Pass Microsoft AZ-104 in Just 3 Days – Stress-Free, No Study Needed!
Have questions? Contact us directly on WhatsApp for quick support!
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?
- A. Yes
- B. No
You have an Azure subscription. The subscription contains virtual machines that run Windows Server.
You have a data collection rule (DCR) named Rule1.
You plan to use the Azure Monitor Agent to collect events from Windows System event logs.
You only need to collect system events that have an ID of 1001.
Which type of query should you use for the data source in Rule1?
- A. SQL
- B. XPath
- C. KQL
HOTSPOT
–
You have an Azure AD user named User1 and a read-access geo-redundant storage (RA-GRS) account named contoso2023.
You need to meet the following requirements:
• User1 must be able to write blob data to contoso2023.
• The contoso2023 account must fail over to its secondary endpoint.
Which two settings should you configure? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription.
You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit. (Click the Exhibit tab.)
You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines.
What should you modify on VM1?
- A. the memory
- B. the network adapters
- C. the hard drive
- D. the processor
- E. Integration Services
HOTSPOT –
You manage two Azure subscriptions named Subscription1 and Subscription2.
Subscription1 has following virtual networks:
The virtual networks contain the following subnets:
Subscription2 contains the following virtual network:
– Name: VNETA
– Address space: 10.10.128.0/17
– Location: Canada Central
VNETA contains the following subnets:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Box 1: Yes –
With VNet-to-VNet you can connect Virtual Networks in Azure across different regions.
Box 2: Yes –
Azure supports the following types of peering:
✑ Virtual network peering: Connect virtual networks within the same Azure region.
✑ Global virtual network peering: Connecting virtual networks across Azure regions.
Box 3: No –
The virtual networks you peer must have non-overlapping IP address spaces.
Reference:
https://azure.microsoft.com/en-us/blog/vnet-to-vnet-connecting-virtual-networks-in-azure-across-different-regions/ https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-constraints
You have an Azure subscription that contains a virtual machine named VM1.
You have an on-premises datacenter that contains a domain controller named DC1. ExpressRoute is used to connect the on-premises datacenter to Azure.
You need to use Connection Monitor to identify network latency between VM1 and DC1.
What should you install on DC1?
- A. the Azure Connected Machine agent for Azure Arc-enabled servers
- B. the Azure Network Watcher Agent virtual machine extension
- C. the Log Analytics agent
- D. an Azure Monitor agent extension
You have an Azure subscription that contains a storage account named storage1.
You plan to create a blob container named container1.
You need to use customer-managed key encryption for container1.
Which key should you use?
- A. an EC key that uses the P-384 curve only
- B. an EC key that uses the P-521 curve only
- C. an EC key that uses the P-384 curve or P-521 curve only
- D. an RSA key with a key size of 4096 only
- E. an RSA key type with a key size of 2048, 3072, or 4096 only
You have an Azure subscription that contains a virtual machine scale set. The scale set contains four instances that have the following configurations:
– Operating system: Windows Server 2016
– Size: Standard_D1_v2
You run the get-azvmss cmdlet as shown in the following exhibit:
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
The Get-AzVmssVM cmdlet gets the model view and instance view of a Virtual Machine Scale Set (VMSS) virtual machine.
Box 1: 0 –
The enableAutomaticUpdates parameter is set to false. To update existing VMs, you must do a manual upgrade of each existing VM.
Box 2: 4 –
Enabling automatic OS image upgrades on your scale set helps ease update management by safely and automatically upgrading the OS disk for all instances in the scale set.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-upgrade-scale-set https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load
Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a cost of 64999.
Does this meet the goal?
- A. Yes
- B. No
ou have an Azure subscription that has Traffic Analytics configured.
You deploy a new virtual machine named VM1 that has the following settings:
• Region: East US
• Virtual network: VNet1
• NIC network security group: NSG1
You need to monitor VM1 traffic by using Traffic Analytics.
Which settings should you configure?
- A. Diagnostic settings for VM1
- B. NSG flow logs for NSG1
- C. Diagnostic settings for NSG1
- D. Insights for VM1