AZ-104 Study
DRAG DROP - You have downloaded an Azure Resource Manager (ARM) template to deploy numerous virtual machines (VMs). The ARM template is based on a current VM, but must be adapted to reference an administrative password. You need to make sure that the password cannot be stored in plain text. You are preparing to create the necessary components to achieve your goal. Which of the following should you create to achieve your goal? 1. An Azure Key Vault 2. An Azure Storage Account 3. Azure Active Directory (AD) Identity Protection 4. An Access Policy 5. An Azure Policy 6. A Backup Policy
1. An Azure Key Vault 2. An Access Policy
DRAG DROP -Your company has an Azure subscription that includes a number of Azure virtual machines (VMs), which are all part of the same virtual network.Your company also has an on-premises Hyper-V server that hosts a VM, named VM1, which must be replicated to Azure. Which of the following objects that must be created to achieve this goal? 1. Hyper-V Site 2. Storage Account 3. Azure Recovery Services Vault 4. Azure Traffic Manager Instance 5. Replication Policy 6. Endpoint
1. Hyper-V Site 2. Azure Recovery Services Vault 3. Replication Policy (The question is about what needs to be created in Azure. Hyper-V site is only linked as the Source during configurations and not created as a resource during the process. Hence, the resources that gets created and seen on the platform after migration will be - Azure Recovery Service Vault - Storage Account : disks - Replication Policy https://learn.microsoft.com/en-us/azure/site-recovery/tutorial-prepare-azure-for-hyper)
Your company has an Azure subscription that includes a Recovery Services vault. You want to use Azure Backup to schedule a backup of your company's virtual machines (VMs) to the Recovery Services vault. Which of the following VMs can you back up? Choose all that apply. A. VMs that run Windows 10. B. VMs that run Windows Server 2012 or higher. C. VMs that have NOT been shut down. D. VMs that run Debian 8.2+. E. VMs that have been shut down.
A., B., C., D., and E. All the above.
Your company has an Azure subscription. You need to deploy a number of Azure virtual machines (VMs) using Azure Resource Manager (ARM) templates. You have been informed that the VMs will be included in a single availability set. You are required to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintenance. Which of the following is the value that you should configure for the platformUpdateDomainCount property? A. 10 B. 20 C. 30 D. 40
B. 20 (The platformUpdateDomainCount is a property that defines how many update domains there are in the availability set. The upper limit is 20. If the platformUpdateDomainCount becomes higher, that's mean as many VMs as possible to remain accessible.)
Your company has an Azure Active Directory (Azure AD) tenant that is configured for hybrid coexistence with the on-premises Active Directory domain. You plan to deploy several new virtual machines (VMs) in Azure. The VMs will have the same operating system and custom software requirements. You configure a reference VM in the on-premise virtual environment. You then generalize the VM to create an image. You need to upload the image to Azure to ensure that it is available for selection when you create the new Azure VMs. Which PowerShell cmdlets should you use? A. Add-AzVM B. Add-AzVhd C. Add-AzImage D. Add-AzImageDataDisk
B. Add-AzVhd (The Add-AzVhd cmdlet uploads on-premises virtual hard disks, in .vhd file format, to a blob storage account as fixed virtual hard disks.)
You administer a solution in Azure that is currently having performance issues. You need to find the cause of the performance issues pertaining to metrics on the Azure infrastructure. Which of the following is the tool you should use? A. Azure Traffic Analytics B. Azure Monitor C. Azure Activity Log D. Azure Advisor
B. Azure Monitor (Azure Monitor is the tool used to collect and analyze performance metrics and logs in Azure. It provides insights into the performance of Azure resources, applications, and workloads, and helps identify and troubleshoot issues related to availability, performance, and security. Azure Traffic Analytics is used to monitor and analyze network traffic, Azure Activity Log provides insights into activities performed on Azure resources, and Azure Advisor provides recommendations for improving the performance, security, and reliability of Azure resources.)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution: From Azure AD in the Azure portal, you use the Bulk create user operation. Does this meet the goal?
B. No ("Bulk Create" is for new Azure AD Users. For Guests: - Use "Bulk invite users" to prepare a comma-separated value (.csv) file with the user information and invitation preferences - Upload the .csv file to Azure AD - Verify the users were added to the directory)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company's Azure solution makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model. After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication. To achieve this, the Per Enabled User setting must be set for the usage model. Solution: You reconfigure the existing usage model via the Azure CLI. Does the solution meet the goal?
B. No (You create a new Multi-Factor Authentication provider with a backup from the existing Multi-Factor Authentication provider data. You cannot change the usage model [per enabled user or per authentication] after an MFA provider is created.)
Your company has serval departments. Each department has a number of virtual machines (VMs). The company has an Azure subscription that contains a resource group named RG1. All VMs are located in RG1.You want to associate each VM with its respective department. What should you do?
C. Assign tags to the virtual machines.
Your company has virtual machines (VMs) hosted in Microsoft Azure. The VMs are located in a single Azure virtual network named VNet1.The company has users that work remotely. The remote workers require access to the VMs on VNet1.You need to provide access for the remote workers. What should you do? A. Configure a Site-to-Site (S2S) VPN. B. Configure a VNet-toVNet VPN. C. Configure a Point-to-Site (P2S) VPN. D. Configure DirectAccess on a Windows Server 2012 server VM. E. Configure a Multi-Site VPN
C. Configure a Point-to-Site (P2S) VPN. (To provide access for remote workers to virtual machines (VMs) hosted in Microsoft Azure, you can use a Point-to-Site (P2S) VPN connection. This type of connection enables individual remote clients to securely connect to an Azure virtual network (VNet) over the Internet. A Site-to-Site (S2S) VPN connection is used to connect two or more on-premises networks to an Azure virtual network (VNet), while a VNet-to-VNet VPN connection is used to connect two or more Azure virtual networks (VNets) together.)
You have an Azure virtual machine (VM) that has a single data disk. You have been tasked with attaching this data disk to another Azure VM. You need to make sure that your strategy allows for the virtual machines to be offline for the least amount of time possible. Which of the following is the action you should take FIRST? A. Stop the VM that includes the data disk. B. Stop the VM that the data disk must be attached to. C. Detach the data disk. D. Delete the VM that includes the data disk.
C. Detach the data disk. (Before attaching the data disk to another VM, it needs to be detached from the original VM. This can be done while the original VM is running, so there is no need to stop either VM. Once the data disk is detached, it can be attached to the target VM without any downtime for either VM.)
Your company's Azure subscription includes Azure virtual machines (VMs) that run Windows Server 2016.One of the VMs is backed up every day using Azure Backup Instant Restore. When the VM becomes infected with data encrypting ransomware, you are required to restore the VM. Which of the following actions should you take? A. You should restore the VM after deleting the infected VM. B. You should restore the VM to any VM within the company's subscription. C. You should restore the VM to a new Azure VM. D. You should restore the VM to an on-premise Windows device.
C. You should restore the VM to a new Azure VM. (In the scenario where a virtual machine is infected with ransomware, it is important to isolate the compromised virtual machine to prevent the spread of the ransomware. Restoring the virtual machine after deleting the infected VM is not recommended, as it is possible that the backup of the infected VM may also be compromised. The recommended approach is to restore the VM to a new VM, as this provides a clean environment that is not compromised by the ransomware. Additionally, restoring the VM to an on-premises Windows device is not recommended since this may compromise the device as well.)
Your company has three virtual machines (VMs) that are included in an availability set. You try to resize one of the VMs, which returns an allocation failure message. It is imperative that the VM is resized. Which of the following actions should you take? A. You should only stop one of the VMs. B. You should stop two of the VMs. C. You should stop all three VMs, D. You should remove the necessary VM from the availability set.
C. You should stop all three VMs. (If the VM you wish to resize is part of an availability set, then you must stop all VMs in the availability set before changing the size of any VM in the availability set.)
Your company has an Azure Active Directory (Azure AD) subscription.You need to deploy five virtual machines (VMs) to your company's virtual network subnet.The VMs will each have both a public and private IP address. Inbound and outbound security rules for all of these virtual machines must be identical. Which of the following is the least amount of security groups needed for this configuration? A. 4 B. 3 C. 2 D. 1
D. 1 (The correct answer is D. You can use a single network security group (NSG) for all five VMs since the inbound and outbound security rules are identical for all of them.)
Your company has two on-premises servers named SRV01 and SRV02. Developers have created an application that runs on SRV01. The application calls a service on SRV02 by IP address.You plan to migrate the application on Azure virtual machines (VMs). You have configured two VMs on a single subnet in an Azure virtual network.You need to configure the two VMs with static internal IP addresses. What should you do? A. Run the New-AzureRMVMConfig PowerShell cmdlet. B. Run the Set-AzureSubnet PowerShell cmdlet. C. Modify the VM properties in the Azure Management Portal. D. Modify the IP properties in Windows Network and Sharing Center. E. Run the Set-AzureStaticVNetIP PowerShell cmdlet.
E. Run the Set-AzureStaticVNetIP PowerShell cmdlet. (To configure static internal IP addresses for Azure VMs, you can use the Set-AzureStaticVNetIP PowerShell cmdlet. This cmdlet sets the static IP address for a VM in a virtual network. You need to specify the name of the VM, the IP address to set, and the subnet in which the VM is located.)
HOTSPOT - You have an Azure subscription named Subscription1 that contains a resource group named RG1.In RG1, you create an internal load balancer named LB1 and a public load balancer named LB2.You need to ensure that an administrator named Admin1 can manage LB1 and LB2. The solution must follow the principle of least privilege. Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. To add a backend pool to LB1: Contributor on LB1 Network Contributor on LB1 Network Contributor on RG1 Owner on LB1 To add a health probe to LB2: Contributor on LB2 Network Contributor on LB2 Network Contributor on RG2 Owner on LB2
To add a backendpool to LB1: Network Contributor on LB1 To add a health probe on LB2: Network Contributor on LB2
Your company has an Azure Active Directory (Azure AD) subscription. You need to deploy five virtual machines (VMs) to your company's virtual network subnet. The VMs will each have both a public and private IP address. Inbound and outbound security rules for all of these virtual machines must be identical. Which of the following is the least amount of network interfaces needed for this configuration? A. 5 B. 10 C. 20 D. 40
A. 5 (The least amount of network interfaces needed for this configuration is 5. Each virtual machine will have one network interface with both a public and private IP address. Therefore, the number of network interfaces needed is equal to the number of virtual machines being deployed.)
Your company has an Azure Active Directory (Azure AD) tenant that is configured for hybrid coexistence with the on-premises Active Directory domain.The on-premise virtual environment consists of virtual machines (VMs) running on Windows Server 2012 R2 Hyper-V host servers.You have created some PowerShell scripts to automate the configuration of newly created VMs. You plan to create several new VMs. You need a solution that ensures the scripts are run on the new VMs. Which of the following is the best solution? A. Configure a SetupComplete.cmd batch file in the %windir%\setup\scripts directory. B. Configure a Group Policy Object (GPO) to run the scripts as logon scripts. C. Configure a Group Policy Object (GPO) to run the scripts as startup scripts. D. Place the scripts in a new virtual hard disk (VHD).
A. Configure a SetupComplete.cmd batch file in the %windir%\setup\scripts directory. (After Windows is installed but before the logon screen appears, Windows Setup searches for the SetupComplete.cmd file in the %WINDIR%\Setup\Scripts\ directory)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company's Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB.VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to-site VPN connection exists between your company's on- premises network and VirtualNetworkA. You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering betweenVirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company's on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation. You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation. Solution: You download and re-install the VPN client configuration package on the Windows 10 workstation. Does the solution meet the goal?
A. Yes ("If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again in order for the changes to be applied to the client." - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share. A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account. You want to review the ARM template that was used by Jon Ross. Solution: You access the Resource Group blade. Does the solution meet the goal?
A. Yes (In the Resource Group blade, you can select the resource group where the virtual machine and additional storage account were deployed, and then click on the "Deployments" tab. This will display a list of all deployments made to the resource group, including the ARM template used for the deployment.)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations. Solution: You access the Azure portal to alter the grant control of the Azure AD conditional access policy. Does the solution meet the goal?
A. Yes (Instead of the MFA page mentioned above, you have to go the route of Conditional Access Policy-->Grant Control mentioned here for this question. Under Grant Control you are given the option of setting MFA and requiring AD joined devices in the exact same window.)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has a Microsoft SQL Server Always On availability group configured on their Azure virtual machines (VMs).You need to configure an Azure internal load balancer as a listener for the availability group. Solution: You enable Floating IP. Does the solution meet the goal?
A. Yes (Yes, enabling Floating IP on the Azure internal load balancer as a listener for the availability group can meet the goal. By enabling Floating IP, the load balancer will use a floating IP address as the source IP address for outbound flows from the backend pool. This will ensure that the IP address used by the backend pool remains the same even if a VM is restarted or replaced, which is important for maintaining the listener for the availability group.)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users. You need to create a guest user account in contoso.com for each of the 500 external users. Solution: You create a PowerShell script that runs the New-AzureADMSInvitation cmdlet for each external user. Does this meet the goal?
A. Yes (Yes, this solution should meet the goal. The New-AzureADMSInvitation cmdlet can be used to send invitations to external users to become guest users in an Azure AD tenant. By running the cmdlet for each external user listed in the CSV file, a guest user account can be created in the contoso.com Azure AD tenant for each of the 500 external users.)
Your company's Azure subscription includes Azure virtual machines (VMs) that run Windows Server 2016.One of the VMs is backed up every day using Azure Backup Instant Restore. When the VM becomes infected with data encrypting ransomware, you decide to recover the VM's files. Which of the following is TRUE in this scenario? A. You can only recover the files to the infected VM. B. You can recover the files to any VM within the company's subscription. C. You can only recover the files to a new VM. D. You will not be able to recover the files.
A. You can only recover the files to the infected VM. (Azure Backup Instant Restore enables you to recover files and folders from a VM backup directly to the same VM. It does not provide an option to restore the files to a different VM. In the scenario described, since the VM is infected with ransomware, restoring the files to the same VM may not be advisable, as it may reintroduce the malware. However, this is still the only option provided by Azure Backup Instant Restore. To restore the files to a different VM, you may need to use a different recovery option, such as restoring the backup to a new VM, or using Azure Site Recovery to replicate the VM and recover the data from the replica. However, these options may require additional configuration and may take longer to complete than using Azure Backup Instant Restore.)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model. After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication. To achieve this, the Per Enabled User setting must be set for the usage model. Solution: You reconfigure the existing usage model via the Azure portal. Does the solution meet the goal?
B. No (As described in the official documentation (https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-authprovider): "You cannot change the usage model (per enabled user or per authentication) after an MFA provider is created.")
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company's Azure solution makes use of Multi-Factor Authentication for when users are not in the office. The Per Authentication option has been configured as the usage model. After the acquisition of a smaller business and the addition of the new staff to Azure Active Directory (Azure AD) obtains a different company and adding the new employees to Azure Active Directory (Azure AD), you are informed that these employees should also make use of Multi-Factor Authentication. To achieve this, the Per Enabled User setting must be set for the usage model. Solution: You create a new Multi-Factor Authentication provider with a backup from the existing Multi-Factor Authentication provider data. Does the solution meet the goal?
B. No (Effective September 1st, 2018 new auth providers may no longer be created. Existing auth providers may continue to be used and updated, but migration is no longer possible. Multi-factor authentication will continue to be available as a feature in Azure AD Premium licenses.)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises ActiveDirectory domain. You have a server named DirSync1 that is configured as a DirSync server. You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately. Solution: You run the Start-ADSyncSyncCycle -PolicyType Initial PowerShell cmdlet. Does the solution meet the goal?
B. No (Immediate - you need to use delta sync and not the initial sync.)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has a Microsoft SQL Server Always On availability group configured on their Azure virtual machines (VMs).You need to configure an Azure internal load balancer as a listener for the availability group. Solution: You set Session persistence to Client IP. Does the solution meet the goal?
B. No (No, Session persistence should be none Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-portal-sql-alwayson-int-listene)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share. A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account. You want to review the ARM template that was used by Jon Ross. Solution: You access the Container blade. Does the solution meet the goal?
B. No (No, accessing the Container blade does not provide access to the ARM template used by Jon Ross to deploy the virtual machine and an additional Azure Storage account. The Container blade displays information about the blob container within the storage account, but it does not provide access to the deployment history or ARM templates.)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company's Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB.VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to-site VPN connection exists between your company's on- premises network and VirtualNetworkA.You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering betweenVirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company's on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation. You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation. Solution: You choose the Allow gateway transit setting on VirtualNetworkA. Does the solution meet the goal?
B. No (No, choosing the "Allow gateway transit" setting on VirtualNetworkA will not enable the Windows 10 workstation to connect to VirtualNetworkB. The "Allow gateway transit" setting is used to enable traffic to flow between virtual networks when they are connected through virtual network peering. It allows a virtual network to use the VPN gateway in another virtual network to access remote networks. To enable the Windows 10 workstation to connect to VirtualNetworkB, you need to configure point-to-site VPN connectivity between the Windows 10 workstation and VirtualNetworkB, and ensure that the necessary routes are configured to allow the traffic to flow between the networks.)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has a Microsoft SQL Server Always On availability group configured on their Azure virtual machines (VMs).You need to configure an Azure internal load balancer as a listener for the availability group. Solution: You create an HTTP health probe on port 1433. Does the solution meet the goal?
B. No (No, the solution does not meet the goal. Port 1433 is used by SQL Server for SQL Server Database Engine connections, not HTTP connections. Therefore, creating an HTTP health probe on port 1433 will not work. To configure an Azure internal load balancer as a listener for the availability group, you need to create a TCP health probe on port 1433, which is the default port for SQL Server. So, the correct solution would be to create a TCP health probe on port 1433, not an HTTP health probe. Therefore, the answer is B (No).)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises ActiveDirectory domain. You have a server named DirSync1 that is configured as a DirSync server. You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately. Solution: You restart the NetLogon service on a domain controller. Does the solution meet the goal?
B. No (The best way is either a Synchronization being executed through the "Azure AD Connect", in the Portal or using the command "Start-ADSyncSyncCycle -PolicyType Delta".)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations. Solution: You access the multi-factor authentication page to alter the user settings. Does the solution meet the goal?
B. No (The solution does not meet the goal as it only addresses the requirement for Global Administrators and does not specify the need for an Azure AD-joined device or untrusted locations. To meet the requirements, a conditional access policy needs to be created with the appropriate settings.)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant named contoso.com.You have a CSV file that contains the names and email addresses of 500 external users.You need to create a guest user account in contoso.com for each of the 500 external users. Solution: You create a PowerShell script that runs the New-AzureADUser cmdlet for each user. Does this meet the goal?
B. No (The solution does not meet the goal because the New-AzureADUser cmdlet creates a new user in the Azure AD tenant, not a guest user account.)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company's Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB.VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to-site VPN connection exists between your company's on- premises network and VirtualNetworkA.You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering betweenVirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company's on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation.You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation. Solution: You choose the Allow gateway transit setting on VirtualNetworkB. Does the solution meet the goal?
B. No (The solution proposed in this scenario is incorrect. Enabling the "Allow gateway transit" setting on VirtualNetworkB would not help establish a connection to VirtualNetworkB from the Windows 10 workstation. To enable the connection, the "Use remote gateway" setting should be enabled on the point-to-site VPN configuration for VirtualNetworkA. This would allow the Windows 10 workstation to use the VPN gateway on VirtualNetworkA to access resources on VirtualNetworkB.)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an Azure Active Directory (Azure AD) tenant named weyland.com that is configured for hybrid coexistence with the on-premises ActiveDirectory domain. You have a server named DirSync1 that is configured as a DirSync server. You create a new user account in the on-premise Active Directory. You now need to replicate the user information to Azure AD immediately. Solution: You use Active Directory Sites and Services to force replication of the Global Catalog on a domain controller. Does the solution meet the goal?
B. No (To replicate the new user account information to Azure AD immediately, you should initiate a delta synchronization from the DirSync server (DirSync1) to Azure AD.)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share. A colleague named Jon Ross makes use of a solitary Azure Resource Manager (ARM) template to deploy a virtual machine and an additional Azure Storage account. You want to review the ARM template that was used by Jon Ross. Solution: You access the Virtual Machine blade. Does the solution meet the goal?
B. No (To review the ARM template, you need to access the deployment history of the resource group where the virtual machine and additional storage account were deployed. You can access the deployment history by navigating to the "Deployments" blade of the resource group in the Azure portal.)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations. Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy. Does the solution meet the goal?
B. No (You alter the grant control, not session control.)
Your company has a Microsoft Azure subscription. The company has datacenters in Los Angeles and New York. You are configuring the two datacenters as geo-clustered sites for site resiliency. You need to recommend an Azure storage redundancy option. You have the following data storage requirements: ✑ Data must be stored on multiple nodes. ✑ Data must be stored on nodes in separate geographic locations. ✑ Data can be read from the secondary location as well as from the primary location. Which of the following Azure stored redundancy options should you recommend? A. Geo-redundant storage B. Read-only geo-redundant storage C. Zone-redundant storage D. Locally redundant storage
B. Read-only geo-redundant storage (Read-access geo-redundant storage (RA-GRS) It is based on the GRS, but it also provides an option to read from the secondary region, regardless of whether Microsoft initiates a failover from the primary to the secondary region.)
Your company has an Azure subscription. You need to deploy a number of Azure virtual machines (VMs) using Azure Resource Manager (ARM) templates. You have been informed that the VMs will be included in a single availability set. You are required to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintenance. Which of the following is the value that you should configure for the platformFaultDomainCount property? A. 10 B. 30 C. Min Value D. Max Value
D. Max Value (To ensure maximum availability, you should set the platformFaultDomainCount property to the maximum value of 3. This will ensure that each VM is placed in a different fault domain, allowing them to remain accessible in the event of a fault domain failure.)
You are planning to deploy an Ubuntu Server virtual machine to your company's Azure subscription. You are required to implement a custom deployment that includes adding a particular trusted root certification authority (CA). Which of the following should you use to create the virtual machine? A. The New-AzureRmVm cmdlet. B. The New-AzVM cmdlet. C. The Create-AzVM cmdlet. D. The az vm create command.
D. The az vm create command. (The az vm create command is part of the Azure CLI (Command-Line Interface) tool, which allows you to manage Azure resources from the command line. It provides comprehensive functionality for creating and managing virtual machines in Azure.)