ExamGecko
Search Search Login
Home Home / Microsoft / AZ-104

Microsoft AZ-104 Practice Test - Questions Answers, Page 33

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You need to the appropriate sizes for the Azure virtual for Server2. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:
HOTSPOT You need to implement Role1. Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft Entra tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk invite users' operation. Does this meet the goal?
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use?
You have an Azure subscription that contains the virtual machines shown in the following table. You deploy a load balancer that has the following configurations: * Name: LB 1 * Type: Internal * SKU: Standard * Virtual network: VNET1 You need to ensure that you can add VM1 and VM2 to the backend pool of L81. Solution: You create two Standard SKU public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine. Does this meet the goal?
You have an Azure subscription that contains the resources shown in the following table. You need to assign User1 the Storage File Data SMB Share Contributor role for share1. What should you do first?
You have an Azure App Service app named App1 that contains two running instances. You have an auto scale rule configured as shown in the following exhibit For the instance limits stale condition setting, you set Maximum to 5. During a 30-minute period. Appl uses 60 percent of the available memory. What is the maximum number of instances tor Appl during the 30-minute period:
You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements. Which storage account should you identify?

Question 321

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage a virtual network named VNet1 that is hosted in the West US Azure region.

VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.

You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.

Solution: From Azure Monitor, you create a metric on Network in and Network Out.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

You should use Azure Network Watcher.

Reference:

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

Question 322

Report
Export
Collapse

HOTSPOT

You have an Azure Subscription named Subcription1.has

Subcription1 contains the virtual machines in the following table.

Subcription1 contains the virtual machines in the following table.

VM3 has multiple network, including a network adapter named NIC3, IP forwarding is enabled on

NIC3. Routing is enabled on VM3.

You create a route table named RT1 that contains the routes in the following table.

You apply RT1 to subnet1 and Sybnet2.

For each of the following statements, select Yes if the statements is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 322
Correct answer: Question 322

Explanation:

IP forwarding enables the virtual machine a network interface is attached to:

Receive network traffic not destined for one of the IP addresses assigned to any of the IP configurations assigned to the network interface.

Send network traffic with a different source IP address than the one assigned to one of a network interface's IP configurations.

The setting must be enabled for every network interface that is attached to the virtual machine that receives traffic that the virtual machine needs to forward. A virtual machine can forward traffic whether it has multiple network interfaces or a single network interface attached to it.

Box 1: Yes

The routing table allows connections from VM3 to VM1 and VM2. And as IP forwarding is enabled on

VM3, VM3 can connect to VM1.

Box 2: No

VM3, which has IP forwarding, must be turned on, in order for VM2 to connect to VM1.

Box 3: Yes

The routing table allows connections from VM1 and VM2 to VM3. IP forwarding on VM3 allows VM1 to connect to VM2 via VM3.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

https://www.quora.com/What-is-IP-forwarding

Question 323

Report
Export
Collapse

HOTSPOT

Your company has offices in New York and Los Angeles.

You have an Azure subscription that contains an Azure virtual network named VNet1. Each office has a site-to-site VPN connection to VNet1.

Each network uses the address spaces shown in the following table.

You need to ensure that all Internet-bound traffic from VNet1 is routed through the New York office.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 323
Correct answer: Question 323

Explanation:

Box 1 : Set-AzureRmVirtualNetworkGatewayDefaultSite

The Set-AzureRmVirtualNetworkGatewayDefaultSite cmdlet assigns a forced tunneling default site to a virtual network gateway. Forced tunneling provides a way for you to redirect Internet-bound traffic from Azure virtual machines to your on-premises network; this enables you to inspect and audit traffic before releasing it. Forced tunneling is carried out by using a virtual private network (VPN) tunnel; this tunnel requires a default site, a local gateway where all the Azure Internet-bound traffic is redirected. Set-AzureRmVirtualNetworkGatewayDefaultSite provides a way to change the default site assigned to a gateway.

Box 2 : 0.0.0.0/0

Forced tunneling must be associated with a VNet that has a route-based VPN gateway. You need to set a "default site" among the cross-premises local sites connected to the virtual network. Also, the on-premises VPN device must be configured using 0.0.0.0/0 as traffic selectors.

Forced Tunneling:

The following diagram illustrates how forced tunneling works

Reference:

https://docs.microsoft.com/en-us/powershell/module/azurerm.network/setazurermvirtualnetworkgatewaydefaultsite?view=azurermps-6.13.0

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm

Question 324

Report
Export
Collapse

You have an Azure subscription that contains the resources shown in the following table.

The Not allowed resource types Azure policy is assigned to RG1 and uses the following parameters:

-Microsoft.Network/virtualNetwork

- Microsoft.Compute/virtualMachines

In RG1, you need to create a new virtual machine named VM2, and then connect VM2 to VNET1.

What should you do first?

A.
Remove Microsoft.Network/virtualNetworks from the policy
A.
Remove Microsoft.Network/virtualNetworks from the policy
Answers
B.
Create an Azure Resource Manager template
B.
Create an Azure Resource Manager template
Answers
C.
Remove Microsoft.Compute/virtualMachines from the policy
C.
Remove Microsoft.Compute/virtualMachines from the policy
Answers
D.
Add a subnet to VNET1
D.
Add a subnet to VNET1
Answers
Suggested answer: A

Explanation:

To create a new virtual machine named VM2 which is connected to VNET1 in RG1, you need to remove Microsoft.Network/virtualNetworks from the policy. This is because the Not allowed resource types Azure policy denies the deployment of the specified resource types in the scope of the assignment. In this case, the policy is assigned to RG1 and uses the parameters Microsoft.Network/virtualNetworks and Microsoft.Compute/virtualMachines. This means that you cannot create or update any virtual networks or virtual machines in RG1. Therefore, to create VM2 and connect it to VNET1, you need to remove Microsoft.Network/virtualNetworks from the policy parameters. This will allow you to create or update virtual networks in RG1, but still prevent you from creating or updating virtual machines. Alternatively, you can also exclude VNET1 from the policy assignment scope, but this will affect the compliance of the policy for the entire virtual network.

Not allowed resource types (Deny)

Create and manage policies to enforce compliance


Question 325

Report
Export
Collapse

HOTSPOT

You are creating an Azure load balancer.

You need to add an IPv6 load balancing rule to the load balancer.

How should you complete the Azure PowerShell script? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 325
Correct answer: Question 325

Explanation:

Powershell command to create a load balancer rule (AzureRm module new version is AZ as given in below command):

$lbrule1v6 = New-AzLoadBalancerRuleConfig

-Name "HTTPv6"

-FrontendIpConfiguration $FEIPConfigv6

-BackendAddressPool $backendpoolipv6

-Probe $healthProbe

-Protocol Tcp

-FrontendPort 80

-BackendPort 8080

Powershell command to create the load balancer using the previously created objects :

New-AzLoadBalancer

-ResourceGroupName NRP-RG

-Name 'myNrpIPv6LB'

-Location 'West US'

-FrontendIpConfiguration $FEIPConfigv6

-InboundNatRule $inboundNATRule1v6

-BackendAddressPool $backendpoolipv6

-Probe $healthProbe

-LoadBalancingRule $lbrule1v6

Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-ipv6-internet-ps

Question 326

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company registers a domain name of contoso.com.

You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.

You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.

You need to resolve the name resolution issue.

Solution: You create a PTR record for www in the contoso.com zone.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

Modify the Name Server (NS) record.

A NS record would be created automatically and you cannot modify it (but you can add to it to support co-hosting domains). You can add additional name servers to this NS record set, to support co-hosting domains with more than one DNS provider. You can also modify the TTL and metadata for this record set. However, you cannot remove or modify the pre-populated Azure DNS name servers.

Reference:

https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

Question 327

Report
Export
Collapse

You have an Azure subscription that contains three virtual networks named VNet1, VNet2, VNet3.

VNet2 contains a virtual appliance named VM2 that operates as a router.

You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network.

You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3.

You need to provide connectivity between VNet1 and VNet3 through VNet2.

Which two configurations should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.
On the peering connections, allow forwarded traffic.
A.
On the peering connections, allow forwarded traffic.
Answers
B.
On the peering connections, allow gateway transit.
B.
On the peering connections, allow gateway transit.
Answers
C.
Create route tables and assign the table to subnets.
C.
Create route tables and assign the table to subnets.
Answers
D.
Create a route filter.
D.
Create a route filter.
Answers
E.
On the peering connections, use remote gateways.
E.
On the peering connections, use remote gateways.
Answers
Suggested answer: A, C

Explanation:

Allow gateway transit: Check this box if you have a virtual network gateway attached to this virtual network and want to allow traffic from the peered virtual network to flow through the gateway.

The peered virtual network must have the Use remote gateways checkbox checked when setting up the peering from the other virtual network to this virtual network.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-managepeering#requirements-andconstraints

Question 328

Report
Export
Collapse

HOTSPOT

You have an Azure subscription named Subscription1.

In Subscription1, you create an Azure web app named WebApp1. WebApp1 will access an external service that requires certificate authentication.

You plan to require the use of HTTPS to access WebApp1.

You need to upload certificates to WebApp1.

In which formats should you upload the certificate? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 328
Correct answer: Question 328

Explanation:

A PFX file contains the public key file (SSL Certificate) and its unique private key file. This is required for HTTPS access. The web app will distribute the public key (in a CER file) to clients that connect to the web app.

The CER file is an SSL Certificate which has the public key of the external service. The external service will have the private key associated with the public key contained in the CER file.

Question 329

Report
Export
Collapse

You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com.

You need to enable two-step verification for Azure users.

What should you do?

A.
Configure a playbook in Azure AD conditional access policy.
A.
Configure a playbook in Azure AD conditional access policy.
Answers
B.
Create an Azure AD conditional access policy.
B.
Create an Azure AD conditional access policy.
Answers
C.
Create and configure the Identify Hub.
C.
Create and configure the Identify Hub.
Answers
D.
Install and configure Azure AD Connect.
D.
Install and configure Azure AD Connect.
Answers
Suggested answer: B

Explanation:

Conditional Access policies enforce registration, requiring unregistered users to complete registration at first sign-in, an important security consideration.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted

Question 330

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario goals. Some question sets might have more than one correct solution, while others ion in the series contains a unique solution that might meet the stated not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure web app named Appl. App1 runs in an Azure App Service plan named Plan1. Plan1 is associated to the Free pricing tier.

You discover that App1 stops each day after running continuously for 60 minutes.

You need to ensure that App1 can run continuously for the entire day.

Solution: You add a triggered WebJob to App1.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

You need to change to Basic pricing Tier.

Note: The Free Tier provides 60 CPU minutes / day. This explains why App1 is stops. The Basic tier has no such cap.

Reference:

https://azure.microsoft.com/en-us/pricing/details/app-service/windows/

Total 644 questions
Go to page: of 65
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms