ExamGecko
Search Search Login
Home Home / Microsoft / AZ-104

Microsoft AZ-104 Practice Test - Questions Answers, Page 12

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You need to the appropriate sizes for the Azure virtual for Server2. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:
HOTSPOT You need to implement Role1. Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use?
Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft Entra tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk invite users' operation. Does this meet the goal?
You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements. Which storage account should you identify?
HOTSPOT You need to create storage5. The solution must support the planned changes. Which type of storage account should you use, and which account should you configure as the destination storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You need to identify the storage requirements for Contoso. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Which blade should you instruct the finance department auditors to use?

Question 111

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains the following resources:

A virtual network that has a subnet named Subnet1

Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1

A virtual machine named VM1 that has the required Windows Server configurations to allow Remote

Desktop connections

NSG-Subnet1 has the default inbound security rules only.

NSG-VM1 has the default inbound security rules and the following custom inbound security rule:

Priority: 100

Source: Any

Source port range: *

Destination: *

Destination port range: 3389

Protocol: UDP

Action: Allow

VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.

You need to be able to establish Remote Desktop connections from the internet to VM1.

Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: A

Explanation:

The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.

Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdpconnection

Question 112

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the virtual machines shown in the following table.

VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.

Subnet1 and Subnet2 are in a virtual network named VNET1.

The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.

NSG2 uses the default and the following custom incoming rule:

Priority: 100

Name: Rule1

Port: 3389

Protocol: TCP

Source: Any

Destination: Any

Action: Allow

NSG1 connects to Subnet1. NSG2 connects to the network interface of VM2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.


Question 112
Correct answer: Question 112

Explanation:

Box 1: No

The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.

Box 2: Yes

NSG2 will allow this.

Box 3: Yes

NSG2 will allow this.

Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdpconnection

Question 113

Report
Export
Collapse

HOTSPOT

You manage two Azure subscriptions named Subscription1 and Subscription2.

Subscription1 has following virtual networks:

The virtual networks contain the following subnets:

Subscription2 contains the following virtual network:

Name: VNETA

Address space: 10.10.128.0/17

Location: Canada Central

VNETA contains the following subnets:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.



Question 113
Correct answer: Question 113

Explanation:

Box 1: Yes

With VNet-to-VNet you can connect Virtual Networks in Azure across Different regions.

Box 2: Yes

Azure supports the following types of peering:

Virtual network peering: Connect virtual networks within the same Azure region.

Global virtual network peering: Connecting virtual networks across Azure regions.

Box 3: Yes

Reference:

https://azure.microsoft.com/en-us/blog/vnet-to-vnet-connecting-virtual-networks-in-azure-acrossdifferent-regions/

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-managepeering# requirements-and-constraints


Question 114

Report
Export
Collapse

You create an Azure VM named VM1 that runs Windows Server 2019.

VM1 is configured as shown in the exhibit. (Click the Exhibit button.)

You need to enable Desired State Configuration for VM1.

What should you do first?

A.
Configure a DNS name for VM1.
A.
Configure a DNS name for VM1.
Answers
B.
Start VM1.
B.
Start VM1.
Answers
C.
Connect to VM1.
C.
Connect to VM1.
Answers
D.
Capture a snapshot of VM1.
D.
Capture a snapshot of VM1.
Answers
Suggested answer: B

Explanation:

Status is Stopped (Deallocated).

The DSC extension for Windows requires that the target virtual machine is able to communicate with

Azure.

The VM needs to be started.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-windows

Question 115

Report
Export
Collapse

You have an Azure subscription that contains the resources shown in the following table.

VM1 and VM2 run a website that is configured as shown in the following table.

LB1 is configured to balance requests to VM1 and VM2.

You configure a health probe as shown in the exhibit. (Click the Exhibit tab.)

You need to ensure that the health probe functions correctly.

What should you do?

A.
On LB1, change the Unhealthy threshold to 65536.
A.
On LB1, change the Unhealthy threshold to 65536.
Answers
B.
On LB1, change the port to 8080.
B.
On LB1, change the port to 8080.
Answers
C.
On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\Temp folder.
C.
On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\Temp folder.
Answers
D.
On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\SiteA\Temp folder.
D.
On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\SiteA\Temp folder.
Answers
Suggested answer: D

Explanation:

Load balancing provides a higher level of availability and scale by spreading incoming requests across virtual machines (VMs). You can use the Azure portal to create a Standard load balancer and balance internal traffic among VMs.

To load balance successfully between VM1 and VM2 you have to place the html file in the path mentioned in the Probe1 configuration.

Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-internalportal

Question 116

Report
Export
Collapse

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft

SharePoint document library named Library1.

You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.

Which two groups should you create? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.
a Security group that uses the Assigned membership type
A.
a Security group that uses the Assigned membership type
Answers
B.
an Office 365 group that uses the Assigned membership type
B.
an Office 365 group that uses the Assigned membership type
Answers
C.
an Office 365 group that uses the Dynamic User membership type
C.
an Office 365 group that uses the Dynamic User membership type
Answers
D.
a Security group that uses the Dynamic User membership type
D.
a Security group that uses the Dynamic User membership type
Answers
E.
a Security group that uses the Dynamic Device membership type
E.
a Security group that uses the Dynamic Device membership type
Answers
Suggested answer: B, C

Explanation:

You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).

Note: With the increase in usage of Office 365 Groups, administrators and users need a way to clean up unused groups. Expiration policies can help remove inactive groups from the system and make things cleaner.

When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, etc.) are also deleted.

You can set up a rule for dynamic membership on security groups or Office 365 groups.

Incorrect Answers:

A, D, E: You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).

Reference:

https://docs.microsoft.com/en-us/office365/admin/create-groups/office-365-groups-expirationpolicy?view=o365-worldwide

Question 117

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant named contoso.com. Multi-factor authentication (MFA) is enabled for all users.

You need to provide users with the ability to bypass MFA for 10 days on devices to which they have successfully signed in by using MFA.

What should you do?

A.
From the multi-factor authentication page, configure the users' settings.
A.
From the multi-factor authentication page, configure the users' settings.
Answers
B.
From Azure AD, create a conditional access policy.
B.
From Azure AD, create a conditional access policy.
Answers
C.
From the multi-factor authentication page, configure the service settings.
C.
From the multi-factor authentication page, configure the service settings.
Answers
D.
From the MFA blade in Azure AD, configure the MFA Server settings.
D.
From the MFA blade in Azure AD, configure the MFA Server settings.
Answers
Suggested answer: C

Explanation:

Enable remember Multi-Factor Authentication

Sign in to the Azure portal.

On the left, select Azure Active Directory > Users.

Select Multi-Factor Authentication.

Under Multi-Factor Authentication, select service settings.

On the Service Settings page, manage remember multi-factor authentication, select the Allow users to remember multi-factor authentication on devices they trust option.

Set the number of days to allow trusted devices to bypass two-step verification. The default is 14 days.

Select Save.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

Question 118

Report
Export
Collapse

You have a hybrid infrastructure that contains an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The tenant contains the users shown in the following table.

You plan to share a cloud resource to the All Users group.

You need to ensure that User1, User2, User3, and User4 can connect successfully to the cloud resource.

What should you do first?

A.
Create a user account of the member type for User4.
A.
Create a user account of the member type for User4.
Answers
B.
Create a user account of the member type for User3.
B.
Create a user account of the member type for User3.
Answers
C.
Modify the Directory-wide Groups settings.
C.
Modify the Directory-wide Groups settings.
Answers
D.
Modify the External collaboration settings.
D.
Modify the External collaboration settings.
Answers
Suggested answer: C

Explanation:

Ensure that "Enable an 'All Users' group in the directory" policy is set to "Yes" in your Azure Active

Directory (AD) settings in order to enable the "All Users" group for centralized access administration.

This group represents the entire collection of the Active Directory users, including guests and external users, that you can use to make the access permissions easier to manage within your directory.

Incorrect Answers:

A, B: User3 and User4 are guests already.

Note: By default, all users and guests in your directory can invite guests even if they're not assigned to an admin role. External collaboration settings let you turn guest invitations on or off for different types of users in your organization. You can also delegate invitations to individual users by assigning roles that allow them to invite guests.

Reference:

https://www.cloudconformity.com/knowledge-base/azure/ActiveDirectory/enable-all-usersgroup.html

Question 119

Report
Export
Collapse

You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.

You need to create new user accounts in external.contoso.com.onmicrosoft.com.

Solution: You instruct User2 to create the user accounts.

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: A

Explanation:

Only a global administrator can add users to this tenant.

Reference:

https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad

Question 120

Report
Export
Collapse

You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.

You need to create new user accounts in external.contoso.com.onmicrosoft.com.

Solution: You instruct User3 to create the user accounts.

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

Only a global administrator can add users to this tenant.

Reference:

https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad

Total 644 questions
Go to page: of 65
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms