Microsoft AZ-104 Full Practice Tests 8.pdf Flashcards
Your company has an Azure subscription that is used by multiple departments in your company. The subscription contains around 5 resource groups. Each department uses resources in several resource groups. Your supervisor has requested to send a report that details the costs for each department. Which of the following actions would you need to perform for this purpose? Choose 3 answers from the options given below.
A. Assign a tag to each resource group
B. Use the Resource costs blade of each resource group
C. Download the usage report
D. Assign a tag to each resource
E. From the Costs Analysis blade, filter the view by tag
C. Download the usage report
D. Assign a tag to each resource
E. From the Costs Analysis blade, filter the view by tag
The benefit of tagging and billing is given in the Microsoft documentation.
Option A is incorrect since here the resources are used across various departments and are not constrained via resource groups
Option B is incorrect since the costing on a tag basis needs to be seen from Cost Analysis
For more information on using tags, please visit the below URL https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
You have an Azure Active Directory (Azure AD) tenant that has the initial domain name.
You have a domain name of skillcertlabs.com registered at a third-party registrar. You need to ensure that you can create Azure AD users that have names containing a suffix of @skillcertlabs.com.
Which of the following would need to be implemented to fulfil this requirement? Choose 3 answers from the options given below
A. Configure the company branding
B. Add an Azure AD tenant
C. Verify the domain
D. Create an Azure DNS Zone
E. Add a custom domain name
F. Add a record to the public skillcertlabs.com DNS zone
C. Verify the domain
E. Add a custom domain name
F. Add a record to the public skillcertlabs.com
The Microsoft documentation gives the list of steps to add a custom domain
Since this is clearly given in the documentation, all other options are incorrect
For more information on adding custom domains, please go to the below URL https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
A company currently has an Azure account and subscription. They want to host an application using Virtual Machines and a load balancer. There is a requirement to ensure that the application is made available 99.99% of the time. Which of the following would need to be in place? You also have to minimize costs associated with the solution. Choose 2 answers from the options given below
A. Create a Basic Load balancer
B. Create a Standard Load balancer
C. Add 2 Virtual Machines to the backend pool
D. Add a Virtual Machine to the backend pool
B. Create a Standard Load balancer
C. Add 2 Virtual Machines to the backend pool
This is clearly mentioned in the Microsoft documentation
Since this is clearly given in the Microsoft documentation, all other options are incorrect For more information on the SLA for the Load balancer, please go to the below URL https://azure.microsoft.com/en-us/support/legal/sla/load-balancer/v1_0/
A company has setup a Load balancer that load balances traffic on port 80 and 443 across 3 virtual machines. You have to ensure that all RDP traffic is directed towards a VM named demovm. How would you achieve this?
A. By creating a new public load balancer for demovm
B. By creating a new internal load balancer for demovm
C. By creating an inbound NAT rule
D. By creating a new IP configuration
C. By creating an inbound NAT rule
An example of this is given in the Microsoft documentation
Options A and B are incorrect since we don’t need to recreate an entire load balancer just for this scenario
Option D is incorrect since this is used to attach a front-end IP to the load balancer
For more information on port forwarding for the load balancer, please go to the below URL https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-portal
A company has setup a Load balancer that load balances traffic on port 80 and 443 across 3 virtual machines. You have to ensure that all clients are serviced by the same web server for each request. Which of the following would you configure for this requirement?
A. Floating IP
B. Health Probe
C. Session Persistence
D. TCP Reset
The Microsoft documentation mentions Session Persistence or Source IP affinity mode as mentioned below
Option A is incorrect since this is used when you have multiple front-end IP’s
Option B is incorrect since this is used to check the health of the back end VM’s Option D is incorrect since this is used for idle timeout
For more information on load balancer distribution mode, please go to the below URL https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-distribution-mode
A company has started using Azure and setup a subscription. They want to see the costs being incurred for each type of resource. Which of the following can help you get these details?
A. Go to your Azure AD directory and go to Cost Analysis
B. Go to your Subscription and go to Cost Analysis
C. Go to your Azure AD directory and go to Licences
D. Go to your Subscription and go to Resource Groups
B. Go to your Subscription and go to Cost Analysis
If you go to your subscription, look at the Cost Analysis, you can see a breakdown of the costs for each resource.
The Cost Analysis section for the subscription allows you to see all the costs. Hence all other options are incorrect
For more information on cost analysis, please visit the below URL https://docs.microsoft.com/en-us/azure/cost-management/quick-acm-cost-analysis
Your company currently has a Virtual Network defined in Azure. The Virtual Network has a default subnet that contains 2 Virtual machines named demovm and demovm1. There is a requirement to inspect all network traffic between the Virtual Machines for a duration of 3 hours.
You propose a solution to create a Data Collector set.
Does this solution fulfil the requirement?
A. Yes
B. No
B. No
The right solution is to use Network watcher.
A data collector set if used to collect data for Performance counters.
For more information on data collector sets, please go ahead and visit the below URL https://docs.microsoft.com/en-us/dynamics-nav/how-to–view-performance-counter-data-for-a-data- collector-set
- Question
Your company currently has a Virtual Network defined in Azure. The Virtual Network has a default subnet that contains 2 Virtual machines named demovm and demovm1. There is a requirement to inspect all network traffic between the Virtual Machines for a duration of 3 hours. You propose a solution to run Packet Capture on Azure Network watcher Does this solution fulfil the requirement?
A. Yes
B. No
A. Yes
The Microsoft documentation mentions the following
Network Watcher variable packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine. Packet capture helps to diagnose network anomalies both reactively and proactivity. Other uses include gathering network statistics, gaining information on network intrusions, to debug client-server communications and much more.
For more information on Network watcher, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-overview
Your company currently has a Virtual Network defined in Azure. The Virtual Network has a default subnet that contains 2 Virtual machines named demovm and demovm1. There is a requirement to inspect all network traffic between the Virtual Machines for a duration of 3 hours.
You propose a solution to create a metric chart for Network In and Network Out
Does this solution fulfil the requirement?
A. Yes
B. No
B. No
This is used to just see the number of packets coming into and out of the Virtual machine but will not do a detailed packet inspection.
For more information on monitoring Virtual Machine, please go ahead and visit the below URL https://docs.microsoft.com/en-us/azure/virtual-machines/windows/monitor
- Question
A company has just setup an Azure account and subscription. There is a requirement to ensure that IT administrators can only spin up virtual machines of a particular SKU size. Which of the following can help achieve this?
A. Create an RBAC role and assign it to the relevant resource group
B. Create an Azure policy and assign it to the subscription
C. Assign the appropriate AD role to the IT administrators’ group
D. Assign the appropriate subscription policy to the IT administrators’ group
B. Create an Azure policy and assign it to the subscription
Azure policies are used for governance purposes. The Microsoft documentation also gives an example of how you can use Azure policies to limit the use of SKU’s for Azure virtual machines
Option A is incorrect since policies are used to control permissions at the resource property level Option C is incorrect since Azure AD roles are specifically meant to control access to Azure AD Option D is incorrect since there is no concept of subscription policies
For more information on this example, one can go to the following link https://docs.microsoft.com/en-us/azure/governance/policy/samples/allowed-skus-storage
A company has the following set of Virtual Machines defined in the Azure account Name Region
skillcertlabs-vm1 East US
skillcertlabs-vm2 Central US
The company wants to move skillcertlabs-vm1 to another subscription. Which of the following can be implemented to fulfill this requirement?
A. Move the Virtual Machine to the Central US region first
B. You cannot move the Virtual Machine across subscriptions. You would need to delete and recreate the VM in the new subscription
C. Use the Move-AzResource powershell command to move the Virtual Machine
D. Use the Move-VMResource powershell command to move the Virtual Machine
C. Use the Move-AzResource powershell command to move the Virtual Machine
You can move Azure resources across subscriptions using the Move-AzResource powershell command. There are just some restrictions when moving Virtual Machines.
Below is the command provided in the Microsoft documentation
Option A is incorrect since you don’t need to move the Virtual machine to any specific region for the move
Option B is incorrect since you can move resources across subscriptions
Option D is incorrect since the right command is Move-AzResource
For more information on moving virtual machines, one can go to the following link
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/move-vm
A company has the following virtual networks defined in Azure Name Address space
skillcertlabs-network1 10.1.0.0/16
skillcertlabs-network2 10.2.0.0/16
The following virtual machines have been defined as well Name Network
skillcertlabsvm1 skillcertlabs-network1
skillcertlabsvm2 skillcertlabs-network2
The necessary peering connections have been created between skillcertlabs-network1 and skillcertlabs- network2. The firewalls on the virtual machines have been modified to allow ICMP traffic. But traffic does not seem to flow between the virtual machines when the ping request is made.
Which of the following can be used to diagnose the issue?
A. Application Insights
B. IP Flow Verify
C. Azure Advisor
D. Azure Security Center
B. IP Flow Verify
The issue could be due to the security groups. You can diagnose the issue using IP Flow Verify. The Microsoft documentation mentions the following
Option A is incorrect since this is normally used from an application diagnostics perspective
Option C is incorrect since this is used to provide recommendations on various types of Azure resources Option D is incorrect since this is used mainly from a security aspect in Azure
For more information on IP Flow Verify, one can go to the following link https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
A company has the following virtual networks defined in Azure Name Address space
skillcertlabs-network1 10.1.0.0/16
skillcertlabs-network2 10.2.0.0/16
The following virtual machines have been defined as well Name Network
skillcertlabsvm1 skillcertlabs-network1
skillcertlabsvm2 skillcertlabs-network2
The necessary peering connections have been created between skillcertlabs-network1 and skillcertlabs- network2. The firewalls on the virtual machines have been modified to allow ICMP traffic. But traffic does not seem to flow between the virtual machines when the ping request is made.
If the security department wanted to check on any network intrusions into the virtual networks, which of the following tool could be used for this purpose?
A. IP Flow Verify
B. Variable packet capture
C. Azure connection monitor
D. Application Insights
B. Variable packet capture
Since this is clearly given in the Microsoft documentation, all other options are incorrect
For more information on packet capture, one can go to the following link
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-overview
Your company has an Azure account and subsription. The subscription contains a virtual machine named demovm. You have a computer named Computer1 that runs Windows 10. Computer1 is connected to the Internet. You add a network interface to the VM1 as shown in the exhibit below (see image).
From Computer1, you attempt to connect to demovm by using Remote Desktop, but the connection fails. You need to establish a Remote Desktop connection to demovm. What should you do first?
A. Start demovm.
B. Attach a network interface.
C. Delete the DenyAllOutBound outbound port rule.
D. Delete the DenyAllInBound inbound port rule.
A. Start demovm.
Here the main issue is that the VM is not started an allocated an IP address. When you start the VM, you will get a public IP addresses which will be assigned to the Network Interface. The Network security groups are fine for allowing RDP access
Option B is incorrect because adding a new interface will not solve the connectivity issue Options C and D are incorrect since you cannot delete the built-in network security group rules For more information on Network security groups, please go to the below URL https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
- Question
Your company has an Azure account and subsription. The subscription contains a virtual machine named demovm. You have a computer named Computer1 that runs Windows 10. Computer1 is connected to the Internet. You add a network interface to the VM1 as shown in the exhibit below. (see image)
From Computer1 you want to be able to also access a web service running on port 80 after demovm is started. Which of the following must be done for this to work?
A. Attach a network interface.
B. Add an incoming network security group rule for allowing traffic on port 80
C. Add an outgoing network security group rule for allowing traffic on port 80 D. Delete the DenyAllOutBound outbound port rule.
E. Delete the DenyAllInBound inbound port rule.
B. Add an incoming network security group rule for allowing traffic on port 80
Here you need to add an incoming rule to allow traffic on port 80.
Option A is incorrect since this needs to be done for the current attached network interface Option C is incorrect since the incoming traffic needs to be allowed
Options D and E are incorrect since you cannot delete the built-in network security group rules For more information on Network security groups, please go to the below URL https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Your company has an Azure account and subscription. The subscription contains the resources in the following table:
Name Type
skillcertlabstore Storage container
skillcertlabs-rg Resource Group
documents BLOB container
demo File share
Your IT administrator has deployed a virtual machine called demovm and a storage account called skillcertlabs-temp by using a single Azure Resource Manager template. You want to do a review of the template that was used for the deployment. Which of the following resource blade could be used to view the template that was used for the deployment?
A. skillcertlabs-rg
B. demovm
C. skillcertlabs-temp
D. skillcertlabstore
A. skillcertlabs-rg
If you to the Resource Group, you can see the deployments made to that resource group. An example is shown below
And if you go to any deployment you can go the Template and see the template used for the deployment.
The other options are incorrect because these will not give the overall template deployment for multiple resources.
For more information on resource template deployments, please visit the below URL https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-deploy-portal
Your company has an Azure subscription. In the subscription, you go ahead and create an Azure file share named share1. You also create a shared access signature (SAS) named SASdemo as shown in the following exhibit. (see image)
If you run Microsoft Azure Storage Explorer on a computer that has an IP address of 193.77.134.1 and you use SASdemo to connect to the storage account, then you
A. will be prompted for the credentials
B. will have no access
C. will have read, write and list access
D. will have read-only access
B. will have no access
Since the IP address is not in the valid IP address range defined by the SAS url , you will be denied access.
You will get the below error in Azure Storage Explorer (see image)
Since this is the result of the SAS , all other options are incorrect.
For more information on Shared access signatures, please go to the below URL https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1
Your company has an Azure subscription. In the subscription, you go ahead and create an Azure file share named share1. You also create a shared access signature (SAS) named SASdemo as shown in the following exhibit. (see image)
If you use the net use command on a computer that has an IP address of 193.77.134.50 and then use SASdemo to connect to share1, then you
A. will be prompted for the credentials
B. will have no access
C. will have read,write and list access
D. will have read-only access
C. will have read,write and list access
Since the IP address is in the valid IP address range, you will get the desired access that is specified in the SAS signature
For more information on Shared access signatures, please go to the below URL https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1
You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address. Each virtual machine requires the same inbound and outbound security rules. What is the minimum number of network interfaces that you require?
A. 5
B. 10
C. 15
D. 20
A. 5
So, when you attach or have a network interface for a Virtual Machine, that network interface can have both a private and public IP address.
So, by this measure, we only need to define 5 network interface cards, one for each virtual machine. Hence all the other options are incorrect
For more information on the virtual network interfaces in Azure, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address. Each virtual machine requires the same inbound and outbound security rules. What is the minimum number of network security groups that you require?
A. 1
B. 2
C. 5
D. 10
A. 1
A network security group can have multiple network interfaces assigned to it as shown in the below diagram
Since the question clearly states that the virtual machines all require the same inbound and outbound security rules, hence we should use just the same network security group for all network interfaces For more information on network security groups, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm
You have a virtual network named VNet2 that has the configuration shown in the following exhibit. (see image)
Before a virtual machine on VNET2 can receive an IP address from 192.168.1.0/24 you must first
A. Add a network interface
B. Add a subnet
C. Add an address space
D. Delete a subnet
E. Delete an address space
C. Add an address space
The Virtual Network has no address space which is relative to 192.168.1.0/24 as per the powershell output given in the Exhibit.
Hence first, you need to add an address space as shown below.
After you save the address space, create a new subnet with the address space and then ensure the VM is put in the new subnet
Option A is incorrect since the network interface can only receive an address from 10.2.0.0/24 as per the powershell output given in the Exhibit.
Option B is incorrect since you need to add the address space 192.168.1.0/24 before adding the subnet Options D and E are incorrect since you need to add the address space and subnet and not delete the address space and subnet
For more information on Virtual Networks, please go to the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview
You have a virtual network named VNet2 that has the configuration shown in the following exhibit.
Before a virtual machine on VNET2 can receive an IP address from 10.2.1.0/24 you must first
A. Add a network interface
B. Add a subnet
C. Add an address space
D. Delete a subnet
E. Delete an address space
B. Add a subnet
Here you need to add a new subnet as shown below
And then you can add the new VM as part of the new subnet so that it receives the address from the 10.2.1.0/24 address space.
Option A is incorrect since the network interface can only receive an address from 10.2.0.0/24 as per the powershell output given in the Exhibit.
Option C is incorrect since we already have the required address space
Options D and E are incorrect since you need to add the subnet and not delete the address space and subnet
For more information on Virtual Networks, please go to the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview
A company has an Azure subscription that contains the resources in the following table. Name Type
skillcertlabs-rg Resource Group
skillcertlabstore Azure Storage account
skillcertlabsync Azure File Sync
skillcertlabstore contains a file share named documents. The document file share contains 1000 files. You need to synchronize the files in the file share with an on-premise server named skillcertlabserver. Which of the following would you need to implement to fulfil this requirement? Choose 3 answers from the options given below
A. Download an automation script.
B. Create a container instance.
C. Create a sync group.
D. Register skillcertlabserver.
E. Install the Azure File Sync agent on skillcertlabserver.
C. Create a sync group.
D. Register skillcertlabserver.
E. Install the Azure File Sync agent on skillcertlabserver.
So, the Microsoft documentation gives the list of steps for using the Azure File Sync service
Since this is clearly given in the Microsoft documentation, all other options are incorrect
For more information on deploying Azure File Sync share, please go to the below URL https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?tabs=portal
A company needs to create a storage account that needs to conform to the following requirements Users should be able to add files such as images and videos
Ability to store archive data
File shares need to be in place which can be accessed across several VM’s
The data needs to be available even if a region goes down
The solution needs to be cost effective
Which of the following type of storage account would you create for this purpose?
A. BLOB storage
B. General Purpose(v1)
C. General Purpose(v2)
D. Table storage
C. General Purpose(v2)
The below snapshot from the Microsoft documentation shows the different types of storage accounts
Over here we can see that only General Purpose v2 supports all of the requirements. Hence all other options are incorrect.
For more information on storage accounts, please visit the below URL https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
You need to deploy two Azure virtual machines named VM1 and VM2 based on the Windows server 2016 image. The deployment must meet the following requirements:
Provide a Service Level Agreement (SLA) of 99.95 percent availability.
Use managed disks
You propose a solution to create an availability set for the requirement. Would the solution meet the goal?
A. Yes
B. No
A. Yes
The Microsoft documentation mentions the following
For more information on availability sets, please visit the below URL
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
Your company has an Azure account and an Azure subscription. They have created a Virtual Network named skillcertlabs-net. The following users have been setup
User Role
skillcertlabs-usr1 Owner
skillcertlabs-usr2 Security admin
skillcertlabs-usr3 Network Contributor
Which of the following users would be able to add the Reader role access for a user to the Virtual Network?
A. skillcertlabs-usr1 only
B. skillcertlabs-usr2 only
C. skillcertlabs-usr3 only
D. skillcertlabs-usr1 and skillcertlabs-usr2 only
E. skillcertlabs-usr1 and skillcertlabs-usr3 only
F. skillcertlabs-usr2 and skillcertlabs-usr3 only
A. skillcertlabs-usr1 only
The Network Contributor does not have access to assign roles. And if you look at the Security admin role , it only has the privilege to work with Security Center.
For more information on the built-in roles, please go to the below URL
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
You work as an Azure Administrator for a company. You have to ensure that a role can be in place that would have the following requirements
View all the resources in the Azure subscription
Issue support requests to Microsoft.
Use the principle of least privilege.
You have to complete the below JSON role definition (see image)
Which of the following would go into Slot1?
A. “Microsoft.Authorization//”
B. “Microsoft.Authorization/* /read”
C. “ Microsoft.Authorization/read/”
D. “Microsoft.Authorization/”
B. “Microsoft.Authorization/*/read”
If you look at the Microsoft documentation for the role definition, you can see that the correct action is “Microsoft.Authorization/*/read”
For more information on the built-in roles, please go to the below URL
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
You work as an Azure Administrator for a company. You have to ensure that a role can be in place that would have the following requirements
View all the resources in the Azure subscription
Issue support requests to Microsoft.
Use the principle of least privilege.
You have to complete the below JSON role definition (see image)
Which of the following would go into Slot2?
A. “/”
B. “/Microsoft.Support”
C. “Microsoft.Support/”
D. “Microsoft.Support”
Correct
If you look at the Microsoft documentation for the role definition, you can see that the correct action is “Microsoft.Support/*”
For more information on the built-in roles, please go to the below URL
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
You have the Azure virtual networks shown in the following table. (see image)
To which virtual networks can you establish a peering connection from VNet1?
A. VNet2 and VNet3 only
B. VNet2 only
C. VNet3 and VNet4 only
D. VNet2, VNet3, and VNet4
VNet3 and VNet4 only
Vnet2 has an overlapping CIDR block, so Virtual Network peering cannot be established to this Virtual Network from VNet1
For more information on Virtual Network peering, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
Your company has an Azure account and a subscription. The subscription contains the virtual networks in the following table (see image 1)
The subscription also contains the virtual machines in the following table (see image 2)
The firewalls on all the virtual machines are configured to allow all ICMP traffic You add the peerings in the following table. (see image 3)
For each of the following statements, select Yes if the statement is true VM1 can ping VM3
A. Yes
B. No
So, if you look at the overall picture for the VNET peerings , below is the diagram that we have
Now since there are peerings in both directions for VNET1 and VNET3 , the VM’s can ping each other. For more information on VNET peering, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
Your company has an Azure account and a subscription. The subscription contains the virtual networks in the following table (see image 1)
The subscription also contains the virtual machines in the following table (see image 2)
The firewalls on all the virtual machines are configured to allow all ICMP traffic You add the peerings in the following table. (see image 3)
For each of the following statements, select Yes if the statement is true For each of the following statements, select Yes if the statement is true VM2 can ping VM3
A. Yes
B. No
B. No
So, if you look at the overall picture for the VNET peerings , below is the diagram that we have
In order for peering to work, you have to create peerings in both directions , so this will not work. For more information on VNET peering, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview https://docs.microsoft.com/en-us/azure/virtual-network/create-peering-different-subscriptions
Your company has an Azure account and a subscription. The subscription contains the virtual networks in the following table (see image 1)
The subscription also contains the virtual machines in the following table (see image 2)
The firewalls on all the virtual machines are configured to allow all ICMP traffic You add the peerings in the following table. (see image 3)
For each of the following statements, select Yes if the statement is true For each of the following statements, select Yes if the statement is true VM2 can ping VM1
A. Yes
B. No
B. No
So, if you look at the overall picture for the VNET peerings , below is the diagram that we have VNET1 and VNET2 don’t have any peering connection , so this will not work.
For more information on VNET peering, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
A company has the following storage accounts in place as part of their Azure subscription Name Storage Account Type
skillcertlabstore1 General Purpose V1
skillcertlabstore2 General Purpose V2
skillcertlabstore3 Blob Storage
Which of the following storage account/accounts could be used to store objects as part of the Archive tier?
A. skillcertlabstore1 only
B. skillcertlabstore2 only
C. skillcertlabstore3 only
D. skillcertlabstore1 and skillcertlabstore2 only
E. skillcertlabstore1 and skillcertlabstore3 only
F. skillcertlabstore2 and skillcertlabstore3 only
As per the Microsoft documentation given below only the General Purpose V2 and Blob storage account types support the Archive access tier.
As a result, all other options are incorrect
For more information on storage accounts, one can go to the following link https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
A company needs to deploy the following architecture to Azure (see image)
The architecture would consist of a load balancer that should only accept request via private IP addresses and should not flow via the internet. The Load balancer would direct requests to database servers hosted on Virtual machines.
Which of the following load balancer type should be implemented for this architecture?
A. Public Load balancer
B. Private Load balancer
C. Internal Load balancer
D. External Load balancer
Internal Load balancer
Since we don’t want requests to flow via the Internet, we should create an Internal load balancer. The Microsoft documentation mentions the following
Option A is incorrect since this is created when requests need to flow via the Internet Options B and D are incorrect terms when it comes to the load balancer
For more information on the Azure Load balancer, one can go to the following link https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
- Question
A team member has created a point to site VPN connection between a computer named “WorkstationA” and an Azure Virtual Network. Another point to site VPN connection needs to be created between the same Azure Virtual Network and a computer named “WorkstationB”. The VPN client package was generated and installed on “WorkstationB”. You need to ensure you can create a successful point to site VPN connection.
You decide to export and install the client certificate on “WorkstationB” Would this solution fulfill the requirement?
A. Yes
B. No
A. Yes
Yes, this is one of the requirements. This is also mentioned in the Microsoft documentation
For more information on creating point-to-site VPN connections, please visit the below URL
You have created a storage account named skillcertlabstore. You have created a file share named demo using the file service. You need to ensure that users can connect to the file share from their home computers. Which of the following port should be open to ensure the connectivity?
A. 80
B. 443
C. 445
D. 3389
C. 445
This is clearly given in the Microsoft documentation
For more information on using file shares in Azure, please visit the below URL
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
A company has created a storage account in their Azure subscription. The name of the storage account is skillcertlabstore. They have also created a file share named demo. They need to access the files in the file share via a UNC path.
You need to fill in the following blocks to ensure the right UNC path is provided (see image)
Which of the following needs to go into Slot1?
A. blob
B. blob.core.windows.net
C. portal.azure.com
D. file
E. file.core.windows.net
F. skillcertlabstore
F. skillcertlabstore
The Microsoft documentation mentions the URL format of the file share as shown below
The first part of the URL is the storage account name.
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect For more information on file shares, please visit the below URL https://docs.microsoft.com/en-us/azure/storage/files/storage-files-planning
A company has created a storage account in their Azure subscription. The name of the storage account is skillcertlabstore. They have also created a file share named demo. They need to access the files in the file share via a UNC path.
You need to fill in the following blocks to ensure the right UNC path is provided (see image)
Which of the following needs to go into Slot2?
A. blob
B. blob.core.windows.net
C. portal.azure.com
D. file
E. file.core.windows.net
F. skillcertlabstore
E. file.core.windows.net
The Microsoft documentation mentions the URL format of the file share as shown below
The second part of the URL is the service URL of file.core.windows.net
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect For more information on file shares, please visit the below URL https://docs.microsoft.com/en-us/azure/storage/files/storage-files-planning
A company has setup an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be launched in their Azure account.
They decide to implement Azure policies
Does this fulfill the requirement?
A. Yes
B. No
A. Yes
Yes, this can be done with Azure policies. There is also already an in-built policy which can implement this policy as shown below
For more information on an example on this, please visit the below URL
https://docs.microsoft.com/en-us/azure/governance/policy/samples/allowed-skus-storage
- Question
A company plans to use Azure Network watcher to perform the following tasks
“Find out if a network security rule is preventing a network packet from reaching a virtual machine hosted in an Azure virtual network”
“Find out if there is outbound connectivity between an Azure virtual machine and an external host” Which of the following network watcher feature would you use for the following requirement?
“Find out if a network security rule is preventing a network packet from reaching a virtual machine hosted in an Azure virtual network”
A. IP Flow Verify
B. Next Hop
C. Packet Capture
D. Traffic Analysis
A. IP Flow Verify
This can be done with the IP Flow Verify feature. The Microsoft documentation mentions the following
Option B is incorrect since this feature is used to get the next hop type and IP address of a packet from a specific VM
Option C is incorrect since this feature is used for deep dive network packet capture
Option D is incorrect since this feature is a cloud-based solution that provides visibility into user and application activity in cloud networks
For more information on the IP Flow Verify feature, please visit the below URL
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
A company plans to use Azure Network watcher to perform the following tasks
“Find out if a network security rule is preventing a network packet from reaching a virtual machine hosted in an Azure virtual network”
“Find out if there is outbound connectivity between an Azure virtual machine and an external host” Which of the following network watcher feature would you use for the following requirement?
“Find out if there is outbound connectivity between an Azure virtual machine and an external host”
A. IP Flow Verify
B. Next Hop
C. Connection Monitor
D. Traffic Analysis
C. Connection Monitor
This can be done with the Connection Monitor feature. The Microsoft documentation mentions the following
Option A is incorrect since this feature is used to verify the flow of traffic based on security group rules Option B is incorrect since this feature is used to get the next hop type and IP address of a packet from a specific VM
Option D is incorrect since this feature is a cloud-based solution that provides visibility into user and application activity in cloud networks
For more information on the network watcher tool, please visit the below URL
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
A company is planning on deploying an application to a set of Virtual Machines in an Azure network. The company needs to have an SLA of 99.99% for the application hosted on the Virtual machines. Which of the following should be implemented to guarantee an SLA of 99.99% on the infrastructure level?
A. Make the virtual machines part of an availability set
B. Deploy the virtual machines across availability zones
C. Assign a standard public IP address to the virtual machines
D. Deploy single virtual machines across multiple regions
B. Deploy the virtual machines across availability zones
You can achieve 99.99% SLA on the infrastructure level for your virtual machines by deploying them across availability zones. The Microsoft documentation mentions the following
Option A is incorrect since availability sets can only guarantee an SLA of 99.95%
Option C is incorrect since this will not help ensure 99.99% availability for the architecture. Option D is incorrect since this is normally used for disaster recovery purposes
For more information on availability zones, please visit the below URL https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
