ExamGecko
Search Search Login
Home Home / Microsoft / AZ-104

Microsoft AZ-104 Practice Test - Questions Answers, Page 29

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You need to the appropriate sizes for the Azure virtual for Server2. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:
HOTSPOT You need to implement Role1. Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use?
Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft Entra tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk invite users' operation. Does this meet the goal?
You have an Azure subscription that contains the resources shown in the following table. You need to assign User1 the Storage File Data SMB Share Contributor role for share1. What should you do first?
You have an Azure App Service app named App1 that contains two running instances. You have an auto scale rule configured as shown in the following exhibit For the instance limits stale condition setting, you set Maximum to 5. During a 30-minute period. Appl uses 60 percent of the available memory. What is the maximum number of instances tor Appl during the 30-minute period:
You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements. Which storage account should you identify?
HOTSPOT You need to create storage5. The solution must support the planned changes. Which type of storage account should you use, and which account should you configure as the destination storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question 281

Report
Export
Collapse

You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows Server 2016.

Storageaccount1 contains the disk files for VM1. You apply a ReadOnly lock to RG1.

What can you do from the Azure portal?

A.
Generate an automation script for RG1.
A.
Generate an automation script for RG1.
Answers
B.
View the keys of storageaccount1.
B.
View the keys of storageaccount1.
Answers
C.
Upload a blob to storageaccount1.
C.
Upload a blob to storageaccount1.
Answers
D.
Start VM1.
D.
Start VM1.
Answers
Suggested answer: C

Explanation:

Applying locks can lead to unexpected results because some operations that don't seem to modify the resource actually require actions that are blocked by the lock. Locks are inherited to all of its resources if it applies on resource group level.

Upload a blob to storageaccount1 is possible if we have readonly lock on RG1 since we are trying to modify the data not resource properties.

When a R/O lock is put on a resource, you lock it's properties not the resource. So while a read only lock is present on a storage account(inherited from a resource group), a file can still be uploaded to the already existing container of a storage account.

Incorrect Answers:

Generate an automation script for RG1 is NOT possible in read only mode.

A read-only lock on a storage account prevents all users from listing the keys. The list keys operation is handled through a POST request because the returned keys are available for write operations.

When we tried to read the Access Key of the Storage Account , get the below message.

Access blocked The resource is locked Cannot access the data plane because of a read lock on the resource or its parent.

A read-only lock on a resource group that contains a virtual machine prevents all users from starting or restarting the virtual machine. These operations require a POST request.

Reference:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources

Question 282

Report
Export
Collapse

You have an Azure subscription.

You have 100 Azure virtual machines.

You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.

Which blade should you use?

A.
Metrics
A.
Metrics
Answers
B.
Customer insights
B.
Customer insights
Answers
C.
Monitor
C.
Monitor
Answers
D.
Advisor
D.
Advisor
Answers
Suggested answer: D

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations

https://docs.microsoft.com/bs-latn-ba/azure/cost-management/tutorial-acm-opt-recommendations

Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard.

Question 283

Report
Export
Collapse

HOTSPOT

You have an Azure subscription.

You need to implement a custom policy that meet the following requirements:

*Ensures that each new resource group in the subscription has a tag named organization set to a value of Contoso.

*Ensures that resource group can be created from the Azure portal.

*Ensures that compliance reports in the Azure portal are accurate.

How should you complete the policy? To answer, select the appropriate options in the answers area.


Question 283
Correct answer: Question 283

Explanation:

Box 1: "Microsoft.Resources/subscriptions/resourceGroups"

To create a new resource group in a subscription, account have at least the this permission.

Box 2: "Append"

Append adds fields to the resource when the if condition of the policy rule is met. If the append effect would override a value in the original request with a different value, then it acts as a deny effect and rejects the request. To append a new value to an existing array, use the [*] version of the alias

Reference:

https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure

https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles

https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects

Question 284

Report
Export
Collapse

HOTSPOT

You plan to create a new Azure Active Directory (Azure AD) role.

You need to ensure that the new role can view all the resources in the Azure subscription and issue support requests to Microsoft. The solution must use the principle of least privilege.

How should you complete the JSON definition? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 284
Correct answer: Question 284

Explanation:

Box 1: "*/read",

*/read lets you view everything, but not make any changes.

Box 2: " Microsoft.Support/*"

The action Microsoft.Support/* enables creating and management of support tickets.

Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Question 285

Report
Export
Collapse

HOTSPOT

You plan to deploy 20 Azure virtual machines by using an Azure Resource Manager template. The virtual machines will run the latest version of Windows Server 2016 Datacenter by using an Azure Marketplace image.

You need to complete the storageProfile section of the template.

How should you complete the storageProfile section? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 285
Correct answer: Question 285

Explanation:

... "

storageProfile": {

"imageReference": {

"publisher": "MicrosoftWindowsServer",

"offer": "WindowsServer",

"sku": "2016-Datacenter",

"version": "latest"

},

...

Reference:

https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/createorupdate

Question 286

Report
Export
Collapse

HOTSPOT

You need to deploy two Azure web apps named WebApp1 and WebApp2. The web apps have the following requirements:

WebApp1 must be able to use staging slots

WebApp2 must be able to access the resources located on an Azure virtual network

What is the least costly plan that you can use to deploy each web app? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 286
Correct answer: Question 286

Explanation:

Reference:

https://azure.microsoft.com/en-au/pricing/details/app-service/windows/

https://azure.microsoft.com/en-gb/pricing/details/app-service/plans/

Question 287

Report
Export
Collapse

HOTSPOT

You have an Azure subscription named Subscription1. You have a virtualization environment that contains the virtualization server in the following table.

The virtual machines are configured as shown on the following table.

All the virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker). You plan to use Azure Site Recovery to migrate the virtual machines to Azure.

Which virtual machines can you migrate? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 287
Correct answer: Question 287

Explanation:

Not VM1 because it has BitLocker enabled.

Not VM2 because the OS disk is larger than 2TB.

Not VMC because the Data disk is larger than 4TB.

Reference:

https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-azure-support-matrix#azure-vmrequirements

Question 288

Report
Export
Collapse

HOTSPOT

You have an Azure web app named WebApp1 that runs in an Azure App Service plan named ASP1.

ASP1 is based on the D1 pricing tier.

You need to ensure that WebApp1 can be accessed only from computers on your on-premises network. The solution must minimize costs.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 288
Correct answer: Question 288

Explanation:

Box 1: B1

B1 (Basic) would minimize cost compared P1v2 (premium) and S1 (standard).

Box 2: Cross Origin Resource Sharing (CORS)

Once you set the CORS rules for the service, then a properly authenticated request made against the service from a different domain will be evaluated to determine whether it is allowed according to the rules you have specified.

Note: CORS (Cross Origin Resource Sharing) is an HTTP feature that enables a web application running under one domain to access resources in another domain. In order to reduce the possibility of cross-site scripting attacks, all modern web browsers implement a security restriction known as same-origin policy. This prevents a web page from calling APIs in a different domain. CORS provides a secure way to allow one origin (the origin domain) to call APIs in another origin.

Reference:

https://azure.microsoft.com/en-us/pricing/details/app-service/windows/

https://docs.microsoft.com/en-us/azure/cdn/cdn-cors

Question 289

Report
Export
Collapse

DRAG DROP

You have an on-premises network that includes a Microsoft SQL Server instance named SQL1.

You create an Azure Logic App named App1.

You need to ensure that App1 can query a database on SQL1.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 289
Correct answer: Question 289

Explanation:

To access data sources on premises from your logic apps, you can create a data gateway resource in

Azure so that your logic apps can use the on-premises connectors.

Box 1: From an on-premises computer, install an on-premises data gateway.

Before you can connect to on-premises data sources from Azure Logic Apps, download and install the on-premises data gateway on a local computer.

Box 2: From the Azure portal, create an on-premises data gateway

Create Azure resource for gateway

After you install the gateway on a local computer, you can then create an Azure resource for your gateway. This step also associates your gateway resource with your Azure subscription.

Sign in to the Azure portal. Make sure you use the same Azure work or school email address used to install the gateway.

On the main Azure menu, select Create a resource > Integration > On-premises data gateway.

On the Create connection gateway page, provide this information for your gateway resource.

To add the gateway resource to your Azure dashboard, select Pin to dashboard. When you're done, choose Create.

Box 3: From the Logic Apps Designer in the Azure portal, add a connector

After you create your gateway resource and associate your Azure subscription with this resource, you can now create a connection between your logic app and your on-premises data source by using the gateway.

In the Azure portal, create or open your logic app in the Logic App Designer.

Add a connector that supports on-premises connections, for example, SQL Server.

Set up your connection.

Reference:

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-gateway-connection

Question 290

Report
Export
Collapse

You are the global administrator for an Azure Active Directory (Azure AD) tenet named adatum.com.

You need to enable two-step verification for Azure users.

What should you do?

A.
Create a sign-in risk policy in Azure AD Identity Protection
A.
Create a sign-in risk policy in Azure AD Identity Protection
Answers
B.
Enable Azure AD Privileged Identity Management.
B.
Enable Azure AD Privileged Identity Management.
Answers
C.
Create and configure the Identity Hub.
C.
Create and configure the Identity Hub.
Answers
D.
Configure a security policy in Azure Security Center.
D.
Configure a security policy in Azure Security Center.
Answers
Suggested answer: A

Explanation:

Identity Protection analyzes signals from each sign-in, both real-time and offline, and calculates a risk score based on the probability that the sign-in wasn't performed by the user. Administrators can make a decision based on this risk score signal to enforce organizational requirements.

Administrators can choose to block access, allow access, or allow access but require multi-factor authentication.

If risk is detected, users can perform multi-factor authentication to self-remediate and close the risky sign-in event to prevent unnecessary noise for administrators.

With Azure Active Directory Identity Protection, you can:

require users to register for multi-factor authentication handle risky sign-ins and compromised users

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/flows

Total 644 questions
Go to page: of 65
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms