Pass Microsoft AZ-104 in Just 3 Days – Stress-Free, No Study Needed!
Have questions? Contact us directly on WhatsApp for quick support!
You have an Azure virtual machine named VM1 and an Azure key vault named Vault1.
On VM1, you plan to configure Azure Disk Encryption to use a key encryption key (KEK).
You need to prepare Vault1 for Azure Disk Encryption.
Which two actions should you perform on Vault1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Select Azure Virtual machines for deployment.
- B. Create a new key.
- C. Create a new secret.
- D. Configure a key rotation policy.
- E. Select Azure Disk Encryption for volume encryption.
HOTSPOT –
You have an Azure App Service app named WebApp1 that contains two folders named Folder1 and Folder2.
You need to configure a daily backup of WebApp1. The solution must ensure that Folder2 is excluded from the backup.
What should you create first, and what should you use to exclude Folder2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load
Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a priority of 64999.
Does this meet the goal?
- A. Yes
- B. No
You have an Azure subscription that contains a virtual machine named VM1 and an Azure key vault named KV1.
You need to configure encryption for VM1. The solution must meet the following requirements:
• Store and use the encryption key in KV1.
• Maintain encryption if VM1 is downloaded from Azure.
• Encrypt both the operating system disk and the data disks.
Which encryption method should you use?
- A. customer-managed keys
- B. Confidential disk encryption
- C. Azure Disk Encryption
- D. encryption at host
You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?
- A. the Publish-AzVMDscConfiguration cmdlet
- B. Azure Application Insights
- C. Azure Custom Script Extension
- D. a Microsoft Endpoint Manager device configuration profile
DRAG DROP –
You have an Azure subscription that contains two on-premises locations named site1 and site2.
You need to connect site1 and site2 by using an Azure Virtual WAN.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
HOTSPOT
–
You have an Azure subscription that contains a storage account named storage1.
You need to configure a shared access signature (SAS) to ensure that users can only download blobs securely by name.
Which two settings should you configure? To answer, select the appropriate settings in the answer area.
NOTE: Each correct answer is worth one point.
HOTSPOT –
You have an Azure subscription. The subscription contains a virtual machine that runs Windows 10.
You need to join the virtual machine to an Active Directory domain.
How should you complete the Azure Resource Manager (ARM) template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
HOTSPOT –
You have an Azure subscription that contains the virtual networks shown in the following table.
You have the virtual machines shown in the following table.
You have the virtual network interfaces shown in the following table.
Server1 is a DNS server that contains the resources shown in the following table.
You have an Azure private DNS zone named contoso.com that has a virtual network link to VNET2 and the records shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a container named container1.
You need to configure access to container1. The solution must meet the following requirements:
• Only allow read access.
• Allow both HTTP and HTTPS protocols.
• Apply access permissions to all the content in the container.
What should you use?
- A. an access policy
- B. a shared access signature (SAS)
- C. Azure Content Delivery Network (CDN)
- D. access keys