ExamGecko
Search Search Login
Home Home / Microsoft / AZ-104

Microsoft AZ-104 Practice Test - Questions Answers, Page 6

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You need to the appropriate sizes for the Azure virtual for Server2. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You need to prepare the environment to ensure that the web administrators can deploy the web apps as quickly as possible. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:
HOTSPOT You need to implement Role1. Which command should you run before you create Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev. You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. Solution: On Dev, you assign the Contributor role to the Developers group. Does this meet the goal?
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use?
Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft Entra tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution; From Microsoft Entra ID in the Azure portal, you use the Bulk invite users' operation. Does this meet the goal?
You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements. Which storage account should you identify?
HOTSPOT You need to create storage5. The solution must support the planned changes. Which type of storage account should you use, and which account should you configure as the destination storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You need to identify the storage requirements for Contoso. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Which blade should you instruct the finance department auditors to use?

Question 51

Report
Export
Collapse

HOTSPOT

You have peering configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.


Question 51
Correct answer: Question 51

Explanation:

Box 1: vNET6 only

Peering status to both VNet1 and Vnet2 are disconnected.

Box 2: delete peering1

Peering to Vnet1 is Enabled but disconnected. We need to update or re-create the remote peering to get it back to Initiated state.

Reference:

https://blog.kloud.com.au/2018/10/19/address-space-maintenance-with-vnet-peering/

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-managepeering#requirements-andconstraints

Question 52

Report
Export
Collapse

Your company has an Azure subscription named Subscription1.

The company also has two on-premises servers named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a DNS server that has a primary DNS zone named adatum.com.

Adatum.com contains 1,000 DNS records.

You manage Server1 and Subscription1 from Server2. Server2 has the following tools installed:

The DNS Manager console

Azure PowerShell

Azure CLI 2.0

You need to move the adatum.com zone to Subscription1. The solution must minimize administrative effort.

What should you use?

A.
Azure PowerShell
A.
Azure PowerShell
Answers
B.
Azure CLI
B.
Azure CLI
Answers
C.
the Azure portal
C.
the Azure portal
Answers
D.
the DNS Manager console
D.
the DNS Manager console
Answers
Suggested answer: B

Explanation:

Azure DNS supports importing and exporting zone files by using the Azure command-line interface (CLI). Zone file import is not currently supported via Azure PowerShell or the Azure portal.

Reference: https://docs.microsoft.com/en-us/azure/dns/dns-import-export

Question 53

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the public load balancers shown in the following table.

You plan to create six virtual machines and to load balancer requests to the virtual machines. Each load balancer will load balance three virtual machines.

You need to create the virtual machines for the planned solution.

How should you create the virtual machines? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 53
Correct answer: Question 53

Explanation:

Box 1: be created in the same availability set or virtual machine scale set.

The Basic tier is quite restrictive. A load balancer is restricted to a single availability set, virtual machine scale set, or a single machine.

Box 2: be connected to the same virtual network

The Standard tier can span any virtual machine in a single virtual network, including blends of scale sets, availability sets, and machines.

Reference:

https://www.petri.com/comparing-basic-standard-azure-load-balancers

Question 54

Report
Export
Collapse

HOTSPOT

You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.

Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.

You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 54
Correct answer: Question 54

Explanation:

Box 1: An Azure Log Analytics workspace

In the Azure portal you can set up a Log Analytics workspace, which is a unique Log Analytics environment with its own data repository, data sources, and solutions

Box 2: ILB1

Reference:

https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-create-workspace

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics

Question 55

Report
Export
Collapse

You have an Azure subscription.

Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs.

You have a line-of-business app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016.

You need to ensure that the connections to App1 are spread across all the virtual machines.

What are two possible Azure services that you can use? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.
a public load balancer
A.
a public load balancer
Answers
B.
Traffic Manager
B.
Traffic Manager
Answers
C.
an Azure Content Delivery Network (CDN)
C.
an Azure Content Delivery Network (CDN)
Answers
D.
an internal load balancer
D.
an internal load balancer
Answers
E.
an Azure Application Gateway
E.
an Azure Application Gateway
Answers
Suggested answer: D, E

Explanation:

Line-of-business apps means custom apps. Generally these are used by internal staff members of the company.

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications.

Internal Load Balancer provides a higher level of availability and scale by spreading incoming requests across virtual machines (VMs) within the virtual network.

Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

https://docs.microsoft.com/en-us/azure/application-gateway/overview

Question 56

Report
Export
Collapse

You have an azure subscription that contain a virtual named VNet1. VNet1. contains four subnets named Gatesway, perimeter, NVA, and production.

The NVA contain two network virtual appliance (NVAs) that will network traffic inspection between the perimeter subnet and the production subnet.

You need to implement an Azure load balancer for the NVAs. The solution must meet the following requirements:

The NVAs must run in an active-active configuration that uses automatic failover.

The NVA must load balance traffic to two services on the Production subnet. The services have different IP addresses

Which three actions should you perform? Each correct answer presents parts of the solution.

NOTE: Each correct selection is worth one point.

A.
Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
A.
Add two load balancing rules that have HA Ports enabled and Floating IP disabled.
Answers
B.
Deploy a standard load balancer.
B.
Deploy a standard load balancer.
Answers
C.
Add a frontend IP configuration, two backend pools, and a health prob.
C.
Add a frontend IP configuration, two backend pools, and a health prob.
Answers
D.
Add a frontend IP configuration, a backend pool, and a health probe.
D.
Add a frontend IP configuration, a backend pool, and a health probe.
Answers
E.
Add two load balancing rules that have HA Ports and Floating IP enabled.
E.
Add two load balancing rules that have HA Ports and Floating IP enabled.
Answers
F.
Deploy a basic load balancer.
F.
Deploy a basic load balancer.
Answers
Suggested answer: B, C, E

Explanation:

A standard load balancer is required for the HA ports.

-Two backend pools are needed as there are two services with different IP addresses.

-Floating IP rule is used where backend ports are reused.

Incorrect Answers:

F: HA Ports are not available for the basic load balancer.

Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview

The following diagram presents a hub-and-spoke virtual network deployment. The spokes forcetunnel their traffic to the hub virtual network and through the NVA, before leaving the trusted space.

The NVAs are behind an internal Standard Load Balancer with an HA ports configuration. All traffic can be processed and forwarded accordingly. When configured as show in the following diagram, an HA Ports load-balancing rule additionally provides flow symmetry for ingress and egress traffic.

Reference :

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-ha-ports-overview#a-singlefloating-ip-direct-server-return-ha-ports-configuration-on-an-internal-standard-load-balancer

Question 57

Report
Export
Collapse

You have an Azure subscription that contains a user account named User1.

You need to ensure that User1 can assign a policy to the tenant root management group.

What should you do?

A.
Assign the Owner role to User1, and then instruct User1 to configure access management for Azure resources.
A.
Assign the Owner role to User1, and then instruct User1 to configure access management for Azure resources.
Answers
B.
Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.
B.
Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.
Answers
C.
Assign the Global administrator role to User1, and then modify the default conditional access policies.
C.
Assign the Global administrator role to User1, and then modify the default conditional access policies.
Answers
D.
Assign the Owner role to User1, and then modify the default conditional access policies.
D.
Assign the Owner role to User1, and then modify the default conditional access policies.
Answers
Suggested answer: A

Explanation:

To assign a policy to the tenant root management group you have to be an administrator of an Azure subscription. To make a user an administrator of an Azure subscription, assign them the Owner role at the subscription scope. After that assignment user can configure access management for Azure resources.

Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal

Question 58

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

The User administrator role is assigned to a user named Admin1.

An external partner has a Microsoft account that uses the [email protected] sign in.

Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: "Unable to invite user [email protected] ñ Generic authorization exception."

You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.

What should you do?

A.
From the Roles and administrators blade, assign the Security administrator role to Admin1.
A.
From the Roles and administrators blade, assign the Security administrator role to Admin1.
Answers
B.
From the Organizational relationships blade, add an identity provider.
B.
From the Organizational relationships blade, add an identity provider.
Answers
C.
From the Custom domain names blade, add a custom domain.
C.
From the Custom domain names blade, add a custom domain.
Answers
D.
From the Users settings blade, modify the External collaboration settings.
D.
From the Users settings blade, modify the External collaboration settings.
Answers
Suggested answer: D

Explanation:

Reference:

https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Generic-authorization-exceptioninviting-Azure-AD-gests/td-p/274742

Question 59

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the resource groups shown in the following table.

RG1 contains the resources shown in the following table.

RG2 contains the resources shown in the following table.

You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1.

Which resources should you identify? To answer, select the appropriate options in the answer area.


Question 59
Correct answer: Question 59

Explanation:

Read only and Delete lock won't prevent you from moving resources in different resource groups. It will prevent you to do the operations in the resource group where the resources are there.

So the correct answer should be

RG1 --> RG2 = IP1, vnet1 and storage1

RG2 --> RG1 = IP2, vnet2 and storage2

Reference:

https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking

Question 60

Report
Export
Collapse

HOTSPOT

You have an Azure subscription named Sub1.

You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.

You need to recommend a networking solution to meet the following requirements:

Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines.

Protect the web servers from SQL injection attacks.

Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 60
Correct answer: Question 60

Explanation:

Box 1: an internal load balancer

Azure Internal Load Balancer (ILB) provides network load balancing between virtual machines that reside inside a cloud service or a virtual network with a regional scope.

Box 2: an application gateway that uses the WAF tier

Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities.

Reference:

https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

Total 644 questions
Go to page: of 65
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms