AZ-104
A company has set up an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be created in their Azure account. They decide to implement Role-Based Access Control. Does this fulfill the requirement? Yes No (Correct)
A
When adding custom domain names, which of the following record needs to be added to your custom domain registrar? NS record. PTR record. TXT record. (Correct) A record.
A
You have set up a computer named getcloudskillsclient1 that has a point-to-site VPN connection to an Azure virtual network named getcloudskillsnetwork. The point-to-site connection makes use of a self-signed certificate. You now have to establish a point-to-site VPN connection to the same virtual network from another computer named getcloudskillsclient2. The VPN client configuration package is downloaded and installed on the getcloudskillsclient2 computer. You decide to join the getcloudskillsclient2 computer to Azure AD. Would this fulfill the requirement? No (Correct) Yes
A
A company has a requirement to retain any blob data that might accidentally be deleted. The deleted data needs to be retained for 14 days. From which of the following section of the Storage account would you modify to fulfill this requirement? Lifecycle Management Advanced security Soft Delete (Correct) Firewall and virtual networks
A
A company has an Azure AD tenant. They have users that are also synced with their on-premise environment. Getcloudskillsusr1 has the Reports Reader role assigned. The administrator has enabled self-service password reset (SSPR) for all users. - The administrator has enabled the following SSPR settings: - Number of methods required to reset - 2 - Methods available to users - Mobile phone and Security questions - Number of questions to register - 3 - Number of questions to reset - 3 The following security questions are chosen: - In what city was your first job? - What was the name of the first school you attended? Would Getcloudskillsusr1 be required to answer the security question "In what city was your first job?" to reset their password? Yes (Correct) No
A
A company has an Azure subscription and an Azure tenant named getcloudskills.onmicrosoft.com. Getcloudskillsusr1 has Global Administrator permissions in Azure Active Directory. The user getcloudskillsusr1 creates a new directory named staging.getcloudskills.onmicrosoft.com. New users need to be added to the new tenant. The company asks getcloudskillsusr1 to create user accounts. Would this fulfill the requirement? Yes (Correct) No
A
A company has an Azure subscription that contains the following Resource Groups: The Resource Group Getcloudskills-rg1 contains the following resources: Would you be able to move the resource Getcloudskillsstor from the Resource Group Getcloudskills-rg1 to Getcloudskills-rg2? No Yes (Correct)
A
A company has an Azure subscription. They want to transfer around 6 TB of data to the subscription. They plan to use the Azure Import/Export service. Which of the following can they use as the destination for the imported data? Azure Data Lake Storage Azure SQL Database Azure Blob storage (Correct) Azure File Sync Storage
A
A company has an application deployed across a set of virtual machines. Users connect to the application either using point-to-site VPN or site-to-site VPN connections. You need to ensure that connections to the application are spread across all of the virtual machines. Which of the following could you set up for this requirement? Choose 2 answers from the options given below. A Public Load Balancer An Azure Application Gateway (Correct) An Internal Load Balancer (Correct) A Traffic Manager Profile An Azure Content Delivery Network
A
A company has set up a Load balancer that load balances traffic on ports 80 and 443 across 3 virtual machines. You have to ensure that all RDP traffic is directed towards a VM named getcloudskillsvm. How would you achieve this? By creating a new public load balancer for getcloudskillsvm By creating a new IP configuration By creating an inbound NAT rule (Correct) By creating a new internal load balancer for getcloudskillsvm
A
A company has set up a Virtual Machine in Azure. A web server listening on port 80 and a DNS server has been installed on the Virtual machine. A network security group is attached to the network interface for the virtual machine. The rules for the NSG are given below: Select all server(s) that internet users will connect to on the Virtual machine if RuleB is deleted. DNS server only Webserver only RDP, web, and DNS servers RDP server only (Correct) Both web and DNS servers
A
A company has started using Azure and set up a subscription. They want to see the costs being incurred for each type of resource. Which of the following can help you get these details? Go to your Subscription and go to Cost Analysis. (Correct) Go to your Azure AD directory and go to Licences. Go to your Azure AD directory and go to Cost Analysis. Go to your Subscription and go to Resource Groups.
A
A company has the following App Service Plans defined as part of their Azure subscription: - Plan1 runs Linux in East US. - Plan2 runs Windows in East US. - Plan 3 runs Windows in UK South. The company is planning on deploying the following Azure Web App Instances: - App1 runs on runtime stack .Net Core 3.1 in East us. - App2 runs on runtime stack ASP.NET v4.7 in East us. Which of the following App service plans can you use for App1? Plan1 and Plan2 only (Correct) Plan2 only Plan1 only Plan1, Plan2 and Plan 3 Plan2 and Plan 3 only
A
A company has the following resource groups defined as part of its Azure subscription: The following virtual machines are then created in the subscription: The Recovery Services vault is located in West Europe in the rg-gsc-01 Resouce Group. The company wants to ensure that as many virtual machines as possible are backed up using the Recovery Services Vault. Which of the following virtual machines can be backed up using the Recovery Services vault? All of them VMGCS1 only VMGCS1, VMGCS3 VMGCS4 and VMGCS6 only (Correct) VMGCS1 and VMGCS3 only VMGCS3 and VMGCS6 only
A
A company is planning to deploy a set of virtual machines across different system tiers. The following requirements need to be met: - Incoming requests to the Business Logic tier (50 VMs that are not accessible from the internet) from the web servers (5 VMs that are accessible from the internet) need to be spread equally across the virtual machines. - All web servers need to be protected from SQL injection attacks. Which of the following would you implement for the below requirement? Incoming requests to the Business Logic tier from the web servers need to be spread equally across the virtual machines. An application gateway that uses the Standard tier An Internal Load Balancer (Correct) A network security group A Public Load Balancer An application gateway that uses the WAF tier
A
A company is planning to deploy an application to a set of Virtual Machines in an Azure network. The company needs to have an SLA of 99.99% for the application hosted on the Virtual machines. Which of the following should be implemented to guarantee an SLA of 99.99% on the infrastructure level? Deploy single virtual machines across multiple regions. Make the virtual machines part of an availability set. Deploy the virtual machines across availability zones. (Correct) Assign a standard public IP address to the virtual machines.
A
A company needs to create a storage account that must follow the requirements below: - Users should be able to add files, such as images and videos. - Ability to store archive data. - File shares need to be in place, which can be accessed across several VM's. - The data needs to be available, even if a region goes down. - The solution needs to be cost-effective. What is the type of replication they need to implement for the storage account? Locally redundant storage (LRS) Read-access geo-redundant storage (RA-GRS) Geo-redundant storage (GRS) (Correct) Zone-redundant storage (ZRS)
A
A file named audio.log has been uploaded to a Storage account container called demo. You need to allow users to download the object. The access should be granted for a day only. You need to provide a secure way to access the object. Which of the following would you implement for this purpose? Mark public access on the object. Provide access Keys. Mark public access on the container. Generate a shared access signature. (Correct)
A
A new Network interface named Secondary has been created. The Network interface needs to be added to the Virtual machine. What must be done first in order to ensure that the network interface can be attached to the Virtual Machine? The primary network interface needs to be removed The public IP needs to be deallocated from the primary network interface The machine needs to be stopped first (Correct)
A
If no rules other than the default NSG rules are in place, are VM's on SubnetA and SubnetB be able to connect to the Internet? Yes (Correct) No
A
Imagine your company has the following storage accounts in place as part of its Azure subscription: - General Purpose V1 - General Purpose V2 - Blob Storage Which of the following storage account/accounts could be used to store objects as part of the Archive tier? General Purpose V2 only Blob Storage only General Purpose V1 only General Purpose V1 and Blob Storage only General Purpose V2 and Blob Storage only (Correct) All Storage accounts General Purpose V1 and General Purpose V2 only
A
In order to get diagnostics from an Azure virtual machine you own, what is the first step to doing that? A diagnostics agent needs to be installed on the VM You need to create a storage account to store it (Correct) You need to grant RBAC permissions to the user requesting diagnostics
A
In order to use ARM templates in automation, what other file is usually required besides the ARM template JSON file itself? The parameter JSON file The parameter XML file A .SH file to contain the Shell Script in CLI A .PS1 PowerShell script file No other files are required. But a parameter JSON file would be used if the template had parameters as inputs. (Correct)
A
In the context of alerts, you can create an Action Group. Which of the following is not an Action Type that can exist inside an Action Group? SMS text message Facebook Messenger message (Correct) Logic App Azure Function
A
In your company, all virtual networks are hosting virtual machines with varying workloads. A virtual machine named getcloudskillsvm is hosted in Vnet getcloudskills-vnet1. This virtual machine will have intrusion detection software installed on it. All traffic on all other virtual networks must be routed via this virtual machine. You need to complete the required steps for implementing this requirement. Which of the following would you need to create additional to ensure that traffic is sent via the virtual machine hosting the intrusion software? Add a service endpoint Add DNS servers A new route table (Correct) Add an address space
A
Select all true statements that apply to the use of Azure Disk Encryption (ADE) for Azure VM disk protection. ADE encrypts all data at rest and in transit. ADE supports the encryption of Basic tier VM's. ADE uses DM-Crypt for Linux-based VMs. (Correct) ADE encrypted VM can be backed up to the Recovery Service Vault. (Correct) ADE can use Azure Key Vault and Azure Recovery Service Vault from different Azure regions. ADE uses BitLocker for Windows VM-controlled disks. (Correct) ADE is integrated with Azure Key Vault. (Correct) ADE uses DM-Crypt for Windows VM-controlled disks.
A
True or false: Microsoft ExpressRoute is a virtual networking technology that operates over the public Internet that allows secure, scalable access to Microsoft Azure services while ensuring performance, security, and reliability. True False (Correct)A
A
Users are reporting that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com. You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign-on (SSO) to access Azure resources. What should you do first? From the on-premises network, deploy Active Directory Federation Services in a clustered environment. From Azure AD, add and verify a custom domain name. (Correct) From the on-premises network, request a new certificate that contains the Active Directory domain name. From the server that runs Azure AD Connect, modify the filtering options.
A
What does Azure DNS allow you to do? Manage and host your registered domain and associated records. (Correct) Register new domain names, removing the need to use a domain registrar. Manage the security and access to your website. Continue Retake test
A
What kind of account would you create to allow an external organization easy access? An external account for each member of the external team. An administrator account for each member of the external team. A guest user account for each member of the external team. (Correct)
A
Which Azure Service is the centralized spot for all Activity Logs, Metrics, Alerts, and Diagnostics for all resources across your subscription? Azure Monitor (Correct) Azure Log Analytics Event Hub Azure Stream Analytics
A
Which of the following Network watcher feature would you use for the following requirement? Find out if a network security rule is preventing a network packet from reaching a virtual machine hosted in an Azure virtual network. Traffic Analysis Packet Capture Next Hop IP Flow Verify (Correct)
A
Which of the following can be used to organize resources for cost reporting? Choose the most complete answer. Resource groups and tags Tags Subscriptions, resource groups, and tags (Correct) Cost Center, subscriptions, resource groups, and tags
A
Which of the following needs to be implemented on the Azure virtual network to deploy the Azure Bastion Host? Add a new address space. Enable DDoS protection for the virtual network. Add a service endpoint. Add a new subnet. (Correct)
A
Which of the following needs to be set up in Azure for the Site-to-Site VPN connection? A gateway Virtual Machine An additional address space for the Virtual Network A service endpoint A gateway subnet (Correct)
A
Which of the following network watcher feature would you use for the following requirement? Find out if there is outbound connectivity between an Azure virtual machine and an external host. Next Hop (Incorrect) Traffic Analytics IP Flow Verify Connection Monitor (Correct)
A
Which of the following would you implement for the below requirement? All web servers need to be protected from SQL injection attacks. An application gateway with a WAF (Correct) An application gateway that uses the Standard tier A Public Load Balancer An Internal Load Balancer A network security group
A
You create Azure AD administrative units for the subsidiaries of your organization. Each of the subsidiaries includes several hundred employees. You need to add these employees as administrative unit members. Select the tool you can use to achieve your goal. Microsoft Office Admin center Azure CLI Microsoft Graph PowerShell Azure AD Portal (Correct)
A
You create an App Service plan B1 for your web app. You want Azure to be able to add up to 10 VM instances to run your app automatically during the highest traffic on your site. What are two configuration options you should implement to achieve your goal in the most cost-effective way? Scale out based on a schedule Scale up based on a metric Scale up the service plan to S1 (Correct) Scale out the service plan to P1 Scale out the service plan to S1 Scale up the service plan to P1 Scale-out based on a metric (Correct) Scale up based on a schedule
A
You deploy your application to the AKS Azsjdcube cluster in the Akskube Resource Group. The cluster contains 3 pods: one pod runs the client front-app, and two pods run the backend-app service. You need to increase the number of pods manually to 8: add three pods for the client and the rest for the server. kubectl scale --replicas=4 deployment/front-app (Correct) az aks scale --name Kubecluster --pod-count 4 -g akskube --image deployment/front-app kubectl scale --replicas=8 deployment/front-app deployment/backend-app kubectl scale --replicas=4 deployment/backend-app (Correct) az aks scale --name Kubecluster --pod-count 4 -g akskube --image deployment/backend-app kubectl scale --replicas=4 deployment/front-app deployment/backend-app (Correct)
A
You have an Azure subscription named Getcloudskillsstaging. Under the subscription, you create a Resource group named Getcloudskillsrg. You then create an Azure policy based on the "Not allowed resources types" definition. You define the parameters as Microsoft.Network. virtual networks as the not allowed resource type. You assign this policy to the Tenant Root Group. A Virtual Network does not already exist in this subscription. Would you be able to create a virtual machine in the Getcloudskillsrg Resource group? No (Correct) Yes
A
You have an application in the East US region, running on a virtual network also in the East US region. You need to establish an encrypted, private connection to a data source that exists in Azure's Japan region, and that data source does not have a public endpoint. Attempting to connect with the Japanese data source from East US results in an error. What is the best way to establish a connection between the two regions? Use Global VNet Peering. Install a Network Gateway in the Japan region. And have the East US application establish a private point-to-site VPN to Japan. Install Gateway devices in both the East US and Japan regions, and connect the gateways together. (Correct)
A
You have created a storage account named Getcloudskills. You have created a file share named demo using the file service. You need to ensure that users can connect to the file share from their home computers. Which of the following port should be open to ensure connectivity? 443 3389 445 (Correct) 80
A
You have defined an autoscale condition with four autoscale rules. The first rule scales out when the CPU utilization reaches 70 percent. The second rule scales back in when the CPU utilization drops below 50 percent. The third rule scales out if memory occupancy exceeds 75 percent. The fourth rule scales back in when memory occupancy falls below 50 percent. When will the system scale out? When CPU utilization reaches 70 percent, and memory occupancy exceeds 75 percent When CPU utilization reaches 70 percent, or memory occupancy exceeds 75 percent (Correct) You can't do this with a single autoscale condition. An autoscale condition can only contain autoscale rules that use the same metric
A
You need to allow traffic onto certain FQDN's via the Azure Firewall. Which of the following rules would you create for this requirement? Network collection rules NAT collections rules Application collection rules (Correct) FQDN collection rules
A
You need to connect Azure resources like Azure virtual machines across geographical regions. Which Azure networking option should you use? Virtual network peering (Correct) Azure ExpressRoute VPN Gateway
A
You need to deploy two Azure virtual machines named VM1 and VM2 based on the Windows server 2016 image. The deployment must meet the following requirements: - Provide a Service Level Agreement (SLA) of 99.95 percent availability. - Use managed disks. You propose a solution to create a scale set for the requirement. Would the solution meet the goal? Yes No (Correct)
A
You need to synchronize the files in the file share with an on-premise server named Getcloudskillsserver. Which of the following would you need to implement to fulfill this requirement? Choose 3 answers from the options given below. Create a sync group (Correct) Register Getcloudskillsserver (Correct) Download an automation script Install the Azure File Sync agent on Getcloudskillsserver (Correct) Create a container instance
A
You plan to deploy five virtual machines to a virtual network subnet. Each virtual machine will have a public IP address and a private IP address. Each virtual machine requires the same inbound and outbound security rules. What is the minimum number of network interfaces that you require? 10 15 20 5 (Correct)
A
Your company goes ahead and registers a domain name of demodomain.com. You then go ahead and create an Azure DNS zone named demodomain.com. You then add an A record to the zone for a host named www that has an IP address of 123.10.9.143. But the users complain that they cannot resolve the URL www.demodomain.com to 123.10.9.143. This issue needs to be resolved. You propose a solution to modify the name server at the domain registrar. Would this solution resolve the issue? No Yes (Correct)
A
Your company has an Azure AD tenant named getcloudskills.com. The following user is part of the tenant: - Getcloudskillsusr1 is a User administrator. The following VM is part of the tenant: - Getclouskillsvm1 is a Windows 10 device that is AAD registered. The following group is part of the tenant: - Getcloudskillsgroup1 is a Dynamic Device group, Getcloudskillsusr1 is an owner of that group. Would user Getcloudskillsusr1 be able to add device Getclouskillsvm1 to group Getcloudskillsgroup1? No (Correct) Yes
A
Your company has an Azure subscription. In the subscription, you create an Azure file share named share1. You also create a shared access signature (SAS) named SASdemo as shown in the following exhibit: If you run Microsoft Azure Storage Explorer on a computer that has an IP address of 193.77.134.1, and you use SASdemo to connect to the storage account, then you... will have read-only access. will be prompted for the credentials. will have no access. (Correct) will have read, write and list access.
A
Your company has the following resources created as part of its Azure subscription: - 100 Azure virtual machines - 10 Azure SQL databases - 50 Azure file shares You need to create a daily backup of all resources by using Azure Backup. What is the minimum number of backup policies you have to create for this requirement? 160 2 (Correct) 3 1 100
A
Your company has the following resources deployed to Azure: You install a DNS service on virtual machine getcloudskillsvm1. The DNS server settings are then configured for each virtual network, as shown below: You have to ensure that all virtual machines in your vnet can resolve DNS names by using the DNS service on the virtual machine getcloudskillsvm1. Which of the following would you implement for this requirement? Add service endpoints for the virtual network getcloudskillsnetwork2 and getcloudskillsnetwork3. Add a service endpoint for the virtual network getcloudskillsnetwork1. Configure virtual network peering connections between all virtual networks. (Correct) Configure a conditional forwarder for the getcloudskillsvm1 virtual machine.
A
Your company needs to deploy an application to a set of three virtual machines. You have to ensure that two virtual machines are always available in the event of a data center failure at any point in time. You decide to deploy the virtual machines as part of an Availability Set. Would this fulfill the requirement? No (Correct) Yes
A
Your company runs its Azure virtual machines in an availability set. All of the websites are running in the same availability set. They do this to increase the availability of their application when planned or unplanned outages happen. What is the maximum number of fault domains (FD) and update domains (UD) that your application can be spread across? Unlimited FD and UD 2 FD and 5 UD 2 FD and 10 UD 3 FD and 20 UD (Correct) 20 FD and 3 UD
A