Ask Question
Microsoft AZ-104 Practice Test - Questions Answers, Page 21
List of questions
Question 201
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use?
Explanation:
The primary use case for the Azure Desired State Configuration (DSC) extension is to bootstrap a VM to the Azure Automation State Configuration (DSC) service. The service provides benefits that include ongoing management of the VM configuration and integration with other operational tools, such as
Azure Monitoring. Using the extension to register VM's to the service provides a flexible solution that even works across Azure subscriptions.
You can use the DSC extension independently of the Automation DSC service.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview
Question 202
You have an Azure subscription that contains the resources shown in the following table.
You need to configure a proximity placement group for VMSS1.
Which proximity placement groups should you use?
Explanation:
Resource Group location of VMSS1 is the RG2 location, which is West US.
Only Proximity2, which also in RG2, is location in West US
Reference:
https://azure.microsoft.com/en-us/blog/introducing-proximity-placement-groups/
Question 203
You have an Azure subscription named Subscription1 that has the following providers registered:
Authorization
Automation
Resources
Compute
KeyVault
Network
Storage
Billing
Web
Subscription1 contains an Azure virtual machine named VM1 that has the following con figurations:
* Private IP address: 10.0.0.4 (dynamic)
* Network security group (NSG): NSG1
* Public IP address: None
* Availability set: AVSet
* Subnet: 10.0.0.0/24
* Managed disks: No
* Location: East US
You need to record all the successful and failed connection attempts to VM1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Explanation:
NSG flow log data is written to an Azure Storage account. You need to create an Azure Storage account, With an Azure Storage account NSG flow logs can be enabled.
Enable network watcher in the East US region.
NSG flow logging requires the Microsoft.Insights provider.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal
Question 204
You create the following resources in an subscription:
• An Azure Container Registry instance named Registry1
• An Azure Kubernetes Service (AKS) cluster named Cluster1
You create a container image named App 1 on your administrative workstation.
You need to deploy App1 to cluster 1.
What should you do first?
Explanation:
An Azure container registry stores and manages private Docker container images, similar to the way Docker Hub stores public Docker images. You can use the Docker command-line interface (Docker CLI) for login, push, pull, and other operations on your container registry.
After you login to the registry you can run push command to upload the image.
Below is an sample of that command docker push myregistry.azurecr.io/samples/nginx
Reference:
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-docker-cli
Question 205
HOTSPOT
You have an Azure subscription.
You plan to use Azure Resource Manager templates to deploy 50 Azure virtual machines that will be part of the same availability set.
You need to ensure that as many virtual machines as possible are available if the fabric fails or during servicing.
How should you configure the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Box 1 = max value
Box 2 = 20
Use max for platformFaultDomainCount
2 or 3 is max value, depending on which region you are in.
Use 20 for platformUpdateDomainCount
Increasing the update domain (platformUpdateDomainCount) helps with capacity and availability planning when the platform reboots nodes. A higher number for the pool (20 is max) means that fewer of their nodes in any given availability set would be rebooted at once.
Reference:
https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domainsmanaged-disks
https://github.com/Azure/acs-engine/issues/1030
Question 206
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
VMSS1 is set to VM (virtual machines) orchestration mode.
You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1.
Which resource group and location should you use to deploy VM1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Box 1: RG1, RG2, or RG3
The resource group stores metadata about the resources. When you specify a location for the resource group, you're specifying where that metadata is stored.
Box 2: West US only
Note: Virtual machine scale sets will support 2 distinct orchestration modes:
ScaleSetVM ñ Virtual machine instances added to the scale set are based on the scale set configuration model. The virtual machine instance lifecycle - creation, update, deletion - is managed by the scale set.
VM (virtual machines) ñ Virtual machines created outside of the scale set can be explicitly added to the scaleset.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview
Question 207
You have an Azure Kubernetes Service (AKS) cluster named AKS1.
You need to configure cluster autoscaler for AKS1.
Which two tools should you use? Each correct answer presents a complete solution,
NOTE: Each correct selection is worth one point
Explanation:
With cluster auto-scaling, the actual load of your worker-nodes will be monitored actively. By adding and removing worker-nodes from the cluster, it ensures that enough resources are available to keep your application healthy and responsive. In contrast, it removes worker-nodes from the AKS cluster, to optimize resource utilization and be as cost-effective as possible
Reference:
https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler
https://thorsten-hans.com/aks-cluster-auto-scaler-inside-out
Question 208
You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.
The virtual machines host several applications that are accessible over port 443 to user on the Internet.
Your on-premises network has a site-to-site VPN connection to VNet1.
You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.
You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.
What should you do?
Explanation:
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
You can use a site-to-site VPN to connect your on-premises network to an Azure virtual network.
Users on your on-premises network connect by using the RDP or SSH protocol over the site-to-site VPN connection. You don't have to allow direct RDP or SSH access over the internet. And this can be achieved by configuring a deny rule in a network security group (NSG) that is linked to Subnet1 for RDP / SSH protocol coming from internet.
Modify the address space of Subnet1 : Incorrect choice
Modifying the address space of Subnet1 will have no impact on RDP traffic flow to the virtual network.
Modify the address space of the local network gateway : Incorrect choice
Modifying the address space of the local network gateway will have no impact on RDP traffic flow to the virtual network.
Remove the public IP addresses from the virtual machines : Incorrect choice
If you remove the public IP addresses from the virtual machines, none of the applications be accessible publicly by the Internet users.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices
Question 209
You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Explanation:
Create a Connection: You need to link the ExpressRoute gateway to the ExpressRoute circuit. After this step has been completed, the connection between your on-premises network and Azure through
ExpressRoute will be established. Hence this is correct option.
Create a local site VPN gateway : This will allow you to provide the local gateway settings, for example public IP and the on-premises address space, so that the Azure VPN gateway can connect to it. Hence this is correct option.
Create a VPN gateway that uses the VpnGw1 SKU : The GatewaySku is only supported for VpnGw1, VpnGw2, VpnGw3, Standard, and HighPerformance VPN gateways. ExpressRoute-VPN
Gateway coexist configurations are not supported on the Basic SKU. The VpnType must be RouteBased. Hence this is correct option.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resourcemanager-portal
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resourcemanager
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-linkvnet-arm
Question 210
You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table.
Each virtual machine uses a static IP address.
You need to create network security groups (NSGs) to meet following requirements:
Allow web requests from the internet to VM3, VM4, VM5, and VM6.
Allow all connections between VM1 and VM2.
Allow Remote Desktop connections to VM1.
Prevent all other network traffic to VNET1.
What is the minimum number of NSGs you should create?
Explanation:
Note: A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs (Resource Manager).
Each network security group also contains default security rules.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
.png)
Question