AZ-104 Practice Test Questions

448 Questions


Topic 6: Misc. Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a cost of 64999.
Does this meet the goal?


A. Yes


B. No





B.   No

You have an Azure subscription that contains two storage accounts named contoso101 and contoso102.
The subscription contains the virtual machines shown in the following table.
VNet1 has service endpoints configured as shown in the Service endpoints exhibit. (Click the Service endpoints tab.)






Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.

Solution: You assign the Network Contributor role at the subscription level to Admin1.

Does this meet the goal?


A. Yes


B. No





A.   Yes

Explanation:
Your account must meet one of the following to enable traffic analytics:
Your account must have any one of the following Azure roles at the subscription scope:
owner, contributor, reader, or network contributor.

You have an Azure subscription named Subscription1 that is used be several departments at your company. Subscription1 contains the resources in the following table:

Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template.
You need to view the template used for the deployment.
From which blade can you view the template that was used for the deployment?


A. RG1


B. VM1


C. Storage1


D. Container1





A.   RG1

Explanation:

You develop the following Azure Resource Manager (ARM) template to create a resource group and deploy an Azure Storage account to the resource group.
Which cmdlet should you run to deploy the template?


A. New-AzTenantDeployment


B. New-AzResourceGroupDeploy»ent


C. New-AzResource


D. New-AzOeployment


E.





B.   New-AzResourceGroupDeploy»ent

Explanation: The New-AzResourceGroupDeployment cmdlet deploys an Azure Resource Manager template to a resource group. You can use this cmdlet to create a new resource group or update an existing one with the resources defined in the template. The template can be a local file or a URI. Then, References: [New-AzResourceGroupDeployment]

Your on-premises network contains an SMB share named Share1.
You have an Azure subscription that contains the following resources:
A web app named webapp1
A virtual network named VNET1
You need to ensure that webapp1 can connect to Share1.
What should you deploy?


A. an Azure Application Gateway


B. an Azure Active Directory (Azure AD) Application Proxy


C. an Azure Virtual Network Gateway





C.   an Azure Virtual Network Gateway

Explanation: A Site-to-Site VPN gateway connection can be used to connect your onpremises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device, a VPN gateway, located onpremises that has an externally facing public IP address assigned to it.

A: Application Gateway is for http, https and Websocket - Not SMB
B: Application Proxy is also for accessing web applications on-prem - Not SMB. Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client.

Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-siteresource-manager-portal

You have an Azure subscription that contains the resources in the following table.

To which subnets can you apply NSG1?


A. the subnets on VNet1 only


B. the subnets on VNet2 only


C. the subnets on VNet3 only


D. the subnets on VNet2 and VNet3 only


E. the subnets on VNet1 VNet2, and VNet3





C.   the subnets on VNet3 only

You have an Azure virtual machine named VM1 that runs Windows Server 2019.
You save VM1 as a template named Template1 to the Azure Resource Manager library.
You plan to deploy a virtual machine named VM2 from Template1.
What can you configure during the deployment of VM2?


A. virtual machine size


B. operating system


C. administrator username


D. resource group





D.   resource group

Resource Group is the correct answer: Admin user, password, vm size and os are the part of ARM templates. But resource group is not hence needs to be mentioned while deployment! Refer below sample ARM template for reference in which all above attributes passed in parameter. https://github.com/Azure/azure-quickstart-templates/blob/master/101-vm-simple-windows/azuredeploy.json

You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.
Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.
Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24.
You need to connect VNet1 to VNet2.
What should you do first?


A. Move VM1 to Subscription2.


B. Modify the IP address space of VNet2.


C. Provision virtual network gateways.


D. Move VNet1 to Subscription2.





C.   Provision virtual network gateways.

You have Azure subscriptions named Subscription1 and Subscription2.
Subscription1 has following resource groups:






You have an Azure subscription that has the public IP addresses shown in the following table.
You plan to deploy an instance of Azure Firewall Premium named FW1.
Which IP addresses can you use?


A. IP2 Only


B. IP1 and lP2 only


C. IP1, IP2, and IP5 only


D. IP1, IP2, IP4, and IP5 only





B.   IP1 and lP2 only

Explanation:
https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses#ata-glance Azure Firewall
- Dynamic IPv4: No
- Static IPv4: Yes
- Dynamic IPv6: No
- Static IPv6: No

https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/configure-public-ipfirewall
Azure Firewall is a cloud-based network security service that protects your Azure Virtual Network resources. Azure Firewall requires at least one public static IP address to be configured. This IP or set of IPs are used as the external connection point to the firewall. Azure Firewall supports standard SKU public IP addresses. Basic SKU public IP address and public IP prefixes aren't supported.

You have an Azure subscription named Subscription1 that has a subscription ID of c276fc76-9cd4-44c9-99a7-4fd71546436e.
You need to create a custom RBAC role named CR1 that meets the following requirements:

Can be assigned only to the resource groups in Subscription1

Prevents the management of the access permissions for the resource groups. Allows the viewing, creating, modifying, and deleting of resource within the resource groups.

What should you specify in the assignable scopes and the permission elements of the definition of CR1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.







Page 16 out of 38 Pages
Previous