AZ 104 Exam Prep

¡Supera tus tareas y exámenes ahora con Quizwiz!

You have an Azure subscription. An administrator manages access to resources at the resource group level. The assignment process is automated by running the following PowerShell script nightly. $rg = "RG1" $RoleName = "CustomRole1" $Role = Get-AzRoleDefinition -Name $RoleName New-AzRoleAssignment -SignInName [email protected] ` -RoleDefinitionName $Role.Name ` -ResourceGroupName $rg User1 is unable to access the RG1 resource group. You discover that the script fails to complete for new users. You run Get-AzRoleDefinition | Format-Table -Property Name, Id and receive the following information: Name: Custom Role 1, ID: 111-222-333 Name: Owner, ID: 222-333-444 Name: Contributor, ID: 333-444-555 Name: Reader, ID: 666-777-888 You need to modify the script to ensure that it does not fail in the future. What should you change in the script?

$RoleName = "111-222-333" (You should use the ID of the role in case the role name was changed to prevent such a change from breaking the script. Assign Azure roles using Azure PowerShell - Azure RBAC)

You have an Azure subscription that contains two resource groups named RG1 and RG2. RG1 contains the following resources: A virtual network named VNet1 located in the East US Azure region A network security group (NSG) named NSG1 located in the West US Azure region RG2 contains the following resources: A virtual network named VNet2 located in the East US Azure region A virtual network named VNet3 located in the West US Azure region You need to apply NSG1. To which subnets can you apply NSG1?

the subnets of VNet3 only (You can assign an NSG to the subnet of the virtual network in the same region as the NSG and NSG1 is in the West US region.)

You have an Azure subscription that contains hundreds of virtual machines that were migrated from a local datacenter. You need to identify which virtual machines are underutilized. Which Azure Advisor settings should you use?

Cost

You have an Azure subscription that contains a resource group named RG1. RG1 contains an Azure virtual machine named VM1. You need to use VM1 as a template to create a new Azure virtual machine. Which three methods can you use to complete the task?

- From Azure Cloud Shell, run the Save-AzDeploymentTemplate and New-AzResourceGroupDeployment cmdlets. - From RG1, select Export template, select Download, and then, from Azure Cloud Shell, run the New-AzResourceGroupDeployment cmdlet. - From VM1, select Export template, and then select Deploy.

You need to generate the shared access signature (SAS) token required to authorize a request to a resource.Which two parameters are required for the SAS token? (Each correct answer presents part of the solution)

- SignedResourceTypes (srt) - SignedServices (ss) (SignedServices (ss) is required to refer blobs, queues, tables, and files. SignedResourceTypes (srt) is required to refer services, containers, or objects. SignedStart (st) is an optional parameter that refers to the time when the SAS becomes valid. If unmentioned, the start time is assumed to be the time when the storage service receives the request. SignedIP (sip) is an optional parameter that refers to the range of IP addresses from which to accept requests.)

You have two premium block blob Azure Storage accounts named storage1 and storage2. You need to configure object replication from storage1 to storage2. Which three features should be enabled before configuring object replication?

- blob versioning for storage1 - blob versioning for storage2 - change feed for storage1 (Object replication can be used to replicate blobs between storage accounts. Before configuring object replication, you must enable blob versioning for both storage accounts, and you must enable the change feed for the source account.)

You have an Azure Resource Manager (ARM) template named deploy.json that is stored in an Azure Blob storage container. You plan to deploy the template by running the New-AzDeployment cmdlet. Which parameter should you use to reference the template?

-TemplateUri (You can use the -TemplateUri parameter to specify a web-based location, such as GitHub or an Azure Blob Storage account. You can use -Templatefile to specify a local file.)

You have a Log Analytics workspace that collects data from various data sources. You create a new Azure Monitor log query. You plan to view data pinned as a chart to a shared dashboard. What is the maximum number of days for which data can be pinned as a chart on the dashboard?

14 Days

You are deploying a virtual machine by using an availability set in the East US Azure region. You have deployed 18 virtual machines in two fault domains and 10 update domains. Microsoft performed planned physical hardware maintenance in the East US region. What is the maximum number of virtual machines that will be unavailable?

2

You plan to provision an Azure subscription that will contain the following virtual networks: VNet1 in the East US Azure region with two subnets VNet2 in the East US region with four subnets VNet3 in the West Europe Azure region with four subnets VNet4 in the West Europe region with two subnets How many Azure Network Watcher instances will be provisioned as part of the deployment?

2 (Azure Network Watcher is a regional service that allows you to monitor and diagnose conditions at a network scenario level in, to, and from Azure. When you create or update a virtual network in a subscription, Network Watcher will be enabled automatically in the virtual network's region. There is no impact on resources or associated charges for automatically enabling Network Watcher)

You have an Azure Storage account that contains a file share. Several users work from a secure location that limits outbound traffic to the internet.You need to ensure that the users at the secure location can access the file share in Azure. Which outbound port should you allow from the secure location?

445 (For accessing the file share, port 445 must be open. Port 5671 is used to send health information to Azure AD. (It is recommended, but not required, in the latest versions.) Port 80 is used to download certificate revocation lists (CRLs) to verify TLS/SSL certificates. Port 443 is used to sync with Azure AD.)

You have an Azure subscription that contains a virtual network named VNet1 and a virtual machine named VM1. VM1 can only be accessed from the internal network. An external contractor needs access to VM1. The solution must minimize administrative effort. What should you configure?

A Public IP address (To share a virtual machine with an external user, you must add a public IP address to the virtual machine. An additional IP address or firewall configuration will not help in this case. Configuring a S2S VPN does not have minimal administrative effort.)

You have an Azure subscription that contains a virtual network named VNet1. You plan to enable VNet1 connectivity to on-premises resources by using an encrypted connection. What should you configure for VNet1?

A VPN (A VPN gateway is a type of virtual network gateway that sends encrypted traffic between a virtual network and an on-premises location across a public connection. You can also use a VPN gateway to send traffic between virtual networks across the Azure backbone. A VPN gateway connection relies on the configuration of multiple resources, each of which contains configurable settings.)

You plan to use the following two Azure Resource Manager (ARM) templates to provision virtual machines: Template.json { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "adminUsername": { "type": "string", "metadata": { "description": "User name for the Virtual Machine." } }, "adminPassword": { "type": "securestring", "metadata": { "description": "Password for the Virtual Machine." } }, "dnsLabelPrefix": { "type": "string", "defaultValue": "[concat('vm-', uniqueString(resourceGroup().id))]", "metadata": { "description": "Unique DNS Name for the Public IP used to access the Virtual Machine." } }, ... { "apiVersion": "2019-12-01", "type": "Microsoft.Compute/virtualMachines", "name": "[variables('vmName')]", "location": "[parameters('location')]", "dependsOn": [ "[variables('storageAccountName')]", "[variables('nicName')]" ], "pro

Access Policy Azure Key Vault

You have an Azure virtual network named VNet1. You create an Azure Private DNS zone named contoso.com. You need to ensure that the virtual machines on VNet1 register in the contoso.com private DNS zone. What should you do?

Add a virtual network link to contoso.com. (To associate a virtual network to a private DNS zone, you add the virtual network to the zone by creating a virtual network link.)

You have an Azure subscription that contains an Azure DNS zone named contoso.com. You add a new subdomain named test.contoso.com. You plan to delegate test.contoso.com to a different DNS server. How should you configure the domain delegation?

Add an NS record set named test to the contoso.com zone. (You must create a DNS NS record set named test in the contoso.com zone. An NS zone must be created at the apex of the zone named contoso.com. You do not need to create the SOA record set in test.contoso.com. It must only be created in contoso.com. You do not need to create or modify the DNS A record.)

You have an Azure subscription that contains 200 virtual machines. You plan to use Azure Advisor to provide cost recommendations when underutilized virtual machines are detected. You need to ensure that all Azure admins are notified whenever an Advisor alert is generated. The solution must minimize administrative effort. What should you configure?

An Action Group (Whenever Azure Advisor detects a new recommendation for resources, an event is stored in the Azure Activity log. You can set up alerts for these events from Azure Advisor. You can select a subscription and optionally a resource group to specify the resources for which you want to receive alerts. You also need to create an action group that will contain all the users to be notified.)

You have an Azure Storage account named storage1. You plan to store long-term backups in storage1. The solution must minimize costs. Which storage tier should you use for the backups?

Archive

You have an Azure AD tenant.Your company has several offices in the same region. Each office has a dedicated IT staff. You need to ensure that the IT staff in each office can manage passwords for their users and administrators. Which two actions should you perform? (Each correct answer presents part of the solution.)

Assign the Helpdesk Administrator role. From the Azure portal, add administrative units. (You must create an administrative unit and the Helpdesk role assignment allows members to change password for both users and other administrators.)

You have an Azure Storage account named corpimages and an on-premises shared folder named \\server1\images. You need to migrate all the contents from \\server1\images to corpimages. Which two commands can you use?

Azcopy copy \\server1\images https://corpimages.blog.core.windows.net/public -recursive Get-ChildItem -Path \\server1\images -Recurse | Set-AzStorageBlobContent -Container " corpimages" (The AzCopy command allows you to copy all files to a storage account. You then use Get-ChildItem with the path parameter, recurse to select everything, and then use the Set-AzureStorageBlobContent cmdlet.)

You have an Azure subscription. You plan to deploy a web app in a Linux-based Docker container. You need to recommend a solution for the deployment of the web app that meets the following requirements: Supports a custom domain name Provides the ability to scale out automatically based on demand. Minimizes administrative effort Minimizes costs

Azure App Service. (Azure App Service fulfills all the stated requirements. Azure Virtual Machine Scale Sets, Azure Kubernetes Service (AKS), and Azure Container Instances are more difficult to administer and more costly.)

Your development team plans to deploy an Azure container instance. The container needs a persistent storage layer. Which service should you use?

Azure Files (You can persist data for Azure Container Instances with the use of Azure Files. Azure Files offers fully managed file shares hosted in Azure Storage that are accessible via the industry standard Server Message Block (SMB) protocol.)

You deploy web servers to two virtual machines named VM1 and VM2 in an availability set named AVSet1. You need to configure Azure Load Balancer with a backend pool of VM1 and VM2. The solution must minimize costs. Which SKU should you use for the Azure Load Balancer configuration?

Basic Azure Load Balancer with Basic SKU public IP

You have an Azure Storage account. You need to copy data to the storage account by using the AzCopy tool. Which two types of data storage are supported by AzCopy?

Blob File

You have an Azure subscription that contains a web app named App1. You configure App1 with a custom domain name of webapp1.contoso.com. You need to create a DNS record for App1. The solution must ensure that App1 remains accessible if the IP address changes. Which type of DNS record should you create?

CNAME (For web apps, you create either an A (Address) record or a CNAME (Canonical Name) record. An A record maps a domain name to an IP address. A CNAME record maps a domain name to another domain name. DNS uses the second name to look up the address. Users still see the first domain name in their browser. If the IP address changes, a CNAME entry is still valid, whereas an A record must be updated.)

You have an Azure virtual machine that you back up by using Azure Backup. The backup policy sub type is Standard, and the backup policy has the following configurations Backup schedule frequency: Weekly Retain instant recovery snapshot(s) for: 5 days Retention of weekly backup point: On Sunday at 8:00 AM for 12 weeks You plan to reduce the amount of storage used by Instant Restore. You need to instance recovery snapshots to be retained for only two days. What should you do first?

Change the backup frequency to Daily (You can choose to store between one and five instant recovery snapshots and the default value is two. However, when the backup schedule frequency is weekly, you must retain five instant recovery snapshots.)

You have an Azure subscription that contains four virtual machines. Each virtual machine is connected to a subnet on a different virtual network. You install the DNS Server role on a virtual machine named VM1. You configure each virtual network to use the IP address of VM1 as the DNS server. You need to ensure that all four virtual machines can resolve IP addresses by using VM1. What should you do?

Configure network peering. (By default, Azure virtual machines can communicate only with other virtual machines that are connected to the same virtual network. If you want a virtual machine to communicate with other virtual machines that are connected to other virtual networks, you must configure network peering.)

You have an Azure subscription and a user named User1. You need to assign User1 a role that allows the user to create and manage all types of resources in the subscription. The solution must prevent User1 from assigning roles to other users. Which Azure role-based access control (RBAC) role should you assign to User1?

Contributor

Your company has a set of resources deployed to an Azure subscription. The resources are deployed to a resource group named app-grp1 by using Azure Resource Manager (ARM) templates.You need to verify the date and the time that the resources in app-grp1 were created. Which blade should you review for app-grp1 in the Azure portal?

Deployments

You have two Azure virtual machines named VM1 and VM2 that run Windows Server 2022.VM1 has a single data disk that stores backup files. You need to move the data disk from VM1 to VM2 as quickly as possible. What should you do first?

Detach the data disk from VM1.

You have an Azure subscription that contains a tenant named contoso.com. All users in contoso.com are currently able to invite external users to B2B collaboration.You need to ensure that only members of the Guest Inviter, User Administrator, and Global Administrator roles can invite guest users. What should you configure?

External collaboration settings

You have an Azure subscription that contains 20 virtual networks and 500 virtual machines. You deploy a new virtual machine named VM501. You discover that VM501 is unable to communicate with a virtual machine named VM20 in the subscription. You suspect that a network security group (NSG) is the cause of the issue. You need to identify whether an NSG is blocking communications. The solution must minimize administrative effort. What should you use?

IP flow verify. (IP flow verify lets you specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify can identify the specific network security group (NSG) that prevents communication.

You have an Azure subscription that contains a resource group named RG1. RG1 contains two virtual machines named VM1 and VM2. You need to inspect all the network traffic from VM1 to VM2.The solution must use Azure Monitor metrics. Which two actions should you perform?

Install AzureNetworkWatcherExtension. Use Packet Capture. (Azure Network Watcher variable packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine. Packet capture helps to diagnose network anomalies both reactively and proactively.)

ou have an Azure subscription that contains network security groups (NSGs). Which two resources can be associated with a NSG?

Network Interfaces Subnets

You have an Azure subscription that contains a resource group named RG1. RG1 has a virtual network named VNet3, a virtual machine named VM1, and a public IP address named PubIP1. All the resources are in the West US Azure region. You plan to create and configure a network security group (NSG) named NSG1 for the following types of traffic: Remote Desktop Management HTTP NSG1 will be used on the subnets of multiple virtual networks. Which two cmdlets should you run?

New-AzNetworkSecurityGroup New-AzNetworkSecurityRuleConfig

You have an Azure subscription that contains multiple virtual machines. You need to ensure that a user named User1 can view all the resources in a resource group named RG1. You must use the principle of least privilege. Which role should you assign to User1?

Reader (The Reader role allows you to view all the resources but does not allow you to make any changes. The Contributor role allows you to manage all the resources, the Billing Reader role provides read access only to billing data, and the Tag Contributor role allows you to manage entity tags without providing access to the entities themselves.)

You have an Azure virtual machine. You receive a notification that the virtual machine is going to be affected by an underlying maintenance activity on the physical infrastructure. You need to move the virtual machine to a different host to avoid a service interruption. What should you do?

Redeploy the Virtual Machine (You must redeploy the virtual machine, which can move the virtual machine to a different host. Azure will shut down the virtual machine and move the virtual machine to a new node within the Azure infrastructure.)

You have an Azure subscription that contains several storage accounts. You need to provide a user with the ability to perform the following tasks - Manage containers within the storage accounts. - View storage account access keys. The solution must use the principle of least privilege. Which role should you assign to the user?

Storage Account Contributor (Storage Account Contributor allows the management of storage accounts. It provides access to the account key, which can be used to access data via Shared Key authorization. Storage Blob Data Contributor grants permissions to read, write, and delete Azure Storage containers and blobs. Reader allows you to view all resources but does not allow you to make any changes. Owner grants full access to manage all resources, including the ability to assign roles in Azure RBAC.)

You have an Azure subscription that contains 25 virtual machines. You need to ensure that each virtual machine is associated to a specific department for reporting purposes. What should you use?

Tags (Tags are metadata elements that can be applied to Azure resources. Tags can be used for tracking resources such as virtual machines and associating each resource to a department for billing and reporting purposes.)

You plan to deploy an Azure virtual machine. You are evaluating whether to use an Azure Spot instance. Which two factors can cause an Azure Spot instance to be evicted?

The Azure capacity needs The current price of the instance

You have an Azure subscription. From PowerShell, you run the Get-MgUser cmdlet for a user and receive the following details: Id: 8755b347-3545-3876-3987-999999999999 DisplayName: Ben Smith Mail: [email protected] UserPrincipalName: bsmith_contoso.com#EXT#@fabrikam.com Which statement accurately describes the user?

The user was a guest in the tenant.

You plan to configure object replication between two Azure Storage accounts. The Blob service of the source storage account has the following settings: Hierarchical namespace: Disabled Default access tier: Hot Blob public access: Enabled Blob soft delete: Enabled (7 days) Container soft delete: Enabled (7 days) Versioning: Disabled Change feed: Enabled NFS v3: Disabled Allow cross-tenant replication: Enabled Which setting should be modified on the source storage account to support object replication?

Versioning

You have an Azure subscription that contains the following resources: Eight virtual networks 24 virtual machines 16 storage accounts You need to implement a monitoring solution that provides the ability to view diagnostics and telemetry data generated by Azure resources. What should you include in the solution?

a Log Analytics workspace

You have an Azure subscription. You plan to create a storage account named storage1 to store images. You need to replicate the images to a new storage account. What are three requirements of storage1?

a container blob versioning. standard general-purpose v2 (Versioning must be enabled for the source and target. An object type container is needed to replicate the images. You must create a StandardV2 storage account. File shares are not needed, and queues are unsupported for replication.)

You have an Azure virtual network named VNet1 that is deployed to the Azure East US region. You need to ensure that email is sent to an administrator when a virtual machine is connected to VNet1. What should you create?

an action group an alert rule

You have an Azure Storage account named storageaccount1 with a blob container named container1 that stores confidential information. You need to ensure that content in container1 is not modified or deleted for six months after the last modification date. What should you configure?

the immutability policy (A timed-based retention policy or legal hold policies can be applied to block deletion. Immutability policies can be scoped to a blob version or to a container.)

You have an Azure subscription that contains a resource group named RG1. RG1 contains an application named App1 and a container app named containerapp1. App1 is experiencing performance issues when attempting to add messages to the containerapp1 queue. You need to create a job to perform an application resource cleanup when a new message is added to a queue. Which command should you run?

az containerapp job create \ --name "my-job" --resource-group "RG1" -trigger-type "Event" \ -replica-timeout 60 --replica-retry-limit 1 ...

You have an Azure subscription that contains two virtual networks named VNet1 and VNet2.You need to ensure that the resources on both VNet1 and VNet2 can communicate seamlessly between both networks. What should you configure from the Azure portal?

peerings (You can connect virtual networks to each other with virtual network peering. Once the virtual networks are peered, the resources on both virtual networks can communicate with each other with the same latency and bandwidth as though the resources were on the same virtual network.)

You need to create an Azure Storage account that meets the following requirements: - Stores data in multiple Azure regions - Supports reading the data from primary and secondary regions Which type of storage redundancy should you use?

read-access geo-redundant storage (RA-GRS) (Since you must ensure that data can be read from a secondary region, you must choose read-access geo-redundant storage (RA-GRS).)

Question 2 of 50 You have the following resource groups, management groups, and Azure subscriptions: Two resource groups named RG1 and RG2 that are associated with a subscription named 111-222-333 and a management group named MG1. Two resource groups named RG3 and RG4 that are associated with a subscription named 777-888-999 and a management group named MG1. Two resource groups named RG5 and RG6 that are associated with a subscription named 444-555-666 and a management group named MG1 Two resource group named RG10 and RG11 that are associated with a subscription named 222-333-444 and a management group named MG2 Two resource group named RG11 and RG12 that are associated with a subscription named 555-666-888 and a management group named MG2 You need to assign a role to a user to ensure the user can view all the resources in the subscriptions. The solution must use the principle of least privilege. Which role sh

the Reader role for MG1 and MG2 (Assigning the Reader role for MG1 and MG2 is correct because the simplest way to give user access to all resources is to assign a role at the management group level.)


Conjuntos de estudio relacionados

Psychology 1010 - Sensation and Perception Questions

View Set

historia del hombre se convirtio en perro

View Set

Fundamentals of Nursing, Adult Lifespan

View Set

Financial Accounting Vocab Ch. 2

View Set