ExamGecko
Search Search Login
Home Home / Microsoft / AZ-104

Microsoft AZ-104 Practice Test - Questions Answers, Page 21

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You need to the appropriate sizes for the Azure virtual for Server2. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:
HOTSPOT You need to implement Role1. Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use?
Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft Entra tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk invite users' operation. Does this meet the goal?
You have an Azure subscription that contains the resources shown in the following table. You need to assign User1 the Storage File Data SMB Share Contributor role for share1. What should you do first?
You have an Azure App Service app named App1 that contains two running instances. You have an auto scale rule configured as shown in the following exhibit For the instance limits stale condition setting, you set Maximum to 5. During a 30-minute period. Appl uses 60 percent of the available memory. What is the maximum number of instances tor Appl during the 30-minute period:
You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements. Which storage account should you identify?
HOTSPOT You need to create storage5. The solution must support the planned changes. Which type of storage account should you use, and which account should you configure as the destination storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question 201

Report
Export
Collapse

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use?

A.
a Desired State Configuration (DSC) extension
A.
a Desired State Configuration (DSC) extension
Answers
B.
thePublish-AzVMDscConfigurationCmdlet
B.
thePublish-AzVMDscConfigurationCmdlet
Answers
C.
a Microsoft Intune device configuration profile
C.
a Microsoft Intune device configuration profile
Answers
D.
Deployment Center in Azure App Service
D.
Deployment Center in Azure App Service
Answers
Suggested answer: A

Explanation:

The primary use case for the Azure Desired State Configuration (DSC) extension is to bootstrap a VM to the Azure Automation State Configuration (DSC) service. The service provides benefits that include ongoing management of the VM configuration and integration with other operational tools, such as

Azure Monitoring. Using the extension to register VM's to the service provides a flexible solution that even works across Azure subscriptions.

You can use the DSC extension independently of the Automation DSC service.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview

Question 202

Report
Export
Collapse

You have an Azure subscription that contains the resources shown in the following table.

You need to configure a proximity placement group for VMSS1.

Which proximity placement groups should you use?

A.
Proximity2 only
A.
Proximity2 only
Answers
B.
Proximity 1, Proximity2, and Proximity3
B.
Proximity 1, Proximity2, and Proximity3
Answers
C.
Proximity 1 and Proximity3 only
C.
Proximity 1 and Proximity3 only
Answers
D.
Proximity1 only
D.
Proximity1 only
Answers
Suggested answer: D

Explanation:

Resource Group location of VMSS1 is the RG2 location, which is West US.

Only Proximity2, which also in RG2, is location in West US

Reference:

https://azure.microsoft.com/en-us/blog/introducing-proximity-placement-groups/

Question 203

Report
Export
Collapse

You have an Azure subscription named Subscription1 that has the following providers registered:

Authorization

Automation

Resources

Compute

KeyVault

Network

Storage

Billing

Web

Subscription1 contains an Azure virtual machine named VM1 that has the following con figurations:

* Private IP address: 10.0.0.4 (dynamic)

* Network security group (NSG): NSG1

* Public IP address: None

* Availability set: AVSet

* Subnet: 10.0.0.0/24

* Managed disks: No

* Location: East US

You need to record all the successful and failed connection attempts to VM1.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.
Register the Microsoft.Insights resource provider
A.
Register the Microsoft.Insights resource provider
Answers
B.
Add an Azure Network Watcher connection monitor
B.
Add an Azure Network Watcher connection monitor
Answers
C.
Register the Microsoft.LogAnalytics provider
C.
Register the Microsoft.LogAnalytics provider
Answers
D.
Enable Azure Network Watcher in the East US Azure region
D.
Enable Azure Network Watcher in the East US Azure region
Answers
E.
Create an Azure Storage account
E.
Create an Azure Storage account
Answers
F.
Enable Azure Network Watcher flow logs
F.
Enable Azure Network Watcher flow logs
Answers
Suggested answer: C, D, E

Explanation:

NSG flow log data is written to an Azure Storage account. You need to create an Azure Storage account, With an Azure Storage account NSG flow logs can be enabled.

Enable network watcher in the East US region.

NSG flow logging requires the Microsoft.Insights provider.

Reference:

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal

Question 204

Report
Export
Collapse

You create the following resources in an subscription:

• An Azure Container Registry instance named Registry1

• An Azure Kubernetes Service (AKS) cluster named Cluster1

You create a container image named App 1 on your administrative workstation.

You need to deploy App1 to cluster 1.

What should you do first?

A.
Create a host pool on Cluster1
A.
Create a host pool on Cluster1
Answers
B.
Run the docker push command.
B.
Run the docker push command.
Answers
C.
Run the kubect1 apply command.
C.
Run the kubect1 apply command.
Answers
D.
Run the az aks create command.
D.
Run the az aks create command.
Answers
Suggested answer: B

Explanation:

An Azure container registry stores and manages private Docker container images, similar to the way Docker Hub stores public Docker images. You can use the Docker command-line interface (Docker CLI) for login, push, pull, and other operations on your container registry.

After you login to the registry you can run push command to upload the image.

Below is an sample of that command docker push myregistry.azurecr.io/samples/nginx

Reference:

https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-docker-cli

Question 205

Report
Export
Collapse

HOTSPOT

You have an Azure subscription.

You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will be part of the same availability set.

You need to ensure that as many virtual machines as possible are available if the fabric fails or during servicing.

How should you configure the template? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 205
Correct answer: Question 205

Explanation:

Box 1 = max value

Box 2 = 20

Use max for platformFaultDomainCount

2 or 3 is max value, depending on which region you are in.

Use 20 for platformUpdateDomainCount

Increasing the update domain (platformUpdateDomainCount) helps with capacity and availability planning when the platform reboots nodes. A higher number for the pool (20 is max) means that fewer of their nodes in any given availability set would be rebooted at once.

Reference:

https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domainsmanaged-disks

https://github.com/Azure/acs-engine/issues/1030

Question 206

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

VMSS1 is set to VM (virtual machines) orchestration mode.

You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1.

Which resource group and location should you use to deploy VM1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 206
Correct answer: Question 206

Explanation:

Box 1: RG1, RG2, or RG3

The resource group stores metadata about the resources. When you specify a location for the resource group, you're specifying where that metadata is stored.

Box 2: West US only

Note: Virtual machine scale sets will support 2 distinct orchestration modes:

ScaleSetVM ñ Virtual machine instances added to the scale set are based on the scale set configuration model. The virtual machine instance lifecycle - creation, update, deletion - is managed by the scale set.

VM (virtual machines) ñ Virtual machines created outside of the scale set can be explicitly added to the scaleset.

Reference:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview

Question 207

Report
Export
Collapse

You have an Azure Kubernetes Service (AKS) cluster named AKS1.

You need to configure cluster autoscaler for AKS1.

Which two tools should you use? Each correct answer presents a complete solution,

NOTE: Each correct selection is worth one point

A.
the set-AzAKs cmdlet
A.
the set-AzAKs cmdlet
Answers
B.
the Azure portal
B.
the Azure portal
Answers
C.
The az aks command
C.
The az aks command
Answers
D.
the kubect1 command
D.
the kubect1 command
Answers
E.
the set Azvm cmdlet
E.
the set Azvm cmdlet
Answers
Suggested answer: C, D

Explanation:

With cluster auto-scaling, the actual load of your worker-nodes will be monitored actively. By adding and removing worker-nodes from the cluster, it ensures that enough resources are available to keep your application healthy and responsive. In contrast, it removes worker-nodes from the AKS cluster, to optimize resource utilization and be as cost-effective as possible

Reference:

https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler

https://thorsten-hans.com/aks-cluster-auto-scaler-inside-out

Question 208

Report
Export
Collapse

You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.

The virtual machines host several applications that are accessible over port 443 to user on the Internet.

Your on-premises network has a site-to-site VPN connection to VNet1.

You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.

You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.

What should you do?

A.
Modify the address space of the local network gateway.
A.
Modify the address space of the local network gateway.
Answers
B.
Remove the public IP addresses from the virtual machines.
B.
Remove the public IP addresses from the virtual machines.
Answers
C.
Modify the address space of Subnet1.
C.
Modify the address space of Subnet1.
Answers
D.
Create a deny rule in a network security group (NSG) that is linked to Subnet1.
D.
Create a deny rule in a network security group (NSG) that is linked to Subnet1.
Answers
Suggested answer: D

Explanation:

You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

You can use a site-to-site VPN to connect your on-premises network to an Azure virtual network.

Users on your on-premises network connect by using the RDP or SSH protocol over the site-to-site VPN connection. You don't have to allow direct RDP or SSH access over the internet. And this can be achieved by configuring a deny rule in a network security group (NSG) that is linked to Subnet1 for RDP / SSH protocol coming from internet.

Modify the address space of Subnet1 : Incorrect choice

Modifying the address space of Subnet1 will have no impact on RDP traffic flow to the virtual network.

Modify the address space of the local network gateway : Incorrect choice

Modifying the address space of the local network gateway will have no impact on RDP traffic flow to the virtual network.

Remove the public IP addresses from the virtual machines : Incorrect choice

If you remove the public IP addresses from the virtual machines, none of the applications be accessible publicly by the Internet users.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices

Question 209

Report
Export
Collapse

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute.

You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.
Create a local site VPN gateway.
A.
Create a local site VPN gateway.
Answers
B.
Create a VPN gateway that uses the VpnGw1 SKU.
B.
Create a VPN gateway that uses the VpnGw1 SKU.
Answers
C.
Create a VPN gateway that uses the Basic SKU.
C.
Create a VPN gateway that uses the Basic SKU.
Answers
D.
Create a gateway subnet.
D.
Create a gateway subnet.
Answers
E.
Create a connection.
E.
Create a connection.
Answers
Suggested answer: A, B, E

Explanation:

Create a Connection: You need to link the ExpressRoute gateway to the ExpressRoute circuit. After this step has been completed, the connection between your on-premises network and Azure through

ExpressRoute will be established. Hence this is correct option.

Create a local site VPN gateway : This will allow you to provide the local gateway settings, for example public IP and the on-premises address space, so that the Azure VPN gateway can connect to it. Hence this is correct option.

Create a VPN gateway that uses the VpnGw1 SKU : The GatewaySku is only supported for VpnGw1, VpnGw2, VpnGw3, Standard, and HighPerformance VPN gateways. ExpressRoute-VPN

Gateway coexist configurations are not supported on the Basic SKU. The VpnType must be RouteBased. Hence this is correct option.

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resourcemanager-portal

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resourcemanager

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-linkvnet-arm

Question 210

Report
Export
Collapse

You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table.

Each virtual machine uses a static IP address.

You need to create network security groups (NSGs) to meet following requirements:

Allow web requests from the internet to VM3, VM4, VM5, and VM6.

Allow all connections between VM1 and VM2.

Allow Remote Desktop connections to VM1.

Prevent all other network traffic to VNET1.

What is the minimum number of NSGs you should create?

A.
1
A.
1
Answers
B.
3
B.
3
Answers
C.
4
C.
4
Answers
D.
12
D.
12
Answers
Suggested answer: C

Explanation:

Note: A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs (Resource Manager).

Each network security group also contains default security rules.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules

Total 644 questions
Go to page: of 65
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms