Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Az-104-practice test > test 4 > Flashcards

test 4 Flashcards

1
Q

Your team needs to deploy an Azure Kubernetes cluster. It needs to be ensured that applications can connect to the pods deployed to the cluster via the IP addresses assigned to the pod. Which of the following network type would you choose for the cluster?

Azure Private Endpoint
Azure Container Networking Interface
Kubenet
Kubectl

A

Azure Container Networking Interface

In order for each pod to get its own IP address, we need to use the Azure Container Networking Interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your company has set an Azure subscription. They want to transfer 40 TB of data onto an Azure Storage Account. The transfer should not have an impact on the company’s existing network. It should be the fastest and the most secure way of transferring of data. Which of the following can be used for this requirement?

A. Azure Storage Explorer
B. AzCopy tool
C. Azure Import/Export Service
D. Azure DataBox

A

Azure DataBox

When you want to transfer data greater than 30 TB, its ideal to use the Azure DataBox service

One can refer to the below URL for more information on the same

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your company has the following storage accounts
appstore100—-General Purpose V1
appstore200—-General Purpose V2
appstore300—-BlockBlobStorage
appstore400—-FileStorage
Can you create a premium file share in appstore400?

Yes

No

A

Yes, you can create a premium file share in this type of storage account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your company has the following storage accounts
appstore100—-General Purpose V1
appstore200—-General Purpose V2
appstore300—-BlockBlobStorage
appstore400—-FileStorage
Can you create a premium file share in appstore200?

Yes

No

A

No
You can only create Premium files shares in the FileStorage account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You have an Azure Storage Account. You need copy files via the AzCopy tool to Blob and File storage.

Can you use access keys as a means of authorization for Azure File storage when it comes to the AzCopy tool?

A. Yes

B. No

A

No

For Azure File storage, you can only use Shared Access Signatures when it comes to authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your company is planning on hosting an application on a couple of Azure virtual machines named appvm1 and appvm2. You have to ensure that the application continues to work even if there is a planned maintenance event of the underlying hardware. How would you plan to deploy the Azure virtual machines?

A. In an Availability set with one fault domain

B. In an Availability set with two fault domains

C. In an Availability set with one update domain

D. In an Availability set with two update domains

A

In an Availability set with two update domains

To protect against planned maintenance , you have to consider update domains in an Availability Set. And then you need to ensure you have a separate update domain for each virtual machine.

Fault Domains:

Definition: A fault domain is a group of VMs that share a common power source and network switch.
Purpose: Provides redundancy against hardware failures by distributing VMs across different physical hardware.

Update Domains:

Definition: An update domain is a group of VMs that can be updated or rebooted at the same time.
Purpose: Ensures application availability during planned maintenance by staggering updates across multiple update domains.

Fault Domains vs. Update Domains:

Fault Domains: Focus on hardware redundancy. They protect against physical hardware failures.
Update Domains: Focus on software and maintenance redundancy. They protect against downtime during planned maintenance.

Min & Max Fault Domains: 2 & 2, Typically, Azure provides up to three fault domains for most regions

Min & Max Update Domains: 2 & 20

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your company is planning on hosting an application on a set of Azure virtual machines. The implementation should ensure that at least two virtual machines are available if a single Azure datacenter goes down. How would you plan to deploy the Azure virtual machines?

Across a single Availability Set

Across a set of Availability sets

Across a single Availability Zone

Across a set of Availability Zones

A

Across a set of Availability Zones

To protect against data center level failures and also if you want to connectivity to multiple machines, ensure that the VM’s are deployed across various Availability Zones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your company has an Azure virtual network that contains the following subnets
subnet A: 10.0.0.0/24
subnet B: 10.0.1.0/24

The following VMs:
appvm1: 10.0.0.5
appvm2: 10.0.1.5
appvm3: 10.0.1.6

A Network Security group named app-nsg1 has the following Inbound rules. This NSG is attached to SubnetA.

A Network Security group named app-nsg1 has the following Inbound rules. This NSG is attached to SubnetA.
Priority 120 allow 443 TCP from source 10.0.1.0/24 to 10.0.0.0/24

A Network Security group named app-nsg2 has the following Inbound rules. This NSG is attached to appvm1.
Priority 200 deny 443 TCP from source 10.0.1.5 to 10.0.0.5

Would appvm2 be able to connect on the TCP port of 443 of appvm1?

Yes

No

A

No

Since there is a specific rule in app-nsg2 to deny traffic, the request will not be allowed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your company has an Azure virtual network that contains the following subnets
subnet A: 10.0.0.0/24
subnet B: 10.0.1.0/24

The following VMs:
appvm1: 10.0.0.5
appvm2: 10.0.1.5
appvm3: 10.0.1.6

A Network Security group named app-nsg1 has the following Inbound rules. This NSG is attached to SubnetA.

A Network Security group named app-nsg1 has the following Inbound rules. This NSG is attached to SubnetA.
Priority 120 allow 443 TCP from source 10.0.1.0/24 to 10.0.0.0/24

A Network Security group named app-nsg2 has the following Inbound rules. This NSG is attached to appvm1.
Priority 200 deny 443 TCP from source 10.0.1.5 to 10.0.0.5

Would appvm1 be able to connect on the TCP port of 443 of appvm2?

Yes

No

A

Yes

Since there is no NSG specifically denying the request, the request will be allowed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You have to use Azure Network Watcher to perform the various activities

1) Find out if a particular Network Security Group rule is preventing traffic from reaching an Azure virtual machine

2) Check the outbound connectivity from an Azure virtual machine to an external host

Which of the following can be used for the following requirement?

“Check the outbound connectivity from an Azure virtual machine to an external host”

Connection Troubleshoot

Next Hop

IP Flow Verify

Traffic Analytics

A

Connection Troubleshoot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have to use Azure Network Watcher to perform the various activities

1) Find out if a particular Network Security Group rule is preventing traffic from reaching an Azure virtual machine

2) Check the outbound connectivity from an Azure virtual machine to an external host

Which of the following can be used for the following requirement?

“Find out if a particular Network Security Group rule is preventing traffic from reaching an Azure virtual machine”

Connection Troubleshoot

Next Hop

IP Flow Verify

Traffic Analytics

A

IP Flow Verify

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You are going to be creating the following Azure Availability set
Fault domain: 2
Update domain: 10
12 virtual machines have been added to the availability set.

What is the maximum number of unavailable machines when a planned maintenance is carried out which impacts the Availability set?
A. 1

B. 2

C. 6

D. 12

A

2

Since there are 10 updates domains, there will be 2 updates domains that will have 2 machines each and the remaining update domains will have 1 machine each. This will give a total of 12 virtual machines spread across the update domains.

This means that at any point in time a maximum of 2 machines will not be available.

Formula for maximum unavailable VMs during planned maintenance:

Max Unavailable VMs = Total VMs ÷ Number of Update Domains
Let’s apply this to your scenario:

Total VMs = 12
Update Domains = 10
Max Unavailable VMs = 12 ÷ 10 = 1.2 (rounded up to 2)
Therefore, the answer is B. 2 machines.

Explanation:

During planned maintenance, Azure processes one update domain at a time
VMs are distributed across update domains evenly
When dividing 12 VMs across 10 update domains:
Some update domains will have 1 VM
Some update domains will have 2 VMs
The worst-case scenario is when maintenance affects an update domain containing 2 VMs
Note: The Fault Domain count (2) doesn’t affect planned maintenance calculations - it’s relevant for hardware failure scenarios.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Your Azure AD tenant currently has the following settings enabled for self-service password reset.
Select group: GroupA
Number method required to reset: 2
methods available to users:
+ Mobile app code
+ Security questions
Number of questions is required to register: 5
Number of questions is required to reset: 2
The following users are defined as part of your Azure AD tenant
User1@techsup4000gmail.onmicrosoft.com –GroupA
User2@techsup4000gmail.onmicrosoft.com –GroupB

Would User1 be able to reset their password after answering 4 of the security questions?
A. Yes
B. No

A

No

The user also needs to perform the method of Mobile app code to complete the process for reseting the password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Your team has deployed an Azure virtual machine. You have to create an alert in Azure Monitor. The alert needs to send an email to an IT administrator whenever an error is detected in the System event log of the virtual machine. Which of the following would you create in Azure for this requirement?

A. Azure Log Analytics workspace

B. Azure Storage Account

C. Azure SQL database

D. Azure Logic Apps

A

Azure Log Analytics workspace

You can direct the logs to a Log Analytics workspace. And then create an alert based on the logs in the Log Analytics workspace.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You need to use the Azure Import/Export service to add files to an Azure Storage account. Which of the following files need to be in place for the import job? Choose 2 answers from the options given below (multi choose)

A. An XML file

B. A driveset CSV file

C. A dataset CSV file

D. A JSON file

A

A driveset CSV file
A dataset CSV file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your team has a Recovery Services vault defined in the North Europe location and part of a resource group named app-grp.

The team also has the following Azure General Purpose V2 storage accounts in place
Name————————–Resource group———————-Location
appstore1000————–app-grp———————————-North Europe
appstore2000————–app-grp———————————-UK South
The team also has the following Azure Log Analytics workspaces in place
Name————————–Resource group———————-Location
logworkspace1000——–app-grp———————————-North Europe
logworkspace2000——–app-grp———————————-UK South

You need to configure the Diagnostic settings for the Recovery Services vault for the Azure Backup Reports log.

Can you configure appstore2000 for storage of the reports?

Yes

No

A

No

The Recovery Services Vault and the Azure Storage Account need to be in the same region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your company currently has the following Azure Storage Accounts in place
Name Storage Account Type Performance Replication
appstore1000 General Purpose V2 Standard Locally-redundant storage
appstore2000 BlockBlobStorage Premium Locally-redundant storage
appstore3000 General Purpose V2 Standard Read-access geo-redundant storage
appstore4000 General Purpose V1 Premium Locally-redundant storage
Can you convert the replication of appstore3000 to Zone-redundant storage by requesting Azure support for a live migration?

A. Yes

B. No

A

The answer is B. No

Here’s why:

Direct Replication Conversion Rules:
For GZRS/ZRS conversion:
- You CANNOT convert from RA-GRS (Read-access geo-redundant storage) to ZRS (Zone-redundant storage)
- Even Azure Support cannot perform this conversion as a live migration
Allowed Conversion Paths:
LRS -> ZRS (in supported regions)
ZRS -> LRS
LRS -> GRS/RA-GRS
GRS/RA-GRS -> LRS
Key Points:
appstore3000 is currently using RA-GRS (Read-access geo-redundant storage)
There is no direct conversion path from RA-GRS to ZRS
This limitation exists because:
ZRS and GRS/RA-GRS use fundamentally different architectures
ZRS replicates across availability zones in a single region
RA-GRS replicates across regions
Solution if ZRS is needed:
To get ZRS for this storage:
1. Create a new storage account with ZRS
2. Migrate data to the new account
3. Update applications to use new storage account
4. Delete old storage account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Your company currently has the following Azure Storage Accounts in place
Name Storage Account Type Performance Replication
appstore1000 General Purpose V2 Standard Locally-redundant storage
appstore2000 BlockBlobStorage Premium Locally-redundant storage
appstore3000 General Purpose V2 Standard Read-access geo-redundant storage
appstore4000 General Purpose V1 Premium Locally-redundant storage
Can you convert the replication of appstore1000 to Zone-redundant storage by requesting Azure support for a live migration?

A. Yes

B. No

A

Yes, this is supported for General Purpose V2 storage accounts that have the current replication type as Locally-redundant storage.

17
Q

Your company has the following App Service Plans
Name Operating System SKU Region
Plan1 Windows Standard North Europe
Plan2 Windows Standard UK South
Plan3 Linux Standard North Europe

The company want to host the following Azure Web Apps
Name Operating System Region
webapp1 .Net Core 3.1 North Europe
webapp2 ASP.NET V4.8 North Europe
webapp3 Ruby 2.6 North Europe

Can you use Plan3 to host webapp2?

Yes

No

A

No

ASP.NET V4.8 is only supported on Windows-based operating systems.

18
Q

Your company has an Azure Storage account that has the following properties.

You need to request Microsoft support to perform a live migration of the storage account to Zone-redundant storage. Which of the following needs to be done first for this requirement?

A. Change the storage account to General-Purpose V1

B. Change the location of the storage account

C. Change the access tier to the Cool Access tier

D. Set the replication type to Locally-redundant storage

A

Set the replication type to Locally-redundant storage

When moving from Read-Access Geo-redundant storage to Zone-redundant storage, you first need to change the replication type to Locally-redundant storage.

Azure Storage accounts that support live migration are typically the General-purpose v2 (GPv2) accounts, especially those with redundancy options like LRS (Locally Redundant Storage) or ZRS (Zone-Redundant Storage).

19
Q

Your company has the following App Service Plans
Name Operating System SKU Region
Plan1 Windows Standard North Europe
Plan2 Windows Standard UK South
Plan3 Linux Standard North Europe

The company want to host the following Azure Web Apps
Name Operating System Region
webapp1 .Net Core 3.1 North Europe
webapp2 ASP.NET V4.8 North Europe
webapp3 Ruby 2.6 North Europe

Can you use Plan1 to host webapp3?

Yes

No

A

No

Ruby 2.6 is only supported on Linux-based operating systems.

20
Q

Your company has an Azure AD tenant and an Azure subscription. You have to ensure a user named adminA has the ability to deploy virtual machines and also manage virtual networks. You need to assign the right role to the user and also ensure the solution uses the principle of least privilege. Which of the following role would you assign to the user?

Owner

Contributor

Virtual Machine Contributor

Reader

A

Contributor

Here we need to use the Contributor role. The Virtual Machine Contributor role does not allow you to manage virtual networks.

21
Q

Your company has an Azure virtual machine named appvm that is deployed to a resource group named app-grp. The resource group is part of an Azure subscription named app-subscription. The subscription is part of a Management Group named app-management. The Management Group is part of the Tenant Root Group.

You need to assign an Azure Policy.

Can you assign the Azure Policy exclusion at the Tenant Root Group Level?

Yes

No

A

No

You need to start adding exclusions from the Management Group onwards

22
Q

Your company has an Azure virtual machine named appvm that is deployed to a resource group named app-grp. The resource group is part of an Azure subscription named app-subscription. The subscription is part of a Management Group named app-management. The Management Group is part of the Tenant Root Group.

You need to assign an Azure Policy.

Can you assign the Azure Policy at the virtual machine Level?

Yes

No

A

No

The maximum level you can go till when it comes to assigning the Azure Policy is the Resource Group level.

23
Q

Your company needs to implement a Site-to-Site VPN connection. The company has two -on-premises VPN devices. The Site-to-Site VPN must be created in such a way that even if a single Azure VPN gateway fails or a single on-premises VPN devices fails, it will not cause a service interruption for more than a minute.

How many Virtual network gateways would you create in Azure for this requirement?

A. 1

B. 2

C. 3

D. 4

A

2

Here we need to deploy the architecture in a full mesh architecture as shown below in the Microsoft documentation

Here you just need two Azure VPN gateways

24
Q

Your company has a set of resources deployed as part of their subscription. The resources are being used by multiple departments in the company. The departments use the resources that are spread across multiple resource groups. You need to ensure that you can get a report of the costs of resources consumed department-wise at the end of the month. Which of the following can you implement for this requirement? Choose 3 answers from the options given below

Assign a tag to each resource group

Assign a tag to each resource

In the Cost Analysis section, filter the costs via tags

In the Cost Analysis section, filter the costs via resource groups

Download the required report

A

Assign a tag to each resource
In the Cost Analysis section, filter the costs via tags
Download the required report

Here we need to assign a resource tag to each resource. We should not assign it to the resource group because the resource groups are being used by multiple departments.

Then in Cost Management , we should filter the costs via tags

And then we can download the required report.

24
Q

Your company needs to implement a Site-to-Site VPN connection. The company has two -on-premises VPN devices. The Site-to-Site VPN must be created in such a way that even if a single Azure VPN gateway fails or a single on-premises VPN devices fails, it will not cause a service interruption for more than a minute.

How many public IP addresses would you create in Azure for this requirement?

A. 1

B. 2

C. 3

D. 4

A

2

Here we need to deploy the architecture in a full mesh architecture as shown below in the Microsoft documentation

Here you just need two Public IP addresses , one for each VPN gateway

25
Q

Your company currently has an Azure Web App that is part of a Basic App Service Plan. You have to ensure that the Web App can scale automatically when the CPU percentage goes beyond 75% for a duration of 10 minutes. Which of the following steps needs to be configured for this requirement? Choose 3 answers from the options given below

Scale up the App Service Plan

Scale out the App Service Plan

Configure a deployment slot for the Azure Web App

Configure a scaling condition to scale based on a metric and then add the rules accordingly.

Configure a scaling condition to scale based on an instance count and then add then set the instance count.

A

Scale up the App Service Plan
Scale out the App Service Plan
Configure a scaling condition to scale based on a metric and then add the rules accordingly.

First you need to scale up the App Service Plan from the Basic to the Standard. The Autoscaling feature is only available from Standard App Service Plan or higher.

Then you need to Scale out the App Service Plan for setting the Auto scaling feature.

And then set the condition and the rules to scale based on a metric.

26
Q

You have some VMs in your Azure subscription in a virtual network. The company has some users that work remotely. Remote workers require access to VMs on VNET. How would you provide access?

A. Configure Site-to-Site VPN.

B. Configure VNET-to-VNET.

C. Configure Point-to-Site VPN.

A

C. Configure Point-to-Site VPN.

The reason for this is that Point-to-Site VPN allows remote workers to securely connect to the VMs on the VNET. This is achieved by establishing a VPN connection between the remote worker’s device and the Azure VPN gateway. Once the VPN connection is established, the remote worker can access the VMs on the VNET as if they were on their local network.

Site-to-Site VPN is typically used when there is a physical network (such as a company’s office network) that needs to connect to the VNET.

VNET-to-VNET is used when there is a need to connect two or more VNETs together.

27
Q

You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1. You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days. Which two groups should you create? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A. A Security group that uses the Dynamic User membership type.

B. A Microsoft 365 group that uses the Assigned membership type.

C. A Security group that uses the Assigned membership type.

D. A Microsoft 365 group that uses the Dynamic User membership type.

E. A Security group that uses the Dynamic Device membership type

A

B. A Microsoft 365 group that uses the Assigned membership type D. A Microsoft 365 group that uses the Dynamic User membership type

Let me explain why these are correct and why others aren’t:

Correct Answers:

B. Microsoft 365 Group (Assigned):

PowerShell commands to create an assigned Microsoft 365 group with expiration
New-AzureADMSGroup `
-DisplayName “Library1-Access-Assigned” `
-Description “Temporary access to Library1” `
-GroupTypes “Unified” `
-MailEnabled $true `
-SecurityEnabled $true `
-MailNickname “library1access” `
-ExpirationDateTime (Get-Date).AddDays(180)
D. Microsoft 365 Group (Dynamic):

PowerShell commands to create a dynamic Microsoft 365 group with expiration
New-AzureADMSGroup `
-DisplayName “Library1-Access-Dynamic” `
-Description “Temporary access to Library1” `
-GroupTypes “Unified”,”DynamicMembership” `
-MailEnabled $true `
-SecurityEnabled $true `
-MailNickname “library1accessdyn” `
-ExpirationDateTime (Get-Date).AddDays(180) `
-MembershipRule “user.department -eq ‘IT’”
Why these are correct:

Microsoft 365 groups support:
Automatic expiration
SharePoint integration
Built-in collaboration features
Group lifecycle management
Why others are incorrect:

A. Security group with Dynamic User membership:

Security groups don’t support automatic expiration
Limited SharePoint integration
C. Security group with Assigned membership:

No automatic expiration support
Basic security features only
Limited SharePoint integration
E. Security group with Dynamic Device membership:

Not suitable for user access
Cannot be used for SharePoint permissions
No expiration support

28
Q

You have an Azure active directory tenant: cloudportalfinance.onmicrosoft.com. Your company has purchased the domain name cloudportalfinance.com. You need to add cloudportalfinance.com as a custom domain name in Azure AD. You need to ensure Azure can verify the domain name.

Which type of DNS record is required?

A. PTR

B. MX

C. NSEC

D. SRV

A

B. MX (Mail Exchange) record.

Let me explain why MX record is required and provide an example of how to configure it:

DNS Configuration Example:

MX Record Configuration for Azure AD Domain Verification
cloudportalfinance.com IN MX 10 cloudportalfinance-com.mail.protection.outlook.com
Verification Process in Azure Portal:

PowerShell commands to add and verify custom domain
# 1. Add the custom domain
Add-AzureADDomain -Name “cloudportalfinance.com”

  1. Get verification details
    Get-AzureADDomainVerificationDnsRecord -Name “cloudportalfinance.com”
    Why MX Record is Correct:

Azure AD Requirements:

MX records are used to verify domain ownership
Proves you have administrative control over the domain
Required for email services integration
Verification Process:

Azure provides specific MX record values
Must be added to domain’s DNS settings
Azure verifies the record exists
Why Other Options are Incorrect:

A. PTR Record:

Used for reverse DNS lookups
Maps IP addresses to domain names
Not used for domain verification
C. NSEC Record:

Used in DNSSEC
Proves non-existence of DNS records
Not relevant for domain verification
D. SRV Record:

Used for service location
Specifies host and port for services
Not used for initial domain verification

29
Q

What is the default frequency of collecting platform metrics ?

A. 5 min

B. 2 min

C. 30 Seconds

D. 1 min

A

D. 1 min

30
Q

Your company has three virtual machines (VMs) that are included in an availability set.
You try to resize one of the VMs, which returns an allocation failure message.
It is imperative that the VM is resized.
Which of the following actions should you take?

A. You should stop two of the VMs.

B. You should stop all three VMs.

C. You should remove the necessary VM from the availability set.

D. You should only stop one of the VMs.

A

B. You should stop all three VMs.

Let me explain why this is the correct approach and provide example commands:

PowerShell commands to stop all VMs in an availability set
# 1. Get all VMs in the availability set
$availSetVMs = Get-AzVM | Where-Object {$_.AvailabilitySetReference.Id -eq $availabilitySetId}

  1. Stop all VMs
    foreach ($vm in $availSetVMs) {
    Stop-AzVM -ResourceGroupName $vm.ResourceGroupName -Name $vm.Name -Force
    }
  2. Resize the target VM
    $vmToResize = Get-AzVM -Name “VMName” -ResourceGroupName “ResourceGroupName”
    $vmToResize.HardwareProfile.VmSize = “Standard_DS3_v2”
    Update-AzVM -VM $vmToResize -ResourceGroupName “ResourceGroupName”
  3. Restart all VMs
    foreach ($vm in $availSetVMs) {
    Start-AzVM -ResourceGroupName $vm.ResourceGroupName -Name $vm.Name
    }
    Why stopping all VMs is necessary:

Allocation Requirements:

VMs in availability sets share hardware resources
Resizing requires new hardware allocation
All VMs must be deallocated to guarantee proper placement
Azure’s Placement Rules:

Maintains high availability guarantees
Ensures VMs are distributed across fault domains
Requires complete reallocation for size changes
Why other options are incorrect:

A. Stop two VMs:

Insufficient for guaranteed reallocation
May not free enough resources
Doesn’t ensure proper fault domain distribution
C. Remove VM from availability set:

Breaks high availability design
Requires additional reconfiguration
Not a recommended practice
D. Stop one VM:

Won’t resolve allocation constraints
Insufficient for proper resource allocation
Doesn’t guarantee successful resize

31
Q

What is the likely reason for the failure of the resize operation when you try to change the VM1’s size from Standard_D4s_v3 to Standard_D2s_v3 in Azure.

Considering VM1’s properties

Number of virtual CPUs : 2

Storage type: Premium

Number of data disks: 6

Public IP address: Standard SKU

A. Number of virtual CPUs

B. Number of data disk

C. Public IP Address

D. Storage type

A

B: Number of data disks.

Here’s why:
When resizing from Standard_D4s_v3 to Standard_D2s_v3, the key limitation is the maximum number of data disks supported by each VM size. Let’s analyze the specifications: [1]
Standard_D4s_v3:
Supports up to 8 data disks
4 vCPUs
Premium Storage support
Standard_D2s_v3:
Supports up to 4 data disks
2 vCPUs
Premium Storage support
The VM currently has 6 data disks attached, but Standard_D2s_v3 only supports a maximum of 4 data disks. This mismatch is causing the resize operation to fail.

32
Q

Which PowerShell cmdlet allows you to create a template from a deployment that is in the deployment history of a resource group ?

A. Save-AzresourceGroupDeployment

B. Set-AzResourceGroup

C. Get-AzResourceGroupDeployment

A

A. Save-AzresourceGroupDeployment

33
Q

You have created the ARM template to create a virtual machine. You have stored the template in the GitHub repository. How would you deploy the ARM template using the PowerShell cmdlet?

A. New-AzResourceGroupDeployment -ResourceGroupName “RG1” -TemplateFile https://raw.githubusercontent.com/Azure/new.json

B. New-AzResourceGroupDeployment -ResourceGroupName “RG1” -TemplateUri https://raw.githubusercontent.com/Azure/new.json

A

B. New-AzResourceGroupDeployment -ResourceGroupName “RG1” -TemplateUri https://raw.githubusercontent.com/Azure/new.json

34
Q

Which Azure policy will be evaluated first ?

A. Append.

B. Deny.

C. Disabled.

D. Audit.

A

C. Disabled.

Order: disabled > append and modify > deny > audit > manual > auditIfNotExists > denyAction

35
Q

You have an Azure virtual machine named Prod-vm1 that runs windows server 2019. VM was deployed with default drive settings .

You have some files on C and D drive on the VM.

You are planning to redeploy VM. Which drive files will be lost after you redeploy prod-vm1 ?

A. C drive

B. D drive

A

Since D drive is temporary storage drive. If any VM is rebooted, it clears all the content.

36
Q

A company is planning to deploy Kubernetes cluster. Cluster has the following requirements:

You must ensure nodes get an IP address from Azure virtual network subnet, but Pods receive an IP address from a logically different address space.

What network configuration should you choose ?

A. Azure container Network Interface.

B. Kubenet

C. Network Security groups.

D. Service endpoint.

A

B: Kubenet.

Here’s why Kubenet is the correct choice:

Kubenet’s Key Characteristics:

Nodes get IP addresses from the Azure VNet subnet [1]

Pods get IP addresses from a separate, logically distinct address space

Uses a basic network plugin configuration

Creates a clear separation between node and pod IP addressing

How Kubenet Works:

Nodes receive IP addresses directly from the VNet subnet

Pods get IPs from a dedicated podCIDR range

Uses NAT for pod communication across nodes

Requires user-defined routing (UDR) for pod-to-pod communication across nodes

The other options are incorrect because:

A. Azure Container Network Interface (CNI):

Assigns IPs from the same VNet subnet to both pods and nodes

Doesn’t meet the requirement of logically different address spaces

More complex but provides better integration with Azure networking

37
Q

You plan to backup Azure virtual machine – Prod-VM01. You found that backup Pre-Check status displays a status of warning.

What is the possible cause of the warning status?

A. VM is stopped.

B. VM has unmanaged disk.

C. VM does not have the latest version of Azure VM agent (WaAPPAgent.exe) installed.

A

C. VM does not have the latest version of Azure VM agent (WaAPPAgent.exe) installed.

38
Q

Which refers to as look back window over which metric values are checked, while configuring a static threshold metric alert rule ?

A. Period

B. Timeslot

C. Loopback

D. Timeslice

A

A: Period.

Here’s why Period is the correct answer:

Period in metric alerts refers to: [1]

The time window over which metric values are aggregated and evaluated

The lookback duration used to check if the metric crosses the defined threshold

The timespan during which the metric data is monitored for alert conditions

Key characteristics of Period:

For continuous metrics (like CPU):

Aggregates data over the specified time window

Calculates average/sum/count over that period

Compares the aggregated value against the threshold

For discrete metrics (like error counts):

Sums up the values over the specified period

Compares the total against the threshold

39
Q

You have an Azure subscription that contains AKS clusters, and the autoscaling feature is enabled.

You need to configure the minimum and maximum node counts for AKS.

Which PowerShell cmdlet will you choose?

A. Update-AzAksCluster

B. Update-AzAksNodePool

C. Start-AzAksCluster

D. Set-AzAksCluster

A

D. Set-AzAksCluster

40
Q

You need to configure Azure AD authentication for an Azure Storage Account named Prod-Storage1. You need to ensure that members of an AD group – test can upload files by using Azure portal.

The Solution must use the principle of least privilege?

Which two roles should you configure for Prod-Storage1 ?

A. Contributor.

B. Storage Blob Data contributor.

C. Storage account contributor.

D. Reader.

E. Storage Blob data Reader.

A

B: Storage Blob Data Contributor.

For this scenario, you only need one role (not two) to allow members of the AD group to upload files using the Azure portal, following the principle of least privilege.

Here’s why Storage Blob Data Contributor is the correct choice:

Storage Blob Data Contributor:

Provides read, write, and delete permissions for blob storage data

Allows uploading files to blob containers

Follows least privilege by only granting necessary permissions for blob operations

Doesn’t provide unnecessary access to storage account management

D. Reader.
The Reader role is an Azure Resource Manager role that permits users to view storage account resources, but not modify them. It does not provide read permissions to data in Azure Storage, but only to account management resources. The Reader role is necessary so that users can navigate to blob containers in the Azure portal.

Az-104-practice test (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions