
You are the global administrator for an Azure Directory (Azure AD) tenant named adatum.com.
You need to enable two-step verification for Azure users.
What should you do?

A.    Create a single sign-in risk policy in Azure AD Identity Protection.
B.    Enable Azure AD Privileged Identity Management.
C.    Create and configure the Identity Hub.
D.    Configure a security policy in Azure Security Center.

Answer: A
Explanation:
With Azure Active Directory Identity Protection, you can:
require users to register for multi-factor authentication
handle risky sign-ins and compromised users
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/flows

New Question
You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1.
VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.
What should you do first?

A.    From the Azure portal, modify the Access control (IAM) settings of VM1.
B.    From the Azure portal, modify the Policies settings of RG1.
C.    From the Azure portal, modify the value of the Managed Service Identity option for VM1.
D.    From the Azure portal, modify the Access control (IAM) settings of RG1.

Answer: C
Explanation:
A managed identity from Azure Active Directory allows your app to easily access other AAD-protected resources such as Azure Key Vault. The identity is managed by the Azure platform and does not require you to provision or rotate any secrets.
User assigned managed identities can be used on Virtual Machines and Virtual Machine Scale Sets.
References:
https://docs.microsoft.com/en-us/azure/app-service/app-service-managed-service-identity

New Question
You are configuring Azure Active Directory (AD) Privileged Identity Management.
You need to provide a user named Admin1 with read access to a resource group named RG1 for only one month. The user role must be assigned immediately.
What should you do?

A.    Assign an active role.
B.    Assign an eligible role.
C.    Assign a permanently active role.
D.    Create a custom role and a conditional access policy.

Answer: B
Explanation:
Azure AD Privileged Identity Management introduces the concept of an eligible admin. Eligible admins should be users that need privileged access now and then, but not all-day, every day. The role is inactive until the user needs access, then they complete an activation process and become an active admin for a predetermined amount of time.
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

New Question
You have an Azure Active Directory (Azure AD) tenant named Tenant1 and an Azure subscription named Subscription1.
You enable Azure AD Privileged Identity Management.
You need to secure the members of the Lab Creator role. The solution must ensure that the lab creators request access when they create labs.
What should you do first?

A.    From Azure AD Privileged Identity Management, edit the role settings for Lab Creator.
B.    From Subscription1, edit the members of the Lab Creator role.
C.    From Azure AD Identity Protection, create a user risk policy.
D.    From Azure AD Privileged Identity Management, discover the Azure resources of Subscription1.

Answer: A
Explanation:
As a Privileged Role Administrator you can:
Enable approval for specific roles
Specify approver users and/or groups to approve requests
View request and approval history for all privileged roles
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

New Question
You create an Azure subscription that is associated to a basic Azure Active Directory (Azure AD) tenant.
You need to receive an email notification when any user activates an administrative role.
What should you do?

A.    Purchase Azure AD Premium P2 and configure Azure AD Privileged Identity Management.
B.    Purchase Enterprise Mobility + Security E3 and configure conditional access policies.
C.    Purchase Enterprise Mobility + Security E5 and create a custom alert rule in Azure Security Center.
D.    Purchase Azure AD Premium P1 and enable Azure AD Identity Protection.

Answer: A
Explanation:
When key events occur in Azure AD Privileged Identity Management (PIM), email notifications are sent.
For example, PIM sends emails for the following events:
When a privileged role activation is pending approval
When a privileged role activation request is completed
When a privileged role is activated
When a privileged role is assigned
When Azure AD PIM is enabled
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-email-notifications

New Question
You have an Azure Active Directory (Azure AD) tenant.
You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations.
You need to ensure that members of the Global Administrators group will also be forced to use multi-factor authentication when authenticating from untrusted locations.
What should you do?

A.    From the multi-factor authentication page, modify the service settings.
B.    From the multi-factor authentication page, modify the user settings.
C.    From the Azure portal, modify grant control of Policy1.
D.    From the Azure portal, modify session control of Policy1.

Answer: C
Explanation:
There are two types of controls:
Grant controls – To gate access
Session controls – To restrict access to a session
Grant controls oversee whether a user can complete authentication and reach the resource that they’re attempting to sign-in to. If you have multiple controls selected, you can configure whether all of them are required when your policy is processed. The current implementation of Azure Active Directory enables you to set the following grant control requirements:
 
References:
https://blog.lumen21.com/2017/12/15/conditional-access-in-azure-active-directory/

New Question
You have an Azure subscription.
You enable multi-factor authentication for all users.
Some users report that the email applications on their mobile device cannot connect to their Microsoft Exchange Online mailbox. The users can access Exchange Online by using a web browser and from Microsoft Outlook 2016 on their computer.
You need to ensure that the users can use the email applications on their mobile device.
What should you instruct the users to do?

A.    Enable self-service password reset.
B.    Create an app password.
C.    Reset the Azure Active Directory (Azure AD) password.
D.    Reinstall the Microsoft Authenticator app.

Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks

New Question
You have an Azure subscription named Subscription1 and two Azure Active Directory (Azure AD) tenants named Tenant1 and Tenant2.
Subscription1 is associated to Tenant1. Multi-factor authentication (MFA) is enabled for all the users in Tenant1.
You need to enable MFA for the users in Tenant2. The solution must maintain MFA for Tenant1.
What should you do first?

A.    Transfer the administration of Subscription1 to a global administrator of Tenant2
B.    Configure the MFA Server setting in Tenant1.
C.    Create and link a subscription to Tenant2.
D.    Change the directory for Subscription1.

Answer: C

---

Resources from:

https://issuu.com/ruthgriffithfreedumps/docs/_2020-february-new_braindump2go_az-103_pdf_and_az-

And,

1.2020 Latest Braindump2go AZ-103 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/az-103.html

2.2020 Latest Braindump2go AZ-103 PDF and AZ-103 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1deV5Jx0fHUFzZjOR_cqSIJh4jqv9Nxnc?usp=sharing

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!es from Braindump2go,We Devoted to Helping You 100% Pass All Exams!