Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

az-104 > Configure and manage virtual networking > Flashcards

Configure and manage virtual networking Flashcards

1
Q

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured
as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?
A. Floating IP (direct server return) to Enabled
B. Floating IP (direct server return) to Disabled
C. a health probe
D. Session persistence to Client IP and Protocol

A

D. Session persistence to Client IP and Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your on-premises network contains an SMB share named Share1.
You have an Azure subscription that contains the following resources:
A web app named webapp1
A virtual network named VNET1
You need to ensure that webapp1 can connect to Share1.
What should you deploy?
A. an Azure Application Gateway
B. an Azure Active Directory (Azure AD) Application Proxy
C. an Azure Virtual Network Gateway

A

C. an Azure Virtual Network Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You plan to deploy several Azure virtual machines that will run Windows Server 2019 in a virtual machine
scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?
A. the Publish-AzVMDscConfiguration cmdlet
B. Azure Application Insights
C. Azure Custom Script Extension
D. the New-AzConfigurationAssignement cmdlet

A

C. Azure Custom Script Extension

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your company has three offices. The offices are located in Miami, Los Angeles, and New York. Each office
contains datacenter.
You have an Azure subscription that contains resources in the East US and West US Azure regions. Each
region contains a virtual network. The virtual networks are peered.
You need to connect the datacenters to the subscription. The solution must minimize network latency
between the datacenters.
What should you create?
A. three Azure Application Gateways and one On-premises data gateway
B. three virtual hubs and one virtual WAN
C. three virtual WANs and one virtual hub
D. three On-premises data gateways and one Azure Application Gateway

A

C. three virtual WANs and one virtual hub

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You have the Azure virtual networks shown in the following table.

Name | Address space | Subnet | RG Azure Region

VNet1 - 10.11.0.0/16 - 10.11.0.0/17 - West US
VNet2 - 10.11.0.0/17 - 10.11.0.0/25 - West US
VNet3 - 10.10.0.0/22 -10.10.1.0/24 - East US
VNet4 - 192.168.16.0/22 - 192.168.16.0/24 - North Europe

To which virtual networks can you establish a peering connection from VNet1?
A. VNet2 andVNet3 only
B. VNet2 only
C. VNet3 and VNet4 only
D. VNet2, VNet3, and VNet4
A

C. VNet3 and VNet4 only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains four subnets
named Gateway, Perimeter, NVA, and Production.
The NVA subnet contains two network virtual appliances (NVAs) that will perform network traffic inspection
between the Perimeter subnet and the Production subnet.
You need to implement an Azure load balancer for the NVAs. The solution must meet the following
requirements:
The NVAs must run in an active-active configuration that uses automatic failover.
The load balancer must load balance traffic to two services on the Production subnet. The services have
different IP addresses.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Deploy a basic load balancer
B. Deploy a standard load balancer
C. Add two load balancing rules that have HA Ports and Floating IP enabled
D. Add two load balancing rules that have HA Ports enabled and Floating IP disabled
E. Add a frontend IP configuration, a backend pool, and a health probe
F. Add a frontend IP configuration, two backend pools, and a health probe

A

B. Deploy a standard load balancer
C. Add two load balancing rules that have HA Ports and Floating IP enabled
F. Add a frontend IP configuration, two backend pools, and a health probe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have an Azure subscription named Subscription1 that contains two Azure virtual networks named
VNet1 and VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is a
site-to-site VPN connection between your on-premises network and VNet1.
On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to
VNet1.
You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2
from the on-premises network. Client1 is unable to connect to VNet2.
You need to ensure that you can connect Client1 to VNet2.
What should you do?
A. Download and re-install the VPN client configuration package on Client1.
B. Select Allow gateway transit on VNet1.
C. Select Allow gateway transit on VNet2.
D. Enable BGP on VPNGW1

A

A. Download and re-install the VPN client configuration package on Client1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You have an Azure subscription that contains the resources in the following table.

Name | Type | Azure Region | RG

VNet1 - Virtual network - West US -RG2
VNet2 - Virtual network - West US - RG1
VNet3 - Virtual network - East US - RG1
NSG1 - NSG - East US - RG2

To which subnets can you apply NSG1?
A. the subnets on VNet1 only
B. the subnets on VNet2 and VNet3 only
C. the subnets on VNet2 only
D. the subnets on VNet3 only
E. the subnets on VNet1, VNet2, and VNet3
A

D. the subnets on VNet3 only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
You have an Azure web app named webapp1.
You have a virtual network named VNET1 and an Azure virtual machine named VM1 that hosts a MySQL
database. VM1 connects to VNET1.
You need to ensure that webapp1 can access the data hosted on VM1.
What should you do?
A. Deploy an internal load balancer
B. Peer VNET1 to another virtual network
C. Connect webapp1 to VNET1
D. Deploy an Azure Application Gateway
A

D. Deploy an Azure Application Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.

You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?
A. Floating IP (direct server return) to Disabled
B. Session persistence to None
C. Floating IP (direct server return) to Enabled
D. Session persistence to Client IP

A

D. Session persistence to Client IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote
Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface
of VM1. NSG-Subnet1 is associated to Subnet1.

You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Any source to
the *destination for port range 3389 and uses the TCP protocol. You remove NSG-VM1 from the network
interface of VM1.
Does this meet the goal?
A. Yes
B. No

A

B. No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote
Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface
of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the internet
source to the VirtualNetwork destination for port range 3389 and uses the UDP protocol.
Does this meet the goal?

A. Yes
B. No

A

B. No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You have an Azure subscription that contains the following resources:
A virtual network that has a subnet named Subnet1
Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
A virtual machine named VM1 that has the required Windows Server configurations to allow Remote
Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
Priority: 100
Source: Any
Source port range: *
Destination: *
Destination port range: 3389
Protocol: UDP
Action: Allow
VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface
of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.

Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.
Does this meet the goal?
A. Yes
B. No

A

A. Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table.

Name | Connected virtual machines
Subnet1 - VM1, VM2
Subnet2 - VM3, VM4
Subnet3- VM5, VM6

Each virtual machine uses a static IP address.
You need to create network security groups (NSGs) to meet following requirements:
Allow web requests from the internet to VM3, VM4, VM5, and VM6.
Allow all connections between VM1 and VM2.
Allow Remote Desktop connections to VM1.
Prevent all other network traffic to VNET1.
What is the minimum number of NSGs you should create?
A. 1
B. 3
C. 4
D. 12

A

C. 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You have an Azure subscription that contains the resources shown in the following table.

NAME | TYPE | RESOURCE GROUP

VNET1 - Virtual network - RG1
VNET2 - Virtual Machine - RG1

The Not allowed resource types Azure policy is assigned to RG1 and uses the following parameters:
Microsoft.Network/virtualNetworks
Microsoft.Compute/virtualMachines
In RG1, you need to create a new virtual machine named VM2, and then connect VM2 to VNET1.
What should you do first?

A. Remove Microsoft.Compute/virtualMachines from the policy.
B. Create an Azure Resource Manager template
C. Add a subnet to VNET1.
D. Remove Microsoft.Network/virtualNetworks from the policy.

A

A. Remove Microsoft.Compute/virtualMachines from the policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Your company has an Azure subscription named Subscription1.
The company also has two on-premises servers named Server1 and Server2 that run Windows Server
2016. Server1 is configured as a DNS server that has a primary DNS zone named adatum.com.
Adatum.com contains 1,000 DNS records.
You manage Server1 and Subscription1 from Server2. Server2 has the following tools installed:
The DNS Manager console
Azure PowerShell
Azure CLI 2.0
You need to move the adatum.com zone to an Azure DNS zone in Subscription1. The solution must
minimize administrative effort.
What should you use?
A. Azure CLI
B. Azure PowerShell
C. the Azure portal
D. the DNS Manager console

A

B. Azure PowerShell

17
Q 
You have a public load balancer that balances ports 80 and 443 across three virtual machines named VM1,
VM2, and VM3.
You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only.
What should you configure?
A. an inbound NAT rule
B. a new public load balancer for VM3
C. a frontend IP configuration
D. a load balancing rule
A

A. an inbound NAT rule

18
Q

You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant.

Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named
VM1 and has an IP address space of 10.0.0.0/16.
Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named
VM2 and has an IP address space of 10.10.0.0/24.
You need to connect VNet1 to VNet2.
What should you do first?
A. Move VM1 to Subscription2.
B. Move VNet1 to Subscription2.
C. Modify the IP address space of VNet2.
D. Provision virtual network gateways.

A

D. Provision virtual network gateways.

19
Q

You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual
network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named
Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution: You modify the Azure Active Directory (Azure AD) authentication policies.
Does this meet the goal?
A. Yes
B. No

A

B. No

20
Q

You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual
network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named
Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution: You join Computer2 to Azure Active Directory (Azure AD)
Does this meet the goal?
A. Yes
B. No

A

B. No

21
Q

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in
separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual
networks.
Solution: You create a resource lock, and then you assign the lock to the subscription.
Does this meet the goal?
A. Yes
B. No

A

B. No

22
Q

You have the Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains
three Azure virtual machines. Each virtual machine has a public IP address.
The virtual machines host several applications that are accessible over port 443 to users on the Internet.
Your on-premises network has a site-to-site VPN connection to VNet1.
You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from
the Internet and from the on-premises network.
You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is
established from the on-premises network. The solution must ensure that all the applications can still be
accessed by the Internet users.
What should you do?
A. Modify the address space of the local network gateway
B. Create a deny rule in a network security group (NSG) that is linked to Subnet1
C. Remove the public IP addresses from the virtual machines
D. Modify the address space of Subnet1

A

B. Create a deny rule in a network security group (NSG) that is linked to Subnet1

23
Q

You have an Azure subscription that contains the resources in the following table.

NAME | TYPE

ASG1 - Application Security Group
NSG1 - Network security group (NSG)
Subnet1 - Subnet
VNet1 - Virtual Network
NIC1 - Network Interface
VM1 - Virtual Machine
Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1.
You need to apply ASG1 to VM1.
What should you do?
A. Associate NIC1 to ASG1
B. Modify the properties of ASG1
C. Modify the properties of NSG1
A

A. Associate NIC1 to ASG1

24
Q

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1.
VNet1 connects to your on-premises network by using Azure ExpressRoute.
You plan to prepare the environment for automatic failover in case of ExpressRoute failure.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must
minimize cost.
Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.
A. Create a connection
B. Create a local site VPN gateway
C. Create a VPN gateway that uses the VpnGw1 SKU
D. Create a gateway subnet
E. Create a VPN gateway that uses the Basic SKU

A

A. Create a connection
D. Create a gateway subnet
E. Create a VPN gateway that uses the Basic SKU

25
Q

You have an Azure subscription that contains the resources shown in the following table.

NAME | TYPE | LOCATION
VNet1 - Virtual Network - East US
IP1 - Public IP Address - West Europe
RT1 - Route Table - North Europe

You need to create a network interface named NIC1.
In which location can you create NIC1?
A. East US and North Europe only
B. East US only
C. East US, West Europe, and North Europe
D. East US and West Europe only

A

B. East US only

26
Q

You have an Azure subscription that contains the virtual machines shown in the following table.
Name | Public IP SKU | Connected to | Status
VM1 – None – VNET1/Subnet1 – Stopped (deallocated)
VM2 – Basic – VNET1/Subnet2 – Running
You deploy a load balancer that has the following configurations:
Name: LB1
Type: Internal
SKU: Standard
Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1.
Does this meet the goal?
A. Yes
B. No

A

B. No

27
Q

You have an Azure subscription that contains the virtual machines shown in the following table.
Name | Public IP SKU | Connected to | Status
VM1 – None – VNET1/Subnet1 – Stopped (deallocated)
VM2 – Basic – VNET1/Subnet2 – Running
You deploy a load balancer that has the following configurations:
Name: LB1
Type: Internal
SKU: Standard
Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Standard SKU public IP address, associate the address to the network interface of VM1, and then stop VM2.
Does this meet the goal?
A. Yes
B. No

A

B. No

28
Q

You have an Azure subscription that contains the virtual machines shown in the following table.
Name | Public IP SKU | Connected to | Status
VM1 – None – VNET1/Subnet1 – Stopped (deallocated)
VM2 – Basic – VNET1/Subnet2 – Running
You deploy a load balancer that has the following configurations:
Name: LB1
Type: Internal
SKU: Standard
Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create two Standard public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine.

Does this meet the goal?
A. Yes
B. No

A

A. Yes

29
Q

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in
separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual
networks.
Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.
Does this meet the goal?
A. Yes
B. No

A

B. No

30
Q

You have an Azure subscription.
You plan to deploy an Azure Kubernetes Service (AKS) cluster to support an app named App1. Onpremises
clients connect to App1 by using the IP address of the pod.
For the AKS cluster, you need to choose a network type that will support App1.
What should you choose?
A. kubenet
B. Azure Container Networking Interface (CNI)
C. Hybrid Connection endpoints
D. Azure Private Link

A

B. Azure Container Networking Interface (CNI)

31
Q

You have an Azure subscription that contains the virtual machines shown in the following table.
Name | Public IP SKU | Connected to | Status
VM1 – None – VNET1/Subnet1 – Stopped (deallocated)
VM2 – Basic – VNET1/Subnet2 – Running
You deploy a load balancer that has the following configurations:
Name: LB1
Type: Internal
SKU: Standard
Virtual network: VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You disassociate the public IP address from the network interface of VM2

Does this meet the goal?
A. Yes
B. No

A

B. No

32
Q

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in
separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual
networks.
Solution: You configure a custom policy definition, and then you assign the policy to the subscription.
Does this meet the goal?
A. Yes
B. No

A

A. Yes

33
Q

You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine
named VM1. VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.
Which Azure Network Watcher feature should you use?
A. IP flow verify
B. Connection troubleshoot
C. Connection monitor
D. NSG flow logs

A

C. Connection monitor

34
Q

have an Azure subscription that contains two virtual machines as shown in the following table.

Name | Operating system | Location | IP Address | DNS Server

VM1 - Windows Server 2019 - West Europe - 10.0.0.4 - Default (azure provided)

VM2 - Windows Server 2019 - West Europe - 10.0.0.5 - Default (azure provided)

You perform a reverse DNS lookup for 10.0.0.4 from VM2.
Which FQDN will be returned?
A. vm1.core.windows.net
B. vm1.azure.com
C. vm1.westeurope.cloudapp.azure.com
D. vm1.internal.cloudapp.net
A

B. vm1.azure.com

35
Q

You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a
virtual network named VNet1.
You need to ensure that you can configure a point-to-site connection from an on-premises computer to
VNet1.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Add a service endpoint to VNet1
B. Reset GW1
C. Create a route-based virtual network gateway
D. Add a connection to GW1
E. Delete GW1
F. Add a public IP address space to VNet1

A

C. Create a route-based virtual network gateway

E. Delete GW1

36
Q

You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Network Watcher, you create a packet capture.

Does this meet the goal?
A. Yes
B. No

A

B. No

37
Q

You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Network Watcher, you create a connection monitor.
Does this meet the goal?
A. Yes
B. No

A

A. Yes

38
Q

You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Performance Monitor, you create a Data Collector Set (DCS).

Does this meet the goal?
A. Yes
B. No

A

B. No

39
Q

You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Monitor, you create a metric on Network In and Network Out.
Does this meet the goal?
A. Yes
B. No

A

B. No

az-104 (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions