ExamGecko
Search Search Login
Home Home / Microsoft / AZ-104

Microsoft AZ-104 Practice Test - Questions Answers, Page 19

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You need to the appropriate sizes for the Azure virtual for Server2. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:
HOTSPOT You need to implement Role1. Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use?
Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft Entra tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk invite users' operation. Does this meet the goal?
You have an Azure subscription that contains the resources shown in the following table. You need to assign User1 the Storage File Data SMB Share Contributor role for share1. What should you do first?
You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements. Which storage account should you identify?
HOTSPOT You need to create storage5. The solution must support the planned changes. Which type of storage account should you use, and which account should you configure as the destination storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You need to identify the storage requirements for Contoso. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Question 181

Report
Export
Collapse

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.

You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.

You need to ensure that visitors are serviced by the same web server for each request.

What should you configure?

A.
Floating IP (direct server return) to Enabled
A.
Floating IP (direct server return) to Enabled
Answers
B.
Idle Time-out (minutes) to 20
B.
Idle Time-out (minutes) to 20
Answers
C.
Protocol to UDP
C.
Protocol to UDP
Answers
D.
Session persistence to Client IP and Protocol
D.
Session persistence to Client IP and Protocol
Answers
Suggested answer: D

Explanation:

With Sticky Sessions when a client starts a session on one of your web servers, session stays on that specific server. To configure An Azure Load-Balancer For Sticky Sessions set Session persistence to Client IP or to Client IP and protocol.

On the following image you can see sticky session configuration:

Note:

ß Client IP and protocol specifies that successive requests from the same client IP address and protocol combination will be handled by the same virtual machine.

ß Client IP specifies that successive requests from the same client IP address will be handled by the same virtual machine.

Reference:

https://cloudopszone.com/configure-azure-load-balancer-for-sticky-sessions/

Question 182

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the virtual machines shown in the following table:

VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.

Subnet1 and Subnet2 are in a virtual network named VNET1.

The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.

NSG2 uses the default rules and the following custom incoming rule:

Priority: 100

Name: Rule1

Port: 3389

Protocol: TCP

Source: Any

Destination: Any

Action: Allow

NSG1 is associated to Subnet1. NSG2 is associated to the network interface of VM2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 182
Correct answer: Question 182

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdpconnection

Question 183

Report
Export
Collapse

HOTSPOT

You have a virtual network named VNET1 that contains the subnets shown in the following table:

You have two Azure virtual machines that have the network configurations shown in the following table:

For NSG1, you create the inbound security rule shown in the following table:

For NSG2, you create the inbound security rule shown in the following table:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 183
Correct answer: Question 183

Explanation:

Box 1: Yes

The inbound security rule for NSG1 allows TCP port 1433 from 10.10.2.0/24 (or Subnet2 where VM2 and VM3 are located) to 10.10.1.0/24 (or Subnet1 where VM1 is located) while the inbound security rule for NSG2 blocks TCP port 1433 from 10.10.2.5 (or VM2) to 10.10.1.5 (or VM1). However, the NSG1 rule has a higher priority (or lower value) than the NSG2 rule.

Box 2: Yes

No rule explicitly blocks communication from VM1. The default rules, which allow communication, are thus applied.

Box 3: Yes

No rule explicitly blocks communication between VM2 and VM3 which are both on Subnet2. The default rules, which allow communication, are thus applied.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Question 184

Report
Export
Collapse

HOTSPOT

You have an Azure subscription named Subscription1.

Subscription1 contains the virtual machines in the following table.

Subscription1 contains a virtual network named VNet1 that has the subnets in the following table.

VM3 has a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.

You create a route table named RT1. RT1 is associated to Subnet1 and Subnet2 and contains the routes in the following table.

You apply RT1 to Subnet1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 184
Correct answer: Question 184

Explanation:

Box 1: Yes

Traffic from VM1 and VM2 can reach VM3 thanks to the routing table, and as IP forwarding is enabled on VM3, traffic from VM3 can reach VM1.

Box 2: No

VM3, which has IP forwarding, must be turned on, in order for traffic from VM2 to reach VM1.

Box 3: Yes

The traffic from VM1 will reach VM3, which thanks to IP forwarding, will send the traffic to VM2.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

Question 185

Report
Export
Collapse

Your on-premises network contains an SMB share named Share1.

You have an Azure subscription that contains the following resources:

A web app named webapp1

A virtual network named VNET1

You need to ensure that webapp1 can connect to Share1.

What should you deploy?

A.
an Azure Application Gateway
A.
an Azure Application Gateway
Answers
B.
an Azure Active Directory (Azure AD) Application Proxy
B.
an Azure Active Directory (Azure AD) Application Proxy
Answers
C.
an Azure Virtual Network Gateway
C.
an Azure Virtual Network Gateway
Answers
Suggested answer: C

Explanation:

A Site-to-Site VPN gateway connection can be used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel.

This type of connection requires a VPN device, a VPN gateway, located on-premises that has an externally facing public IP address assigned to it.

Reference:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

Question 186

Report
Export
Collapse

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.

You need to ensure that NGINX is available on all the virtual machines after they are deployed.

What should you use?

A.
Azure Active Directory (Azure AD) Application Proxy
A.
Azure Active Directory (Azure AD) Application Proxy
Answers
B.
Azure Application Insights
B.
Azure Application Insights
Answers
C.
Azure Custom Script Extension
C.
Azure Custom Script Extension
Answers
D.
the New-AzConfigurationAssignement cmdlet
D.
the New-AzConfigurationAssignement cmdlet
Answers
Suggested answer: C

Explanation:

The Custom Script Extension downloads and executes scripts on Azure VMs. This extension is useful for post deployment configuration, software installation, or any other configuration / management task. Scripts can be downloaded from Azure storage or GitHub, or provided to the Azure portal at extension run time.

The Custom Script extension integrates with Azure Resource Manager templates, and can also be run using the Azure CLI, PowerShell, Azure portal, or the Azure Virtual Machine REST API.

You can use the Custom Script Extension with both Windows and Linux VMs.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-automate-vmdeployment?toc=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtualmachines%2Fextensions%2Ftoc.json&bc=https%3A%2F%2Fdocs.microsoft.com%2Fenus%2Fazure%2Fbread%2Ftoc.json

Question 187

Report
Export
Collapse

You have an Azure web app named webapp1.

Users report that they often experience HTTP 500 errors when they connect to webapp1.

You need to provide the developers of webapp1 with real-time access to the connection errors. The solution must provide all the connection error details.

What should you do first?

A.
From webapp1, enable Web server logging
A.
From webapp1, enable Web server logging
Answers
B.
From Azure Monitor, create a workbook
B.
From Azure Monitor, create a workbook
Answers
C.
From Azure Monitor, create a Service Health alert
C.
From Azure Monitor, create a Service Health alert
Answers
D.
From webapp1, turn on Application Logging
D.
From webapp1, turn on Application Logging
Answers
Suggested answer: A

Explanation:

To resolve this you need to catch connection error. When the connection fails for webapp, it happens on web server, not within application. You can find out the web server log by below steps:

Open the web application --> Go to Application Service logs --> Go to Web server logging (there are multiple switches there)

You can also see the errors live going to "Log stream" pane.

To ensure that you will get web server log, you have to enable it.

Reference:

https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs

Question 188

Report
Export
Collapse

HOTSPOT

You create a Recovery Services vault backup policy named Policy1 as shown in the following exhibit:

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.


Question 188
Correct answer: Question 188

Explanation:

Box 1: 10 years

The yearly backup point occurs to 1 March and its retention period is 10 years.

Box 2: 36 months

The monthly backup point occurs on the 1st of every month and its retention period is 36 months.

Question 189

Report
Export
Collapse

You have the Azure virtual machines shown in the following table.

You have a Recovery Services vault that protects VM1 and VM2.

You need to protect VM3 and VM4 by using Recovery Services.

What should you do first?

A.
Configure the extensions for VM3 and VM4.
A.
Configure the extensions for VM3 and VM4.
Answers
B.
Create a new Recovery Services vault.
B.
Create a new Recovery Services vault.
Answers
C.
Create a storage account.
C.
Create a storage account.
Answers
D.
Create a new backup policy.
D.
Create a new backup policy.
Answers
Suggested answer: B

Explanation:

A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations.

You can use Recovery Services vaults to hold backup data for various Azure services

Reference: https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enablereplication

Question 190

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.

You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

The Logic App Operator role only lets you read, enable and disable logic app. With it you can view the logic app and run history, and enable/disable. Cannot edit or update the definition.

You would need the Logic App Contributor role.

Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

Total 644 questions
Go to page: of 65
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms