AZ 104

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which of the following is true about resource groups? Resources can be in only one resource group. Role-based access control can't be applied to a resource group Resource groups can be nested.

Resources can be in only one resource group.

Suppose a developer needs full access to a resource group. If you are following least-privilege best practices, what scope should you specify? Resource Resource group Subscription

Resource group

The Production team manages a web app that requires scaling to 5 instances and 100 GB of disk storage. They'd like a cost-efficient scaling solution. Which App Service Plan can you implement to support the Production team's requirements? Basic Standard Premium

Premium

The Sales department has a subnet with an address range of 10.3.0.0/16. For the Sale department subnet range, which IP address can be dynamically assigned? 10.3.0.2 10.3.255.255 10.3.255.254

10.3.255.254

How soon do Custom Script Extensions time out? 30 minutes 90 minutes 120 minutes

90 minutes

Which of the following situations would be good example of when to use a resource lock? A ExpressRoute circuit with connectivity back to the on-premises network. A non-production virtual machine used to test occasional application builds. A storage account used to temporarily store images processed in a development environment.

A ExpressRoute circuit with connectivity back to the on-premises network.

What is an Azure Resource Manager template? A series of Azure CLI commands to deploy infrastructure to Azure. A JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for the deployment. A script used by the Azure Resource Manager to manage the Azure storage account.

A JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for the deployment.

What is an Azure Resource Manager template? A series of Azure CLI commands to deploy infrastructure to Azure. A JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your deployment. A script held in Azure Resource Manager to manage your Azure storage account.

A JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your deployment.

What is a role definition in Azure? A collection of permissions with a name that is assignable to a user, group, or application The collection of users, groups, or applications that have permissions to a role The binding of a role to a security principal at a specific scope, to grant access

A collection of permissions with a name that is assignable to a user, group, or application

How would you describe the IP address for an Azure Firewall implementation? A firewall has a dynamically assigned public IP address. A firewall has a statically assigned public IP address. A firewall has an IP address assigned from a pool of designated addresses.

A firewall has a statically assigned public IP address.

What type of user account allows an external organization to access your resources? A Contributor user account for each member of the team. An administrator account for each member of the team. A guest user account for each member of the external team.

A guest user account for each member of the external team.

What type of DNS record can map one or more IP addresses against a single domain? CNAME SOA A or AAAA

A or AAAA

Triggering a webhook at 8:00 AM on Saturday is an example of what type of rule? A metric-based rule. A time-based rule. An app-insight rule.

A time-based rule.

What's the default network rule when configuring network access to an Azure storage account? Allow all connections from all networks. Allow all connection from a private IP address range. Deny all connections from all networks.

Allow all connections from all networks.

How would you define a default inbound security rule? Allow inbound coming from a virtual machine in another virtual network. Allow traffic from any external source to any of the virtual machines. Allow inbound coming from any virtual machine to any other virtual machine within the virtual network.

Allow inbound coming from any virtual machine to any other virtual machine within the virtual network.

What type of Azure Firewall rule can allow access to Azure SQL Database from an FQDN address? Network rule NAT rule Application rule

Application Rule

The company financial controller wants to identify which billing department each Azure resource belongs to. Which approach enables this requirement? Track resource usage in a spreadsheet. Place the resources in different regions. Apply a tag to each resource that includes the associated billing department.

Apply a tag to each resource that includes the associated billing department.

You have three virtual machines (VM1, VM2, VM3) in a resource group. A new admin is hired, and they need to be able to modify settings on VM3. They shouldn't be able to make changes to VM1 or VM2. How can you implement RBAC to minimize administrative overhead? Assign the admin to the Contributor role on the resource group. Assign the admin to the Contributor role on VM3. Move VM3 to a new resource group, and then assign the admin to the Owner role on VM3.

Assign the admin to the Contributor role on VM3.

In a typical project, when would you create your storage account(s)? At the beginning, during project setup. After deployment, when the project is running. At the end, during resource cleanup.

At the beginning, during project setup.

Suppose an administrator in another department needs access to a virtual machine managed by your department. What's the best way to grant them access to just that resource? At the resource scope, create a role for them with the appropriate access. At the resource group scope, assign the role with the appropriate access. At the resource scope, assign the role with the appropriate access.

At the resource scope, assign the role with the appropriate access.

The finance team needs to transfer a series of large files to Azure Blob Storage. The operation might take several hours to upload each file. The team is concerned about what happens if the transfer fails and the process has to be restarted. Which storage approach can help resolve the concerns of the finance team? The Azure CLI AzCopy Azure Storage Explorer

AzCopy

Which choice correctly describes Azure Active Directory? Azure AD can be queried through LDAP. Azure AD is primarily an identity solution. Azure AD uses organizational units (OUs) and group policy objects (GPOs).

Azure AD is primarily an identity solution.

The Marketing team needs to know which research web pages are most popular, at what times of day, and where users are located. How can you support the Marketing team requests about research web page usage? Continuous deployment Application logging Azure Application Insights

Azure Application Insights

Which summary best describes the main purpose of Azure DNS? Azure DNS manages the security and access to your website. Azure DNS manages and hosts the registered domain for a website and its associated records. Azure DNS registers new domain names, so there's no need to use a domain registrar.

Azure DNS manages and hosts the registered domain for a website and its associated records.

Which statement describes the Azure ExpressRoute service? Azure ExpressRoute is a service that provides a VPN connection between on-premises locations and the Microsoft cloud. Azure ExpressRoute is a service that provides a direct connection from an on-premises datacenter to the Microsoft cloud. Azure ExpressRoute is a service that provides a site-to-site VPN connection between the on-premises network and the Microsoft cloud.

Azure ExpressRoute is a service that provides a direct connection from an on-premises datacenter to the Microsoft cloud.

Your company is building a video-editing application that will offer online storage for user-generated video content. The videos will be stored in Azure Blobs. An Azure storage account will contain the blobs. It's unlikely the storage account would ever need to be removed and recreated. Which tool is likely to offer the quickest and easiest way to create the storage account? Azure portal Azure CLI Azure PowerShell

Azure Portal

Azure Resource Manager templates are idempotent. This means that if you run a template with no changes a second time: Azure Resource Manager will deploy new resources as copies of the previously deployed resources. Azure Resource Manager won't make any changes to the deployed resources. Azure Resource Manager will delete the previously deployed resources and redeploy them.

Azure Resource Manager won't make any changes to the deployed resources.

What happens if the same template is run a second time? Azure Resource Manager will deploy new resources as copies of the previously deployed resources. Azure Resource Manager won't make any changes to the deployed resources. Azure Resource Manager will delete the previously deployed resources and redeploy them.

Azure Resource Manager won't make any changes to the deployed resources.

The manufacturing department wants to control how data is transferred to Azure Files. They want a graphical tool to manage the process, but they don't want to use the Azure portal. What storage tool satisfies the request of the manufacturing department? Azure Data Box Robocopy Azure Storage Explorer

Azure Storage Explorer

Which of the following statements about Azure Virtual Network is correct? Outbound communication with the internet must be configured for each resource on the virtual network. Azure Virtual Network enables communication between Azure resources. Azure virtual networks can't be configured to communicate with on-premises resources.

Azure Virtual Network enables communication between Azure resources

What Microsoft service helps to simplify a complex hub-and-spoke virtual network WAN deployment? Azure ExpressRoute Azure Virtual Network peering Azure Virtual WAN

Azure Virtual WAN

A new project has several resources that need to be administered together. Which of the following strategies would provide a good solution? Azure templates Azure resource groups Azure subscriptions

Azure resource groups

Explain the main differences between Azure roles and Azure Active Directory (Azure AD) roles. Azure roles apply to Azure resources. Azure AD roles apply to Azure AD resources such as users, groups, and domains. Azure roles can be assigned at the root level. Azure AD roles are used to manage access to Azure resources.

Azure roles apply to Azure resources. Azure AD roles apply to Azure AD resources such as users, groups, and domains.

What term defines a dedicated and trusted instance of Azure Active Directory? Azure tenant Identity Azure AD account

Azure tenant

Which of the following options is a feature of Azure Container Instances? Container Instances require several minutes to load. Container Instances use Azure Blob Storage for retrieve and persist state. Billing for Container Instances occurs when containers are in use.

Billing for Container Instances occurs when containers are in use.

How would you describe blob object replication? Blob object replication doesn't require versioning to be enabled. Blob object replication doesn't support blob snapshots. Blob object replication is supported in the archive tier.

Blob object replication doesn't support blob snapshots.

The Azure CLI can be installed on which of the following? Linux Windows Both Linux and Windows

Both Linux and Windows

Which of the following statements correctly describes cloud tiering? Cloud tiering prioritizes the sync order of file shares. Cloud tiering sets the frequency at which the sync job runs. Cloud tiering archives infrequently access files to free up space on the local file share.

Cloud tiering archives infrequently access files to free up space on the local file share.

Which virtual machine is best for running a network appliance? Memory-optimized virtual machine Compute-optimized virtual machine Storage-optimized virtual machine

Compute-optimized virtual machine

You have an established security policy for specific data that prohibits exposing SSH ports to external connections. For the security requirements, how can you connect to Azure Linux virtual machines and install software? Configure a guest configuration on the virtual machine. Create a custom script extension. Configure Azure Bastion.

Configure Azure Bastion.

. Another Administrator is managing Azure locally using PowerShell. They have launched PowerShell as an Administrator. Which of the following commands should be executed first? Connect-AzAccount Get-AzResourceGroup Get-AzSubscription

Connect-AzAccount

When virtual networks are successfully peered, what's the peering status for both virtual networks in the peering? Initiated Connected Peered

Connected

When you clone a configuration from another deployment slot, which configuration setting follows the content across the swap? Custom domain names Connection strings Scale settings

Connection strings

Suppose an administrator wants to assign a role to allow a user to create and manage Azure resources but not be able to grant access to others. Which of the following built-in roles would support this? Owner Contributor Reader User Access Administrator

Contributor

The company financial controller wants to be notified whenever the company is half-way to spending the money allocated for cloud services. Which approach supports this request? Create an Azure reservation. Create a budget and a spending threshold. Create a management group.

Create a budget and a spending threshold.

How can you ensure that only cost-effective virtual machine SKU sizes are deployed? Periodically inspect the deployment to see which SKU sizes are used Create an Azure RBAC role that defines the allowed virtual machine SKU sizes Create a policy in Azure Policy that specifies the allowed SKU sizes

Create a policy in Azure Policy that specifies the allowed SKU sizes

There are several Azure policies that need to be applied to a new branch office. What's the best approach? Create a management group Create a policy initiative Create a policy definition

Create a policy initiative

The finance team requests resources and billing to be categorized by department, such as Marketing, Research, and Human Resources. To satisfy the finance team's request for billing by department, multiple resource groups have been created and the resource tags applied. What's the next step? Create a management group Create an Azure policy Review the Azure Policy compliance page

Create an Azure policy

Your company uses an Azure storage account for storing large numbers of video and audio files. Containers are used to store each type of file and access is limited to those media files. Additionally, the files can only be accessed through shared access signatures. The company wants the ability to revoke access to the files and to change the period for which users can access the files. The company is planning a delegation model for Azure storage. Applications in the production environment must have unrestricted access to Azure Storage resources. You're researching how to use network configuration rules, shared access signatures (SAS), and stored access policies to implement secure access to Azure Storage. Which solution is the easiest way to implement secure storage for the company's media files? Create a shared access signature (SAS) for each user and delete the SAS to prevent access. Create stored access policies for each container to enable revocation of access or change of duration. Periodically regenerate the account key to control access to the files.

Create stored access policies for each container to enable revocation of access or change of duration.

Suppose you have two video files stored as blobs. One of the videos is business-critical and requires a replication policy that creates multiple copies across geographically diverse datacenters. The other video is non-critical, and a local replication policy is sufficient. Which of the following options would satisfy both data diversity and cost sensitivity consideration. Create a single storage account that makes use of Local-redundant storage (LRS) and host both videos from here. Create a single storage account that makes use of Geo-redundant storage (GRS) and host both videos from here. Create two storage accounts. The first account makes use of Geo-redundant storage (GRS) and hosts the business-critical video content. The second account makes use of Local-redundant storage (LRS) and hosts the non-critical video content.

