Practice Free AZ-104 Exam Online Questions
You have an Azure subscription that contains a storage account named storage 1.
You need to allow access to storage1 from selected networks and your home office. The solution must minimize administrative effort.
What should you do first for storage1?
- A . Add a private endpoint.
- B . Modify the Public network access settings.
- C . Select Internet routing
- D . Modify the Access Control (1AM) settings.
You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort.
What should you do?
- A . Create a user-defined route from VNET1 to VNET3.
- B . Assign VM4 an IP address of 10.0.1.5/24.
- C . Establish peering between VNET1 and VNET3.
- D . Create an NSG and associate the NSG to VMI and VM4.
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
You have an Azure subscription named Subscription1.
You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?
- A . Azure Data Lake Store
- B . a virtual machine
- C . the Azure File Sync Storage Sync Service
- D . Azure Blob storage
D
Explanation:
Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
The maximum size of an Azure Files Resource of a file share is 5 TB.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
HOTSPOT
You have an Azure subscription that has the Azure container registries shown in the following table.
You plan to use ACR Tasks and configure endpoint connections.
HOTSPOT
You have an Azure subscription that has the Azure container registries shown in the following table.
You plan to use ACR Tasks and configure endpoint connections.
You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you recommend?
- A . Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.
- B . Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
- C . Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
- D . Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
C
Explanation:
As App1 is public-facing we need an incoming security rule, related to the access of the web servers.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier.
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
No, this does not meet the goal. Unregistering the Microsoft.ClassicNetwork provider does not affect the creation of network security groups (NSGs) in the subscription. The Microsoft.ClassicNetwork provider is used for managing classic deployment model resources, such as virtual networks, network interfaces, and public IP addresses1. However, NSGs are only supported for Resource Manager deployment model resources2. Therefore, unregistering the Microsoft.ClassicNetwork provider will not automatically block TCP port 8080 between the virtual networks.
To meet the goal, you need to create a custom policy definition that enforces a default security rule for NSGs. A policy definition is a set of rules and actions that Azure performs when evaluating your resources3. You can use a policy definition to specify the required properties and values for NSGs, such as the direction, protocol, source, destination, and port of the security rule. You can then assign the policy definition to the subscription scope, so that it applies to all the resource groups and virtual networks in the subscription.
HOTSPOT
You have an Azure subscription that is linked to an Azure AD tenant. The tenant contains two users named User1 and User2.
The subscription contains the resources shown in the following table.
The subscription contains the alert rules shown in the following table.
The users perform the following actions:
• User1 creates a new virtual disk and attaches the disk to VM1.
• User2 creates a new resource tag and assigns the tag to RG1 and VM1.
Which alert rules are triggered by each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
In this case, you have two alert rules: Alert1 and Alert2. Alert1 has a scope of RG1, which means it applies to all the resources in the resource group named RG1. Alert1 has a condition of All Administrative operations, which means it triggers when any administrative operation is performed on the resources in RG1. An administrative operation is any operation that changes the configuration or state of a resource, such as creating, deleting, updating, or restarting.
Alert2 has a scope of VM1, which means it applies only to the virtual machine named VM1. Alert2 also has a condition of All Administrative operations, which means it triggers when any administrative operation is performed on VM1.
Now, let’s see which alert rules are triggered by each user.
User1 creates a new virtual disk and attaches the disk to VM1. This is an administrative operation on VM1, so it triggers Alert2. However, it does not trigger Alert1, because the new disk is not part of RG1. Therefore, the correct answer for User1 is C. Only Alert2 is triggered.
User2 creates a new resource tag and assigns the tag to RG1 and VM1. This is also an administrative operation on both RG1 and VM1, so it triggers both Alert1 and Alert2. Therefore, the correct answer for User2 is D. Alert1 and Alert2 are triggered.
HOTSPOT
You have an Azure subscription that is linked to an Azure AD tenant. The tenant contains two users named User1 and User2.
The subscription contains the resources shown in the following table.
The subscription contains the alert rules shown in the following table.
The users perform the following actions:
• User1 creates a new virtual disk and attaches the disk to VM1.
• User2 creates a new resource tag and assigns the tag to RG1 and VM1.
Which alert rules are triggered by each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
In this case, you have two alert rules: Alert1 and Alert2. Alert1 has a scope of RG1, which means it applies to all the resources in the resource group named RG1. Alert1 has a condition of All Administrative operations, which means it triggers when any administrative operation is performed on the resources in RG1. An administrative operation is any operation that changes the configuration or state of a resource, such as creating, deleting, updating, or restarting.
Alert2 has a scope of VM1, which means it applies only to the virtual machine named VM1. Alert2 also has a condition of All Administrative operations, which means it triggers when any administrative operation is performed on VM1.
Now, let’s see which alert rules are triggered by each user.
User1 creates a new virtual disk and attaches the disk to VM1. This is an administrative operation on VM1, so it triggers Alert2. However, it does not trigger Alert1, because the new disk is not part of RG1. Therefore, the correct answer for User1 is C. Only Alert2 is triggered.
User2 creates a new resource tag and assigns the tag to RG1 and VM1. This is also an administrative operation on both RG1 and VM1, so it triggers both Alert1 and Alert2. Therefore, the correct answer for User2 is D. Alert1 and Alert2 are triggered.
You need to add VM1 and VM2 to the backend poo! of LB1.
What should you do first?
- A . Create a new NSG and associate the NSG to VNET1/Subnet1.
- B . Connect VM2 to VNET1/Subnet1.
- C . Redeploy VM1 and VM2 to the same availability zone.
- D . Redeploy VM1 and VM2 to the same availability set.