az-104 dumps topic 3, 1-? Flashcards
You have an Azure subscription named Subscription1 that contains the storage accounts shown in the following table:
Name Account kind Azure service that contains data
storage1 Storage File
storage2 Storage V2 (general purpose v2) File, Table
storage3 Storage V2 (general purpose v2) Queue
storage4 BlobStorage Blob
You plan to use the Azure Import/Export service to export data from Subscription1.
You need to identify which storage account can be used to export the data.
What should you identify?
A. storage1
B. storage2
C. storage3
D. storage4
D. storage4
Azure Import/Export service supports the following of storage accounts:
✑ Standard General Purpose v2 storage accounts (recommended for most scenarios)
✑ Blob Storage accounts
✑ General Purpose v1 storage accounts (both Classic or Azure Resource Manager deployments),
Azure Import/Export service supports the following storage types:
✑ Import supports Azure Blob storage and Azure File storage
✑ Export supports Azure Blob storage
You have Azure Storage accounts as shown in the following exhibit.
Name Type Kind Resourse group Location Subs Access tier Replication
storageaccount1 Stor. ac. Storage ContosoRG1 East US Subscription1 - Read-access ge…
storageaccount2 Stor. ac. StorageV2 ContosoRG1 Central US Subscription1 Hot Geo-redundant…
storageaccount3 Stor. ac. BlobStorage ContosoRG1 East US Subscription1 Hot Locally-redundant…
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
You can use [answer choice] for Azure Table Storage.
storageaccount1 only
storageaccount2 only
storageaccount3 only
storageaccount1 and storageaccount2 only
storageaccount2 and storageaccount3 only
You can use [answer choice] for Azure Blob storage.
storageaccount3 only
storageaccount2 and storageaccount3 only
storageaccount1 and storageaccount3 only
all the storage accounts
You can use [storageaccount1 and storageaccount2 only] for Azure Table Storage.
You can use [all the storage accounts] for Azure Blob storage.
You have Azure subscription that includes data in following locations:
Name Туре
container1 Blob container
share1 Azure files share
DB1 SQL database
Table1 Azure Table
You plan to export data by using Azure import/export job named Export1.
You need to identify the data that can be exported by using Export1.
Which data should you identify?
A. DB1
B. container1
C. share1
D. Table1
B. container1
Blobs are only type of storage which can be exported.
1. Import and export support for blob storage.
2. Only import support for File storage but export not support. check the table of Supported storage types
https://learn.microsoft.com/en-us/azure/import-export/storage-import-export-requirements#supported-storage-types
You have an Azure Storage account named storage1.
You have an Azure App Service app named App1 and an app named App2 that runs in an Azure container instance. Each app uses a managed identity.
You need to ensure that App1 and App2 can read blobs from storage1. The solution must meet the following requirements:
✑ Minimize the number of secrets used.
✑ Ensure that App2 can only read from storage1 for the next 30 days.
What should you configure in storage1 for each app?
App1:
App2:
Access keys
Advanced security
Access control (IAM)
Shared access signatures (SAS)
App1:
Access Control (IAM)
App2:
Shared access signatures (SAS)
- Since the App1 uses Managed Identity, App1 can access the Storage Account via IAM. As per requirement, we need to minimize the number of secrets used, so Access keys is not ideal. https://learn.microsoft.com/en-us/azure/app-service/scenario-secure-app-access-storage?tabs=azure-portal#grant-access-to-the-storage-account
- We need temp access for App2, so we need to use SAS.
You need to create an Azure Storage account that meets the following requirements:
✑ Minimizes costs
✑ Supports hot, cool, and archive blob tiers
✑ Provides fault tolerance if a disaster affects the Azure region where the account resides
How should you complete the command?
az storage account create -g RG1 -n storageaccount1
–kind [ … ]
File Storage
Storage
StorageV2
–sku [ … ]
Standard_GRS
Standard_LRS
Standard_RAGRS
Premium_LRS
–kind [ … ]
StorageV2
–sku [ … ]
Standard_GRS
“Note: General-purpose v1 accounts don’t have access to Hot, Cool, or Archive tiered storage. For access to tiered storage, upgrade to a general-purpose v2 account.”
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-grs
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
You have an Azure subscription that contains the resources in the following table.
Name Type
RG1 Resource group
store1 Azure Storage account
Sync1 Azure File Sync
Store1 contains a file share named data. Data contains 5,000 files.
You need to synchronize the files in the file share named data to an on-premises server named Server1.
Which three actions should you perform?
A. Create a container instance
B. Register Server1
C. Install the Azure File Sync agent on Server1
D. Download an automation script
E. Create a sync group
B. Register Server1
C. Install the Azure File Sync agent on Server1
E. Create a sync group
Step 1 (C): Install the Azure File Sync agent on Server1
The Azure File Sync agent is a downloadable package that enables Windows Server to be synced with an Azure file share
Step 2 (B): Register Server1.
Register Windows Server with Storage Sync Service
Registering your Windows Server with a Storage Sync Service establishes a trust relationship between your server (or cluster) and the Storage Sync Service.
Step 3 (E): Create a sync group and a cloud endpoint.
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on registered server.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide
You have an Azure subscription that contains the resources shown in the following table.
Name Type Resource group
VNET1 Virtual network RG1
VNET2 Virtual network RG2
VM1 Virtual machine RG2
The status of VM1 is Running.
You assign an Azure policy as shown in the exhibit. (Click the Exhibit tab.)
Home > Policy - Assignments > Assign Policy
Assign Policy
Scope
Scope : Azure Pass/RG2
Exclusions : -
Basics
Policy definition : Not allowed resource types
Assignment name : Not allowed resource types
Description : -
Assigned by : First User
PARAMETERS
*Not allowed resource types✪
3 selected
You assign the policy by using the following parameters:
Microsoft.ClassicNetwork/virtualNetworks
Microsoft.Network/virtualNetworks
Microsoft.Compute/virtualMachines
Yes/No:
An administrator can move VNET1 to RG2
The state of VM1 changed to deallocated
An administrator can modify the address space of VNET2
An administrator can move VNET1 to RG2 - No
The state of VM1 changed to deallocated - No
An administrator can modify the address space of VNET2 - No
Policy will identify the VM as not compliant but will not put VM in deallocate
You have an Azure subscription that contains a storage account.
You have an on-premises server named Server1 that runs Windows Server 2016. Server1 has 2 TB of data.
You need to transfer the data to the storage account by using the Azure Import/Export service.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
From the Azure portal, update the import job
From the Azure portal, create an import job
Attach an external disk to Server1 and then run waimportexport.exe
Detach the external disks from Server1 and ship the disks to an Azure data center
Step 1: Prepare the drives (Attach an external disk to Server1 and then run waimportexport.exe)
Step 2: Create an import job (From the Azure portal, create an import job)
Step 3: Ship the drives to the Azure datacenter (Detach the external disks from Server1 and ship the disks to an Azure data center)
Step 4: Update the job with tracking information (From the Azure portal, update the import job)
Reference:
https://learn.microsoft.com/en-us/azure/import-export/storage-import-export-service#inside-an-import-job
https://learn.microsoft.com/en-us/azure/import-export/storage-import-export-data-to-files?tabs=azure-portal-preview
You have Azure subscription that includes following Azure file shares:
Name In storage account Location
share1 storage1 West US
share2 storage1 West US
You have the following on-premises servers:
Name Folders
Server1 D:\Folder1, E:\Folder2
Server2 D:\Data
You create a Storage Sync Service named Sync1 and an Azure File Sync group named Group1. Group1 uses share1 as a cloud endpoint.
You register Server1 and Server2 in Sync1. You add D:\Folder1 on Server1 as a server endpoint of Group1.
Yes/No:
share2 can be added as a cloud endpoint for Group1
E:\Folder2 on Server1 can be added as a server endpoint for Group1
D:\Data on Server2 can be added as a server endpoint for Group1
share2 can be added as a cloud endpoint for Group1 - No
A sync group contains one cloud endpoint, or Azure file share, and at least one server endpoint.
E:\Folder2 on Server1 can be added as a server endpoint for Group1 - No
Azure File Sync does not support more than one server endpoint from the same server in the same Sync Group.
D:\Data on Server2 can be added as a server endpoint for Group1 - Yes
Multiple server endpoints can exist on the same volume if their namespaces are not overlapping (for example, F:\sync1 and F:\sync2) and each endpoint is syncing to a unique sync group.
Reference:
https://docs.microsoft.com/en-us/answers/questions/110822/azure-file-sync-multiple-sync-directories-for-same.html
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide
You have an Azure subscription named Subscription1.
You create an Azure Storage account named contosostorage, and then you create a file share named data.
Which UNC path should you include in a script that references files from the data file share? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once or not at all.
Values
- blob
- blob.core.windows.net
- contosostorage
- data
- file
- file.core.windows.net
- portal.azure.com
- subscription1
Answer Area
\ [ … ] . [ … ] \ [ … ]
[storageaccountname].file.core.windows.net/[FileShareName]
contosostorage.file.core.windows.net\data
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
You have an Azure subscription that contains an Azure Storage account.
You plan to copy an on-premises virtual machine image to a container named vmimages.
You need to create the container for the planned image.
Which command should you run?
azcopy
- make
- sync
- copy
‘https://mystorageaccount.[ … ].core.windows.net/vmimages’
- blob
- dfs
- queue
- table
- images
- file
azcopy make
‘https://mystorageaccount.[blob].core.windows.net/vmimages’
Similar to OS Images, a VM Image is a collection of metadata and pointers to a set of VHDs (one VHD per disk) stored as page blobs in Azure Storage.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-ref-azcopy-make
You have an Azure File sync group that has the endpoints shown in the following table.
Name Туре
Endpoint1 Cloud endpoint
Endpoint2 Server endpoint
Endpoint3 Server endpoint
Cloud tiering is enabled for Endpoint3.
You add a file named File1 to Endpoint1 and a file named File2 to Endpoint2.
On which endpoints will File1 and File2 be available within 24 hours of adding the files?
File 1:
Endpoint1 only
Endpoint3 only
Endpoint2 and Endpoint3 only
Endpoint1, Endpoint2, and Endpoint3
File2:
Endpoint2 only
Endpoint3 only
Endpoint2 and Endpoint3 only
Endpoint1, Endpoint2, and Endpoint3
File1: Endpoint1 only
It is a cloud endpoint, and it is scanned by the detection job every 24 hours.
File2: Endpoint1, Endpoint2 and Endpoint3
With the on-premises servers the file is scanned and synced automatically after it’s being added.
Note: They changed the question in Exam from “within 24 hours” to “after 24 hours”.
So, the answer is:
File1: Endpoint1, Endpoint2 and Endpoint3
File2: Endpoint1, Endpoint2 and Endpoint3
Reference:
https://docs.microsoft.com/en-us/learn/modules/extend-share-capacity-with-azure-file-sync/2-what-azure-file-sync
You have several Azure virtual machines on a virtual network named VNet1.
You configure an Azure Storage account as shown in the following exhibit.
Allow access from
[ ] All networks [X] Selected networks
Configure network security for your storage accounts.
Virtual networks
Secure your storage account with virtual networks.
VIRTUAL NET… SUBNET ADDRESS RA… ENDPOINT ST… RESOURCE G… SUBSCRIPTION
VNet1 1 10.2.0.0/16 - DemoRG Production subscrip…
Prod 10.2.0.0/24 Enabled DemoRG Production subscrip…
Firewall
Add IP ranges to allow access from the Internet or your on- premises networks.
ADDRESS RANGE : IP address or CIDR …
Exceptions
[ ] Allow trusted Microsoft services to access this storage account
[ ] Allow read access to storage logging from any network
[ ] Allow read access to storage metrics from any network
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
The virtual machines on the 10.2.9.0/24 subnet will have network connectivity to the file shares in the storage account [answer choice].
Azure Backup will be able to back up the unmanaged hard disks of the virtual machines in the storage account [answer choice].
- always
- during a backup
- never
- never
VNet1’s address space is 10.2.0.0/16.
The VNet1 has only 1 Subnet associated: 10.2.0.0/24. The address space of a VNet is irrelevant if there isn’t a corresponding Subnet from, which VMs can be assigned IP addresses.
Box1: Never
VMs from 10.2.9.0/24 (10.2.9.0 - 10.2.9.255) are out of Subnet.
Subnet IP range 10.2.0.0 - 10.2.0. 255.
Box2: Never
Since the checkbox to allow trusted Microsoft services is not checked. After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network restricted storage account.
VMs from the 10.2.9.0/24 should NEVER access the storage!!!!!
Since wich the selection of the network is segmented by subnets, and not by virtual networks. The virtual machine attached to the following virtual network 10.2.9.0/24 will never have access to the storage account, because of the firewall rules
You have a sync group named Sync1 that has a cloud endpoint. The cloud endpoint includes a file named File1.txt.
Your on-premises network contains servers that run Windows Server 2016. The servers are configured as shown in the following table.
Name Share Share contents
Server1 Share1 File1.txt, File2.txt
Server2 Share2 File2.txt, File3.txt
You add Share1 as an endpoint for Sync1. One hour later, you add Share2 as an endpoint for Sync1.
Yes/No
- On the cloud endpoint, File1.txt is overwritten by File1.txt from Share1.
- On Server1, File1.txt is overwritten by File1.txt from the cloud endpoint.
- File1.txt from Share1 replicates to Share2.
Discussion says NO - On the cloud endpoint, File1.txt is overwritten by File1.txt from Share1. (yes)
Files are never overwritten. If the file exists, it will get a new name on the endpoint (file1(1).txt)
No - On Server1, File1.txt is overwritten by File1.txt from the cloud endpoint.
Yes - File1.txt from Share1 replicates to Share2.
You have an Azure subscription that contains the storage accounts shown in the following table.
Name, Kind, Performance, Replication, Access tier
- storage1, Storage (general purpose v1), Premium, Geo-redundant storage (GRS), None
- storage2, StorageV2 (general purpose v2), Standard, Locally-redundant storage (LRS), Cool
- storage3, StorageV2 (general purpose v2), Premium, Read-access geo-redundant storage (RA-GRS), Hot
- storage4, BlobStorage, Standard, Locally-redundant storage (LRS), Hot
You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting a live migration from Azure support.
What should you identify?
A. storage1
B. storage2
C. storage3
D. storage4
B. storage2
Answer is correct. It is storage2.
The key to the answer in this question is “Live migration”
- You can do Live migration to ZRS from LRS or GRS only.
- Also this only applies on General Purpose v2 storage.
You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of
131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
✑ Ensure that you can upload the disk files to account1.
✑ Ensure that you can attach the disks to VM1.
✑ Prevent all other access to account1.
Which two actions should you perform? Each correct answer presents part of the solution.
A. From the Networking blade of account1, select Selected networks.
B. From the Networking blade of account1, select Allow trusted Microsoft services to access this storage account.
C. From the Networking blade of account1, add the 131.107.1.0/24 IP address range.
D. From the Networking blade of account1, add VNet1.
E. From the Service endpoints blade of VNet1, add a service endpoint.
A, C are the only possible combination to answer this question.
For other options:
- B, theres no need to involve Microsoft trusted services here.
- D, that only works if there is a site-to-site VPN, and that is NOT stated in the problem.
- E, theres nothing to do with the problem.
