Microsoft AZ-104 Full Practice Tests 4.pdf Flashcards
Your company currently has a Virtual Network defined in Azure. The Virtual Network has a default subnet that contains 2 Virtual machines named demovm and demovm1 There is a requirement to inspect all network traffic between the Virtual Machines for a duration of 3 hours.
You propose a solution to create a Data Collector set.
Does this solution fulfill the requirement?
A.Yes
B.No
B. No
The right solution is to use Network watcher.
A data collector set if used to collect data for Performance counters.
For more information:
https://docs.microsoft.com/en-us/dynamics-nav/how-to–view-performance-counter-data-for-a-data-
collector-set
Your company currently has a Virtual Network defined in Azure. The Virtual Network has a default subnet that contains 2 Virtual machines named demovm and demovm1 There is a requirement to inspect all network traffic between the Virtual Machines for a duration of 3 hours.
You propose a solution to run Packet Capture on Azure Network watcher
Does this solution fulfil the requirement?
A.Yes
B.No
A. Yes
The Microsoft documentation mentions the following
Network Watcher variable packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine. Packet capture helps to diagnose network anomalies both reactively and proactivity. Other uses include gathering network statistics, gaining information on network intrusions, to
debug client-server communications and much more.
For more information on Network watcher, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-overview
Your company currently has a Virtual Network defined in Azure. The Virtual Network has a default subnet that contains 2 Virtual machines named demovm and demovm There is a requirement to inspect all network traffic between the Virtual Machines for a duration of 3 hours.
You propose a solution to create a metric chart for Network In and Network Out
Does this solution fulfill the requirement?
A.Yes
B.No
B. No
This is used to just see the number of packets coming into and out of the Virtual machine but will not do a detailed packet inspection.
For more information on monitoring Virtual Machine, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/monitor
You are working as an IT administrator for your company. The company has just purchased an Azure subscription and are looking at setting up the resources in the subscription. One of the requirements is to use Azure AD Privileged Identity Management to manage access to roles for users. You have to setup a
procedure document for the roles that can be assigned to users using PIM. Which of the following are roles that CANNOT be assigned to users using PIM? Choose 3 answers from the options given below
A. Application Administrator
B. Billing Administrator
C. Conditional Access Administrator
D. Account Administrator
E. Service Administrator
F. Co-Administrator
D. Account Administrator
E. Service Administrator
F. Co-Administrator
This is given in the Microsoft documentation
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on PIM roles, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-roles
A team is preparing the use of the Azure Import/Export service to import a set of files onto Azure storage.
Which of the following is used to specify the list of directories/files that need to be copied to the destination?
A. driveset.csv
B. driveset.xml
C. dataset.csv
D. dataset.json
C. dataset.csv
This is clearly given in the Microsoft documentation
Since this is clearly given in the Microsoft documentation, all other options are incorrect
For more information on preparing drives for usage with the Import/Export service, one can go to the following link
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-tool-preparing-hard-
drives-import
A company has the following set of Virtual Machines defined in the Azure account
Name Region
skillcertpro-vm1 East US
skillcertpro-vm2 Central US
The company wants to move skillcertpro-vm1 to another subscription. Which of the following can be done to fulfil this requirement?
A. Move the Virtual Machine to the Central US region first
B. You cannot move the Virtual Machine across subscriptions. You would need to delete and recreate the VM in the new subscription
C. Use the Move-AzResource powershell command to move the Virtual Machine
D. Use the Move-VMResource powershell command to move the Virtual Machine
C. Use the Move-AzResource powershell command to move the Virtual Machine
You can move Azure resources across subscriptions using the Move-AzResource powershell command.
There are just some restrictions when moving Virtual Machines.
Below is the command provided in the Microsoft documentation
Option A is incorrect since you don’t need to move the Virtual machine to any specific region for the
move
Option B is incorrect since you can move resources across subscriptions
Option D is incorrect since the right command is Move-AzResource
For more information on moving virtual machines, one can go to the following link
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/move-vm
A company has the following virtual networks defined in Azure
Name Address space
skillcertpro-network1 10.1.0.0/16
skillcertpro-network2 10.2.0.0/16
The following virtual machines have been defined as well
Name Network
skillcertprovm1 skillcertpro-network1
skillcertprovm2 skillcertpro-network2
The necessary peering connections have been created between skillcertpro-network1 and skillcertpro-network2. The firewalls on the virtual machines have been modified to allow ICMP traffic. But traffic does not seem to flow between the virtual machines when the ping request is made.
Which of the following can be used to diagnose the issue?
A. Application Insights
B. IP Flow Verify
C. Azure Advisor
D. Azure Security Center
B. IP Flow Verify
The issue could be due to the security groups. You can diagnose the issue using IP Flow Verify.
The Microsoft documentation mentions the following
Option A is incorrect since this is normally used from an application diagnostics perspective
Option C is incorrect since this is used to provide recommendations on various types of Azure resources
Option D is incorrect since this is used mainly from a security aspect in Azure
For more information on IP Flow Verify, one can go to the following link
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
A company has the following virtual networks defined in Azure
Name Address space
skillcertpro-network1 10.1.0.0/16
skillcertpro-network2 10.2.0.0/16
The following virtual machines have been defined as well
Name Network
skillcertprovm1 skillcertpro-network1
skillcertprovm2 skillcertpro-network2
The necessary peering connections have been created between skillcertpro-network1 and skillcertpro-network2. The firewalls on the virtual machines have been modified to allow ICMP traffic. But traffic does not seem to flow between the virtual machines when the ping request is made.
If the security department wanted to check on any network intrusions into the virtual networks, which of
the following tool could be used for this purpose?
A. IP Flow Verify
B. Variable packet capture
C. Azure connection monitor
D. Application Insights
B. Variable packet capture
Since this is clearly given in the Microsoft documentation, all other options are incorrect
For more information on packet capture, one can go to the following link
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-overview
Your company has an Azure account and subsription. The subscription contains a virtual machine named demovm. You have a computer named Computer1 that runs Windows 10. Computer1 is connected
to the Internet. You add a network interface to the VM1 as shown in the exhibit below (see image)
From Computer1, you attempt to connect to demovm by using Remote Desktop, but the connection fails.
You need to establish a Remote Desktop connection to demovm.
What should you do first?
A. Start demovm.
B. Attach a network interface.
C. Delete the DenyAllOutBound outbound port rule.
D. Delete the DenyAllInBound inbound port rule.
A. Start demovm.
Here the main issue is that the VM is not started an allocated an IP address. When you start the VM, you will get a public IP addresses which will be assigned to the Network Interface. The Network security groups are fine for allowing RDP access
Option B is incorrect because adding a new interface will not solve the connectivity issue
Options C and D are incorrect since you cannot delete the built-in network security group rules
For more information on Network security groups, please go to the below URL
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Your company has an Azure account and subsription. The subscription contains a virtual machine named demovm. You have a computer named Computer1 that runs Windows 10. Computer1 is connected
to the Internet. You add a network interface to the VM1 as shown in the exhibit below (see image)
From Computer1 you want to be able to also access a web service running on port 80 after demovm is started. Which of the following must be done for this to work?
A. Attach a network interface.
B. Add an incoming network security group rule for allowing traffic on port 80
C. Add an outgoing network security group rule for allowing traffic on port 80
D. Delete the DenyAllOutBound outbound port rule.
E. Delete the DenyAllInBound inbound port rule.
B. Add an incoming network security group rule for allowing traffic on port 80
Here you need to add an incoming rule to allow traffic on port 80
Option A is incorrect since this needs to be done for the current attached network interface
Option C is incorrect since the incoming traffic needs to be allowed
Options D and E are incorrect since you cannot delete the built-in network security group rules
For more information on Network security groups, please go to the below URL
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Your company has an Azure account and subscription. The subscription contains the resources in the
following table:
Name Type
skillcertprotore Storage container
skillcertpro-rg Resource Group
documents BLOB container
demo File share
Your IT administrator has deployed a virtual machine called demovm and a storage account called skillcertpro-temp by using a single Azure Resource Manager template. You want to do a review of the template that was used for the deployment. Which of the following resource blade could be used to view the template that was used for the deployment?
A. skillcertpro-rg
B. demovm
C. skillcertpro-temp
D. skillcertprotore
A. skillcertpro-rg
If you to the Resource Group, you can see the deployments made to that resource group.
And if you go to any deployment you can go the Template and see the template used for the
deployment.
The other options are incorrect because these will not give the overall template deployment for multiple
resources.
For more information on resource template deployments, please visit the below URL
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-deploy-portal
You have configured Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network for your company. But users are reporting that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com. You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources. What should you do first?
A. From the on-premises network, deploy Active Directory Federation Services in a clustered environment.
B. From Azure AD, go ahead add and verify a custom domain name.
C. From the on-premises network, request a new certificate that contains the Active Directory domain name.
D. From the server that runs Azure AD Connect, modify the filtering options
B. From Azure AD, go ahead add and verify a custom domain name.
This is also given in the Microsoft documentation
Option A is incorrect since we don’t need AD FS in this scenario
Option C is incorrect since we don’t need the certificate for Azure AD Connect
Option D is incorrect since the filtering is used for which objects need to be synched
For more information on the UPN in Azure AD Connect, please visit the below URL
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-userprincipalname
Your company has an Azure subscription. In the subscription, you go ahead and create an Azure file share
named share1. You also create a shared access signature (SAS) named SASdemo as shown in the
following exhibit.
If you run Microsoft Azure Storage Explorer on a computer that has an IP address of 193.77.134.1 and you
use SASdemo to connect to the storage account, then you
A. will be prompted for the credentials
B. will have no access
C. will have read, write and list access
D. will have read-only access
B. will have no access
Since the IP address is not in the valid IP address range defined by the SAS url , you will be denied access.
You will get the below error in Azure Storage Explorer
Since this is the result of the SAS , all other options are incorrect.
For more information on Shared access signatures, please go to the below URL
https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1
Your company has an Azure subscription. In the subscription, you go ahead and create an Azure file share named share1. You also create a shared access signature (SAS) named SASdemo as shown in the following exhibit.
If you run net use command on a computer that has an IP address of 193.77.134.50 and you use SASdemo as the to connect to share1 then you
A. will be prompted for the credentials
B. will have no access
C. will have read,write and list access
D. will have read-only access
C. will have read,write and list access
Since the IP address is in the valid IP address range, you will get the desired access that is specified in the SAS signature
net use : \.file.core.windows.net\ /u:
example :
net use z: \samples.file.core.windows.net\logs /u:samples
For more information on Shared access signatures, please go to the below URL
https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1
You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address.
Each virtual machine requires the same inbound and outbound security rules.
How many minimum Network Interface is required?
A. 5
B. 10
C. 15
D. 20
A. 5
So, when you attach or have a network interface for a Virtual Machine, that network interface can have both a private and public IP address.
So, by this measure, we only need to define 5 network interface cards, one for each virtual machine.
Hence all the other options are incorrect
For more information on the virtual network interfaces in Azure, please visit the below URL
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
You have a virtual network named VNet2 that has the configuration shown in the following exhibit.
Before a virtual machine on VNET2 can receive an IP address from 192.168.1.0/24 you must first
A. Add a network interface
B. Add a subnet
C. Add an address space
D. Delete a subnet
E. Delete an address space
C. Add an address space
The Virtual Network has no address space which is relative to 192.168.1.0/24 as per the powershell output given in the Exhibit.
Hence first, you need to add an address space as shown below.
After you save the address space, create a new subnet with the address space and then ensure the VM is put in the new subnet
Option A is incorrect since the network interface can only receive an address from 10.2.0.0/24 as per the powershell output given in the Exhibit.
Option B is incorrect since you need to add the address space 192.168.1.0/24 before adding the subnet
Options D and E are incorrect since you need to add the address space and subnet and not delete the address space and subnet
For more information on Virtual Networks, please go to the below URL
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview
A company has an Azure subscription that contains the resources in the following table.
Name Type
skillcertpro-rg Resource Group
skillcertprotore Azure Storage account
skillcertproync Azure File Sync
skillcertprotore contains a file share named documents. The document file share contains 1000 files.
You need to synchronize the files in Data to an on-premises server named skillcertproerver. Which of the following would need to be implemented to fulfil this requirement? Choose 3 answers from the options given below
A. Download an automation script.
B. Create a container instance.
C. Create a sync group.
D. Register skillcertproerver.
E. Install the Azure File Sync agent on skillcertproerver.
C. Create a sync group.
D. Register skillcertproerver.
E. Install the Azure File Sync agent on skillcertproerver.
So, the Microsoft documentation gives the list of steps for using the Azure File Sync service
Since this is clearly given in the Microsoft documentation, all other options are incorrect
For more information on deploying Azure File Sync share, please go to the below URL
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?tabs=portal
You sign up for Azure Active Directory (Azure AD) Premium. You need to add a user named skillcertpro-usr1@skillcertpro.com as an administrator on all the computers that will be joined to the Azure AD domain.
Where should you go in Azure AD to configure this setting?
A. From Device settings from the Devices blade.
B. From General settings from the Groups blade.
C. From User settings from the Users blade.
D. From Providers from the MFA Server blade.
A. From Device settings from the Devices blade.
If you go to the Devices blade in Azure AD , you can see the option to add local administrators
Since this is the way to achieve this requirement, all other options are incorrect
For more information on device settings, please visit the below URL
https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal
A company needs to create a storage account that needs to conform to the following requirements
Users should be able to add files such as images and videos
Ability to store archive data
File shares need to be in place which can be accessed across several VM’s
The data needs to be available even if a region goes down
The solution needs to be cost effective
Which of the following type of storage account would you create for this purpose?
A. BLOB storage
B. General Purpose(v1)
C. General Purpose(v2)
D. 0
C. General Purpose(v2)
The below snapshot from the Microsoft documentation shows the different types of storage accounts
Over here we can see that only General Purpose v2 supports all of the requirements. Hence all other
options are incorrect.
For more information on storage accounts, please visit the below URL
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
You need to deploy two Azure virtual machines named VM1 and VM2 based on the Windows server 2016.
The deployment must meet the following requirements:
Provide a Service Level Agreement (SLA) of 99.95 percent availability.
Use managed disks
You propose a solution to create a scale set for the requirement.
Would the solution meet the goal?
A.Yes
B.No
A. Yes
Scale sets are used to create and manage a group of identical, load balanced VMs. The number of VMs can automatically increase or decrease in respond to demand or scheduled. Scale sets provide “high availability” to your applications.
For further information on Scale Sets, please visit the below URL
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview