test 7 Flashcards
A company has setup an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be launched in their Azure account. They decide to implement Role Based access policies
Does this fulfil the requirement?
Yes
No
No
Role based access policies can be used to restrict access to resources, but they can put any sort of governance on what type of resources to create.
A company has setup an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be launched in their Azure account. They decide to implement Azure locks
Does this fulfil the requirement?
Yes
No
No
Azure locks are used to prevent users from accidentally deleting or modifying critical resources. They can’t be used for the said purpose as stated in the question.
A company has setup an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be launched in their Azure account. They decide to implement Azure policies
Does this fulfil the requirement?
Yes
No
Yes
Yes, this can be done with Azure policies
A company plans to use Azure Network watcher to perform the following tasks
“Find out if a network security rule is preventing a network packet from reaching a virtual machine hosted in an Azure virtual network”
“Find out if there is outbound connectivity between an Azure virtual machine and an external host”
Which of the following network watcher feature would you use for the following requirement?
” Find out if a network security rule is preventing a network packet from reaching a virtual machine hosted in an Azure virtual network”
IP Flow Verify
Next Hop
Packet Capture
Traffic Analysis
IP Flow Verify
Your company currently has a Site-to-Site connection with an Azure Virtual Private network. The VPN device that is allocated on the on-premise side is going to undergo a change in its public IP address. You have to ensure the Site-to-Site VPN connection continues to work after the change.
Which of the following steps would you need to carry out after the change in the public IP address on the on-premise VPN device ensuring minimum connection downtime?Choose 3 answers from the options given below
Remove the VPN connection
Stop the VPN connection
Modify the local gateway IP address
Modify the VPN gateway address
Recreate the VPN connection
Start the VPN connection
Remove the VPN connection
Modify the local gateway IP address
Recreate the VPN connection
A company has an application deployed across a set of virtual machines. Users connect to the application either using point-to-site VPN or site-to-site VPN connections. You need to ensure that connections to the application are spread across all of the virtual machines.
Which of the following could you set up for this requirement? Choose 2 answers from the options given below
A Public Load Balancer
An Internal Load Balancer
A Traffic Manager Profile
An Azure Content Delivery Network
An Azure Application Gateway
An Internal Load Balancer
An Azure Application Gateway
Since we need to distribute traffic across the virtual machines, we can use either the Load Balancer or Application Gateway service.
A company has setup an Azure subscription. They have setup a storage account and are currently using the BLOB service. They want to assign permissions to 3 user groups.
GroupA – This group should have the ability to manage the storage account
GroupB – This group should be able to manage containers within a storage account
GroupC – This group should be given full access to Azure Storage blob containers and data, including assigning POSIX access control
You need to assign the relevant Role Based Access Control ensuring the privilege of least access. Which of the following would you assign to GroupB?
Owner
Contributor
Storage Account Contributor
Storage Blob Data Contributor
Storage Blob Data Owner
Storage Blob Data Contributor
A company has setup an Azure subscription. They have setup a storage account and are currently using the BLOB service. They want to assign permissions to 3 user groups.
GroupA – This group should have the ability to manage the storage account
GroupB – This group should be able to manage containers within a storage account
GroupC – This group should be given full access to Azure Storage blob containers and data, including assigning POSIX access control
You need to assign the relevant Role Based Access Control ensuring the privilege of least access. Which of the following would you assign to GroupC?
Owner
Contributor
Storage Account Contributor
Storage Blob Data Contributor
Storage Blob Data Owner
Storage Blob Data Owner
A company is planning on using the Azure Import/Export service to move data out of their Azure Storage account. Which of the following service could be used when defining the Azure Export job?
BLOB storage
File storage
Queue storage
Table storage
BLOB storage
You have an Azure virtual machine based on the Windows Server 2016 image. You implement Azure backup for the virtual machine. You want to restore the virtual machine by using the Replace existing option.
Which of the following needs to be done first before you go ahead and replace the virtual machine using the Azure Backup option?
Create a custom image
Stop the virtual machine
Allocate a new disk
Enable encryption on the disk
Stop the virtual machine
The virtual machine has to be in the Stopped or Deallocated state in order to replace the existing disks on the virtual machine.
You have an Azure subscription named CertGlobalstaging. Under the subscription, you go ahead and create a resource group named CertGlobals-rg.
You then go ahead and create an Azure policy based on the “Not allowed resources types” definition. Here you define the parameters as Microsoft.Network.virtualNetworks as the not allowed resource type. You assign this policy to the Tenant Root Group.
Would you be able to create a virtual machine in the CertGlobals-rg resource group?
Yes
No
No
A company current has a set of Azure virtual machines. They want to ensure that their IT administrative team is alerted if any of the virtual machines are shutdown. They decide to create alerts based on Activity Logs in Azure Monitor.
Would this fulfil the requirement?
Yes
No
Yes
A company current has a set of Azure virtual machines. They want to ensure that their IT administrative team is alerted if any of the virtual machines are shutdown. They decide to create alerts in the Azure Advisor service.
Would this fulfil the requirement?
Yes
No
No
A company current has a set of Azure virtual machines. They want to ensure that their IT administrative team is alerted if any of the virtual machines are shutdown. They decide to create alerts in the Service Health service
Would this fulfil the requirement?
Yes
No
No
A company has created a storage account in their Azure subscription. The name of the storage account is CertGlobalstore. They have also created a file share named demo. They need to access the files in the file share via a UNC path.
You need to fill in the following blocks to ensure the right UNC path is provided
Which of the following needs to go into Slot1?
blob
blob.core.windows.net
portal.azure.com
file
file.core.windows.net
CertGlobalstore
demo
CertGlobalstore
A company has created a storage account in their Azure subscription. The name of the storage account is CertGlobalstore. They have also created a file share named demo. They need to access the files in the file share via a UNC path. You need to fill in the following blocks to ensure the right UNC path is provided
Which of the following needs to go into Slot2?
blob
blob.core.windows.net
portal.azure.com
file
file.core.windows.net
CertGlobalstore
demo
file.core.windows.net
To work with UNC path format, you have to mount the Azure file share with File Explorer and the UNC path format is:
\<storageAccountName>.file.core.windows.net\<fileShareName></fileShareName></storageAccountName>
A company has created a storage account in their Azure subscription. The name of the storage account is CertGlobalstore. They have also created a file share named demo. They need to access the files in the file share via a UNC path. You need to fill in the following blocks to ensure the right UNC path is provided
Which of the following needs to go into Slot3?
blob
blob.core.windows.net
portal.azure.com
file
file.core.windows.net
CertGlobalstore
demo
demo
A company has setup a Virtual Machine in Azure. A web server listening on port 80 and a DNS server has been installed on the Virtual machine. A network security group is attached to the network interface for the virtual machine. The rules for the NSG are given below Inbound Rules
If RuleB is deleted would users from the Internet be able to
Connect to the web server hosted on the virtual machine only
Connect to the DNS server hosted on the virtual machine only
Connect to both the web and DNS server hosted on the virtual machine only
Not connect to either the web or DNS server hosted on the virtual machine only
Not connect to either the web or DNS server hosted on the virtual machine only
Your company has setup a storage account in Azure as shown below
The company needs to only allow connections to the storage account from an IP address range of 51.107.2.0 to 51.107.2.255. From which of the following section of the storage account would you modify to fulfil this requirement?
Firewall and virtual networks
Advanced security
Soft Delete
Lifecycle Management
Firewall and virtual networks
A company needs to deploy a virtual machine using a Resource Manager template. The template needs to be submitted via Azure CLI commands. The template is stored in a file named CertGlobalvm.json. You need to complete the below CLI command
Which of the following would go into Slot2?
–template
–template-url
–template-file
–template-resource
–template-file
Your company has the requirement to create an Azure storage account. The storage account needs to meet the following requirements.
Should be able to support hot, cool and archive blob tiers
Should be able to provide fault tolerance if a disaster hits the Azure region which has the storage account
Should minimize on costs
You need to complete the below command to create the storage account
Which of the following would go into Slot2?
Standard_GRS
Standard_LRS
Standard_RAGRS
Premium_LRS
Understanding Azure Storage Replication
Locally Redundant Storage (LRS): Replicates your data three times within a single data center. Provides basic protection against hardware failures but is not fault tolerant to a region failure.
Geo-Redundant Storage (GRS): Replicates your data three times within the primary region and also three times in a secondary region that is hundreds of miles away. Provides protection against regional outages.
Read-Access Geo-Redundant Storage (RA-GRS): Same as GRS, but also provides read-only access to the secondary region, which can be used for reading data during a failure of the primary region.
Premium performance tier: This tier is not available for GRS or RA-GRS storage accounts.
Analyzing the Requirements
Support for Hot, Cool, and Archive Blob Tiers: Both standard and premium storage accounts can support all three tiers. This option does not limit the possible answers.
Fault Tolerance for Region Disasters: Only GRS and RA-GRS provide protection in the event of a regional outage.
Minimize Costs: LRS is the cheapest option. RA-GRS is more expensive than GRS. Standard GRS is a low cost option, and premium performance tier cannot be used in conjunction with any of the geo-redundancy options.
Determining the Correct Replication Setting
Based on the requirements:
LRS is the cheapest, but does not meet the fault tolerance requirement.
RA-GRS provides protection and read access, but at a higher cost.
GRS provides protection for a region outage at a lower cost than RA-GRS.
Premium performance tier storage cannot be configured with GRS and RA-GRS storage.
The option that provides the required fault tolerance while minimizing costs is Standard GRS.
Answer:
Standard_GRS
A team has setup Log Analytics for a virtual machine named demovm. They are running the following query in the Log Analytics Workspace
If a query is run on Monday, then the query will return events from the last
1 day
7 days
8 days
14 days
which option is correct? why correct? which important note for azure 104 exam?
Understanding Log Analytics Queries and Time Ranges
Log Analytics Workspace: A service in Azure for collecting and analyzing log data.
Kusto Query Language (KQL): The query language used in Log Analytics.
union isfuzzy=true *: this will get data from any type of table.
where TimeGenerated > ago(7d): The key part of this query is the ago(7d) function.
ago(time) Function: This function specifies a time range relative to the current time when the query is executed. For example, ago(1d) means “one day ago” from the time the query runs. The date is based on the current date, and the date will be relative to the current date.
Analyzing the Query:
The query is:
union isfuzzy=true *
| where TimeGenerated > ago(7d)
Use code with caution.
Kusto
union isfuzzy=true *: This combines data from all tables in the workspace.
| where TimeGenerated > ago(7d): This filters the results to include only events where the TimeGenerated timestamp is greater than 7 days ago, from the current time.
Determining the Time Range
The ago(7d) function will return all results that are within the past 7 days. This means that when run on a monday, it will return the last 7 days, and will not include the current day, as the > operator does not include the current date.
Monday: The query is executed on a Monday.
Time Range: ago(7d) means “7 days ago”.
Therefore:
When the query is executed on Monday, it will return all the events that have been generated from the last 7 days from the date of execution.
Important Note for AZ-104 Exam
For the AZ-104 exam, be sure to:
Understand ago(): Know how the ago() function works in KQL for defining relative time ranges.
Time Units: Be familiar with how to use units like d (days), h (hours), and m (minutes) with ago().
Pay Attention to Operators: Note that the > operator excludes the date on which the query is being run, while >= would include the date on which the query is being run.
Know the default time range: It is important to remember that if a time range is not explicitly defined, that Log Analytics will only return data from the last 24 hours by default.
Answer:
The query will return events from the last 7 days.
where TimeGenerated > ago(1d) // Last 1 day
Your company has the requirement to create an Azure storage account. The storage account needs to meet the following requirements.
Should be able to support hot, cool and archive blob tiers
Should be able to provide fault tolerance if a disaster hits the Azure region which has the storage account
Should minimize on costs
You need to complete the below command to create the storage account
Which of the following would go into Slot1?
FileStorage
Storage
StorageV2
Table
StorageV2
Since there is a requirement to support the Hot, Cool and Archive tier, then we can choose General Purpose v2. This is supported by General Purpose V2 or Blob Storage. To have complete functionality of the BLOB service, you can choose General Purpose V2
A company has setup an Azure Virtual Machine. A team member is trying to connect to the Virtual machine but is not able to do so. Below is the snippet of the Networking section of the Virtual Machine
Which of the following needs to be done in order to ensure that the team member can connect to the Virtual Machine?
Delete the Rule “ Port_3389”
Add a rule to the Outbound port rules to allow traffic on port 3389
Delete the Rule “ DenyAllInBound”
Start the Virtual Machine
Start the Virtual Machine