Practice Free Microsoft AZ-104 Exam Questions Online, AZ-104 Free Demo

Question 76 Selectable Answer

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has a Microsoft SQL Server Always On availability group configured on their Azure virtual machines (VMs).
You need to configure an Azure internal load balancer as a listener for the availability group.
Solution: You enable Floating IP.
Does the solution meet the goal?

A. Yes
B. No

Answer:

Question 77 Selectable Answer

You have an Azure subscription named Subscription1 that contains the resource groups shown in the following table.

In RG1, you create a virtual machine named VM1 in the East Asia location.
You plan to create a virtual network named VNET1.
You need to create VNET1, and then connect VM1 to VNET1.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A. Create VNET1 in RG2, and then set East Asia as the location.
B. Create VNET1 in a new resource group in the West US location, and then set West US as the location.
C. Create VNET1 in RG1, and then set East US as the location.
D. Create VNET1 in RG2, and then set East US as the location.
E. Create VNET1 in RG1, and then set East Asia as the location.

Answer:

Question 78 Written Answer

You have an Azure Storage account named storage1.
You have an Azure Service app named App1 and an app named App2 that runs in an Azure container instance. Each app uses a managed identity.
You need to ensure that App1 and App2 can read blobs from storage1.
The solution must meet the following requirements:
- Minimize the number of secrets used.
- Ensure that App2 can only read from storage1 for the next 30 days.
What should you configure in storage1 for each app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
App1: Access keys
App2: Shared access signature (SAS)
A shared access signature (SAS) provides secure delegated access to resources in your storage account without compromising the security of your data. With a SAS, you have granular control over how a client can access your data. You can control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview

Question 79 Selectable Answer

You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.
Which Azure Network Watcher feature should you use?

A. IP flow verify
B. Connection troubleshoot
C. Connection monitor
D. NSG flow logs

Answer:
Explanation:
The connection monitor capability monitors communication at a regular interval and informs you of reachability, latency, and network topology changes between the VM and the endpoint Incorrect Answers:
A: The IP flow verify capability enables you to specify a source and destination IPv4 address,port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify then tests the communication and informs you if the connection succeeds or fails. If the connection fails, IP flow verify tells you which security rule allowed or denied the communication, so that you can resolve the problem.
B: The connection troubleshoot capability enables you to test a connection between a VM and another VM, an FQDN, a URI, or an IPv4 address. The test returns similar information returned when using the connection monitor capability, but tests the connection at a point in time, rather than monitoring it over time, as connection monitor does.
D: The NSG flow log capability allows you to log the source and destination IP address, port, protocol, and whether traffic was allowed or denied by an NSG.
Reference: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

Question 80 Written Answer

You have an Azure subscription that contains a virtual network named VNet1.
VNet1 uses an IP address space of 10.0.0.0/16 and contains the subnets in the following table:

Subnet1 contains a virtual appliance named VM1 that operates as a router.
You create a routing table named RT1.
You need to route all inbound traffic from the VPN gateway to VNet1 through VM1.
How should you configure RT1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Question 81 Selectable Answer

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.
You purchase 10 Azure AD Premium P2 licenses for the tenant.
You need to ensure that 10 users can use all the Azure AD Premium features.
What should you do?

A. From the Licenses blade of Azure AD, assign a license
B. From the Groups blade of each user, invite the users to a group
C. From the Azure AD domain, add an enterprise application
D. From the Directory role blade of each user, modify the directory role

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/license-users-groups

Question 82 Selectable Answer

Your company has virtual machines (VMs) hosted in Microsoft Azure. The VMs are located in a single Azure virtual network named VNet1.
The company has users that work remotely. The remote workers require access to the VMs on VNet1.
You need to provide access for the remote workers.
What should you do?

A. Configure a Site-to-Site (S2S) VP
B. Configure a VNet-toVNet VP
C. Configure a Point-to-Site (P2S) VP
D. Configure DirectAccess on a Windows Server 2012 server V
E. Configure a Multi-Site VPN

Answer:
Explanation:
A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer.
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways

Question 83 Selectable Answer

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
- A virtual network that has a subnet named Subnet1
- Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
- A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
- Priority: 100
- Source: Any
- Source port range: *
- Destination: *
- Destination port range: 3389
- Protocol: UDP
- Action: Allow
VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.
Does this meet the goal?

A. Yes
B. No

Answer:
Explanation:
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, bydefault.
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection

Question 84 Selectable Answer

Your company has three virtual machines (VMs) that are included in an availability set.
You try to resize one of the VMs, which returns an allocation failure message.
It is imperative that the VM is resized.
Which of the following actions should you take?

A. You should only stop one of the VMs.
B. You should stop two of the VMs.
C. You should stop all three VMs.
D. You should remove the necessary VM from the availability set.

Answer:
Explanation:
If the VM you wish to resize is part of an availability set, then you must stop all VMs in the availability set before changing the size of any VM in the availability set. The reason all VMs in the availability set must be stopped before performing the resize operation to a size that requires different hardware is that all running VMs in the availability set must be using the same physical hardware cluster. Therefore, if a change of physical hardware cluster is required to change the VM size then all VMs must be first stopped and then restarted one-by-one to a different physical hardware clusters.
Reference: https://azure.microsoft.com/es-es/blog/resize-virtual-machines/

Question 85 Written Answer

You have an Azure subscription that contains the resources shown in the following table.

VMSS1 is set to VM (virtual machines) orchestration mode.
You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1.
Which resource group and location should you use to deploy VM1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: RG1, RG2, or RG3
The resource group stores metadata about the resources. When you specify a location for the resource group, you're specifying where that metadata is stored. The location of the RG doesn't influence the choice of the location of VM. best practice would be to create the VM1 in the RG1 because the scale set is in RG1. And Microsoft recommends that resources contained in a Resource Group share the same resource lifecycle.
Box 2: West US only
You can add the virtual machine to a scale set in the same region, zone, and resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes

Question 86 Selectable Answer

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.

You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You delete the BlockAllOther443 inbound security rule.
Does this meet the goal?

A. Yes
B. No

Answer:
Explanation:
https://fastreroute.com/azure-network-security-groups-explained/

Question 87 Selectable Answer

You have three offices and an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.
You need to grant user management permissions to a local administrator in each office.
What should you use?

A. Azure AD roles
B. administrative units
C. access packages in Azure AD entitlement management
D. Azure roles

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/roles/administrative-units

Question 88 Written Answer

Drag and Drop
You have an Azure subscription named Subscription1.
You create an Azure Storage account named Contoso storage, and then you create a file share named data.
Which UNC path should you include in a script that references files from the data file share? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: Contoso storage
The name of account
Box 2: file.core.windows.net
Box 3: data
The name of the file share is data.
Example:

Reference:https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

Question 89 Selectable Answer

You create the following resources in an Azure subscription:
- An Azure Container Registry instance named Registry1
- An Azure Kubernetes Service (AKS) cluster named Cluster1
You create a container image named Ap p1 on your administrative workstation.
You need to deploy App1 to Cluster1.
What should you do first?

A. Run the docker push command.
B. Create an App Service plan.
C. Run the az acr build command.
D. Run the az aks create command.

Answer:
Explanation:
You should sign in and push a container image to Container Registry. R un the az acr build command to build and push the container imag e. az acr build \
--image contoso-website \
--registry $ACR_NAME \
--file Dockerfile .
Explanation:
Reference: https://docs.microsoft.com/en-us/learn/modules/aks-deploy-container-app/5-exercise-deploy-app

Question 90 Selectable Answer

A web developer creates a web application that you plan to deploy as an Azure web app.
Users must enter credentials to access the web application.
You create a new web app named WebApp1 and deploy the web application to WebApp1.
You need to disable anonymous access to WebApp1.
What should you configure?

A. Advanced Tools
B. Authentication/Authorization
C. Access control (IAM)
D. Deployment credentials

Answer:
Explanation:
Anonymous access is an authentication method. It allows users to establish an anonymousconnection.
References: https://docs.microsoft.com/en-us/biztalk/core/guidelines-for-resolving-iis-permissions-problems

Test Online Free Microsoft AZ-104 Exam Questions and Answers