Ask Question
Microsoft AZ-104 Practice Test - Questions Answers, Page 13
Add to Whishlist
List of questions
Question 121
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.com.onmicrosoft.com.
Solution: You instruct User1 to create the user accounts.
Only a global administrator can add users to this tenant.
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
Question 122
Your on-premises network contains an Active Directory domain named adatum.com that is synced to Azure Active Directory (Azure AD). Password writeback is disabled.
In adatum.com, you create the users shown in the following table.
Which users must sign in from a computer joined to adatum.com?
Password writeback is a feature enabled with Azure AD Connect that allows password changes in the cloud to be written back to an existing on-premises directory in real time.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback
Question 123
You have an Azure virtual machine named VM1 that runs Windows Server 2019. You sign in to VM1 as a user named User 1 and perform the following actions:
* Create files on drive C.
* Create files on drive 0.
* Modify the screen saver timeout.
* Change the desktop background.
You plan to redeploy VM1.
Which changes will be lost after you redeploy VM1?
https://www.cloudelicious.net/azure-vms-and-their-temporary-storage/
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/redeploy-to-new-nodewindows#:~:text=Redeploy%20Windows%20virtual%20machine%20to%20new%20Azure%20node&text=When%20you%20redeploy%20a%20VM,configuration%20options%20and%20associated%20resources.
Question 124
You have the Azure virtual machines shown in the following table.
A DNS service is install on VM1.
You configure the DNS server settings for each virtual network as shown in the following exhibit.
You need 10 ensure that all the virtual machines can resolve DNS names by using the DNS service on VM1. What should you do?
An Azure AD DS DNS zone should only contain the zone and records for the managed domain itself.
A conditional forwarder is a configuration option in a DNS server that lets you define a DNS domain, such as contoso.com, to forward queries to. Instead of the local DNS server trying to resolve queries for records in that domain, DNS queries are forwarded to the configured DNS for that domain. This configuration makes sure that the correct DNS records are returned, as you don't create a local a DNS zone with duplicate records in the managed domain to reflect those resources.
To create a conditional forwarder in your managed domain, complete the following steps:
1. Select your DNS zone, such as aaddscontoso.com.
2. Select Conditional Forwarders, then right-select and choose New Conditional Forwarder...
3. Enter your other DNS Domain, such as contoso.com, then enter the IP addresses of the DNS servers for that namespace, as shown in the following example:
4. Check the box for Store this conditional forwarder in Active Directory, and replicate it as follows, then select the option for All DNS servers in this domain, as shown in the following example:
5. To create the conditional forwarder, select OK.
Name resolution of the resources in other namespaces from VMs connected to the managed domain should now resolve correctly. Queries for the DNS domain configured in the conditional forwarder are passed to the relevant DNS servers.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-dns
Question 125
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)
You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol VM1 is used as a web server only.
You need to ensure that users can connect to the website from the Internet.
What should you do?
HTTPS uses port 443.
Rule2, with priority 500, denies HTTPS traffic.
Rule5, with priority changed from 2000 to 401, would allow HTTPS traffic.
Note: Priority is a number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
Question 126
HOTSPOT
You have an Azure subscription named Subcription1 that contains a resource group named RG1.
In RG1. you create an internal load balancer named LB1 and a public load balancer named 162.
You need to ensure that an administrator named Admin 1 can manage LB1 and LB2. The solution must follow the principle of least privilege.
Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Box 1: Network Contributor on RG1
To add to the backend pool, write permission is required on the Resource Group because it writes deployment information. To add a backend pool, you need network contributor role on the LB and on the VMs that will be part of the backend pool.
For this reason the network contributor role must be assigned to the RG where the LB and the VM resides. So the correct answer is Network Contributor on RG1 .
Box 2: Network Contributor on RG1
For Health Probe also, without having access to RG1, no health probe can be added. If only Network
Contributor role is assigned to LB then the user would not be able to access the IP addresses of the member pools.
Owner/Contributor can give the user access for everything. So it will not fit into the the principle of least privilege. Hence Owner and contributor role is incorrect choices for the question.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Question 127
HOTSPOT
You have an Azure virtual machine that runs Windows Server 2019 and has the following configurations:
Name: VM1
Location: West US
Connected to: VNET1
Private IP address: 10.1.0.4
Public IP addresses: 52.186.85.63
DNS suffix in Windows Server: Adatum.com
You create the Azure DNS zones shown in the following table.
You need to identify which DNS zones you can link to VNET1 and the DNS zones to which VM1 can automatically register.
Which zones should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
Question 128
HOTSPOT
You have Azure subscriptions named Subscription1 and Subscription2.
Subscription1 has following resource groups:
RG1 includes a web app named App1 in the West Europe location.
Subscription2 contains the following resource groups:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
App1 present in RG1 and in RG1 there is no lock available. So you can move App1 to other resource groups, RG2, RG3, RG4.
Note:
App Service resources can only be moved from the resource group in which they were originally created. If an App Service resource is no longer in its original resource group, move it back to its original resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/movelimitations/app-service-move-limitations
Question 129
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote
Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Internet source to the VirtualNetwork destination for port range 3389 and uses the UDP protocol.
Does this meet the goal?
The default port for RDP is TCP port 3389 not UDP.
NSGs deny all inbound traffic except from virtual network or load balancers. For inbound traffic,
Azure processes the rules in a network security group associated to a subnet first, and then the rules in a network security group associated to the network interface.
By default NSG rule to allow traffic through RDP port 3389 is not created automatically during the creation of VM , unless you change the setting during creation.
Here in the solution UDP traffic is allowed at virtual network level which is not tcp/rdp protocol. So this will not work to achieve the goal.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdpconnection
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules
Question 130
You have an Active Directory domain named contoso.com that contains the objects shown in the following table.
The groups have the memberships shown in the following table.
OU1 and OU2 are synced to Azure Active Directory (Azure AD).
You modify the synchronization settings and remove OU1 from synchronization. You sync Active
Directory and Azure AD.
Which objects are in Azure AD?
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
3
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
20
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question