Microsoft AZ-104 Practice Test - Questions Answers, Page 50

You have an Azure subscription that contains 10 virtual machines, a key vault named Vault 1, and a network security group (NSG) named NSG1. All the resources are deployed to the East US Azure region.

The virtual machines are protected by using NSG1. NSG1 is configured to block all outbound traffic to the internet.

You need to ensure that the virtual machines can access Vault1. The solution must use the principle of least privilege and minimize administrative effort.

What should you configure as the destination of the outbound security rule for NSG1 ?

HOTSPOT

You plan to deploy the following Azure Resource Manager (ARM) template.

DRAG DROP

You have an Azure subscription named Sub1 that contains two users named User1 and User2.

You need to assign role-based access control (RBAC) roles to User1 and User2. The users must be able to perform the following tasks in Sub1:

• User1 must view the data in any storage account.

• User2 must assign users the Contributor role for storage accounts.

The solution must use the principle of least privilege.

Which RBAC role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all.

HOTSPOT

You have an Azure subscription that is linked to an Azure AD tenant. The tenant contains the custom role-based access control (RBAC) roles shown in the following table.

From the Azure portal, you need to create two custom roles named Role3 and Role4. Role3 will be an Azure subscription role. Role4 will be an Azure AD role. Which roles can you clone to create the new roles? To answer, select the appropriate options in the answer area.

You have an Azure Subscription that contains the virtual networks Shown in the following table.

All the virtual networks are peered. Each virtual network contains nine virtual machines.

You need to configure secure RDP corrections to the virtual machines by using Azure Boston.

Whit is the minimum number of Bastion nests required?

HOTSPOT

You have an Azure subscription.

You plan to deploy a storage account named storage' by using the following Azure Resource Manager (ARM) template.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You need to configure an Azure web app named contoso.azurewebsites.net to host wwwcontoso.com.

What should you do first?

HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

You plan to create a data collection rule named DCRI in Azure Monitor.

Which resources can you set as data sources in DCRI, and which resources can you set as destinations in DCRI? To answer, select the appropriate options in the answer are a.

NOTE: Each correct selection is worth one point.

HOTSPOT

You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a container named container1.

You to create a lifecycle management rule for storage' that will automatically move the blobs in container' to the lowest-cost tier after 90 days.

How should you complete the rule? TO answer, select the appropriate options in the answer are a.

NOTE: Each correct selection is worth one point.

Answer: