Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Az-104-practice test > test 7 > Flashcards

test 7 Flashcards

1
Q

A company has setup an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be launched in their Azure account. They decide to implement Role Based access policies

Does this fulfil the requirement?

Yes

No

A

No
Role based access policies can be used to restrict access to resources, but they can put any sort of governance on what type of resources to create.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company has setup an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be launched in their Azure account. They decide to implement Azure locks

Does this fulfil the requirement?

Yes

No

A

No

Azure locks are used to prevent users from accidentally deleting or modifying critical resources. They can’t be used for the said purpose as stated in the question.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A company has setup an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be launched in their Azure account. They decide to implement Azure policies

Does this fulfil the requirement?

Yes

No

A

Yes

Yes, this can be done with Azure policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A company plans to use Azure Network watcher to perform the following tasks

“Find out if a network security rule is preventing a network packet from reaching a virtual machine hosted in an Azure virtual network”

“Find out if there is outbound connectivity between an Azure virtual machine and an external host”

Which of the following network watcher feature would you use for the following requirement?

” Find out if a network security rule is preventing a network packet from reaching a virtual machine hosted in an Azure virtual network”

IP Flow Verify

Next Hop

Packet Capture

Traffic Analysis

A

IP Flow Verify

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your company currently has a Site-to-Site connection with an Azure Virtual Private network. The VPN device that is allocated on the on-premise side is going to undergo a change in its public IP address. You have to ensure the Site-to-Site VPN connection continues to work after the change.

Which of the following steps would you need to carry out after the change in the public IP address on the on-premise VPN device ensuring minimum connection downtime?Choose 3 answers from the options given below

Remove the VPN connection

Stop the VPN connection

Modify the local gateway IP address

Modify the VPN gateway address

Recreate the VPN connection

Start the VPN connection

A

Remove the VPN connection

Modify the local gateway IP address

Recreate the VPN connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A company has an application deployed across a set of virtual machines. Users connect to the application either using point-to-site VPN or site-to-site VPN connections. You need to ensure that connections to the application are spread across all of the virtual machines.

Which of the following could you set up for this requirement? Choose 2 answers from the options given below

A Public Load Balancer

An Internal Load Balancer

A Traffic Manager Profile

An Azure Content Delivery Network

An Azure Application Gateway

A

An Internal Load Balancer

An Azure Application Gateway

Since we need to distribute traffic across the virtual machines, we can use either the Load Balancer or Application Gateway service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company has setup an Azure subscription. They have setup a storage account and are currently using the BLOB service. They want to assign permissions to 3 user groups.

GroupA – This group should have the ability to manage the storage account

GroupB – This group should be able to manage containers within a storage account

GroupC – This group should be given full access to Azure Storage blob containers and data, including assigning POSIX access control

You need to assign the relevant Role Based Access Control ensuring the privilege of least access. Which of the following would you assign to GroupB?

Owner

Contributor

Storage Account Contributor

Storage Blob Data Contributor

Storage Blob Data Owner

A

Storage Blob Data Contributor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A company has setup an Azure subscription. They have setup a storage account and are currently using the BLOB service. They want to assign permissions to 3 user groups.

GroupA – This group should have the ability to manage the storage account

GroupB – This group should be able to manage containers within a storage account

GroupC – This group should be given full access to Azure Storage blob containers and data, including assigning POSIX access control

You need to assign the relevant Role Based Access Control ensuring the privilege of least access. Which of the following would you assign to GroupC?

Owner

Contributor

Storage Account Contributor

Storage Blob Data Contributor

Storage Blob Data Owner

A

Storage Blob Data Owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A company is planning on using the Azure Import/Export service to move data out of their Azure Storage account. Which of the following service could be used when defining the Azure Export job?

BLOB storage

File storage

Queue storage

Table storage

A

BLOB storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have an Azure virtual machine based on the Windows Server 2016 image. You implement Azure backup for the virtual machine. You want to restore the virtual machine by using the Replace existing option.

Which of the following needs to be done first before you go ahead and replace the virtual machine using the Azure Backup option?

Create a custom image

Stop the virtual machine

Allocate a new disk

Enable encryption on the disk

A

Stop the virtual machine

The virtual machine has to be in the Stopped or Deallocated state in order to replace the existing disks on the virtual machine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have an Azure subscription named CertGlobalstaging. Under the subscription, you go ahead and create a resource group named CertGlobals-rg.

You then go ahead and create an Azure policy based on the “Not allowed resources types” definition. Here you define the parameters as Microsoft.Network.virtualNetworks as the not allowed resource type. You assign this policy to the Tenant Root Group.

Would you be able to create a virtual machine in the CertGlobals-rg resource group?

Yes

No

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A company current has a set of Azure virtual machines. They want to ensure that their IT administrative team is alerted if any of the virtual machines are shutdown. They decide to create alerts based on Activity Logs in Azure Monitor.

Would this fulfil the requirement?

Yes

No

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A company current has a set of Azure virtual machines. They want to ensure that their IT administrative team is alerted if any of the virtual machines are shutdown. They decide to create alerts in the Azure Advisor service.

Would this fulfil the requirement?

Yes

No

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A company current has a set of Azure virtual machines. They want to ensure that their IT administrative team is alerted if any of the virtual machines are shutdown. They decide to create alerts in the Service Health service

Would this fulfil the requirement?

Yes

No

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A company has created a storage account in their Azure subscription. The name of the storage account is CertGlobalstore. They have also created a file share named demo. They need to access the files in the file share via a UNC path.

You need to fill in the following blocks to ensure the right UNC path is provided

Which of the following needs to go into Slot1?

blob

blob.core.windows.net

portal.azure.com

file

file.core.windows.net

CertGlobalstore

demo

A

CertGlobalstore

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A company has created a storage account in their Azure subscription. The name of the storage account is CertGlobalstore. They have also created a file share named demo. They need to access the files in the file share via a UNC path. You need to fill in the following blocks to ensure the right UNC path is provided

Which of the following needs to go into Slot2?

blob

blob.core.windows.net

portal.azure.com

file

file.core.windows.net

CertGlobalstore

demo

A

file.core.windows.net

To work with UNC path format, you have to mount the Azure file share with File Explorer and the UNC path format is:

\<storageAccountName>.file.core.windows.net\<fileShareName></fileShareName></storageAccountName>

17
Q

A company has created a storage account in their Azure subscription. The name of the storage account is CertGlobalstore. They have also created a file share named demo. They need to access the files in the file share via a UNC path. You need to fill in the following blocks to ensure the right UNC path is provided

Which of the following needs to go into Slot3?

blob

blob.core.windows.net

portal.azure.com

file

file.core.windows.net

CertGlobalstore

demo

A

demo

18
Q

A company has setup a Virtual Machine in Azure. A web server listening on port 80 and a DNS server has been installed on the Virtual machine. A network security group is attached to the network interface for the virtual machine. The rules for the NSG are given below Inbound Rules

If RuleB is deleted would users from the Internet be able to

Connect to the web server hosted on the virtual machine only

Connect to the DNS server hosted on the virtual machine only

Connect to both the web and DNS server hosted on the virtual machine only

Not connect to either the web or DNS server hosted on the virtual machine only

A

Not connect to either the web or DNS server hosted on the virtual machine only

19
Q

Your company has setup a storage account in Azure as shown below

The company needs to only allow connections to the storage account from an IP address range of 51.107.2.0 to 51.107.2.255. From which of the following section of the storage account would you modify to fulfil this requirement?

Firewall and virtual networks

Advanced security

Soft Delete

Lifecycle Management

A

Firewall and virtual networks

20
Q

A company needs to deploy a virtual machine using a Resource Manager template. The template needs to be submitted via Azure CLI commands. The template is stored in a file named CertGlobalvm.json. You need to complete the below CLI command

Which of the following would go into Slot2?

–template

–template-url

–template-file

–template-resource

A

–template-file

21
Q

Your company has the requirement to create an Azure storage account. The storage account needs to meet the following requirements.

Should be able to support hot, cool and archive blob tiers

Should be able to provide fault tolerance if a disaster hits the Azure region which has the storage account

Should minimize on costs

You need to complete the below command to create the storage account

Which of the following would go into Slot2?

Standard_GRS

Standard_LRS

Standard_RAGRS

Premium_LRS

A

Standard_GRS

21
Q

A team has setup Log Analytics for a virtual machine named demovm. They are running the following query in the Log Analytics Workspace

If a query is run on Monday, then the query will return events from the last

1 day

7 days

8 days

14 days

A

14 days

22
Q

Your company has the requirement to create an Azure storage account. The storage account needs to meet the following requirements.

Should be able to support hot, cool and archive blob tiers

Should be able to provide fault tolerance if a disaster hits the Azure region which has the storage account

Should minimize on costs

You need to complete the below command to create the storage account

Which of the following would go into Slot1?

FileStorage

Storage

StorageV2

Table

A

StorageV2

Since there is a requirement to support the Hot, Cool and Archive tier, then we can choose General Purpose v2. This is supported by General Purpose V2 or Blob Storage. To have complete functionality of the BLOB service, you can choose General Purpose V2

23
Q

A company has setup an Azure Virtual Machine. A team member is trying to connect to the Virtual machine but is not able to do so. Below is the snippet of the Networking section of the Virtual Machine

Which of the following needs to be done in order to ensure that the team member can connect to the Virtual Machine?

Delete the Rule “ Port_3389”

Add a rule to the Outbound port rules to allow traffic on port 3389

Delete the Rule “ DenyAllInBound”

Start the Virtual Machine

A

Start the Virtual Machine

24
Q

As an IT admin you have to develop scripts that need to be used to add data disks to an existing virtual machine. Below is the incomplete script

Which of the following would go into Slot1?

New-AzDisk

New-AzDiskConfig

Add-AzVMDataDisk

Set-AzDisk

A

New-AzDiskConfig

25
Q

As an IT admin you have to develop scripts that need to be used to add data disks to an existing virtual machine. Below is the incomplete script

Which of the following would go into Slot4?

New-AzDisk

New-AzDiskConfig

Add-AzVMDataDisk

Set-AzDisk

A

Add-AzVMDataDisk

26
Q

As an IT admin you have to develop scripts that need to be used to add data disks to an existing virtual machine. Below is the incomplete script

Which of the following would go into Slot5?

Set-AzVM

Update-AzVM

Get-AzVM

New-AzVM

A

Update-AzVM

26
Q

As an IT admin you have to develop scripts that need to be used to add data disks to an existing virtual machine. Below is the incomplete script

Which of the following would go into Slot2?

New-AzDisk

New-AzDiskConfig

Add-AzVMDataDisk

Set-AzDisk

A

New-AzDisk

27
Q

A company currently has the following networks defined in Azure

All virtual networks are hosting virtual machines with varying workloads. A virtual machine named “CertGlobal-detect” hosted in CertGlobal-vnet2. This virtual machine will have an intrusion detection software installed on it. All traffic on all virtual networks need to be routed via this virtual machine. You need to complete the required steps for implementing this requirement You are going to create the virtual network peering connection for all of the virtual networks.

Which of the following is important to set for the virtual network peering connection?

Set the virtual network deployment model as Classic

Set the virtual network access settings as Disabled

Set the forwarded traffic settings as Enabled

Enable “Allow gateway transit”

A

Set the forwarded traffic settings as Enabled

28
Q

A company currently has the following networks defined in Azure

All virtual networks are hosting virtual machines with varying workloads. A virtual machine named “CertGlobal-detect” hosted in CertGlobal-vnet2. This virtual machine will have an intrusion detection software installed on it. All traffic on all virtual networks need to be routed via this virtual machine. You need to complete the required steps for implementing this requirement

Which of the following would you need to create additional to ensure traffic is sent via the virtual machine hosting the intrusion software?

A new route table

Add an address space

Add DNS servers

Add a service endpoint

A

A new route table

29
Q

A company currently has the following networks defined in Azure

All virtual networks are hosting virtual machines with varying workloads. A virtual machine named “CertGlobal-detect” hosted in CertGlobal-vnet2. This virtual machine will have an intrusion detection software installed on it. All traffic on all virtual networks need to be routed via this virtual machine. You need to complete the required steps for implementing this requirement

Which of the following needs to be enabled on the virtual machine “CertGlobal-detect”?

Enable IP forwarding

Enable the identity for the virtual machine

Add an extension to the virtual machine

Change the size of the virtual machine

A

Enable IP forwarding

30
Q

A company has the following resources deployed to their Azure subscription

The virtual machine “CertGlobalvm” is currently in the running state.

The company now assigns the below Azure policy

The Not Allowed resources types are

Microsoft.Network/virtualNetworks

Microsoft/Compute/virtualMachines

Would an administrator be able to move the virtual machine to another resource group?

Yes

No

A

Yes

31
Q

A company has the following resources deployed to their Azure subscription

The virtual machine “CertGlobalvm” is currently in the running state.

The company now assigns the below Azure policy

The Not Allowed resources types are

Microsoft.Network/virtualNetworks

Microsoft/Compute/virtualMachines

Would the state of the virtual machine change to deallocated?

Yes

No

A

No

32
Q

A team is currently storing all of their objects in an Azure storage account. They are currently using the Azure Blob service. They want to create a lifecycle management rule that would do the following

Change the tier level of the objects to the cool tier if they have not been modified in the past 30 days Archive an object if they have not been modfiied in the past 90 days

The Lifecycle rule would be applied to a container called demo and a folder within the container called data.

You have to complete the following JSON snippet for the Lifecycle rule

Which of the following would go into Slot1?

demo

data

data/demo

demo/data

A

demo/data

33
Q

A team is currently storing all of their objects in an Azure storage account. They are currently using the Azure Blob service. They want to create a lifecycle management rule that would do the following

Change the tier level of the objects to the cool tier if they have not been modified in the past 30 days

Archive an object if they have not been modified in the past 90 days

The Lifecycle rule would be applied to a container called demo and a folder within the container called data.

You have to complete the following JSON snippet for the Lifecycle rule

Which of the following would go into Slot3?

15

30

90

120

A

90

Az-104-practice test (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions