Practice Free AZ-104 Exam Online Questions
HOTSPOT
You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1.
You install and configure a web server and a DNS server on VM1.
VM1 has the effective network security rules shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
A number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed. https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
You have the Azure virtual machines shown in the following table.
VNET1 is linked to a private DNS zone and named contoso.com that contains the records shown in the following table.
You need to ping VM2 from VM1.
Which DNS names can you use to ping VM2.
- A . comp2 contoso.com only
- B . com1.contoso.com and comp2.contoso.com only
- C . comp2.contoso.com and comp4.contoso.com only
- D . comp1.contoso.com, comp2.contoso.com and comp4.contoso.con only
- E . comp1.contoso.com comp2contoso.com.comp3.contoso.com and comp4.contoso.com
You create an Azure Storage account.
You plan to add 10 blob containers to the storage account.
For one of the containers, you need to use a different key to encrypt data at rest.
What should you do before you create the container?
- A . Modify the minimum TLS version.
- B . Create an encryption scope.
- C . Generate a shared access signature (SAS).
- D . Rotate the access keys.
B
Explanation:
https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-scope-overview#how-encryption-scopes-work
Yon have an Azure Storage account named storage1 that contains a blob container named comainer1. You need to prevent new content added to contalner1 from being modified for one year.
What should you configure?
- A . an access policy
- B . the access level
- C . the access tier
- D . the Access control (JAM) settings
HOTSPOT
You have an Azure subscription that contains the vaults shown in the following table.
You create a storage account that contains the resources shown in the following table.
To which vault can you back up cont1 and share1? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.
You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs.
What should you use?
- A . Diagram in VNet1
- B . the security recommendations in Azure Advisor
- C . Diagnostic settings in Azure Monitor
- D . Diagnose and solve problems in Traffic Manager Profiles
- E . IP flow verify in Azure Network Watcher
E
Explanation:
Scenario: Litware must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
Reference: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
You have an Azure virtual machine named VM1.
You use Azure Backup to create a backup of VM1 named Backup 1.
After creating Backup1, you perform the following changes to VM1:
Modify the size of VM 1.
– Copy a file named Budget.xls to a folder named Data.
– Reset the password for the built-in administrator account.
– Add a data disk to VM 1.
An administrator uses the Replace existing option to restore VM1 from Backup 1.
You need to ensure that all the changes to VM1 are restored.
Which change should you perform again?
- A . Modify the size of VM1.
- B . Add a data disk.
- C . Reset the password for the built-in administrator account.
- D . Copy Budget.xls to Data.
D
Explanation:
The scenario mentioned in the question, we are using the replace option. So in this case we would lose the existing data written to the disk after the backup was taken. The file was copied to the disk after the backup was taken. Hence, we would need to copy the file once again.
Reference: https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms#replace-existing-disks
You have two Azure virtual machines named VM1 and VM2 that run Windows Server. The virtual
machines are in a subnet named Subnet1. Subnet1 is in a virtual network named VNet1. You need to
prevent VM1 from accessing VM2 on port 3389.
What should you do?
- A . Create a network security group (NSG) that has an outbound security rule to deny destination port 3389 and apply the NSG to the network interface of VM1.
- B . Create a network security group (NSG) that has an inbound security rule to deny source port 3389 and apply the NSG to Subnet1.
- C . Create a network security group (NSG) that has an outbound security rule to deny source port
3389 and apply the NSG to Subnet1. - D . Configure Azure Bastion in VNet1.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft Entra tenant named Adatum.com and an Azure Subscription named Subscription1. Adatum.com contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal?
- A . Yes
- B . No
You need to configure WebApp1 to meet the technical requirements.
Which certificate can you use from Vault1?
- A . Cert1 only
- B . Cert1 or Cert2 only
- C . Cert1 or Cert3 only
- D . Cert3 or Cert4 only
- E . Cert1, Cert2, Cert3, or Cert4