Practice Free AZ-104 Exam Online Questions
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2.
Connections to Appl are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections 10 Appl from 131.107.100.50 over TCP port 443 fail.
You verity that the Load Balancer rules are configured correctly.
You need to ensure that connections to Appl can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You create an inbound security rule that allows any traffic from the Azureload Balancer
source and has a priority of 150.
Does this meet the goal?
- A . Yes
- B . No
You need to implement a backup solution for App1 after the application is moved.
What should you create first?
- A . a recovery plan
- B . an Azure Backup Server
- C . a backup policy
- D . a Recovery Services vault
D
Explanation:
A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault.
Scenario:
There are three application tiers, each with five virtual machines.
Move all the virtual machines for App1 to Azure.
Ensure that all the virtual machines for App1 are protected by backups.
Reference: https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal
Topic 6, Misc. Questions
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a quest user account in contoso.com for each of the 500 external users.
Solution: from Azure AD in the Azure portal, you use the Bulk create user operation.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/tutorial-bulk-invite?source=recommendations
– Use "Bulk invite users" to prepare a comma-separated value (.csv) file with the user information and invitation preferences
– Upload the .csv file to Azure AD
– Verify the users were added to the directory
HOTSPOT
You have an Azure subscription.
You plan to create the Azure Storage account as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure subscription that has offices in the East US and West US Azure regions.
You plan to create the storage account shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
Box1 = To minimize the network costs of accessing adatum22, modify the Default routing tier setting.
The default routing tier setting determines how network traffic is routed from the internet to the storage account. By default, the Microsoft global network routing option is selected, which means that traffic is routed over the Microsoft global network for the bulk of its path, maximizing network performance and reliability. However, this option also incurs network charges for data transfer between different Azure regions. The internet routing option, on the other hand, minimizes the traversal of traffic over the Microsoft global network, handing it off to the transit ISP at the earliest opportunity. This option lowers networking costs, but may compromise network performance and reliability. Therefore, to minimize the network costs of accessing adatum22, which is located in the East US region, from the West US region, you should modify the default routing tier setting to use internet routing instead of Microsoft global network routing. For more information, see Network routing preference for Azure Storage.
Box2 = Encryption Type
https://learn.microsoft.com/en-us/azure/storage/common/infrastructure-encryption-enable?tabs=portal
HOTSPOT
You plan to deploy an Azure container instance by using the following Azure Resource Manager template.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the template.
Explanation:
Box 1: can connect to the container from any device
In the policy "osType": "window" refer that it will create a container in a container group that runs Windows but it won’t block access depending on device type.
Box 2: the container will restart automatically
Docker provides restart policies to control whether your containers start automatically when they exit, or when Docker restarts. Restart policies ensure that linked containers are started in the correct order. Docker recommends that you use restart policies, and avoid using process managers to start containers.
on-failure: Restart the container if it exits due to an error, which manifests as a non-zero exit code. As the flag is mentioned as "on-failure" in the policy, so it will restart automatically
Reference:
https://docs.microsoft.com/en-us/cli/azure/container?view=azure-cli-latest
https://docs.docker.com/config/containers/start-containers-automatically/
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1.
VNet1 is in a resource group named RG1.
Subscription1 has a user named User1.
User1 has the following roles;
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do?
- A . Assign User1 the Contributor role for VNet1.
- B . Remove User from the Security Reader and Reader roles tot Subscription1.
- C . Assign User1 the Network Contributor role for VNet1.
- D . Assign User1 the User Access Administrator role for VNet1
D
Explanation:
https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#:~:text=The%20User%20Access%20Administrator%20role%20enables%20the%20user%20to%20grant,Azure%20subscriptions%20and%20management%20groups.
HOTSPOT
You have an Azure Storage accounts as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: storageaccount1 and storageaccount2 only
Box 2: All the storage accounts
Note: The three different storage account options are: General-purpose v2 (GPv2) accounts, General-purpose v1 (GPv1) accounts, and Blob storage accounts.
General-purpose v2 (GPv2) accounts are storage accounts that support all of the latest features for blobs, files, queues, and tables.
Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs.
General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-options
HOTSPOT
You have an Azure subscription that contains the vaults shown in the following table.
You deploy the virtual machines shown in the following table.
Each of the following statements, select Yes if the statement is true. Otherwise, select No NOTE: Each cored selection it worth one point.
You need to ensure that you can grant Group4 Azure RBAC read-only permissions to all the A2ure file shares.
What should you do?
- A . On storagel and storage4, change the Account kind type to StorageV2 (general purpose v2).
- B . Recreate storage2 and set Hierarchical namespace to Enabled.
- C . On storage2, enable identity-based access for the file shares.
- D . Create a shared access signature (SAS) for storagel, storage2, and storage4.