AZ-104 part 2

Ace your homework & exams now with Quizwiz!

You have an Azure subscription that contains two virtual networks named vNET1 and vNET2. Virtual machines connect to the virtual networks. The virtual networks have the address spaces and the subnets configured as shown in the following table: vNET Address space Subnet Peering vNET1 10.1.0.0/16 10.1.0.0/24 vNET2 10.1.1.0/26 vNET2 10.2.0.0/16 10.2.0.0/24 vNET1 You need to add the address space of 10.33.0.0/16 to vNET1. The solution must ensure that the hosts on vNET1 and vNET2 can communicate. Which three actions should you perform in sequence? (1) Remove VNet1 (2) Add 10.33.0.0/16 address space to VNet1 (3) Create a new virtual network name VNet1 (4) On the peering connection in VNet2, allow gateway transit (5) Recreate peering between VNet1 and VNet2 (6) On the peering connection in VNet1, allow gateway transit (7) Remove peering between VNet1 and VNet2

7 - Remove peering between vNET1 and vNET2 2 - Add 10.33.0.0/16 address space to vNET1 5 - Recreate peering between vNET1 and vNET2

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template. You need to ensure that NGINX is available on all the virtual machines after they are deployed. What should you use?

A Desired State Configuration (DSC) extension

You have an Azure subscription. You create the Azure storage account shown in the following exhibit: Basics Subscription: X-A-A-S Resource group: (New) RG-AZ104-Exam Location: North Europe Storage account name: az104practicetests Deployment model: Resource manager Account kind: Storage v2 (general purpose) Replication: LRS Performance: Standard Networking Connectivity method: Public endpoint (all networks) Default routing tier: Microsoft network routing Data protection *All disabled Advanced Secure transfer required: Enabled Allow shared key access: Enabled Minimum TLS version: Version 1.2 Infrastructure encryption: Disabled Allow blob public access: Enabled Blob access tier (default): Hot NFS v3: Disabled Hierarchical namespace: Disabled Large file shares: Disabled Customer-managed key support: Disabled To reduce the cost of infrequently accessed data in the storage account, you must modify the ----------- setting?

Access tier (default)

You have an Azure subscription named Subscription1 that contains the following resource group: Name: RG1 Region: West US Tag: "tag1": "value1" You assign an Azure policy named Policy1 to Subscription1 by using the following configurations: Exclusions: None Policy definition: Append a tag and its value to resources Assignment name: Policy1 Parameters Tag name: tag2 Tag value: value2 After Policy1 is assigned, you create a storage account that has the following configuration: Name: storage1 Location: West US Resource group: RG1 Tags: "tag3": "value3" You need to identify which tags are associated to RG1.

"tag1" : "value1" only

You have an Azure subscription named Subscription1 that contains the following resource group: Name: RG1 Region: West US Tag: "tag1": "value1" You assign an Azure policy named Policy1 to Subscription1 by using the following configurations: Exclusions: None Policy definition: Append a tag and its value to resources Assignment name: Policy1 Parameters Tag name: tag2 Tag value: value2 After Policy1 is assigned, you create a storage account that has the following configuration: Name: storage1 Location: West US Resource group: RG1 Tags: "tag3": "value3" You need to identify which tags are assigned to the storage1 resource.

"tag2" : "value2" and "tag3" : "value3" only

You have Azure subscriptions named Subscription1 and Subscription2. Subscription1 has the following resource groups: Name Region Lock type RG1 West Europe None RG2 West Europe Read only RG1 includes a web app named App1 in the West Europe location. Subscription2 contains the following resource groups: Name Region Lock type RG3 East Europe Delete RG4 Central US none Please evaluate the following statements if they are true or false. 1 - App1 can be moved to RG2 2 - App1 can be moved to RG3 3 - App1 can be moved to RG4

1 - False 2 - True 3 - True

You have an on-prem file server named Server1 that runs Windows Server 2016. You have an Azure subscription that contains an Azure file share. You deploy an Azure File Sync Storage Sync Service, and you create a sync group. You need to synchronize files from Server1 to Azure. Which three actions should you perform in sequence? (1) Install Azure File Sync agent on Server1 (2) Create an Azure on-premises data gateway (3) Create a Recovery Services vault (4) Register Server1 (5) Add a server endpoint (6) Install the DFS Replication server role on Server1

1 - Install Azure File sync agent on Server1 4 - Register Server1 5 - Add a server endpoint

You have an Azure subscription named Subscription1. In Subscription1, you create an alert rule named Alert1. The Alert1 action group is configured to send SMS messages to all users who are part of the Admins_Group. Alert1 alert criteria is triggered every minute. The number of SMS messages that Alert1 will send in an hour is?

12

You deploy an Azure Kubernetes Service (AKS) cluster named Cluster1 that uses the IP addresses shown in the following table: IP address Assigned to 131.107.2.1 Load balancer front end 192.168.10.2 Kubernetes DNS service 172.17.7.1 Docker bridge address 10.0.10.11 Kubernetes cluster node You need to provide internet users with access to the applications that run in Cluster1. Which IP address should you include in the DNS record for Cluster1?

131.107.2.1

You have an Azure subscription that contains an Azure Availability Set named WEBPROD-AS-USE2 as shown in the following exhibit: PS Azure:\> az vm availability-set list -g RG1 [ { "id":"/subscriptions/8372f433-2dcd-4361-b5ef-5b188fed87d0/resourceGroups/RG1/providers/Microsoft.Compute/availabilitySets/WEBPROD-AS-USE2", "location": "eastus2", "name": "WEBPROD-AS-USE2", "platformFaultDomaincount": 2, "platformUpdateDomainCount": 10, "proximityPlacementGroup": null, "resourceGroup": "RG1", "sku":{ "capacity": null, "name": "Aligned", "tier": null }, "statuses": null, "tags": {}, "type": "Microsoft.Compute/availabilitySets", "virtualMachines": [ ] } ] You add 14 virtual machines to WEBPROD-AS-USE2. When Microsoft performs planned maintenance in EastUS2, the maximum number of unavailable virtual machines will be -----?

2

You have an Azure subscription. You create the Azure storage account shown in the following exhibit: Basics Subscription: X-A-A-S Resource group: (New) RG-AZ104-Exam Location: North Europe Storage account name: az104practicetests Deployment model: Resource manager Account kind: Storage v2 (general purpose) Replication: LRS Performance: Standard Networking Connectivity method: Public endpoint (all networks) Default routing tier: Microsoft network routing Data protection *All disabled Advanced Secure transfer required: Enabled Allow shared key access: Enabled Minimum TLS version: Version 1.2 Infrastructure encryption: Disabled Allow blob public access: Enabled The minimum number of copies of the storage account will be:

3

You have an Azure subscription named Subscription1. In Subscription1, you create an alert rule named Alert1. The Alert1 action group is configured to send emails to all users who are part of the Admins_Group. Alert1 alert criteria is triggered every minute. The number of email messages that Alert1 will send in an hour is?

60

You have an Azure subscription that contains an Azure Availability Set named WEBPROD-AS-USE2 as shown in the following exhibit: PS Azure:\> az vm availability-set list -g RG1 [ { "id":"/subscriptions/8372f433-2dcd-4361-b5ef-5b188fed87d0/resourceGroups/RG1/providers/Microsoft.Compute/availabilitySets/WEBPROD-AS-USE2", "location": "eastus2", "name": "WEBPROD-AS-USE2", "platformFaultDomaincount": 2, "platformUpdateDomainCount": 10, "proximityPlacementGroup": null, "resourceGroup": "RG1", "sku":{ "capacity": null, "name": "Aligned", "tier": null }, "statuses": null, "tags": {}, "type": "Microsoft.Compute/availabilitySets", "virtualMachines": [ ] } ] You add 14 virtual machines to WEBPROD-AS-USE2. If the server rack in the Azure data center that hosts WEBPROD-AS-USE2 experiences a power failure, the maximum number of unavailable virtual machines will be -----?

7

You have an Azure subscription linked to an Azure AD tenant. The tenant includes a user account named User1. You need to ensure that User1 can assign a policy to the tenant root management group. What should you do?

Assign the Global administrator role to User1, and then instruct User1 to elevate privileges and configure access management for Azure resources

You have an Azure subscription named Subscription1 that contains the resources shown in the following table: Name Type Location RG RG1 RG West US n/a RG2 RG West US n/a Vault1 Recovery Vault Central US RG1 Vault2 Recovery Vault West US RG2 VM1 VM Central US RG2 Storage1 Storage West US RG1 SQL1 SQL DB East US RG2 In Storage1, you create a blob container named blob1 and a file share named share1. Which resources can be backed up to Vault1 and Vault2?

Can use Vault1 for backups - VM1 only Can use Vault2 for backups - share1 only

You have the Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table. Name vNET name DNS suffix VM1 vNET1 Contoso.com VM2 vNET2 Contoso.com You create a public Azure DNS zone named adatum.com and a private DNS zone named contoso.com For contoso.com, you create a virtual network link named link1 as shown in the exhibit: Link name: Link1 Link state: Completed Provisioning state: Succeeded Virtual Network details: Virtual network ID /subscriptions/78a7c101-4056-4947-a27e-96b48bc448a6/resourceGroups/RG-AZ104-Exam/providers/Microsoft..... Virtual network: vNET1 Configuration: Not selected (enable auto register) You discover that VM1 can resolve names in contoso.com, but cannot resolve names in adatum.com. VM1 can resolve other hosts on the Internet. You need to ensure that VM1 can resolve host names in adatum.com. What should you do?

Configure the name servers for adatum.com at the domain registrar

You have an Azure web app named webapp1. You have a virtual network named vNET1 and an Azure virtual machine named VM1 that hosts a MySQL database. VM1 connects to vNET1. You need to ensure that webapp1 can access the data hosted on VM1. What should you do?

Connect webapp1 to vNET1

You have an Azure subscription tat contains a user named User1. You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege. Which RBAC role should you assign to User1?

Contributor

You have an Azure subscription named Subscription1 that contains the quotas shown in the following table: Quota Location Usage Standard BS Family vCPUs West US 0 of 20 Standard D Family vCPUs West US 0 of 20 Total Regional vCPUs West US 0 of 20 You deploy a virtual machine to Subscription1 as shown in the following table: Name Size vCPUs Location Status VM1 Standard_B2ms 2 West US Running VM20 Standard_B16ms 16 West US Deallocated You plan to deploy the virtual machines shown in the following table: Name Size vCPUs VM3 Standard_B2ms 1 VM4 Standard D4 v3 4 VM5 Standard B16ms 16 You can Deploy VM5 to West US?

False

You have an Azure subscription named Subscription1 that contains the quotas shown in the following table: Quota Location Usage Standard BS Family vCPUs West US 0 of 20 Standard D Family vCPUs West US 0 of 20 Total Regional vCPUs West US 0 of 20 You deploy a virtual machine to Subscription1 as shown in the following table: Name Size vCPUs Location Status VM1 Standard_B2ms 2 West US Running VM20 Standard_B16ms 16 West US Deallocated You plan to deploy the virtual machines shown in the following table: Name Size vCPUs VM3 Standard_B2ms 1 VM4 Standard D4 v3 4 VM5 Standard B16ms 16 You can deploy VM4 to West US?

False

You have an Azure subscription that contains the resource groups shown in the following table: Name Location RG1 West US RG2 East US RG1 contains the resources shown in the following table: Name Type Location Storage1 Storage West US vNET1 vNET West US NIC1 NIC West US Disk1 Disk West US VM1 VM West US VM1 is running and connects to NIC1 and Disk1. NIC1 connects to vNET1. RG2 contains a public IP address named IP2 that is in the East US location. IP2 is not assigned to a virtual machine. If you move IP2 to RG1, the location of IP2 will change?

False

You have an Azure subscription. The subscription contains virtual machines that run Windows Server 2016 and are configured as shown in the following table: Name vNET DNS suffix configured in Windows server VM1 vNET2 az104exam.com VM2 vNET2 None VM3 vNET2 Adatum.com You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named az104exam.com. You create a virtual network link for az104exam.com as shown in the following exhibit: Home > Private DNS zones > az104exam.com Link name vnet2-virtual-network-link Link state In progress Provisioning state Succeeded Virtual network details Virtual network Id /subscriptions/78a7c101-4056-4947-a27e-96b48bc448a6/resourceGroups/RG-01/production Virtual network vNET2 Configuration Enable auto registration (selected) When VM3 starts, a record for VM3 is added to the adatum.com DNS zone?

False

You have an Azure File sync group that has the endpoints shown in the following table: Name Type Endpoint1 Cloud endpoint Endpoint2 Server endpoint Endpoint3 Server endpoint Cloud tiering is enabled for Endpoint2. Using SMB protocol, you add a file named File1 to Endpoint1 and a file named File2 to Endpoint2. After adding the files, on which endpoints will File1 and File2 be available after 24 hours?

File 1 - Endpoint1, Endpoint2, and Endpoint3 File 2 - Endpoint1, Endpoint2, and Endpoint3

You have an Azure subscription that contains an Azure file share. You have an on-prem server named Server1 that runs Windows Server 2016. You plan to set up Azure File Sync between Server1 and the Azure file share. You need to prepare the subscription for the planned Azure File Sync. Which two actions should you perform in the Azure Subscription to configure Azure File Sync?

First action - Create a Storage Sync Service Second Action - Create a Sync Group

You have an Azure virtual machine named VM1. The network interface for VM1 is configured as shown here: Inbound port rules: -300 RDP 3389 TCP Allow -400 Rule1 80 TCP Deny -500 Rule2 80,443 TCP Deny -1000 Rule4 50-100, 400-500 UDP Allow -2000 Rule5 50-5000 Any Deny You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only. You need to ensure that users can connect to the website from the Internet. What should you do?

For Rule5, change the Action to Allow and change the priority to 401

You have an Azure subscription that contains 100 virtual machines. You regularly create and delete virtual machines. You need to identify unattached disks that can be deleted. What should you do?

From Azure Cost Management, view Advisor Recommendations

You company has a main office in London that contains 100 client computers. Three years ago, you migrated to Azure Active Directory (Azure AD). The company's security policy states that all personal devices and corporate-owned devices must be registered or joined to Azure AD. A remote user named User1 is unable to join a personal device to Azure AD from a home network. You verify that User1 was able to join devices to Azure AD in the past. You need to ensure that User1 can join the device to AzureAD. What should you do?

From the Device settings blade, modify the Maximum number of devices per user setting

You have an Azure subscription that contains a storage account named account1. You plan to upload the disk files of a virtual machine to account1 from your on-prem network. The on-prem network uses a public IP address space of 131.107.1.0/24. You plan to use the disk files to provision and Azure virtual machine named VM1. VM1 will be attached to a virtual network named vNET1. vNET1 uses an IP address space of 192.168.0.0/24. You need to configure account1 to meet the following requirements: - Ensure that you can upload the disk files to account1 - Ensure that you can attach the disks to VM1 - Prevent all other access to account1 Which two actions should yo perform?

From the Firewalls and virtual networks blade of account1, select Selected networks From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range

You have a Recovery Service vault that you use to test backups. The test backups contain two protected virtual machines. You need to delete the Recovery Services vault. What should you do first?

From the Recovery Service vault, stop the backup of each backup item

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The user administrator role is assigned to a user named Admin1. An external partner has a Microsoft account that uses the [email protected] sign in. Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: "Unable to invite user [email protected] - Generic authorization exception." You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant. What should you do?

From the Users blade, modify the External collaboration settings

You have an Azure subscription that contains the following resources: - A virtual network that has a subnet named Subnet1 - Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1 - A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-Subnet1 has the default inbound security rules only. NSG-VM1 has the default inbound security rules and the following custom inbound security rule: - Priority: 300 - Source: Any - Source port range: * - Destination: * - Destination port range: 3389 - Protocol: UDP - Action: Allow VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1. You need to be able to establish Remote Desktop connections from the internet to VM1. Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the UDP protocol.

No

You have an Azure subscription that contains the resources in the following table: Name Type VM1 VM VM2 VM LB1 Load balancer (basic SKU) You install the Web Server role (IIS) on VM1 and VM2, and then add VM1 and VM2 to LB1. LB1 is configured as shown below: Resource group: RG-AZ104-Exam Location: North Europe Subscription: X-A-A-S Subscription ID: 78a7c101-4056-4947-a27e- 96b48bc448a6 SKU: Basic Tags: Backend pool: Backend1 (2VMs) Health probe: Probe1 (http80/Probe1.htm) Load balancing rule: Rule1 (TCP/80) NAT rules: 0 inbound Public IP address: 52.178.134.69 (LB1-PIP) Rule1 is configured as shown below: IP version: IPv4 Frontend IP address: 52.178.134.69 (LoadBalancerFrontEnd) Protocol: TCP Port: 80 Backend port: 80 Backend pool: Backend1 (2 VMs) Health probe: Probe1 (HTTP:80/Probe1.htm) Session persistence: None Idle timeout (minutes): 4 Floating IP: Disabled If you delete Rule1, LB1 will balance all the requests between VM1 and VM2 for all of the ports?

No

You have an Azure subscription that contains the resources shown in the following table: Name Type Region RG1 RG West US RG2 RG East Asia Storage1 Storage West US Storage2 Storage East Asia VM1 VM West US vNET1 vNET West US vNET2 vNET East Asia VM1 connects to VNET1. You need to connect VM1 to VNET2. Solution: You create a new network interface, and then you add the network interface to VM1 Does this meet the goal?

No

You have an Azure subscription that contains the resources shown in the following table: Name Type Region RG1 RG West US RG2 RG East Asia Storage1 Storage West US Storage2 Storage East Asia VM1 VM West US vNET1 vNET West US vNET2 vNET East Asia VM1 connects to VNET1. You need to connect VM1 to VNET2. Solution: You move VM1 to RG2, and then you add a new network interface to VM1. Does this meet the goal?

No

You have an Azure subscription that contains the virtual machines shown in the following table: Name Public IP SKU Connected to Status VM1 None vNET1/Subnet1 Deallocated VM2 Basic vNET1/Subnet2 Running You deploy a load balancer that has the following configurations: - Name: LB1 - Type: Internal - SKU: Standard - vNET: vNET1 You need to ensure that you can add VM1 and VM2 to the backend pool of LB1. Solution: You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1. Does this meet the goal?

No

You have an Azure subscription that contains the virtual machines shown in the following table: Name Public IP SKU Connected to Status VM1 None vNET1/Subnet1 Deallocated VM2 Basic vNET1/Subnet2 Running You deploy a load balancer that has the following configurations: - Name: LB1 - Type: Internal - SKU: Standard - vNET: vNET1 You need to ensure that you can add VM1 and VM2 to the backend pool of LB1. Solution: You create a Standard SKU public IP address, associate the address to the network interface of VM1, and then stop VM2. Does this meet the goal?

No

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json. You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately. Solution: From the Overview blade, you move the virtual machine to a different subscription. Does this meet the goal?

No

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json. You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately. Solution: From the Update management blade, you click Enable. Does this meet the goal?

No

You have an app named App1 that is installed on two Azure VMs named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer. The effective network security configurations for VM2 are shown below: You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443. Solution: You delete the BlockAllOther443 inbound security rule. Does this meet the goal?

No

You have an app named App1 that is installed on two Azure VMs named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer. The effective network security configurations for VM2 are shown below: You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443. Solution: you create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a cost of 64999. Does this meet the goal?

No

You have an Azure subscription that contains the resources shown in the following table: Name Type RG vNET1 vNET RG1 VM1 VM RG1 The "not allowed resource types" Azure policy is assigned to RG1 and uses the following parameters: - Microsoft.Network/virtualNetworks - Microsoft.Compute/virtualMachines In RG1, you need to create a new virtual machine named VM2, and then connect VM2 to vNET1. What should you do first?

Remove 'Microsoft.Compute/virtualMachines' from the policy

You have an Azure subscription that contains the resources shown in the following table: Name Type Resource group Location RG1 RG n/a Central US RG2 RG n/a West US RG3 RG n/a East US VMSS1 VM Scale Set RG1 West US VMSS1 is set to VM orchestration mode. You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1. Which resource group and location should you use to deploy VM1?

Resource group - RG1, RG2, or RG3 Location - West US only

You have an Azure subscription that contains the resource groups shown in the following table: Name Lock name Lock type RG1 None None RG2 Lock Delete RG1 contains the resources shown in the following table: Name Type Lock name Lock type storage2 Storage Lock1 Delete vNET2 vNET Lock2 Read-only IP2 Public IP Address None None You need to identify which resources you can move from RG1 to RG2, and once moved to RG2, which resources you can move back from RG2 to RG1.

Resources you can move from RG1 to RG2: IP2, vNET2, and storage2 Resources you can move from RG2 to RG1: IP2, vNET2, and storage2

You create an Azure VM named VM1 that runs Windows Server 2019. VM1 is configured as shown in the exhibit: Resource group: RG-AZ104-Exam Status: Deallocated Location: North Europe Subscription: X-A-A-S Subscription ID: 78a7c101-4056-4947-a27e-96b48bc448a6 Tags: Properties Virtual machine Computer name: VM-AZ-104-EXAM OS: Windows Publisher: MicrosoftWindowsServer Offer: WindowsServer Plan: 2016-Datacenter VM generation: V1 Host group: None Host: Proximity Placement Group: Colocation status: n/a You need to enable Desired State Configuration for VM1. What should you do first?

Start VM1

You have an Azure subscription that contains the storage accounts shown in the following table: Name Kind Performance Replication Access tier Storage1 v1 Premium GRS none Storage2 v2 Standard LRS Cool Storage3 v2 Premium RA-GRS Hot Storage4 Blob Standard LRS Hot You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting a live migration from Azure support. What should you identify?

Storage2

You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table: Name Azure region Policy RG1 West Europe Policy1 RG2 North Europe Policy2 RG3 France Central Policy3 RG1 has a web app named WebApp1. WebApp1 is located in West Europe. You move WebApp1 to RG2. What is the effect of the move?

The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1.

You have a sync group named Sync1 that has a cloud endpoint. The cloud endpoint includes a file named File1.txt. Your on-prem network contains servers that run Windows Server 2016. The servers are configured as shown in the following table: Name Share Share contents Server1 Share1 File1.txt, File2.txt Server2 Share2 File2.txt, File3.txt You add Share1 as an endpoint for Sync1. One hour later, you add Share2 as an endpoint for Sync1. File1.txt from Share1 replicates to Share2?

True

You have an Azure subscription named Subscription1 that contains the quotas shown in the following table: Quota Location Usage Standard BS Family vCPUs West US 0 of 20 Standard D Family vCPUs West US 0 of 20 Total Regional vCPUs West US 0 of 20 You deploy a virtual machine to Subscription1 as shown in the following table: Name Size vCPUs Location Status VM1 Standard_B2ms 2 West US Running VM20 Standard_B16ms 16 West US Deallocated You plan to deploy the virtual machines shown in the following table: Name Size vCPUs VM3 Standard_B2ms 1 VM4 Standard D4 v3 4 VM5 Standard B16ms 16 You can deploy VM3 to West US?

True

You have an Azure subscription that contains the resource groups shown in the following table: Name Location RG1 West US RG2 East US RG1 contains the resources shown in the following table: Name Type Location Storage1 Storage West US vNET1 vNET West US NIC1 NIC West US Disk1 Disk West US VM1 VM West US VM1 is running and connects to NIC1 and Disk1. NIC1 connects to vNET1. RG2 contains a public IP address named IP2 that is in the East US location. IP2 is not assigned to a virtual machine. You can move NIC1 to RG2?

True

You have an Azure subscription that contains the resource groups shown in the following table: Name Location RG1 West US RG2 East US RG1 contains the resources shown in the following table: Name Type Location Storage1 Storage West US vNET1 vNET West US NIC1 NIC West US Disk1 Disk West US VM1 VM West US VM1 is running and connects to NIC1 and Disk1. NIC1 connects to vNET1. RG2 contains a public IP address named IP2 that is in the East US location. IP2 is not assigned to a virtual machine. You can move storage1 to RG2?

True

You have an Azure subscription. The subscription contains virtual machines that run Windows Server 2016 and are configured as shown in the following table: Name vNET DNS suffix configured in Windows server VM1 vNET2 az104exam.com VM2 vNET2 None VM3 vNET2 Adatum.com You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named az104exam.com. You create a virtual network link for az104exam.com as shown in the following exhibit: Home > Private DNS zones > az104exam.com Link name vnet2-virtual-network-link Link state In progress Provisioning state Succeeded Virtual network details Virtual network Id /subscriptions/78a7c101-4056-4947-a27e-96b48bc448a6/resourceGroups/RG-01/production Virtual network vNET2 Configuration Enable auto registration (selected) When VM1 starts, a record for VM1 is added to the az104exam.com DNS zone?

True

You have an Azure subscription. The subscription contains virtual machines that run Windows Server 2016 and are configured as shown in the following table: Name vNET DNS suffix configured in Windows server VM1 vNET2 az104exam.com VM2 vNET2 None VM3 vNET2 Adatum.com You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named az104exam.com. You create a virtual network link for az104exam.com as shown in the following exhibit: Home > Private DNS zones > az104exam.com Link name vnet2-virtual-network-link Link state In progress Provisioning state Succeeded Virtual network details Virtual network Id /subscriptions/78a7c101-4056-4947-a27e-96b48bc448a6/resourceGroups/RG-01/production Virtual network vNET2 Configuration Enable auto registration (selected) When VM2 starts, a record for VM2 is added to the az104exam.com DNS zone?

True

You have an Azure AD tenant named adatum.com, with premium P2 licenses. Adatum.com contains the groups in the following table: Name Group type Membership Membership rule Group1 Security Dynamic (user.city -startsWith "m") Group2 M365 Dynamic (user.department -notIn ["human resources"]) Group3 M365 Assigned n/a You create two user accounts that are configured as shown in the following table: Name City Department O365 License assigned User1 Montreal HR Yes User2 Melbourne Marketing No To which groups do User1 and User2 belong?

User1 - Group1 User2 - Group1 and Group2

You have an Azure subscription named Subscription1 that contains the resources shown in the following table: Name Type Region Resource Group RG1 RG West Europe n/a RG2 RG North Europe n/a Vault1 Vault West Europe RG1 You create virtual machines in Subscription1 as per the following table: Name RG Region OS VM1 RG1 West Europe Windows Server 2016 VM2 RG1 North Europe Windows Server 2016 VM3 RG2 West Europe Windows Server 2016 VMA RG1 West Europe Ubuntu Server 18.04 VMB RG1 North Europe Ubuntu Server 18.04 VMC RG2 West Europe Ubuntu Server 18.04 You plan to use Vault1 for the backup of as many virtual machines as possible. Which virtual machines can be backed up to Vault1?

VM1, VM3, VMA, and VMC only

You have an Azure subscription that contains the resources in the following table: Name Type VM1 VM VM2 VM LB1 Load balancer (basic SKU) You install the Web Server role (IIS) on VM1 and VM2, and then add VM1 and VM2 to LB1. LB1 is configured as shown below: Resource group: RG-AZ104-Exam Location: North Europe Subscription: X-A-A-S Subscription ID: 78a7c101-4056-4947-a27e- 96b48bc448a6 SKU: Basic Tags: Backend pool: Backend1 (2VMs) Health probe: Probe1 (http80/Probe1.htm) Load balancing rule: Rule1 (TCP/80) NAT rules: 0 inbound Public IP address: 52.178.134.69 (LB1-PIP) Rule1 is configured as shown below: IP version: IPv4 Frontend IP address: 52.178.134.69 (LoadBalancerFrontEnd) Protocol: TCP Port: 80 Backend port: 80 Backend pool: Backend1 (2 VMs) Health probe: Probe1 (HTTP:80/Probe1.htm) Session persistence: None Idle timeout (minutes): 4 Floating IP: Disabled If Probe1.htm is present on VM1 and VM2, LB1 will balance TCP port 80 between VM1 and VM2?

YES

You have an Azure subscription that contains the following resources: - A virtual network that has a subnet named Subnet1 - Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1 - A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-Subnet1 has the default inbound security rules only. NSG-VM1 has the default inbound security rules and the following custom inbound security rule: - Priority: 300 - Source: Any - Source port range: * - Destination: * - Destination port range: 3389 - Protocol: UDP - Action: Allow VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1. You need to be able to establish Remote Desktop connections from the internet to VM1. Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Any source to the * destination for port range 3389 and uses the TCP protocol. You remove NSG-VM1 from the network interface of VM1. Does this meet the goal?

Yes

You have an Azure subscription that contains the following resources: - A virtual network that has a subnet named Subnet1 - Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1 - A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-Subnet1 has the default inbound security rules only. NSG-VM1 has the default inbound security rules and the following custom inbound security rule: - Priority: 300 - Source: Any - Source port range: * - Destination: * - Destination port range: 3389 - Protocol: UDP - Action: Allow VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1. You need to be able to establish Remote Desktop connections from the internet to VM1. Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.

Yes

You have an Azure subscription that contains the resources in the following table: Name Type VM1 VM VM2 VM LB1 Load balancer (basic SKU) You install the Web Server role (IIS) on VM1 and VM2, and then add VM1 and VM2 to LB1. LB1 is configured as shown below: Resource group: RG-AZ104-Exam Location: North Europe Subscription: X-A-A-S Subscription ID: 78a7c101-4056-4947-a27e- 96b48bc448a6 SKU: Basic Tags: Backend pool: Backend1 (2VMs) Health probe: Probe1 (http80/Probe1.htm) Load balancing rule: Rule1 (TCP/80) NAT rules: 0 inbound Public IP address: 52.178.134.69 (LB1-PIP) Rule1 is configured as shown below: IP version: IPv4 Frontend IP address: 52.178.134.69 (LoadBalancerFrontEnd) Protocol: TCP Port: 80 Backend port: 80 Backend pool: Backend1 (2 VMs) Health probe: Probe1 (HTTP:80/Probe1.htm) Session persistence: None Idle timeout (minutes): 4 Floating IP: Disabled VM1 is in the same availability set as VM2?

Yes

You have an Azure subscription that contains the resources shown in the following table: Name Type Region RG1 RG West US RG2 RG East Asia Storage1 Storage West US Storage2 Storage East Asia VM1 VM West US vNET1 vNET West US vNET2 vNET East Asia VM1 connects to VNET1. You need to connect VM1 to VNET2. Solution: You delete VM1. You recreate VM1, and then you create a new network interface for VM1 and connect it to VM2. Does this meet the goal?

Yes

You have an Azure subscription that contains the virtual machines shown in the following table: Name Public IP SKU Connected to Status VM1 None vNET1/Subnet1 Deallocated VM2 Basic vNET1/Subnet2 Running You deploy a load balancer that has the following configurations: - Name: LB1 - Type: Internal - SKU: Standard - vNET: vNET1 You need to ensure that you can add VM1 and VM2 to the backend pool of LB1. Solution: You disassociate current Basic public IP from VM2 network interface, create two Standard public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine. Does this meet the goal?

Yes

You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json. You receive a notification that VM1 will be affected by maintenance. You need to move VM1 to a different host immediately. Solution: From the Redeploy blade, you click Redeploy. Does this meet the goal?

Yes

You have an app named App1 that is installed on two Azure VMs named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer. The effective network security configurations for VM2 are shown below: You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443. Solution: You modify the load balancing rule configuration to listen for traffic on TCP port 443. Does this meet the goal?

Yes

You need to ensure that an Azure AD user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription. Solution: You assign the Network Contributor role at the subscription level to Admin1. Does this meet the goal?

Yes

You need to ensure that an Azure AD user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription. Solution: You assign the Reader role at the subscription level to Admin1. Does this meet the goal?

Yes

You have an Azure Active Directory (Azure AD) tenant. You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal. Which three settings should you configure? New Conditional Access Policy Name First-policy Assignments Users and Groups [1] Cloud apps or actions [2] Conditions [3] Access Controls Grant [4] Session [5]

[1] - Users and Groups [4] - Grant

You have an Azure subscription named Sub1. You create an Azure Storage account named contosostorage, and then you create a file share named data. Which UNC path should you include in a script that references files from the data file share? \\ ----------.-----------\-----------

\\contosostorage.file.core.windows.net\data

You have an Azure subscription named Subscription1 that has a subscription ID of c276fc76-9cd4-44c9-99a7-4fd71546436e. You need to create a custom RBAC role named CR1 that meets the following requirements: - Can be assigned only to the resource groups in Subscription1 - Prevents the management of the access permissions for the resource groups - Allows the viewing, creating, modifying, and deleting of resources within the resource groups What should you specify in the assignable scopes and the permission elements of the definition of R1? "assignableScopes":[ "/" [1] "/subscriptions/c276fc76-9cd4-44c9-99a7-4fd71546436e" [2] "/subscriptions/c276fc76-9cd4-44c9-99a7-4fd71546436e/resourceGroups" [3] ], "permissions":[ { "actions":[ "*" ], "additionalProperties":{}, "dataActions":[], "notActions": [ "Microsoft.Authorization/*" [1] "Microsoft.Resources/*" [2] "Microsoft.Security/*" [3] ], "notDataActions":[] } ],

assignableScopes - 2 permission elements - 1

You have an Azure subscription that contains an Azure Storage account. You plan to copy an on-prem virtual machine image to a container named vmimages. You need to create the container for he planed image. Which command should you run?

az copy -make https://mystorageaccount.blob.core.windows.net/vmimages

You plan to deploy an Azure container instance by using the following Azure Resource Manager template: { "type": "Microsoft.ContainerInstance/containerGroups", "apiVersion": "2018-10-01", "name": "webprod", "location": "westus", "properties": { "containers": [ { "name": "webprod", "properties": { "image": "microsoft/iss:nanoserver", "ports": [ { "protocol": "TCP", "port": 80 } ], "environmentVariables": [ ], "resources": { "requests": { "memoryInGB": 1.5, "cpu": 1 } } } } ], "restartPolicy": "OnFailure", "ipAddress": { "ports": [ { "protocol": "TCP", "port": 80 } ], "ip": "[parapmeters('IPAddress')]", "type": "Public" }, "osType": "Windows" } } Internet users --------?

can connect to the container from any device

You have several azure virtual machines on a virtual network named vNET2. You configure an Azure Storage account as shown in the following exhibit: az104practicetests | Firewalls and virtual networks Allow access from: Selected networks Virtual Network Subnet Address range Endpoint Status vNET2 1 Prod 10.2.0.0/24 Enabled Firewall Add your client IP address ('188.27.254.150') Address range: IP address or CIDR Exceptions (none selected) Azure Backup will be able to back up the unmanaged hard disks of the virtual machines in the storage account?

never

Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees. All the resources used by Litware are hosted on-premises. Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The tenant uses the P1 pricing tier. Existing Environment The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the litware.com DNS zone. Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently. Litware.com contains a user named User1. All the offices connect by using private connections. Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device. All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table: Larger image Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory. The Azure subscription contains the resources in the following table: Larger image The network security team implements several network security groups (NSGs) Requirements Planned Changes Litware plans to implement the following changes: - Deploy Azure ExpressRoute to the Montreal office. - Migrate the virtual machines hosted on Server1 and Server2 to Azure. - Synchronize on-premises Active Directory to Azure Active Directory (Azure AD). - Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2. Technical Requirements Litware must meet the following technical requirements: - Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances. - Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office. - Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office. - Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only. - Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com. - Connect the New York office to VNet1 over the Internet by using an encrypted connection. - Create a workflow to send an email message when the settings of VM4 are modified. - Create a custom Azure role named Role1 that is based on the Reader role. - Minimize costs whenever possible. QUESTION 1 You need to implement Role1. Which command should you run before you create Role1? Choose from the (1) options and (2) options to complete the following command correctly. (1) -Name "Reader" | (2) (1) Find-RoleCapability (1) Get-AzureADDirectoryRole (1) Get-AzRoleDefinition (1) Get-AzResourceProvider (2) ConvertFrom-Json (2) ConvertFrom-String (2) ConvertTo-Json (2) ConvertTo-Xml

1 Get-AzRoleDefinitino 2 ConvertTo -JSon

You plan to create the Azure web apps shown in the following table: Name Runtime stack WebApp1 .NET Core 3.0 WebApp2 ASP .NET v4.7 WebApp3 PHP 7.3 WebApp4 Ruby 2.6 What is the minimum number of App service plans you should create for the web apps?

2

You have an Azure Linux virtual machine that is protected by Azure Backup. One week ago, two files were deleted from the virtual machine. You need to restore the deleted files to an on-premises Windows Server 2016 computer as quickly as possible. Which four actions should you perform in sequence? 1 - Download and run the script to mount a drive on the local computer 2 - Select a restore point that contains the deleted files 3 - From the Azure portal, click Restore VM from the vault 4 - From the Azure portal, click File Recovery from the vault 5 - Mount a VHD 6 - Copy the files by using AzCopy 7 - Copy the files by using File Explorer

4 - From the Azure portal, click File Recovery from the vault 2 - Select a restore point that contains the deleted files 1 - Download and run the script to mount a drive on the local computer 7 - Copy the files by using File Explorer

You have an Azure subscription. You have 100 Azure virtual machines. You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering. Which blade should you use from Azure Portal?

Advisor

You have an Azure subscription that contains a virtual machine named VM1. VM1 hosts a line-of-business application that is available 24 hours a day. VM1 has one network interface and one managed disk. VM1 uses the D4s v3 size. You plan to make the following changes to VM1: -Change the size to D8s v3 -Add a 500-GB managed disk -Add the Puppet Agent extension -Enable Desired State Configuration Management Which change will cause downtime for VM1?

Change the size to D8s v3

You plan to use Azure Network Watcher to perform the following tasks: Validate outbound connectivity from an Azure virtual machine to an external host. Which Azure feature should you use for this task?

Connection troubleshoot

you have an Azure subscription that contains a web app named webapp1. You need to add a custom domain named www.x-a-a-s.com to webapp1. What should you do first?

Create a DNS record

You need to deploy an Azure virtual machine scale set that contains five instances as quickly as possible. What should you do?

Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode

You have an Azure subscription that contains the resources below: Name Type Location vNET1 vNET East US IP1 Public IP address West Europe RT1 Route table North Europe You need to create a network interface named NIC1. In which location can you create NIC1?

East US only

You plan to use Azure Network Watcher to perform the following tasks: Identify a security rule that prevents a network packet from reaching an Azure virtual machine. Which Azure feature should you use for this task?

IP flow verify

You have an Azure virtual machine named VM1 and a Recovery Services vault named Vault1. you create a backup policy named Policy1 as shown in the exhibit: Policy name: Policy1 Backup Schedule Frequency: Daily Time: 2am Timezone: UTC Instant restore: Snapshot for 5 days Retention range: Daily backup point for 30 days Weekly retention: Sunday at 2am for 20 weeks Monthly retention: 2nd day of month for 24 months you configure the backup of VM1 to use Policy1 on Wednesday, December 31 at 5pm. You need to identify the number of available recovery points for VM1. How many recovery points are available on January 8 at 2pm and January 15 at 2pm?

January 8 - 8 January 15 - 15

You have a hybrid deployment of Azure AD that contains the users shown in the following table: Name Type Source User1 Member Azure AD User2 Member Windows Server AD User3 Guest Microsoft account You need to modify the JobTitle and UsageLocation attributes for the users. For which users can you modify the attributes from Azure AD?

JobTitle: User1 and User3 only UsageLocation: User1, User2, and User3

You purchase a new Azure subscription named Subscription1. You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup. You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days. What should you do?

Location in which to store backups - A Recovery Services Vault Object to use to configure the protection for VM1 - A backup policy

You have several azure virtual machines on a virtual network named vNET2. You configure an Azure Storage account as shown in the following exhibit: az104practicetests | Firewalls and virtual networks Allow access from: Selected networks Virtual Network Subnet Address range Endpoint Status vNET2 1 Prod 10.2.0.0/24 Enabled Firewall Add your client IP address ('188.27.254.150') Address range: IP address or CIDR Exceptions (none selected) The virtual machines on 10.2.9.0/24 subnet will have network connectivity to the file shares in the storage account?

Never

You have an Azure subscription that contains the resources shown in the following table: Name Type Region RG1 RG West US RG2 RG East Asia Storage1 Storage West US Storage2 Storage East Asia VM1 VM West US vNET1 vNET West US vNET2 vNET East Asia VM1 connects to VNET1. You need to connect VM1 to VNET2. Solution: You turn off VM1, and then you add a new network interface to VM1. Does this meet the goal?

No

Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market. Contoso products are manufactured by using blueprint files that the company authors and maintains. Existing Environment Currently, Contoso uses multiple types of servers for business operations, including the following: - File servers - Domain controllers - Microsoft SQL Server servers Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory. You have a public-facing application named App1. App1 is comprised of the following three tiers: - A SQL database - A web front end - A processing middle tier Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only. Requirements Planned Changes Contoso plans to implement the following changes to the infrastructure: - Move all the tiers of App1 to Azure. - Move the existing product blueprint files to Azure Blob storage. - Create a hybrid directory to support an upcoming Microsoft Office 365 migration project. Technical Requirements Contoso must meet the following technical requirements: - Move all the virtual machines for App1 to Azure. - Minimize the number of open ports between the App1 tiers. - Ensure that all the virtual machines for App1 are protected by backups. - Copy the blueprint files to Azure over the Internet. - Ensure that the blueprint files are stored in the archive storage tier. - Ensure that partner access to the blueprint files is secured and temporary. - Prevent user passwords or hashes of passwords from being stored in Azure. - Use unmanaged standard storage for the hard disks of the virtual machines. - Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity. - Minimize administrative effort whenever possible. User Requirements Contoso identifies the following requirements for users: - Ensure that only users who are part of a group named Pilot can join devices to Azure AD. - Designate a new user named Admin1 as the service admin for the Azure subscription. - Admin1 must receive email alerts regarding service outages. - Ensure that a new user named User3 can create network objects for the Azure subscription. QUESTION 1 You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation?

Number of virtual networks - 1 Number of subnets per virtual network - 3

You have an Azure subscription that contains the resources shown in the following table: Name Type RG Location RG1 RG n/a Central US RG2 RG n/a West US VMSS1 VM Scale Set RG2 West US Proximity1 Prox Plcmnt Grp RG1 West US Proximity2 Prox Plcmnt Grp RG2 Central US Proximity3 Prox Plcmnt Grp RG1 Central US You need to configure a proximity placement group for VMSS1. Which proximity placement groups should you use?

Proximity1 only

You create the following resources in an Azure subscription: - An Azure Container Registry instance named Registry1 - An Azure Kubernetes Service (AKS) cluster named Cluster1 You create a container image named App1 on your administrative workstation. You need to deploy App1 to Cluster1. What should you do first?

Run the az acr build command

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure?

Session persistence to Client IP

You have an Azure subscription that contains the identities shown in the following table: Name Type Member of User1 User None User2 User Group1 Principal1 Managed Id None Principal2 Managed Id Group1 User1, Principal1, and Group1 are assigned the Monitoring Reader role. An action group named AG1 has the Email Azure Resource Manager Role notification type and is configured to email the Monitoring Reader role. You create an alert rule named Alert1 that uses AG1. You need to identify who will receive an email notification when Alert1 is triggered. Who should you identify?

User1 only

You have a virtual network named vNET1 that has the configuration shown in the following exhibit: Name: vNET1 ResourceGroupName: Production Location: West US ID: /subscriptions/14d26092-8e42-4ea7-b770-9dcef70fblea/resourceGroups/Production/providers/Microsoft.Network/virtualNetworks/vNET1 Etag: W/"76f7odd6-d022-455b-aoae-376059318o5d" ResoucrseGuid: ************************************** ProvisioningState: Succeeded Tags: AddressSpace: { "AddressPrefixes": [ "10.2.0.0/16" ] } DhcpOptions: { } Subnets: [ { "Name: "default", "Etag": W/"76f7odd6-d022-455b-aoae-376059318o5d" "Id": " //subscriptions/14d26092-8e42-4ea7-b770-9dcef70fblea/resourceGroups/Production/providers/Microsoft.Network/virtualNetworks/vNET1/subnets/default" "AddressPrefix": "10.2.0.0/24", "IpConfigurations": [ ], "ResourceNavigationLinks": [ ], "ServiceEndpoints": [ ], "ProvisioningState": "Succeeded" } ] VirtualNetworkPeerings: [ ] EnableDDosProtection: false EnableVmProtection: false Before a virtual machine on vNET1 can receive an IP address from 10.2.1.0/24, you must first ----------?

add a subnet

You have a public load balancer that balances ports 80 and 443 across three virtual machines. You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only. What should you configure?

an inbound NAT rule

You have an Azure subscription. Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs. You have a line-of-business-app named App1 that runs on several Azure virtual machines. The virtual machines run Windows Server 2016. You need to ensure that the connections to App1 are spread across all the virtual machines. What are two possible Azure services that you can use?

an internal load balancer an Azure Application Gateway

Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees. All the resources used by Litware are hosted on-premises. Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The tenant uses the P1 pricing tier. Existing Environment The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the litware.com DNS zone. Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently. Litware.com contains a user named User1. All the offices connect by using private connections. Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device. All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table: Larger image Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory. The Azure subscription contains the resources in the following table: Larger image The network security team implements several network security groups (NSGs) Requirements Planned Changes Litware plans to implement the following changes: - Deploy Azure ExpressRoute to the Montreal office. - Migrate the virtual machines hosted on Server1 and Server2 to Azure. - Synchronize on-premises Active Directory to Azure Active Directory (Azure AD). - Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2. Technical Requirements Litware must meet the following technical requirements: - Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances. - Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office. - Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office. - Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only. - Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com. - Connect the New York office to VNet1 over the Internet by using an encrypted connection. - Create a workflow to send an email message when the settings of VM4 are modified. - Create a custom Azure role named Role1 that is based on the Reader role. - Minimize costs whenever possible. QUESTION 2 You need to recommend a solution to automate the configuration for the finance department users. The solution must meet the technical requirements. What should you include in the recommendation?

dynamic groups and conditional access policies

You have a deployment template named Template1 that is used to deploy 10 Azure web apps. You need to identify what to deploy before you deploy Template1. The solution must minimize Azure costs. What should you identify?

one App Service plan

You plan to move a distributed on-prem app named App1 to an Azure subscription. After the planned move, App1 will be hosted on several Azure virtual machines. You need to ensure that App1 always runs on at least eight virtual machines during planned Azure maintenance. What should you create?

one Availability set that has 10 update domains and 2 fault domains

You have an Azure Kubernetes Service (AKS) cluster named AKS1. You need to configure cluster autoscaler for AKS1. Which two tools should you use?

the az aks command the Azure portal

You plan to deploy an Azure container instance by using the following Azure Resource Manager template: { "type": "Microsoft.ContainerInstance/containerGroups", "apiVersion": "2018-10-01", "name": "webprod", "location": "westus", "properties": { "containers": [ { "name": "webprod", "properties": { "image": "microsoft/iss:nanoserver", "ports": [ { "protocol": "TCP", "port": 80 } ], "environmentVariables": [ ], "resources": { "requests": { "memoryInGB": 1.5, "cpu": 1 } } } } ], "restartPolicy": "OnFailure", "ipAddress": { "ports": [ { "protocol": "TCP", "port": 80 } ], "ip": "[parapmeters('IPAddress')]", "type": "Public" }, "osType": "Windows" } } If Internet Information Services (IIS) in the container fails ------?

the container will restart automatically

You have an Azure subscription that contains the resources in the following table: Name Type Region Resource Group vNET1 vNET West US RG2 vNET2 vNET West US RG1 vNET3 vNET East US RG1 NSG1 NSG East US RG2 To which subnets can you apply NSG1?

the subnets on vNET3 only

Peering for vNET2 is configured as shown in the following exhibit: Name Peering status Peer Gateway transit Peering1 Connected vNET1 Disabled Peering for vNET3 is configured as shown in the following exhibit: Name Peering status Peer Gateway transit Peering1 Connected vNET1 Disabled Where can packets from vNET2 be routed to?

vNET1

Peering for vNET2 is configured as shown in the following exhibit: Name Peering status Peer Gateway transit Peering1 Connected vNET1 Disabled Peering for vNET3 is configured as shown in the following exhibit: Name Peering status Peer Gateway transit Peering1 Connected vNET1 Disabled Where can packets from vNET3 be routed to?

vNET1 only

Peering for vNET2 is configured as shown in the following exhibit: Name Peering status Peer Gateway transit Peering1 Connected vNET1 Disabled Peering for vNET3 is configured as shown in the following exhibit: Name Peering status Peer Gateway transit Peering1 Connected vNET1 Disabled Where can packets from vNET1 be routed to?

vNET2 and vNET3

You have an Azure subscription named Subscription1 that has the following providers registered: Authorization, Automation, Resources, Compute, KeyVault, Network, Storage, Billing, and Web. Subscription1 contains an Azure virtual machine named VM1 that has the following configurations: - Private IP address: 10.0.0.4 (dynamic) - Network security group: NSG1 - Public IP address: None - Availability set: AVSet - Subnet: 10.0.0.0/24 - Managed disks: No - Location: East US You need to record all the successful and failed connection attempts to VM1. Which three actions should you perform?

- Enable Azure Network Watcher in the East US Azure region - Register the Microsoft.Insights resource provider - Enable Azure Network Watcher flow logs

You have an Azure subscription that contains a virtual network named vNET1. vNET1 contains the subnets shown in the following table: Name Connected VMs Subnet1 VM1, VM2 Subnet2 VM3, VM4 Subnet3 VM5, VM6 Each virtual machine uses a static IP address. You need to create network security groups to meet the following requirements: - Allow web requests from the internet to VM3, VM4, VM5, and VM6 - Allow all connections between VM1 and VM2 - Allow Remote Desktop connections to VM1 - Prevent all other network traffic to vNET1 What is the minimum number of NSGs you should create?

1

You have an Azure AD tenant. You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal. Which three settings should you configure? Name: Policy 1 Assignments Users and groups [1] Cloud apps [2] Conditions [3] Access controls Grant [4] Session [5] Enable policy: Off

1 - Users and groups 2 - Cloud apps 4 - Grant

You have an Azure subscription that contains an Azure storage account named Storage1 and the users shown in the following table: Name Member of User1 Group1 User2 Group2 User3 Group1 You plan to monitor Storage1 and to configure email notifications for the signals shown in the following table: Name Type Users to notify Ingress Metric User1 and User3 only Egress Metric User1 only Delete storage account Activity Log User1, User2 and User3 Restore blob ranges Activity Log User1 and User3 only You need to identify the minimum number of alert rules and action groups required for the planned monitoring.

Alert rules - 4 Action groups - 3

Your company has an Azure subscription named Subscription1. The company also has two on-prem servers named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a DNS server that has a primary DNS zone named adatum.com. Adatum.com contains 1,000 DNS records. You manage Server1 and Subscription1 from Server2. Server2 has the following tools installed: - The DNS Manager console - Azure PowerShell - Azure CLI 2.0 you need to move the adatum.com zone to an Azure DNS zone in Subscription1. The solution must minimize administrative effort. What should you use?

Azure CLI

You have an Azure subscription named Subscription1. You have 5 TB of data that you need to transfer to Subscription1 and you plan to use an Azure Import/Export job. What can you use as the destination of the imported data?

Azure File Storage

You have an Azure VM named VM1. Azure collects events from VM1. You are creating an alert rule in Azure Monitor to notify an administrator when an error is logged in the System event log of VM1. Which target resource should you monitor in the alert rule?

Azure Log Analytics workspace

You have a sync group named Sync1 that has a cloud endpoint. The cloud endpoint includes a file named File1.txt. Your on-prem network contains servers that run Windows Server 2016. The servers are configured as shown in the following table: Name Share Share contents Server1 Share1 File1.txt, File2.txt Server2 Share2 File2.txt, File3.txt You add Share1 as an endpoint for Sync1. One hour later, you add Share2 as an endpoint for Sync1. On Server1, File1.txt is overwritten by File1.txt from the cloud endpoint?

False

You have a sync group named Sync1 that has a cloud endpoint. The cloud endpoint includes a file named File1.txt. Your on-prem network contains servers that run Windows Server 2016. The servers are configured as shown in the following table: Name Share Share contents Server1 Share1 File1.txt, File2.txt Server2 Share2 File2.txt, File3.txt You add Share1 as an endpoint for Sync1. One hour later, you add Share2 as an endpoint for Sync1. On the cloud endpoint, File1.txt is overwritten by File1.txt from Share1?

False

You plan to create an Azure Storage account in the Azure region of East US 2. You need to create a storage account that meets the following requirements: - Replicates synchronously - Remains available if a single data center in the region fails How should you configure the storage account?

Replication - Zone redundant storage (ZRS) Account type - Storage v2 (general purpose v2)

You need to ensure that an Azure AD user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription. Solution: You assign the Owner role at the subscription level to Admin1. Does this meet the goal?

Yes

You plan to use the Azure Import/Export service to copy files to a storage account. Which two files should you create before you prepare the drives for the import job?

a dataset CSV file a driveset CSV file

You have a virtual network named vNET1 that has the configuration shown in the following exhibit: Name: vNET1 ResourceGroupName: Production Location: West US ID: /subscriptions/14d26092-8e42-4ea7-b770-9dcef70fblea/resourceGroups/Production/providers/Microsoft.Network/virtualNetworks/vNET1 Etag: W/"76f7odd6-d022-455b-aoae-376059318o5d" ResoucrseGuid: ************************************** ProvisioningState: Succeeded Tags: AddressSpace: { "AddressPrefixes": [ "10.2.0.0/16" ] } DhcpOptions: { } Subnets: [ { "Name: "default", "Etag": W/"76f7odd6-d022-455b-aoae-376059318o5d" "Id": " //subscriptions/14d26092-8e42-4ea7-b770-9dcef70fblea/resourceGroups/Production/providers/Microsoft.Network/virtualNetworks/vNET1/subnets/default" "AddressPrefix": "10.2.0.0/24", "IpConfigurations": [ ], "ResourceNavigationLinks": [ ], "ServiceEndpoints": [ ], "ProvisioningState": "Succeeded" } ] VirtualNetworkPeerings: [ ] EnableDDosProtection: false EnableVmProtection: false Before a virtual machine on vNET1 can receive an IP address from 192.168.1.0/24, you must first ---------------?

add an address space


Related study sets

Chapter 1 Economics foundations and models

View Set

APUSH Chapter 26-28, APUSH Chapter 23-25, APUSH Chapter 22, APUSH Chapter 20-21, APUSH Chapter 19, APUSH Chapter 18, APUSH Chapter 16-17, APUSH Chapter 16 Part 1, APUSH Chapters 14-15, APUSH Chapters 11-13, APUSH Chapters 9-12, APUSH Chapters 6-8, AP...

View Set

Gatsby: Match Quotes with Speakers

View Set