Ask Question
Microsoft AZ-104 Practice Test - Questions Answers, Page 6
List of questions
Question 51
HOTSPOT
You have peering configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Explanation:
Box 1: vNET6 only
Peering status to both VNet1 and Vnet2 are disconnected.
Box 2: delete peering1
Peering to Vnet1 is Enabled but disconnected. We need to update or re-create the remote peering to get it back to Initiated state.
Reference:
https://blog.kloud.com.au/2018/10/19/address-space-maintenance-with-vnet-peering/
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-managepeering#requirements-andconstraints
Question 52
Your company has an Azure subscription named Subscription1.
The company also has two on-premises servers named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a DNS server that has a primary DNS zone named adatum.com.
Adatum.com contains 1,000 DNS records.
You manage Server1 and Subscription1 from Server2. Server2 has the following tools installed:
The DNS Manager console
Azure PowerShell
Azure CLI 2.0
You need to move the adatum.com zone to Subscription1. The solution must minimize administrative effort.
What should you use?
Explanation:
Azure DNS supports importing and exporting zone files by using the Azure command-line interface (CLI). Zone file import is not currently supported via Azure PowerShell or the Azure portal.
Reference: https://docs.microsoft.com/en-us/azure/dns/dns-import-export
Question 53
HOTSPOT
You have an Azure subscription that contains the public load balancers shown in the following table.
You plan to create six virtual machines and to load balancer requests to the virtual machines. Each load balancer will load balance three virtual machines.
You need to create the virtual machines for the planned solution.
How should you create the virtual machines? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Box 1: be created in the same availability set or virtual machine scale set.
The Basic tier is quite restrictive. A load balancer is restricted to a single availability set, virtual machine scale set, or a single machine.
Box 2: be connected to the same virtual network
The Standard tier can span any virtual machine in a single virtual network, including blends of scale sets, availability sets, and machines.
Reference:
https://www.petri.com/comparing-basic-standard-azure-load-balancers
Question 54
HOTSPOT
You have an Azure virtual network named VNet1 that connects to your on-premises network by using a site-to-site VPN. VMet1 contains one subnet named Subnet1.
Subnet1 is associated to a network security group (NSG) named NSG1. Subnet1 contains a basic internal load balancer named ILB1. ILB1 has three Azure virtual machines in the backend pool.
You need to collect data about the IP addresses that connects to ILB1. You must be able to run interactive queries from the Azure portal against the collected data.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Box 1: An Azure Log Analytics workspace
In the Azure portal you can set up a Log Analytics workspace, which is a unique Log Analytics environment with its own data repository, data sources, and solutions
Box 2: ILB1
Reference:
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-create-workspace
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics
Question 55
You have an Azure subscription.
Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs.
You have a line-of-business app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016.
You need to ensure that the connections to App1 are spread across all the virtual machines.
What are two possible Azure services that you can use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Explanation:
Line-of-business apps means custom apps. Generally these are used by internal staff members of the company.
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications.
Internal Load Balancer provides a higher level of availability and scale by spreading incoming requests across virtual machines (VMs) within the virtual network.
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
https://docs.microsoft.com/en-us/azure/application-gateway/overview
Question 56
You have an azure subscription that contain a virtual named VNet1. VNet1. contains four subnets named Gatesway, perimeter, NVA, and production.
The NVA contain two network virtual appliance (NVAs) that will network traffic inspection between the perimeter subnet and the production subnet.
You need to implement an Azure load balancer for the NVAs. The solution must meet the following requirements:
The NVAs must run in an active-active configuration that uses automatic failover.
The NVA must load balance traffic to two services on the Production subnet. The services have different IP addresses
Which three actions should you perform? Each correct answer presents parts of the solution.
NOTE: Each correct selection is worth one point.
Explanation:
A standard load balancer is required for the HA ports.
-Two backend pools are needed as there are two services with different IP addresses.
-Floating IP rule is used where backend ports are reused.
Incorrect Answers:
F: HA Ports are not available for the basic load balancer.
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview
The following diagram presents a hub-and-spoke virtual network deployment. The spokes forcetunnel their traffic to the hub virtual network and through the NVA, before leaving the trusted space.
The NVAs are behind an internal Standard Load Balancer with an HA ports configuration. All traffic can be processed and forwarded accordingly. When configured as show in the following diagram, an HA Ports load-balancing rule additionally provides flow symmetry for ingress and egress traffic.
Reference :
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-ha-ports-overview#a-singlefloating-ip-direct-server-return-ha-ports-configuration-on-an-internal-standard-load-balancer
Question 57
You have an Azure subscription that contains a user account named User1.
You need to ensure that User1 can assign a policy to the tenant root management group.
What should you do?
Explanation:
To assign a policy to the tenant root management group you have to be an administrator of an Azure subscription. To make a user an administrator of an Azure subscription, assign them the Owner role at the subscription scope. After that assignment user can configure access management for Azure resources.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
Question 58
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the [email protected] sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: "Unable to invite user [email protected] ñ Generic authorization exception."
You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?
Explanation:
Reference:
https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Generic-authorization-exceptioninviting-Azure-AD-gests/td-p/274742
Question 59
HOTSPOT
You have an Azure subscription that contains the resource groups shown in the following table.
RG1 contains the resources shown in the following table.
RG2 contains the resources shown in the following table.
You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1.
Which resources should you identify? To answer, select the appropriate options in the answer area.
Explanation:
Read only and Delete lock won't prevent you from moving resources in different resource groups. It will prevent you to do the operations in the resource group where the resources are there.
So the correct answer should be
RG1 --> RG2 = IP1, vnet1 and storage1
RG2 --> RG1 = IP2, vnet2 and storage2
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
Question 60
HOTSPOT
You have an Azure subscription named Sub1.
You plan to deploy a multi-tiered application that will contain the tiers shown in the following table.
You need to recommend a networking solution to meet the following requirements:
Ensure that communication between the web servers and the business logic tier spreads equally across the virtual machines.
Protect the web servers from SQL injection attacks.
Which Azure resource should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Box 1: an internal load balancer
Azure Internal Load Balancer (ILB) provides network load balancing between virtual machines that reside inside a cloud service or a virtual network with a regional scope.
Box 2: an application gateway that uses the WAF tier
Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities.
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
.png)
Question