ExamGecko
Search Search Login
Home Home / Microsoft / AZ-104

Microsoft AZ-104 Practice Test - Questions Answers, Page 5

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You need to the appropriate sizes for the Azure virtual for Server2. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:
HOTSPOT You need to implement Role1. Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?
HOTSPOT You need to create storage5. The solution must support the planned changes. Which type of storage account should you use, and which account should you configure as the destination storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements. What should you include in the recommended?
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use?
Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft Entra tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk invite users' operation. Does this meet the goal?
You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements. Which storage account should you identify?
HOTSPOT You need to identify the storage requirements for Contoso. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Question 41

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.

From Azure, you download and install the VPN client configuration package on a computer named Computer2.

You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.

Solution: You export the client certificate from Computer1 and install the certificate on Computer2.

Does this meet this goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: A

Explanation:

Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate is not installed, authentication fails.

Reference:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site

Question 42

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.

From Azure, you download and install the VPN client configuration package on a computer named Computer2.

You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.

Solution: On Computer2, you set the Startup type for the IPSec Policy Agent service to Automatic.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

Instead export the client certificate from Computer1 and install the certificate on Computer2.

Note: Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate is not installed, authentication fails.

Reference:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site

Question 43

Report
Export
Collapse

HOTSPOT

You have a virtual network named VNet1 that has the configuration shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.


Question 43
Correct answer: Question 43

Explanation:

Box 1: add an address space

Your IaaS virtual machines (VMs) and PaaS role instances in a virtual network automatically receive a private IP address from a range that you specify, based on the address space of the subnet they are connected to. We need to add the 192.168.1.0/24 address space.

Box 2: add a subnet

Address space is present but need to add subnet

Reference:

https://docs.microsoft.com/en-us/microsoft-365/solutions/cloud-architecture-models?view=o365-worldwide

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-static-private-ip-armpportal

Question 44

Report
Export
Collapse

You have an Azure subscription that contains the resources in the following table.

VM1 and VM2 are deployed from the same template and host line-of-business applications accessed by using Remote Desktop. You configure the network security group (NSG) shown in the exhibit.

(Click the Exhibit button.)

You need to prevent users of VM1 and VM2 from accessing websites on the Internet.

What should you do?

A.
Associate the NSG to Subnet1.
A.
Associate the NSG to Subnet1.
Answers
B.
Disassociate the NSG from a network interface.
B.
Disassociate the NSG from a network interface.
Answers
C.
Change the DenyWebSites outbound security rule.
C.
Change the DenyWebSites outbound security rule.
Answers
D.
Change the Port_80 inbound security rule.
D.
Change the Port_80 inbound security rule.
Answers
Suggested answer: A

Question 45

Report
Export
Collapse

DRAG DROP

You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.

The virtual networks n on-premises server named Server1 the configured as shown in the following table.

You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 45
Correct answer: Question 45

Explanation:

Step 1: Remove peering between Vnet1 and VNet2.

You can't add address ranges to, or delete address ranges from a virtual network's address space once a virtual network is peered with another virtual network. To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering.

Step 2: Add the 10.44.0.0/16 address space to VNet1.

Step 3: Recreate peering between VNet1 and VNet2

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering

Question 46

Report
Export
Collapse

You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table.

You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named contoso.com.

For contoso.com, you create a virtual network link named link1 as shown in the exhibit. (Click the Exhibit tab.)

You discover that VM1 can resolve names in contoso.com but cannot resolve names in adatum.com.

VM1 can resolve other hosts on the internet.

You need to ensure that VM1 can resolve host names in adatum.com.

What should you do?

A.
Update the DNS suffix on VM1 to be adatum.com.
A.
Update the DNS suffix on VM1 to be adatum.com.
Answers
B.
Create an SRV record in the contoso.com zone.
B.
Create an SRV record in the contoso.com zone.
Answers
C.
Configure the name servers for adatum.com at the domain registrar.
C.
Configure the name servers for adatum.com at the domain registrar.
Answers
D.
Modify the Access control (IAM) settings for link1.
D.
Modify the Access control (IAM) settings for link1.
Answers
Suggested answer: C

Explanation:

Adatum.com is a public DNS zone. The Internet top level domain DNS servers need to know which DNS servers to direct DNS queries for adatum.com to. You configure this by configuring the name servers for adatum.com at the domain registrar.

Reference:

https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-portal

Question 47

Report
Export
Collapse

You have an azure subscription named Subscription that contains the resource groups shown in the following table.

In RG1, you create a virtual machine named VM1 in the East Asia location.

You plan to create a virtual network named VNET1.

You need to create VNET, and then connect VM1 to VNET1.

What are two possible ways to achieve this goal? Each correct answer presents a complete a solution.

NOTE: Each correct selection is worth one point.

A.
Create VNET1 in RG2, and then set East Asia as the location.
A.
Create VNET1 in RG2, and then set East Asia as the location.
Answers
B.
Create VNET1 in a new resource group in the West US location, and then set West US as the location.
B.
Create VNET1 in a new resource group in the West US location, and then set West US as the location.
Answers
C.
Create VNET1 in RG1, and then set East Asia as the location
C.
Create VNET1 in RG1, and then set East Asia as the location
Answers
D.
Create VNET1 in RG1, and then set East US as the location.
D.
Create VNET1 in RG1, and then set East US as the location.
Answers
E.
Create VNET1 in RG2, and then set East US as the location.
E.
Create VNET1 in RG2, and then set East US as the location.
Answers
Suggested answer: A, C

Explanation:

A network interface can exist in the same, or different resource group, than the virtual machine you attach it to, or the virtual network you connect it to.

The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, also referred to as a region.

Note, Resource groups can span multiple Regions, but VNets only can hold resources (VMs, Network Adapters) that exists in the same region.

So in this scenario, you need to create VNET1 in any RG and set location as East Asia.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface

Question 48

Report
Export
Collapse

You have an Azure subscription that contains a storage account named account1.

You plan to upload the disk files of a virtual machine to account1 from your on-premises network.

The on-premises network uses a public IP address space of 131.107.1.0/24.

You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.

You need to configure account1 to meet the following requirements:

Ensure that you can upload the disk files to account1.

Ensure that you can attach the disks to VM1.

Prevent all other access to account1.

Which two actions should you perform? Each correct selection presents part of the solution.

NOTE: Each correct selection is worth one point.

A.
From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
A.
From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
Answers
B.
From the Firewalls and virtual networks blade of account1, select Selected networks.
B.
From the Firewalls and virtual networks blade of account1, select Selected networks.
Answers
C.
From the Firewalls and virtual networks blade of acount1, add VNet1.
C.
From the Firewalls and virtual networks blade of acount1, add VNet1.
Answers
D.
From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
D.
From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
Answers
E.
From the Service endpoints blade of VNet1, add a service endpoint.
E.
From the Service endpoints blade of VNet1, add a service endpoint.
Answers
Suggested answer: A, B

Explanation:

By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.

Azure portal

1. Navigate to the storage account you want to secure.

2. Click on the settings menu called Firewalls and virtual networks.

3. To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all networks, choose to allow access from 'All networks'.

4. Click Save to apply your changes.

Grant access from a Virtual Network

Storage accounts can be configured to allow access only from specific Azure Virtual Networks.

By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each request.

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

Question 49

Report
Export
Collapse

HOTSPOT

You plan to deploy five virtual machines to a virtual network subnet.

Each virtual machine will have a public IP address and a private IP address.

Each virtual machine requires the same inbound and outbound security rules.

What is the minimum number of network interfaces and network security groups that you require?

To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 49
Correct answer: Question 49

Explanation:

Box 1: 5

A public and a private IP address can be assigned to a single network interface.

Box 2: 1

You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interfaceaddresses

Question 50

Report
Export
Collapse

HOTSPOT

You have an Azure subscription named Subscription1 that contains the resources in the following table.

You install the Web Server server role (IIS) on WM1 and VM2, and then add VM1 and VM2 to LB1.

LB1 is configured as shown in the LB1 exhibit. (Click the Exhibit button.)

Rule1 is configured as shown in the Rule1 exhibit. (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 50
Correct answer: Question 50

Explanation:

To load balance with basic load balancer backend pool virtual machines has to be in a single availability set or virtual machine scale set.

A health probe is used to determine the health status of the instances in the backend pool. During load balancer creation, configure a health probe for the load balancer to use. This health probe will determine if an instance is healthy and can receive traffic.

A Load Balancer rule is used to define how incoming traffic is distributed to the all the instances within the Backend Pool. So if you delete the rule, load balancing won't happen.

Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/skus

Total 644 questions
Go to page: of 65
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms