Practice Free AZ-104 Exam Online Questions
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2.
Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a cost of 64999.
Does this meet the goal?
- A . Yes
- B . No
HOTSPOT
You have an Azure App Service web app named appl. You configure autoscaling as shown in following exhibit.
You configure the autoscale rule criteria as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
You need to configure an Azure web app named contoso.azurewebsites.net to host www.contoso.com.
What should you do first?
- A . Create a CNAME record named asuid that contains the domain verification ID.
- B . Create A records named www.contoso.com and asuid.contoso.com.
- C . Create a TXT record named asuid that contains the domain verification ID.
- D . Create a TXT record named www.contoso.com that has a value of contoso.azurewebsites.net.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure virtual machine named VM1. VM1 was deployed by using a custom Azure Resource Manager template named ARM1.json.
You receive a notification that VM1 will be affected by maintenance.
You need to move VM1 to a different host immediately.
Solution: From the Redeploy blade, you click Redeploy.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
Redeploying the virtual machine moves it to a new host within the same region and availability set. This can help resolve any underlying issues with the current host. Redeploying the virtual machine does not affect the configuration or data on the virtual machine.
Then, Reference: [Redeploy Windows VM to new Azure node]
You sign up for Azure Active Directory (Azure AD) Premium.
You need to add a user named [email protected] as an administrator on all the computers that will be joined to the Azure AD domain.
What should you configure in Azure AD?
- A . Device settings from the Devices blade.
- B . General settings from the Groups blade.
- C . User settings from the Users blade.
- D . Providers from the MFA Server blade.
A
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin
You sign up for Azure Active Directory (Azure AD) Premium.
You need to add a user named [email protected] as an administrator on all the computers that will be joined to the Azure AD domain.
What should you configure in Azure AD?
- A . Device settings from the Devices blade.
- B . General settings from the Groups blade.
- C . User settings from the Users blade.
- D . Providers from the MFA Server blade.
A
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the virtual machines shown in the following table.
All The virtual machines have only private IP addresses. You deploy an Azure Bastion host named Bastion1 to VNet1.
To which virtual machines can you connect through Bastion1?
- A . VM1 only
- B . VM1 and VM2 only
- C . VM1 and VM3 only
- D . VM1, VM2, and VM3
B
Explanation:
Azure Bastion is a service that provides secure and seamless RDP and SSH access to virtual machines directly from the Azure portal, without exposing them to the public internet1. To use Azure Bastion, you need to deploy it in the same virtual network as the virtual machines you want to connect to2.
According to the tables, you deployed an Azure Bastion host named Bastion1 to VNet1. Therefore, you can connect through Bastion1 to any virtual machine that is in VNet1 or a virtual network that is peered with VNet1. VM1 and VM3 are both in VNet1, so you can connect to them through Bastion1. VM2 is in VNet2, which is not peered with VNet1, so you cannot connect to it through Bastion1.
HOTSPOT
You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table.
You create a private Azure DNS zone named adatum.com. You configure the adatum.com zone to allow auto registration from VNET1.
Which A records will be added to the adatum.com zone for each virtual machine? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You have the Azure management groups shown in the following table.
You add Azure subscriptions to the management groups as shown in the following table.
You create the Azure policies shown in the following table.
For each of the following statements, select Yes it the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.
The virtual machines host several applications that are accessible over port 443 to user on the Internet.
Your on-premises network has a site-to-site VPN connection to VNet1.
You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.
You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.
What should you do?
- A . Modify the address space of the local network gateway.
- B . Remove the public IP addresses from the virtual machines.
- C . Modify the address space of Subnet1.
- D . Create a deny rule in a network security group (NSG) that is linked to Subnet1.
D
Explanation:
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
You can use a site-to-site VPN to connect your on-premises network to an Azure virtual network. Users on your on-premises network connect by using the RDP or SSH protocol over the site-to-site VPN connection. You don’t have to allow direct RDP or SSH access over the internet. And this can be achieved by configuring a deny rule in a network security group (NSG) that is linked to Subnet1 for RDP / SSH protocol coming from internet.
Modify the address space of Subnet1: Incorrect choice
Modifying the address space of Subnet1 will have no impact on RDP traffic flow to the virtual network.
Modify the address space of the local network gateway: Incorrect choice
Modifying the address space of the local network gateway will have no impact on RDP traffic flow to the virtual network.
Remove the public IP addresses from the virtual machines: Incorrect choice
If you remove the public IP addresses from the virtual machines, none of the applications be accessible publicly by the Internet users.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices