AZ-103日本語 無料問題集「Microsoft Azure Administrator (AZ-103日本語版)」

解説: (JPNTest メンバーにのみ表示されます)

Explanation

Box 1: Set-AzureRmVirtualNetworkGatewayDefaultSite
The Set-AzureRmVirtualNetworkGatewayDefaultSite cmdlet assigns a forced tunneling default site to a virtual network gateway. Forced tunneling provides a way for you to redirect Internet-bound traffic from Azure virtual machines to your on-premises network; this enables you to inspect and audit traffic before releasing it. Forced tunneling is carried out by using a virtual private network (VPN) tunnel; this tunnel requires a default site, a local gateway where all the Azure Internet-bound traffic is redirected.
Set-AzureRmVirtualNetworkGatewayDefaultSite provides a way to change the default site assigned to a gateway.

Explanation

See explanation below.
Explanation
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
Step A: Create a network security group
A1. Search for and select the resource group for the VM, choose Add, then search for and select Network security group.
A2. Select Create.

The Create network security group window opens.
A3. Create a network security group
Enter a name for your network security group.
Select or create a resource group, then select a location.
A4. Select Create to create the network security group.
Step B: Create an inbound security rule to allows HTTPS over TCP port 443 B1. Select your new network security group.
B2. Select Inbound security rules, then select Add.
B3. Add inbound rule
B4. Select Advanced.
From the drop-down menu, select HTTPS.
You can also verify by clicking Custom and selecting TCP port, and 443.
B5. Select Add to create the rule.
Repeat step B2-B5 to deny TCP port 80
B6. Select Inbound security rules, then select Add.
B7. Add inbound rule
B8. Select Advanced.
Clicking Custom and selecting TCP port, and 80.
B9. Select Deny.
Step C: Associate your network security group with a subnet
Your final step is to associate your network security group with a subnet or a specific network interface.
C1. In the Search resources, services, and docs box at the top of the portal, begin typing Web01. When the Web01 VM appears in the search results, select it.
C2. Under SETTINGS, select Networking. Select Configure the application security groups, select the Security Group you created in Step A, and then select Save, as shown in the following picture:

References:
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic

Explanation

The virtual machines are registered (added) to the private zone as A records pointing to their private IP addresses.
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
https://docs.microsoft.com/en-us/azure/dns/private-dns-scenarios

解説: (JPNTest メンバーにのみ表示されます)

Explanation

Box 1: an internal load balancer
Azure Internal Load Balancer (ILB) provides network load balancing between virtual machines that reside inside a cloud service or a virtual network with a regional scope.
Box 2: an application gateway that uses the WAF tier
Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities.
References:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

Explanation

Box 1: a computer joined in the Active Directory domain
The Active Directory domain service stores passwords in the form of a hash value representation, of the actual user password.
Box 2: Stored in both Azure AD and in the Active Director domain
The Active Directory domain service stores passwords in the form of a hash value representation, of the actual user password.
To synchronize your password, Azure AD Connect sync extracts your password hash from the on-premises Active Directory instance.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization

See explanation below.
Explanation
Step 1:
Locate and select the web app homepagelod7509087, select Backups. The Backups page is displayed.

Step 2:
In the Backup page, Click Configure.
Step 3:
In the Backup Configuration page, click Storage: Not configured to configure a storage account.

Step 4:
Choose your backup destination by selecting a Storage Account and Container. Select the homepagelod7509087 storage account.
Step 5:
In the Backup Configuration page that is still left open, select Scheduled backup On, and configure daily backups.

Step 6:
In the Backup Configuration page, click Save.
Step 7:
In the Backups page, click Backup.
References:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-backup

解説: (JPNTest メンバーにのみ表示されます)

解説: (JPNTest メンバーにのみ表示されます)

解説: (JPNTest メンバーにのみ表示されます)

See explanation below.
Explanation
Step 1:
In the navigation list, choose Load Balancer.

Step 2:
Locate the load balancer named Web-ALB, and click the Access icon.
Step3:
In the Users blade, click Roles. In the Roles blade, click Add to add permissions for the user [email protected].
Step 4:
Add permission to modify backend pools
References:
https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-manage-permissions

解説: (JPNTest メンバーにのみ表示されます)