AZ104 Examtopic
blob and file only
You have an Azure Storage account named storage1.You plan to use AzCopy to copy data to storage1.You need to identify the storage services in storage1 to which you can copy the data.What should you identify?
Event | search "error"
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.You need to view the error from a table named Event.Which query should you run in Workspace1?
Create a route-based virtual network gateway Delete GW1
You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1.You need to ensure that you can configure a point-to-site connection from an on-premises computer to VNet1.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode.
You need to deploy an Azure virtual machine scale set that contains five instances as quickly as possible.What should you do?
Modify the extensionProfile section of the Azure Resource Manager template
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
From Plan1, scale up the App Service plan
You create an App Service plan named Plan1 and an Azure web app named webapp1.You discover that the option to create a staging slot is unavailable.You need to create a staging slot for Plan1.What should you do first?
an Azure Key Vault and an access policy
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.What should you create to store the password?
an Office 365 group that uses the Assigned membership type an Office 365 group that uses the Dynamic User membership type
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1.You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.Which two groups should you create? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
From the Recovery Service vault, stop the backup of each backup item.
You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines.You need to delete the Recovery Services vault.What should you do first?
one App Service plan
You have a deployment template named Template1 that is used to deploy 10 Azure web apps.You need to identify what to deploy before you deploy Template1. The solution must minimize Azure costs.What should you identify?
an inbound NAT rule
You have a public load balancer that balances ports 80 and 443 across three virtual machines.You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only.What should you configure?
From the Licenses blade of Azure AD, assign a license
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.You purchase 10 Azure AD Premium P2 licenses for the tenant.You need to ensure that 10 users can use all the Azure AD Premium features.What should you do?
From the Users blade, modify the External collaboration settings.
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.The User administrator role is assigned to a user named Admin1.An external partner has a Microsoft account that uses the [email protected] sign in.Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: "Unable to invite user [email protected] "" Generic authorization exception."You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.What should you do?
MX
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.Your company has a public DNS zone for contoso.com.You add contoso.com as a custom domain name to Azure AD.You need to ensure that Azure can verify the domain name.Which type of DNS record should you create?
From the Directory role blade, modify the directory role
You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts. You create a new user account named AdminUser1.You need to assign the User administrator administrative role to AdminUser1.What should you do from the user account properties?
yes
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.Subscription1 contains a resource group named Dev.You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.Solution: On Dev, you assign the Contributor role to the Developers group.Does this meet the goal?
B. No
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.Subscription1 contains a resource group named Dev.You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.Does this meet the goal? A. Yes B. No
B. No
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.Subscription1 contains a resource group named Dev.You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.Does this meet the goal? A. Yes B. No
the kubectl command the az aks command
You have an Azure Kubernetes Service (AKS) cluster named AKS1.You need to configure cluster autoscaler for AKS1.Which two tools should you use? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
Deploy the IT Service Management Connector (ITSM)
You have an Azure subscription named Subscription1 and an on-premises deployment of Microsoft System Center Service Manager.Subscription1 contains a virtual machine named VM1.You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent.What should you do first?
Assign User1 the Owner role for VNet1.
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.Subscription1 has a user named User1. User1 has the following roles:✑Reader ✑ Security AdminSecurity Reader -You need to ensure that User1 can assign the Reader role for VNet1 to other users.What should you do?
Create a gateway subnet Create a connection
You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by usingAzure ExpressRoute.You plan to prepare the environment for automatic failover in case of ExpressRoute failure.You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.Which three actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
Download and re-install the VPN client configuration package on Client1.
You have an Azure subscription named Subscription1 that contains two Azure virtual networks named VNet1 and VNet2. VNet1 contains a VPN gateway namedVPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1.On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1.You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2.You need to ensure that you can connect Client1 to VNet2.What should you do?
the AzurePerformanceDiagnostics extension
You have an Azure subscription named Subscription1.You deploy a Linux virtual machine named VM1 to Subscription1.You need to monitor the metrics and the logs of VM1.What should you use?
Azure File Storage
You have an Azure subscription named Subscription1.You have 5 TB of data that you need to transfer to Subscription1.You plan to use an Azure Import/Export job.What can you use as the destination of the imported data?
Assign the Owner role for the Azure subscription to User1, and then instruct User1 to configure access management for Azure resources.
You have an Azure subscription that contains a user account named User1.You need to ensure that User1 can assign a policy to the tenant root management group. What should you do?
Virtual Machine Contributor
You have an Azure subscription that contains a user named User1.You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege.Which role-based access control (RBAC) role should you assign to User1?
Change the size to D8s v3
You have an Azure subscription that contains a virtual machine named VM1. VM1 hosts a line-of-business application that is available 24 hours a day. VM1 has one network interface and one managed disk. VM1 uses the D4s v3 size.You plan to make the following changes to VM1:✑ Change the size to D8s v3.✑ Add a 500-GB managed disk.✑ Add the Puppet Agent extension.✑ Enable Desired State Configuration Management.Which change will cause downtime for VM1?
Create a DNS record
You have an Azure subscription that contains a web app named webapp1.You need to add a custom domain named www.contoso.com to webapp1.What should you do first?
From contoso.com, create an OAuth 2.0 authorization endpoint.
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.You need to ensure that access to AKS1 can be granted to the contoso.com users. What should you do first?
Azure Table storage
You have an Azure subscription that contains an Azure Storage account.You plan to create an Azure container instance named container1 that will use a Docker image named Image1. Image1 contains a Microsoft SQL Server instance that requires persistent storage.You need to configure a storage service for Container1.What should you use?
Add a Desired State Configuration (DSC) extension to VM1.
You have an Azure subscription that contains an Azure virtual machine named VM1. VM1 runs a financial reporting app named App1 that does not support multiple active instances.At the end of each month, CPU usage for VM1 peaks when App1 runs.You need to create a scheduled runbook to increase the processor performance of VM1 at the end of each month.What task should you include in the runbook?
an internal load balancer
You have an Azure subscription.Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs.You have a line-of-business-app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016.You need to ensure that the connections to App1 are spread across all the virtual machines.What are two possible Azure services that you can use? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
Advisor
You have an Azure subscription.You have 100 Azure virtual machines.You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.Which blade should you use?
administrator username
You have an Azure virtual machine named VM1 that runs Windows Server 2019.You save VM1 as a template named Template1 to the Azure Resource Manager library.You plan to deploy a virtual machine named VM2 from Template1.What can you configure during the deployment of VM2?
the new files on drive D
You have an Azure virtual machine named VM1 that runs Windows Server 2019.You sign in to VM1 as a user named User1 and perform the following actions:✑ Create files on drive C.✑ Create files on drive D.✑ Modify the screen saver timeout.✑ Change the desktop background.You plan to redeploy VM1.Which changes will be lost after you redeploy VM1?
From webapp1, enable Web server logging
You have an Azure web app named webapp1.Users report that they often experience HTTP 500 errors when they connect to webapp1.You need to provide the developers of webapp1 with real-time access to the connection errors. The solution must provide all the connection error details.What should you do first?
Deploy an Azure Application Gateway
You have an Azure web app named webapp1.You have a virtual network named VNET1 and an Azure virtual machine named VM1 that hosts a MySQL database. VM1 connects to VNET1.You need to ensure that webapp1 can access the data hosted on VM1.What should you do?
two update domains
You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2.You plan to implement an Azure Availability Set for App1. The solution must ensure that App1 is available during planned maintenance of the hardware hostingVM1 and VM2.What should you include in the Availability Set?
azcopy copy D:\folder1 https://contosodata.blob.core.windows.net/public --recursive
You have an on-premises server that contains a folder named D:\Folder1.You need to copy the contents of D:\Folder1 to the public container in an Azure Storage account named contosodata. Which command should you run?
Session persistence to Client IP
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.You need to ensure that visitors are serviced by the same web server for each request.What should you configure?
Session persistence to Client IP and Protocol
You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.You need to ensure that visitors are serviced by the same web server for each request.What should you configure?
Create a deny rule in a network security group (NSG) that is linked to Subnet1
You have the Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.The virtual machines host several applications that are accessible over port 443 to users on the Internet.Your on-premises network has a site-to-site VPN connection to VNet1.You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accessed by the Internet users.What should you do?
Connection monitor
You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.VM1 hosts a frontend application that connects to VM2 to retrieve data.Users report that the frontend application is slower than usual.You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.Which Azure Network Watcher feature should you use?
Provision virtual network gateways.
You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16.Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24.You need to connect VNet1 to VNet2.What should you do first?
yes
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.Solution: You assign the Network Contributor role at the subscription level to Admin1.Does this meet the goal?
Azure Custom Script Extension
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.You need to ensure that NGINX is available on all the virtual machines after they are deployed.What should you use?
all virtual machines in a single Availability Set
You plan to deploy three Azure virtual machines named VM1, VM2, and VM3. The virtual machines will host a web app named App1.You need to ensure that at least two virtual machines are available if a single Azure datacenter becomes unavailable.What should you deploy?
one Availability Set that has 10 update domains and one fault domain
You plan to move a distributed on-premises app named App1 to an Azure subscription.After the planned move, App1 will be hosted on several Azure virtual machines.You need to ensure that App1 always runs on at least eight virtual machines during planned Azure maintenance.What should you create?
From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet
You recently created a new Azure subscription that contains a user named Admin1.Admin1 attempts to deploy an Azure Marketplace resource by using an Azure Resource Manager template. Admin1 deploys the template by using AzurePowerShell and receives the following error message: "User failed validation to purchase resources. Error message: "Legal terms have not been accepted for this item on this subscription. To accept legal terms, please go to the Azure portal (http://go.microsoft.com/fwlink/?LinkId=534873) and configure programmatic deployment for the Marketplace item or create it there for the first time."You need to ensure that Admin1 can deploy the Marketplace resource successfully.What should you do?
Device settings from the Devices blade
You sign up for Azure Active Directory (Azure AD) Premium.You need to add a user named [email protected] as an administrator on all the computers that will be joined to the Azure AD domain.What should you configure in Azure AD?
three virtual WANs and one virtual hub
Your company has three offices. The offices are located in Miami, Los Angeles, and New York. Each office contains datacenter.You have an Azure subscription that contains resources in the East US and West US Azure regions. Each region contains a virtual network. The virtual networks are peered.You need to connect the datacenters to the subscription. The solution must minimize network latency between the datacenters.What should you create?