Create two storage accounts. The first account makes use of Geo-redundant storage (GRS) and hosts the business-critical video content. The second account makes use of Local-redundant storage (LRS) and hosts the non-critical video content.

The Infrastructure team wants to install IIS on the localhost, but they don't want to use the Custom Script Extension. What option can the infrastructure team use for their IIS configuration instead of Custom Script Extensions? Desired State Configuration Virtual machine extension Windows update

Desired State Configuration

Which feature does Azure Firewall use to enable remote desktop connections? Destination network address translation (DNAT) Source network address translation (SNAT) Service tags

Destination network address translation (DNAT)

What implementation ensures container software runs the same locally and in the cloud on Azure? Docker Container groups Container Instances

Docker

The Admin team is testing an implementation of Azure Virtual Machine Scale Sets with five virtual machines. During testing, monitoring alerts show all virtual machines running at maximum capacity. However, you discover that when the CPU is fully consumed more virtual machines aren't deploying in the scale set. How can you ensure more virtual machines are deployed for the Admin team when the CPU is 75% consumed? Manually increase the instance count. Change the CPU percentage to 50%. Enable the autoscale option.

Enable the autoscale option.

What's the default distribution type for traffic through a load balancer? Source IP affinity Three-tuple hash Five-tuple hash

Five-tuple hash

What approach enables peered virtual networks to share the gateway and get access to resources? Point-to-site connectivity Transitivity Gateway transit

Gateway Transit

Which option is a valid automated deployment source? GitHub JavaScript code SharePoint

GitHub

Which Azure AD role enables a user to manage all groups in your Teams tenants, and also assign other admin roles? Global administrator Security administrator​ User administrator​

Global administrator

The name of a storage account must be: Unique within the containing resource group. Unique within your Azure subscription. Globally unique.

Globally unique.

Suppose a team member can't view resources in a resource group. Where would the administrator go to check the team member's access? Check the team member's permissions by going to their Azure profile > My permissions. Go to the resource group and select Access control (IAM) > Check Access. Go to one of the resources in the resource group and select Role assignments.

Go to the resource group and select Access control (IAM) > Check Access.

Which of the following changes between access tiers happens immediately? Hot tier to cool tier Archive tier to cool tier Archive tier to hot tier

Hot tier to cool tier

How can you enable the VPN gateway to work with Azure ExpressRoute? Implement a policy-based VPN gateway. Implement a route-based VPN gateway. Implement a path-based VPN gateway.

Implement a route-based VPN gateway.

What's a valid next hop type? Load Balancer ExpressRoute Internet

Internet (The valid next hop choices are virtual appliance, virtual network gateway, virtual network, internet, and none.)

Your users want to sign-in to devices, apps, and services from anywhere. Users want to sign-in by using an organizational work or school account instead of a personal account. What should you do first? Enable the device in Azure AD. Join the device to Azure AD. Register the device with Azure AD.

Join the device to Azure AD.

The manufacturing division has sensors that record time-relative data. Only the most recent data is useful. The company wants the lowest cost storage solution for this data. What's the best storage account solution to support the requirements of the manufacturing division? Locally redundant storage Geo-redundant storage Zone-redundant storage

Locally redundant storage

What is the inheritance order for scope in Azure? Management group, Resource group, Subscription, Resource Management group, Subscription, Resource group, Resource Subscription, Management group, Resource group, Resource Subscription, Resource group, Management group, Resource Check your answers

Management group, Subscription, Resource group, Resource

Which option can you use to manage governance across multiple Azure subscriptions? Azure initiatives Resource groups Management groups

Management groups

What's included in a custom Azure role definition? Assignment of a custom role Actions and DataActions operations scoped to the tenant level Operations allowed for Azure resources, and scope of permissions

Operations allowed for Azure resources, and scope of permissions

Azure Private DNS supports which of the following scenarios? Organizations manage and resolve domain names in a virtual network without adding a custom DNS solution. Organizations manage and resolve domain names in a virtual network by adding a custom DNS solution. Organizations manage domain names in other organizations.

Organizations manage and resolve domain names in a virtual network without adding a custom DNS solution.

What effect do the default network security settings have on a new virtual machine? Outbound requests are allowed. Inbound traffic is allowed only from within the virtual network. No outbound and inbound requests are allowed. There are no restrictions. All outbound and inbound requests are allowed.

Outbound requests are allowed. Inbound traffic is allowed only from within the virtual network.

Which of the following parameters is an element in the template schema? Includes Scripts Outputs

Outputs

What component of Azure Kubernetes Service contributes to the monthly Azure charge? Per node virtual machine Primary node Per deployed pod

Per node virtual machine

Which storage solution replicates data to a secondary region, maintains six copies of the data, and is the default replication option? Locally redundant storage Read-access geo-redundant storage Zone-redundant storage

Read-access geo-redundant storage

Which option preserves data residency, and offers comprehensive compliance and resiliency options? Azure Active Directory (Azure AD) Account Regions Subscriptions

Regions

What scaling option provides more CPU, memory, or disk space without adding more virtual machines? Scale up Scale out Scale back

Scale up

The DevOps team wants to configure Azure Virtual Machine Scale Sets for their production servers. Thursday evening is typically the busiest time in preparation for delivery to customers by COB on Friday. Conversely, early Monday is generally the quietest time. You need a plan to add more machines when the workload is high. Which Virtual Machine Scale Sets feature can be configured to add more DevOps machines during peak production? Schedule-based rules Autoscale Metric-based rules

Schedule-based rules

Suppose an administrator needs to generate a report of the role assignments for the last week. Where in the Azure portal would they generate that report? Search for Activity log and filter on the Create role assignment (roleAssignments) operation. At the appropriate scope, go to Access control (IAM) > Download role assignments. At the appropriate scope, go to Access control (IAM) > Role assignments.

Search for Activity log and filter on the Create role assignment (roleAssignments) operation.

What kind of group account can you create so you can apply the same permissions to all group members? Security group Azure AD bulk group Microsoft 365 group

Security group

What feature can support the denial of traffic based on the IP address range? Statically assigned IP addresses Dynamically assigned IP addresses IP addresses in the reserved range

Statically assigned IP addresses

How is the Azure File Sync agent installed and used? The Azure File Sync agent is installed on a server to enable Azure File Sync replication between the local file share and an Azure Files share. The Azure File Sync agent is installed on a server to set NTFS permissions on files and folders. The Azure File Sync agent is installed on an Azure Files share to control on-premises file and folder replication traffic.

The Azure File Sync agent is installed on a server to enable Azure File Sync replication between the local file share and an Azure Files share.

How does Kubernetes enable internal-only applications to support other workloads within the cluster? The LoadBalancer service The NodePort service The ClusterIP service

The ClusterIP service

What statement best describes Azure Blob Storage access tiers? The cool access tier is for frequent access of objects in the storage account. The hot access tier is for storing large amounts of data that's infrequently accessed. The administrator can switch between hot and cool performance tiers at any time.

The administrator can switch between hot and cool performance tiers at any time.

Which implementation decision most influences VPN gateway performance? A route-based VPN gateway. A policy-based VPN gateway. The appropriate Azure VPN Gateway SKU.

The appropriate Azure VPN Gateway SKU.

The infrastructure team has two network security group security rules for inbound traffic to the back-end web servers. There's an allow rule with a priority of 200, and a deny rule with a priority of 150. Which of the security rules defined by the infrastructure team takes precedence? The allow rule takes precedence. The deny rule takes precedence. The rule that was created first takes precedence.

The deny rule takes precedence.

The admin team needs to know the requirements for storage account names. To what extent does a storage account name need to be unique? The name must be unique within the containing resource group. The name must be unique within the organization's subscription. The name must be globally unique.

The name must be globally unique.

What key piece of information do you need to set up the on-premises VPN gateway? The shared key provided when the site-to-site (S2S) VPN connection was created. The shared access signature (SAS) key for the recovery services vault. The private IP address of the virtual network gateway.

The shared key provided when the site-to-site (S2S) VPN connection was created.

When should Azure ExpressRoute be used instead of Azure site-to-site connectivity? To handle enterprise-class and mission-critical workloads To connect mobile users directly to a virtual network running in Azure To handle small-scale production workloads running on Azure virtual machines

To handle enterprise-class and mission-critical workloads

How is Azure Virtual Network peering best described? Traffic between virtual networks is kept on the Microsoft backbone network. Virtual network peering disrupts other resources. Peered virtual networks must be in the same region.

Traffic between virtual networks is kept on the Microsoft backbone network.

One scenario you're working to resolve involves the manufacturing division. They're running dedicated software in their warehouse to keep track of product stock. The software needs to run on machines in the warehouse, but the management team wants to access the stock data from the main office. The limited bandwidth available in the warehouse has caused problems in the past when they tried to use cloud-based solutions. What's the best way to sync files stored on the manufacturing warehouse machines with the cloud? Create an Azure Files share and directly mount shares on the machines in the warehouse. Use a machine in the warehouse to host a file share, install Azure File Sync, and share a drive with the rest of the warehouse. Install Azure File Sync on every machine in the warehouse and also in the main office.

Use a machine in the warehouse to host a file share, install Azure File Sync, and share a drive with the rest of the warehouse.

Your company uses an Azure storage account for storing large numbers of video and audio files. Containers are used to store each type of file and access is limited to those media files. Additionally, the files can only be accessed through shared access signatures. The company wants the ability to revoke access to the files and to change the period for which users can access the files. The company is planning a delegation model for Azure storage. Applications in the production environment must have unrestricted access to Azure Storage resources. You're researching how to use network configuration rules, shared access signatures (SAS), and stored access policies to implement secure access to Azure Storage. What's the best way to implement secure access to Azure Storage for the company's users? Use shared access signatures for the production applications. Use access keys for the production applications. Use stored access policies for the production applications.

Use access keys for the production applications.

Your administrators maintain an existing storage account in Azure for unstructured data. For billing purposes, management has requested a new storage account for the data. The admins need to be sure no data is lost when moving to the new storage account. How can admins move the data in the existing storage account to the new storage account? Use the AzCopy command-line tool Use the Azure portal Use the Robocopy command-line tool

Use the AzCopy command-line tool

What types of scaling can you use to increase the CPU capacity for your existing Virtual Machine Scale Sets instances? Horizontal scaling Vertical scaling Load balancing

Vertical scaling

Which of the following options is a small application that provides post-deployment configuration and automation tasks for Azure Virtual Machines? Automation State Configuration Desired State Configuration Virtual machine extensions

Virtual machine extensions

Which configuration is required for an internal load balancer? Virtual machines must be in the same virtual network. Virtual machines must be publicly accessible. Virtual machines must be in an availability set.

Virtual machines must be in the same virtual network.

The Admin team has requested input about where containers on Windows can be more advantageous than virtual machines. Why should you select virtual machines over containers for your configuration? Virtual machines run the user mode portion of an operating system and can be tailored to contain just the needed services for your app. Virtual machines provide complete isolation from the host operating system and other virtual machines. Virtual machines use Azure Disks for local storage for a single node.

Virtual machines provide complete isolation from the host operating system and other virtual machines.

How can you extend the company's private address space with direct connections to Azure resources? Virtual network endpoints User-defined routes Virtual appliances

Virtual network endpoints

What's a valid service tag for network security group rules? VirtualNetwork VPN Gateway Database

VirtualNetwork

Which statement best describes Azure routing? Administrators can create system routes. When the next hop type is none, traffic is dropped. Azure gateways are needed to route traffic between subnets.

When the next hop type is none, traffic is dropped.

Which one of these is not an element of an Azure Resource Manager template? idempotent schema parameters

idempotent

Which Kubernetes component processes orchestration requests and schedules when to run requested containers? container kubelet node

kubelet


Kaugnay na mga set ng pag-aaral

Intro to Nursing- Chapter 4 (Legal)

View Set

AP Human Geography Chapter 9 - Development

View Set

Chapter 13 Group Health Insurance

View Set

Business Entities- prior exam questions

View Set

bio exam 2 chapter 55 w/o diagrams

View Set