ExamGecko
Search Search Login
Home Home / Microsoft / AZ-104

Microsoft AZ-104 Practice Test - Questions Answers, Page 22

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You need to the appropriate sizes for the Azure virtual for Server2. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:
HOTSPOT You need to implement Role1. Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use?
Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft Entra tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk invite users' operation. Does this meet the goal?
You have an Azure subscription that contains the resources shown in the following table. You need to assign User1 the Storage File Data SMB Share Contributor role for share1. What should you do first?
You have an Azure App Service app named App1 that contains two running instances. You have an auto scale rule configured as shown in the following exhibit For the instance limits stale condition setting, you set Maximum to 5. During a 30-minute period. Appl uses 60 percent of the available memory. What is the maximum number of instances tor Appl during the 30-minute period:
You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements. Which storage account should you identify?
HOTSPOT You need to create storage5. The solution must support the planned changes. Which type of storage account should you use, and which account should you configure as the destination storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question 211

Report
Export
Collapse

DRAG DROP

You have an on-premises network that you plan to connect to Azure by using a site-to-site VPN.

In Azure, you have an Azure virtual network named VNet1 that uses an address space of 10.0.0.0/16.

VNet1 contains a subnet named Subnet1 that uses an address space of 10.0.0.0/24.

You need to create a site-to-site VPN to Azure.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.


Question 211
Correct answer: Question 211

Explanation:

A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it. For more information about VPN gateways, see About VPN gateway.

1. Create a virtual network

You can create a VNet with the Resource Manager deployment model and the Azure portal

2. Create the gateway subnet :

The virtual network gateway uses specific subnet called the gateway subnet. The gateway subnet is part of the virtual network IP address range that you specify when configuring your virtual network.

It contains the IP addresses that the virtual network gateway resources and services use.

3. Create the VPN gateway :

You create the virtual network gateway for your VNet. Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU.

4. Create the local network gateway:

The local network gateway typically refers to your on-premises location. You give the site a name by which Azure can refer to it, then specify the IP address of the on-premises VPN device to which you will create a connection. You also specify the IP address prefixes that will be routed through the VPN gateway to the VPN device. The address prefixes you specify are the prefixes located on your onpremises network. If your on-premises network changes or you need to change the public IP address for the VPN device, you can easily update the values later.

5. Configure your VPN device:

Site-to-Site connections to an on-premises network require a VPN device. In this step, you configure your VPN device. When configuring your VPN device, you need the following:

A shared key. This is the same shared key that you specify when creating your Site-to-Site VPN connection. In our examples, we use a basic shared key. We recommend that you generate a more complex key to use.

The Public IP address of your virtual network gateway. You can view the public IP address by using the Azure portal, PowerShell, or CLI. To find the Public IP address of your VPN gateway using the Azure portal, navigate to Virtual network gateways, then click the name of your gateway.

6. Create the VPN connection:

Create the Site-to-Site VPN connection between your virtual network gateway and your on-premises VPN device.

Reference:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resourcemanager-portal

Question 212

Report
Export
Collapse

HOTSPOT

You have an Azure subscription named Subscription1 that contains the virtual networks in the following table.

Subscripton1 contains the virtual machines in the following table.

In Subscription1, you create a load balancer that has the following configurations:

Name: LB1

SKU: Basic

Type: Internal

Subnet: Subnet12

Virtual network: VNET1

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: each correct selection is worth one point.


Question 212
Correct answer: Question 212

Explanation:

Statement 1 : Basic load balancer supports Virtual machine in a single Availability set or virtual machine scale set (VMSS) only . Hence this statement is correct.

Statement 2 : Basic load balancer supports Virtual machine in a single Availability set or virtual scale set only or one standalone VM. VM3 and VM4 are not part of any availability set or VMSS .Hence this statement is incorrect.

Statement 3 : Basic load balancer supports Virtual machine in a single Availability set or virtual scale set only or one standalone VM. VM5 and VM6 are not part of any availability set or VMSS .Hence this statement is incorrect.

Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

Question 213

Report
Export
Collapse

You have a public load balancer that balances ports 80 and 443 across three virtual machines. You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only. What should you configure?

A.
a load balancing rule
A.
a load balancing rule
Answers
B.
a new public load balancer for VM3
B.
a new public load balancer for VM3
Answers
C.
an inbound NAT rule
C.
an inbound NAT rule
Answers
D.
a frontend IP configuration
D.
a frontend IP configuration
Answers
Suggested answer: C

Explanation:

To port forward traffic to a specific port on specific VMs use an inbound network address translation (NAT) rule.

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview an inbound NAT rule :

Create a load balancer inbound network address translation (NAT) rule to forward traffic from a specific port of the front-end IP address to a specific port of a back-end VM.

Hence this option is Correct a load balancing rule : Incorrect Choice

A load balancer rule defines how traffic is distributed to the VMs. The rule defines the front-end IP configuration for incoming traffic, the back-end IP pool to receive the traffic, and the required source and destination ports.

a new public load balancer for VM3 : Incorrect Choice

This option will not help you since this will route all traffic to VM3 only. a frontend IP configuration : Incorrect Choice

When you define an Azure Load Balancer, a frontend and a backend pool configuration are connected with rules. The health probe referenced by the rule is used to determine how new flows are sent to a node in the backend pool. The frontend (aka VIP) is defined by a 3-tuple comprised of an IP address (public or internal), a transport protocol (UDP or TCP), and a port number from the load balancing rule. The backend pool is a collection of Virtual Machine IP configurations (part of the NIC resource) which reference the Load Balancer backend pool.

Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwardingportal

https://pixelrobots.co.uk/2017/08/azure-load-balancer-for-rds/

Question 214

Report
Export
Collapse

You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.

Subscription1 contains a virtual network named VNet1.VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.

Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24.

You need to connect VNet1 to VNet2.

What should you do first?

A.
Move VNet1 to Subscription2.
A.
Move VNet1 to Subscription2.
Answers
B.
Modify the IP address space of VNet2.
B.
Modify the IP address space of VNet2.
Answers
C.
Provision virtual network gateways.
C.
Provision virtual network gateways.
Answers
D.
Move VM1 to Subscription2.
D.
Move VM1 to Subscription2.
Answers
Suggested answer: C

Explanation:

The virtual networks can be in the same or different regions, and from the same or different subscriptions. When connecting VNets from different subscriptions, the subscriptions do not need to be associated with the same Active Directory tenant.

Configuring a VNet-to-VNet connection is a good way to easily connect VNets. Connecting a virtual network to another virtual network using the VNet-to-VNet connection type (VNet2VNet) is similar to creating a Site-to-Site IPsec connection to an on-premises location. Both connectivity types use a VPN gateway to provide a secure tunnel using IPsec/IKE, and both function the same way when communicating.

The local network gateway for each VNet treats the other VNet as a local site. This lets you specify additional address space for the local network gateway in order to route traffic.

Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnetresource-manager-portal

Question 215

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the Azure virtual machines shown in the following table.

You add inbound security rules to a network security group (NSG) named NSG1 as shown in the following table.

You run Azure Network Watcher as shown in the following exhibit.

You run Network Watcher again as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 215
Correct answer: Question 215

Explanation:

Box 1: No

It limits traffic to VM2, but not VM1 traffic.

Box 2: Yes

Yes, the destination is VM2.

Box 3: No

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works

Question 216

Report
Export
Collapse

HOTSPOT

You have an Azure subscription.

You create the Azure Storage account shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.


Question 216
Correct answer: Question 216

Explanation:

Box1: LRS will keep minimum three copies.

Box2: Changing the access tier from hot to cool will reduce the cost. In performance, standard is cheap.

In the Account kind, GPV2 is giving best price. Can be checked yourself using the pricing calculator on below link.

Reference:

https://azure.microsoft.com/en-in/pricing/calculator/?service=storage

Question 217

Report
Export
Collapse

HOTSPOT

You have an Azure Active Directory (Azure AD) tenant.

You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal.

Which three settings should you configure? To answer, select the appropriate settings in the answer area.


Question 217
Correct answer: Question 217

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-based-mfa

Question 218

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You deploy an Azure Kubernetes Service (AKS) cluster named AKS1.

You need to deploy a YAML file to AKS1.

Solution: From Azure Cloud Shell, you run az aks.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: A

Explanation:

Installing Azure CLI doesn't mean that Azure Kubernates client is installed. So before running kubectl client command, you have install kubectl, the Kubernetes command-line client.

First need to run az aks install-cli to install Kubernetes CLI, which is kubectl

Reference:

https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest

Question 219

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You deploy an Azure Kubernetes Service (AKS) cluster named AKS1.

You need to deploy a YAML file to AKS1.

Solution: From the Azure CLI, you run the kubectl client.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

Installing Azure CLI doesn't mean that Azure Kubernates client is installed. So before running kubectl client command, you have install kubectl, the Kubernetes command-line client.

First need to run az aks install-cli to install Kubernetes CLI, which is kubectl

Reference:

https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest

Question 220

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You deploy an Azure Kubernetes Service (AKS) cluster named AKS1.

You need to deploy a YAML file to AKS1.

Solution: From the Azure CLI, you run azcopy.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

Kubectl is not installed by installing AZ ClI. As stated Azure CLI is already available but installing Azure CLI doesn't mean that Azure Kubernates client is also installed. So before running any aks command, we have to install kubectl, the Kubernetes command-line client. az aks install-cli

Reference:

https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough#connect-to-the-cluster

Total 644 questions
Go to page: of 65
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms