Ask Question
Microsoft AZ-104 Practice Test - Questions Answers, Page 12
Add to Whishlist
List of questions
Question 111
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote
Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.
Does this meet the goal?
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdpconnection
Question 112
HOTSPOT
You have an Azure subscription that contains the virtual machines shown in the following table.
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.
NSG2 uses the default and the following custom incoming rule:
Priority: 100
Name: Rule1
Port: 3389
Protocol: TCP
Source: Any
Destination: Any
Action: Allow
NSG1 connects to Subnet1. NSG2 connects to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Box 1: No
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Box 2: Yes
NSG2 will allow this.
Box 3: Yes
NSG2 will allow this.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdpconnection
Question 113
HOTSPOT
You manage two Azure subscriptions named Subscription1 and Subscription2.
Subscription1 has following virtual networks:
The virtual networks contain the following subnets:
Subscription2 contains the following virtual network:
Name: VNETA
Address space: 10.10.128.0/17
Location: Canada Central
VNETA contains the following subnets:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Box 1: Yes
With VNet-to-VNet you can connect Virtual Networks in Azure across Different regions.
Box 2: Yes
Azure supports the following types of peering:
Virtual network peering: Connect virtual networks within the same Azure region.
Global virtual network peering: Connecting virtual networks across Azure regions.
Box 3: Yes
Reference:
https://azure.microsoft.com/en-us/blog/vnet-to-vnet-connecting-virtual-networks-in-azure-acrossdifferent-regions/
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-managepeering# requirements-and-constraints
Question 114
You create an Azure VM named VM1 that runs Windows Server 2019.
VM1 is configured as shown in the exhibit. (Click the Exhibit button.)
You need to enable Desired State Configuration for VM1.
What should you do first?
Status is Stopped (Deallocated).
The DSC extension for Windows requires that the target virtual machine is able to communicate with
Azure.
The VM needs to be started.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-windows
Question 115
You have an Azure subscription that contains the resources shown in the following table.
VM1 and VM2 run a website that is configured as shown in the following table.
LB1 is configured to balance requests to VM1 and VM2.
You configure a health probe as shown in the exhibit. (Click the Exhibit tab.)
You need to ensure that the health probe functions correctly.
What should you do?
Load balancing provides a higher level of availability and scale by spreading incoming requests across virtual machines (VMs). You can use the Azure portal to create a Standard load balancer and balance internal traffic among VMs.
To load balance successfully between VM1 and VM2 you have to place the html file in the path mentioned in the Probe1 configuration.
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-internalportal
Question 116
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft
SharePoint document library named Library1.
You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.
Which two groups should you create? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).
Note: With the increase in usage of Office 365 Groups, administrators and users need a way to clean up unused groups. Expiration policies can help remove inactive groups from the system and make things cleaner.
When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, etc.) are also deleted.
You can set up a rule for dynamic membership on security groups or Office 365 groups.
Incorrect Answers:
A, D, E: You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).
Reference:
https://docs.microsoft.com/en-us/office365/admin/create-groups/office-365-groups-expirationpolicy?view=o365-worldwide
Question 117
You have an Azure Active Directory (Azure AD) tenant named contoso.com. Multi-factor authentication (MFA) is enabled for all users.
You need to provide users with the ability to bypass MFA for 10 days on devices to which they have successfully signed in by using MFA.
What should you do?
Enable remember Multi-Factor Authentication
Sign in to the Azure portal.
On the left, select Azure Active Directory > Users.
Select Multi-Factor Authentication.
Under Multi-Factor Authentication, select service settings.
On the Service Settings page, manage remember multi-factor authentication, select the Allow users to remember multi-factor authentication on devices they trust option.
Set the number of days to allow trusted devices to bypass two-step verification. The default is 14 days.
Select Save.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
Question 118
You have a hybrid infrastructure that contains an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The tenant contains the users shown in the following table.
You plan to share a cloud resource to the All Users group.
You need to ensure that User1, User2, User3, and User4 can connect successfully to the cloud resource.
What should you do first?
Ensure that "Enable an 'All Users' group in the directory" policy is set to "Yes" in your Azure Active
Directory (AD) settings in order to enable the "All Users" group for centralized access administration.
This group represents the entire collection of the Active Directory users, including guests and external users, that you can use to make the access permissions easier to manage within your directory.
Incorrect Answers:
A, B: User3 and User4 are guests already.
Note: By default, all users and guests in your directory can invite guests even if they're not assigned to an admin role. External collaboration settings let you turn guest invitations on or off for different types of users in your organization. You can also delegate invitations to individual users by assigning roles that allow them to invite guests.
Reference:
https://www.cloudconformity.com/knowledge-base/azure/ActiveDirectory/enable-all-usersgroup.html
Question 119
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.com.onmicrosoft.com.
Solution: You instruct User2 to create the user accounts.
Only a global administrator can add users to this tenant.
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
Question 120
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.com.onmicrosoft.com.
Solution: You instruct User3 to create the user accounts.
Only a global administrator can add users to this tenant.
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
3
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
20
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question