AZ-104
What is the Azure Resource Manager template?
-ARM templates are a form of Infrastructure as a Code -ARM templates are a JavaScript Object Notation (JSON)
How many fault domains and update domains can be assigned to an availability set?
-three fault domains -twenty update domains
What does MS always afix to your storage account name?
.blob.core.windows.net
Azure availability zones are connected by a high-performance network with a round trip latency of less than ____ ms
2 MS
What is a BLOB?
A file within a container. EX: JPEG or .AVI file
What are Azure region feature datacenters deployed within?
A latency-defined perimeter and connected through a dedicated regional low-latency network.
What is a record set in Azure?
A record set (also known as a resource record set) is the collection of DNS records in a zone that have the same name and are of the same type. Most record sets contain a single record.
What IP address is reserved by Azure as a broadcast address?
Any ending in .255 EX: 10.3.1.255
What is Azure role-based access control (Azure RBAC)?
Are several Azure built in roles that you can assign to users, groups, service principals, and managed identities. Role assignments are the way you control access to Azure resources.
What are Azure virtual machine extensions?
Are small applications that provide post-deployment configuration and automation task on Azure VMs. EX: if a VM requires software installation, AV protection, or the ability to run a script inside it, you can use a VM extension.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Azure Blob storage is supported with Azure Import service Azure data lake is supported with Azure Import service Azure Files storage is supported with Azure Important service Azure SQL DB is supported with Azure import service.
Azure Blob storage is supported with Azure Import service - Yes Azure data lake is supported with Azure Import service - No Azure Files storage is supported with Azure Important service - Yes Azure SQL DB is supported with Azure import service. - No
Physical zones are mapped to logical zones in your ___________________
Azure subscription
Where do the custom script extensions download and run scripts on?
Azure virtual machines
How does Azure DNS manage all DNS records?
By using record sets
How can you run Azure VM extensions?
By using the Azure CLI, PowerShell, Azure Resource Manager templates and the Azure Portal
What does the Log Analytics agent do?
Collects monitoring data from the guest OS and workloads of VMs in AZ, other cloud providers and on-prem machines. It sends data to a log analytics workspace.
What is the kubectl command used for?
Configuring Kubernetes
What does it mean to Scale out? (horizontal scaling)
Data is split into several databases or shards, across servers and each shard can be scaled up or down independently.
How do availability sets work?
Each VM in your availability set is assigned an update domain and a fault domain by the underlying Azure platform.
Azure Files storage is supported with Azure Export service. True or False?
False
Azure SQL database is supported with Azure Export service. True or False?
False
Azure data lake is supported with Azure Export Service. True or False?
False
You have an Azure subscription named Subscription1. You plan to deploy an Ubuntu Server VM named VM1 to Subscription1. You need to perform a custom deployment of the VM. A specific trusted root certification authority (CA) must be added during the deployment. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. File to Create: answer.ini autounattend.conf cloud-init.txt unattend.xml Tool to deploy VM: new-AzureRmVm cmdlet New-AzVM cmdlet Create-AzVM cmdlet az cm create command
File to Create: cloud-init.txt Tool to deploy VM: az cm create command
What is Azure policy?
Helps to enforce organizational standards and to assess compliance at scale.
When do you need to create more than one DNS record with a given name and type?
If the website is hosted on two different IP addresses. The website requires two different A records, one for each IP address
What resides in an Azure region?
Multiple availability zones, data centers and they are all connected with fiber Region -> availability zone 1 <-> availability zone 2 <-> availability zone 3 <->
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the date and time when the resources were created in RG1. Solution: From the subscriptions blade, you select the subscription, and then click Programmatic deployment. Does this meet the goal?
No
You have an Azure virtual machine named VM1 that runs Windows Server 2016. You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour. Solution: You use Azure advisor to collect the error events on Virtual machines. Does this meet the goal?
No
Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share. A colleague named Tom Smith makes use of a solitary Azure Resource Manager (ARM) template to deploy a VM and an additional Azure storage account. You want to review the ARM template that was used by Tom Smith. Solution: You access the Container blade. Does the solution meet the goal?
No
Your company wants to have some post-deployment configuration and automation tasks on Azure virtual Machines. Solution: As an administrator you suggested to use ARM templates. Does this meet the goal?
No, because ARM templates are related to Infrastructure as a code and have nothing to do with post-deployment configurations.
Is there a cost for availability set?
No, only pay for each VM instance you create
Does Azure DNS support purchasing of domain names?
No, you need to use a 3rd party service
Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share. A colleague named Tom Smith makes use of a solitary Azure Resource Manager (ARM) template to deploy a VM and an additional Azure storage account. You want to review the ARM template that was used by Tom Smith. Solution: You access the virtual machine blade. Does the solution meet the goal?
No. You cannot access the ARM template via the VM blade
What are Azure Availability zones?
Physically separate locations within each Azure region that are tolerant to local failures.
What are AZ regions and availability zones designed to help you achieve?
Resiliency and reliability
What type of failures are availability zones designed to protect from?
Software/hardware failures EX: earthquakes, floods, fires
What is the blob storage hierarchy?
Storage -> Container -> Blob
What services do Recover Services vault support?
System Center DPM, Windows Server, Azure Backup Server
What can you use Recovery Services vaults to hold backup data for?
Various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL DBs
Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share. A colleague named Tom Smith makes use of a solitary Azure Resource Manager (ARM) template to deploy a VM and an additional Azure storage account. You want to review the ARM template that was used by Tom Smith. Solution: You access the Resource Group blade Does the solution meet the goal?
Yes
Your company wants to have some post-deployment configuration and automation tasks on Azure virtual Machines. Solution: As an administrator you suggested to use Virtual machine extensions Does this meet the goal?
Yes because AZ VM EXT Are small applications that provide post-deployment configuration and automation task on Azure VMs.
Are there any restrictions on using IP addresses within these subnets?
Yes. Azure reserves the first four and last IP address for a total of 5 IP addresses within each subnet. For example, the IP address range of 192.168.1.0/24 has the following reserved addresses: 192.168.1.0 : Network address 192.168.1.1 : Reserved by Azure for the default gateway 192.168.1.2, 192.168.1.3 : Reserved by Azure to map the Azure DNS IPs to the VNet space 192.168.1.255 : Network broadcast address.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription. Pick a Solution: You assign the Reader role at the subscription level to Admin1. You assign the Owner role at the subscription level to Admin1. You assign the Network Contributor role at the subscription level to Admin1. Does this meet the goal?
You assign the Network Contributor role at the subscription level to Admin1.
You have an Azure virtual machine named VM1 that runs Windows Server 2016. You need to create an alert in Azure when more than two error events are logged to the System event log on VM1 within an hour. Pick a Solution: You create an Azure storage account and configure shared access signatures (SASs). You install the MS monitoring Agent on VM1. You create an alert in Azure Monitor and specify the storage account as the source. You create an Azure Log Analytics workspace and configure the data settings. You install the MS monitoring agent on VM1. You create an alert in AZ monitor and specify the log analytics worksapce as the source. Does that meet the goal?
You create an Azure Log Analytics workspace and configure the data settings. You install the MS monitoring agent on VM1. You create an alert in AZ monitor and specify the log analytics worksapce as the source.
What do Availability zones do to ensure resiliency?
a minimum of three separate availability zones are present in all availability zone-enabled regions
In your Azure subscription you have several hundred virtual machines. You need to identify which virtual machines are underutilized. What should you use? a. Azure advisor b. Azure monitor c. Azure policies
a. Azure Advisor
You have an Azure subscription named Subscription1. You have 5 TB of data that you need to transfer to Subscription1. You plan to use an Azure Import/Export job. What can you use as the destination of the imported data? a. Azure File Storage b. an Azure Cosmos DB database c. Azure Data Factory d. Azure SQL Database
a. Azure File Storage
Your Azure subscription contains an Azure Storage account. You need to create an Azure container instance named container1 that will use a Docker image named Image1. Image1 contains a MS SQ server instance that requires persistent storage. You need to configure a storage service for Container1. What should you use? a. Azure Files b. Azure Blob storage c. Azure Queue storage d. Azure Table storage
a. Azure Files This is because Azure files offers fully managed file shares hosted in Azure storage that are accessible via the industry standard Server Message Block (SMB) protocol. Using an Azure file share with Azure Container instances provides file-sharing features similar to using an Azure file share with Azure virtual machines.
The infrastructure team needs to install IIS on the localhost. They do not want to use a Custom Script Extension. Which of the following could be used instead? a. Desired state configuration b. Virtual machine extension c. Windows update
a. Desired state configuration
You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1. VM1 runs services that will be used to deploy resources to RG1. You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1. What should you do first? a. From the AZ portal, modify the managed identity settings of VM1 b. from the azure portal, modify the access control (IAM) settings of RG1 c. from the azure poral, modify the access control (IAM) settings of VM1 d. from the azure portal, modify the policies settings of RG1
a. From the AZ portal, modify the managed identity settings of VM1
You have a production Azure Active Directory (Azure AD) tenant named contoso.com. You deploy a development Azure Active Directory (AD) tenant, and then you create several custom administrative roles in the development tenant. You need to copy the roles to the production tenant. What should you do first? a. From the development tenant, export the custom roles to JSON b. From the production tenant, create a new custom role. c. From the development tenant, perform a backup. d. From the production tenant, create an administrative unit.
a. From the development tenant, export the custom roles to JSON
You want to provide more CPU, memory and disk space without adding more virtual machines. Which of the following solution should you choose? a. Scale up b. Scale out c. Scale more d. Scale high
a. Scale up Scale up gives you more CPU, memory and disk space without adding more VMs
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to grant three users named User1, User2, and User3 access to a temporary MS SP document library named Library1. You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days. Which two groups should you create? Each correct answer presents a complete solution. a. a MS 365 group that uses the assigned membership type b. a security group that uses the assigned membership type c. a MS 365 group that uses the dynamic user membership type d. a security group that uses dynamic user membership type e. a security group that uses the dynamic device membership type
a. a MS 365 group that uses the assigned membership type c. a MS 365 group that uses the dynamic user membership type
What is an availability set?
are logical groupings of VMs that allow Azure to understand how your application is built to provide for redundancy and availability.
You plan to create the Azure web apps shown in the following table. Name - Runtime stack webapp1 - .NET core 3.0 webapp2 - ASP .NET V4.7 webapp3 - PHP 7.3 webap4 - Ruby 2.6 What is the minimum number of App Service plans you should create for the web apps? a. 1 b. 2 c. 3 d. 4
b. 2 The following 3 can run on windows/linux webapp1 - .NET core 3.0 webapp2 - ASP .NET V4.7 webapp3 - PHP 7.3 The following can run linux webap4 - Ruby 2.6 that is why we need a minimum of 2.
Your company has an Azure subscription. You need to deploy a number of Azure virtual machines using Azure Resource Manager (ARM) tempaltes. You have been informed that the VMs will be included in a single availability set. You are reuiqred to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintenance. Which of the following is the value that you should configure for the platformUpdateDomainCount property? a. 10 b. 20 c. 30 d. 40
b. 20
Your company's website is hosted on two different IP addresses. The website requires two different 'A' records, one for each IP address. Which record map should you choose? www.thetechblackboard.com 3600 - IN - A - 133.102.188.46 www.thetechblackboard.com 3600 - IN - A - 133.102.188.45 a. CNAME b. AAAA c. SOA
b. AAAA AAAA maps an IP address to a domain
You have an Azure subscription named Subscription 1 that is used by several departments at your company. Subscription1 contains the resources in the following table: Name - Function Storage1 Storage Account RG1 Resource group container1 Blob share1 File Share Another administrator deploys a virtual machine named VM1 and an Azure Storage account named storage2 by using a single Azure Resource Manager template. You need to view the template used for the deployment. From which blade can you view the template that was used for the deployment? a. VM1 b. RG1 c. Storage1 d. container1
b. RG1 You cannot do VM1 because it will not show the storage account. Storage1/container1 will also not show the storage account
Your company has a MS AZ subscription. The company has datacenters in LA and NY. You are configuring the two datacenters as geo-clustered sites for site resiliency. You need to recommend an Azure storage redundancy option. You have the following data storage requirements: -Data must be stored on multiple nodes -Data must be stored on nodes in separate geographic locations -Data can be read from the secondary location as well as from the primary location. Which of the following Azure stored redundancy options should you recommend? a. Geo-redundant storage b. Read-only geo-redundant storage c. zone-redundant storage d. locally redundant storage
b. Read-only geo-redundant storage
You have an Azure web app named APP1. APP1 has the deployment slots shown in the following table: Name - Function webapp1-prod Production webapp1-test Staging In webapp1-test, you test several changes to App1. You back up APP1. You swap webapp1-test for webapp1-prod and discover that APP1 is experiencing performance issues. You need to revert to the previous version of App1 as quickly as possible. What should you do? a. Redeploy App1 b. Swap the slots c. Clone App1 d. Restore the backup of App1
b. Swap the slots Because Azure swaps the virtual IP address of source/destination IP thus swapping the URLS as well.
You have an Azure virtual machine named VM1 that runs Windows Server 2019. You save VM1 as a template named Template1 to the Azure Resource Manager library. You plan to deploy a virtual machine named VM2 from Template1. What can you configure during the deployment of VM2? a. operating system b. administrator username c. virtual machine size d. resource group
b. administrator username d. resource group
Your company wants to share the JSON files stored in a container inside a storage account: Storage Account (monthlyreports)-> Container(april2022) -> file (employee_data.json) What is the correct URL for the file called 'employee_data.json': a. employee_data.json b. monthlyreports.blob.core.windows.net/april2022/employee_data.json c. monthlyreports.blob.core.windows.net/employee_data.json d. monthlyreports/april2022/employee_data.json
b. monthlyreports.blob.core.windows.net/april2022/employee_data.json
In Azure what is the starting point of controlling any resource a. resource group b. subscription c. tenant
b. subscription
You have an Azure Kubernetes Service (AKS) cluster named AKS1. You need to configure cluster named autoscaler for AKS1. Which two tools should you use? Each correct answer presents a complete solution. a. the kubectl command b. the az aks command c. the Set-AzVM cmdlet d. the Azure Portal e. the Set-AzAks cmdlet
b. the az aks command d. the Azure Portal _______________________________________________________ a. kubectl command is used for configuring Kubernetes and not AKS cluster b. the az aks command is used for the AK cluster configuration c. Set-AzVM cmdlet is used for VMs d. Set-AzAks, creates or updates an AKS cluster, the correct cmdlet is Set-AzAksCluster
You create an Azure Storage account named storage1. You plan to create a file share named data1. Users need to map a drive to the data file share from home computers that run Windows 10. Which outbound port should you open between the home computers and the data file share? a. 80 b. 443 c. 445 d. 3389
c. 445 - this is for SMB protocol to share files ___________________________________ a. 80 - HTTP, this is for web b. 443 - HTTP this is for web d. 3389 - RDP
Custom script extension timeout after a. 30 mins b. 45 mins c. 90mins d. never times out
c. 90 mins
Your company wants to move an entire solution to Azure. Due to security constraints the company wants to restrict creation of all resources in a particular region. Which Azure service can restrict resource creation to a specific region. a. Azure Monitor b. Azure Availability zone c. Azure policy d. Azure web apps
c. Azure policy
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates. You need to view the data and time when the resources were created in RG1. Pick a Solution: a. From the subscriptions blade, you select the subscription, and then click resource providers. b. From RG1 blade, you click Automation script c. From RG1 blade, you click Deployments
c. From RG1 blade, you click Deployments
Your company wants to share the JSON files stored in a container inside a storage account: Storage Account (monthlyreports)-> Container(april2022) -> file (employee_data.json) Company wants to give access to this file to users. However, the access to Azure Storage file 'employee_data.json' should only be provided for three days. What should you choose? a. access to storage account b. access keys c. Shared Access Signature (SAS) d. Azure key vault
c. Shared Access Signature (SAS)
Which of the following rule would you apply to the Network Security Group for the Network interface attached to the Web server for incoming secure traffic? Choose best possible answer. a. an outbound rule allowing traffic on port 80 b. an outbound rule allowing traffic on port 443 c. an inbound rule allowing traffic on port 443 d. an inbound rule allowing traffic on port 80
c. an inbound rule allowing traffic on port 443
Your company has several departments. Each department has a number of VMs. The company has an Azure subscription that contains a resource group named RG1. All VMs are located in RG1. You want to associate each VM with its respective department. What should you do? a. create azure management groups for each department b. create a resource group for each department c. assign tags to the virtual machines d. modify the settings of the virtual machines
c. assign tags to the virtual machines
Your company has virtual machines (VMs) hosted in MS Azure. The VMs are located in a single Azure virtual network named VNet1. The company has users that work remotely. The remote workers require access to the VMs on VNet1. You need to provide access for the remote workers. What should you do? a. configure a site to site (S2S) VPN b. configure a VNet-toVnet VPN c. configure a Point-to-Site (P2S) VPN d. configure a multi-site VPN
c. configure a Point-to-Site (P2S) VPN The reason is because the P2S lets you bridge the network for any outside source to the site that contains your VM
You have an Azure subscription that contains an user named User1. You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege. Which role-based access control (RBAC) role should you assign to User1? a. owner b. virtual machine contributor c. contributor d. virtual machine administrator login
c. contributor
You're currently using network security groups (NSGs) to control how your network traffic flows in and out of your virtual network subnets and network interfaces. You want to customize how your NSGs work. For all incoming traffic, you need to apply your security rules to both the virtual machine and subnet level. Which of the following options will let you accomplish this? (Choose two) a. delete the default rules b. create the AllowVNetinBound security rule for all new NSGs c. create rules for both NICs and subnets with an allow action d. Add rules with a higher priority than the default rules
c. create rules for both NICs and subnets with an allow action d. Add rules with a higher priority than the default rules
You have an Azure VM that has a single data disk. You have been tasked with attaching this data disk to another Azure VM. You need to make sure that your strategy allows for the VMs to be offline for the least amount of time possible. Which of the following is the action yo ushould take first? a. stop the VM that includes the data disk b. stop the VM that the data disk must be attached to. c. detach the data disk d. Delete the VM that includes the data disk
c. detach the data disk because we are going off the assumption that there are multiple data disk and this is not the one that contains the OS
You plan to deploy three AZ VMs named VM1, VM2 and VM3. The VMs will host web app named App1. You need to ensure that at least two virtual machines are available if a single AZ datacenter becomes unavailable. What should you deploy? a. all three VMs in a single Availability Zone b. all VMs in a single availability set c. each VM in a separate availability zone. d. each VM in a separate availability set
c. each VM in a separate availability zone.
Working on modernization, your company wants to move all services to Azure Kubernetes service. Which two of the following components contributes to the monthly Azure charge? a. master node b. per deployed pod c. networking resources d. per node VM
c. networking resources d. per node VM
You have a general-purpose v1 Azure Storage account named storage1 that uses locally-redundant storage (LRS). You need to ensure that the data in the storage account is protected if a zone fails. The solution must minimize costs and administrative effort. What should you do first? a. create a new storage account b. configure object replication rules c. upgrade the account to general-purpose v2 d. upgrade the account to premium block blobs1 e. upgrade the account to premium file shares
c. upgrade the account to general-purpose v2
What is CIDR (Classless Inter-Domain Routing?)
is a method for allocating IP addresses and for IP routing. EX: 10.3.0.0/16
What is a Recovery Services vault?
is a storage entity in Azure that houses data. The data is typically copies of data or configuration information for VMs, workloads, servers or workstations.
Each data center is assigned to a ______________
physical zone
What is the Custom script extension useful for?
post-deployment configuration, software installation, or any other configuration or management task
Availability zones are designed so that if one zone is affected, _________, __________, and ____________ are supported by the remaining two zones.
regional services capacity high availability
What is the recommend amount of VMs by Azure within an availability set to provide for a high available application to meet the 99.95% Azure SLA?
two or more VMs created within an availability set
What record sets can only contain a single record because DNS standards don't permit multiple records for these two types?
SOA and CNAME
What are the two exceptions to record types?
SOA and CNAME because DNS standards don't permit multiple records with the same name for these types, therefore these record sets can only contain a single record.
What does it mean to Scale up in Azure? (vertical scaling)
Scale up gives you more CPU, memory and disk space without adding more VMs
How many IP addresses does Azure reserve?
The first 4 IPs EX: 10.3.0.1-10.3.0.4
What is the platformFaultDomainCount property?
The platformFaultDomainCount is a property that defines how many fault domains there are in the availability set. The upper limit is 2-3 (depends on a region)
What are ARM templates?
They are JSON files that define the resources you need to deploy for your solution.
What is the purpose of having an AZ region being connected through a dedicated regional low-latency network?
To ensure AZ services within any region offer the best performance/security
Azure Blob storage is supported with Azure Export service. True or False?
True
Azure subscriptions are automatically assigned this mapping at the time a subscription is created. True or False?
True
When assigning private IPv4 addresses in a Subnet with the address range 10.3.0.0./16 Which of the following addresses are available for assignment dynamically? a. 10.3.0.2 b. 10.3.0.1 c. 10.3.255.255 d. 10.3.255.254
d. 10.3.255.254 The reason why it is not the following because those 2 addresses are already reserved by Azure a. 10.3.0.2 b. 10.3.0.1 c. 10.3.255.255 - This is already reserved as a broadcast address
You need to deploy an Azure virtual machine scale set that contains five instances as quickly as possible. What should you do? a. Deploy five virtual machines. Modify the Availability Zones settings for each virtual machine. b. Deploy five virtual machines. Modify the Size setting for each virtual machine. c. Deploy one virtual machine scale set that is set to VM orchestration mode. d. Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode.
d. Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode. Whenever you need to deploy VMs ASAP then you want to either use ARM templates or scale sets that are managed by Azure because ScaleSetVM (automatic VM management)
Your company has an Azure Active Directory (Azure AD) tenant named thetechblackboard.com. Company has appointed User1 to review all the settings of the tenant. As an admin your job is to ensure that the User1 can review all the settings of the tenant however User1 must be prevented from changing any settings. Which role should you assign to User1? a. Directory reader b. Security reader c. Reports reader d. Global reader
d. Global reader This is because is read only role. They cannot do any modifications.
Your company has an Azure subscription. You need to deploy a number of Azure VMs using Azure Resource Manager (ARM) templates. You have been informed that the VMs will be included in a single availability set. You are required to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintenance. Which of the following is the value that you should configure for the platformFaultDomainCount property? a. 10 b. 30 c. Min Value d. Max Value
d. Max Value
You have deployed in an application named App1 in Azure. App1 is deployed on two Azure virtual machines named VM1 and VM2. You plan to implement an Azure Availability Set for App1. The solution must ensure that App1 is available during planned maintenance ofthe servers hosting VM1 and VM2. What should you include in the availability set? a. single fault domain b. single update domain c. two fault domains d. two update domains
d. two update domains
What tool can you use to compare zone mapping for resilient solutions that span across multiple subscriptions?
dedicated ARM API called checkZonePeers