Microsoft AZ-104 Practice Test - Questions Answers, Page 7

TXT or MX : Correct

You can use either a TXT or MX record to verify the custom domain in the Azure AD. MX records can serve the purpose of TXT records

SRV : Incorrect

SRV records are used by various services to specify server locations. When specifying an SRV record in Azure DNS

DNSKEY : Incorrect Choice

This will verify that the records are originating from an authorized sender.

NSEC : Incorrect Choice

This is Part of DNSSEC. This is used for explicit denial-of-existence of a DNS record. It is used to prove a name does not exist.

Reference:

https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain#verifyyour-custom-domain-name

https://www.cloudflare.com/dns/dnssec/how-dnssecworks/#:~:text=DNSKEY%20%2D%20Contains%20a%20public%20signing,s)%20in%20the%20parent%20zone.

You can't delete a vault that contains backup data. You must remove the delete locks before trying to delete a resource group.

When you delete a resource group, all of its resources are also deleted. Deleting a resource group deletes all of its template deployments and currently stored operations.

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/delete-resourcegroup?tabs=azure-powershell

Box 1: Yes

User1 is a Cloud Device Administrator.

Device2 is Azure AD joined.

Group1 has the assigned to join type. User1 is the owner of Group1.

Note: Assigned groups - Manually add users or devices into a static group.

Azure AD joined or hybrid Azure AD joined devices utilize an organizational account in Azure AD

Box 2: No

User2 is a User Administrator.

Device1 is Azure AD registered.

Group1 has the assigned join type, and the owner is User1.

Note: Azure AD registered devices utilize an account managed by the end user, this account is either a Microsoft account or another locally managed credential.

Box 3: Yes

User2 is a User Administrator.

Device2 is Azure AD joined.

Group2 has the Dynamic Device join type, and the owner is User2.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/devices/overview

You are prevented from creating Azure SQL servers anywhere in Subscription 1 with the exception of

ContosoRG1

Reference:

https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure

Box 1: VM1 only

VM1 is in the same region as Vault1.

File1 is not in the same region as Vautl1.

SQL is not in the same region as Vault1.

Blobs cannot be backup up to service vaults.

Note: To create a vault to protect virtual machines, the vault must be in the same region as the virtual machines.

Box 2: Share1 only.

Storage1 is in the same region (West USA) as Vault2. Share1 is in Storage1.

Note: After you select Backup, the Backup pane opens and prompts you to select a storage account from a list of discovered supported storage accounts. They're either associated with this vault or present in the same region as the vault, but not yet associated to any Recovery Services vault.

Reference:

https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault

https://docs.microsoft.com/en-us/azure/backup/backup-afs

To restore files or folders from the recovery point, go to the virtual machine and choose the desired recovery point.

Step 0. In the virtual machine's menu, click Backup to open the Backup dashboard.

Step 1. In the Backup dashboard menu, click File Recovery.

Step 2. From the Select recovery point drop-down menu, select the recovery point that holds the files you want. By default, the latest recovery point is already selected.

Step 3: To download the software used to copy files from the recovery point, click Download Executable (for Windows Azure VM) or Download Script (for Linux Azure VM, a python script is generated).

Step 4: Copy the files by using AzCopy

AzCopy is a command-line utility designed for copying data to/from Microsoft Azure Blob, File, and Table storage, using simple commands designed for optimal performance. You can copy data between a file system and a storage account, or between storage accounts.

Reference:

https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm

https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy

Azure Monitor can collect data directly from your Azure virtual machines into a Log Analytics workspace for analysis of details and correlations. Installing the Log Analytics VM extension for Windows and Linux allows Azure Monitor to collect data from your Azure VMs.

Azure Log Analytics workspace is also used for on-premises computers monitored by System Center Operations Manager.

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm

Box 1 : 4

As there are 4 distinct set of resource types (Ingress, Egress, Delete storage account, Restore blob ranges), so you need 4 alert rules. In one alert rule you can't specify different type of resources to monitor. So you need 4 alert rules.

Box 2 : 3

There are 3 distinct set of "Users to notify" as (User 1 and User 3), (User1 only), and (User1, User2, and User3). You can't set the action group based on existing group (Group1 and Group2) as there is no specific group for User1 only. So you need to create 3 action group.

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups

The Azure Site Recovery service contributes to your disaster recovery strategy by managing and orchestrating replication, failover, and failback of on-premises machines and Azure virtual machines (VMs).

Reference:

https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-quickstart

https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication