az-104 dumps topic 4, 1-106 Flashcards

Question

You deploy an Azure Kubernetes Service (AKS) cluster named Cluster1 that uses the IP addresses shown in the following table. IP address Assigned to 131.107.2.1 Load balancer front end 192.168.10.2 Kubernetes DNS service 172.17.7.1 Docket bridge address 10.0.10.11 Kubernetes cluster node You need to provide internet users with access to the applications that run in Cluster1. Which IP address should you include in the DNS record for Cluster1? A. 131.107.2.1 B. 10.0.10.11 C. 172.17.7.1 D. 192.168.10.2

Answer 1

A. 131.107.2.1 To be able to access applications on kubernetes , you need a application Load Balancer created by Azure which have public ip.

Answer 2

B. one App Service plan Creating one App Service Plan, you can support up to 10 Web Apps. Adding any of the other resources are pointless and not noted as a requirement. Reference: https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans No, ref https://learn.microsoft.com/en-us/azure/app-service/manage-scale-up you should search for scale instance, + Free - N/A + Basic - 3 ins + Standard - 10 ins + Premium - 30 ins Free: up 10 Shared: up 100

Answer 3

Internet users [answer choice]: - can connect to the container from any device If Internet Information Services (IIS) in the container fail, [answer choice]: - the container will restart automatically No Access restrictions are specified. The "restartPolicy" is set as "OnFailure".

Answer 4

C. Change the size to D8s v3 While resizing, the VM must be in a stopped state, therefore there will be a downtime. Reference: https://azure.microsoft.com/en-us/blog/resize-virtual-machines Scaling up VM cause a downtime Nowadays you don't need to stop the vm prior to resizing, even if the vm is running, you may resize, but it will restart the vm causing downtime anyway. Also another advantage of stopping vm prior to resizing is that it gives more choices to choose from in the vm list.

Answer 5

D. Deploy the App1 update to webapp1-test, and then test the update A. Swap the slots 1.Deploy the App to “webapp1-test” which is staging environment and test it there. 2.Once the test is success swap the slots, so the new changes will be available under production.

Answer 6

D. Create an Azure Storage account. E. Register the Microsoft.Insights resource provider. F. Enable Azure Network Watcher flow logs. When you create or update a virtual network in your subscription, Network Watcher will be enabled automatically in your Virtual Network's region. There is no impact to your resources or associated charge for automatically enabling Network Watcher. https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal Create a VM with a network security group Enable Network Watcher (done by default with the vnet/subnet creation) -- and register the Microsoft.Insights provider ---------todo Enable a traffic flow log for an NSG, using Network Watcher's NSG flow log capability --todo BUT ! NSG flow log data is written to an Azure Storage account. Complete the following steps to create a storage account for the log data. So you need to create a storage account before enable the NSG flow Download logged data View logged data

Answer 7

D. Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode. the main idea is to create 5 VMs asap. To do this you should let Azure do it for you with the least steps. either by using ARM template which is not mentioned here or VM scale set. That leaves us with 2 options C or D. C is like unmanaged Scale set where you add the VMs manually to the scale set as a unmanaged group. while D is managed scale set by Azure where it is based on configuration set during the setup of the VM Scale set ScaleSetVM orchestration mode: Virtual machine instances added to the scale set are based on the scale set configuration model. The virtual machine instance lifecycle - creation, update, deletion - is managed by the scale set. It the current default VMSS behavior. (Scale set VMs are created in a single shot). VM (virtual machines) orchestration mode: Virtual machines created outside of the scale set can be explicitly added to the scale set. The orchestration mode VM will only create an empty VMSS without any instances, and you will have to manually add new VMs into it by specifying the VMSS ID during the creation of the VM. (Separately VMs are created and added to scale set later) Reference: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/orchestration-modes

Answer 8

B. 2 .NET Core 3.0: Windows and Linux ASP .NET V4.7: Windows only PHP 7.3: Windows and Linux Ruby 2.6: Linux only Also, you can’t use Windows and Linux Apps in the same App Service Plan, because when you create a new App Service plan you have to choose the OS type. You can't mix Windows and Linux apps in the same App Service plan. So, you need 2 ASPs. Reference: https://docs.microsoft.com/en-us/azure/app-service/overview

Answer 9

When the maximum amount in Budget1 is reached. [answer choice]: - VM1 and VM2 continue to run Based on the current usage costs of the virtual machines, [answer choice]: - one email notification will be sent each month The Budget’s scope is RG1, so only VM1 will be handled. When the budget thresholds you've created are exceeded, only notifications are triggered. To stop resources, you need to setup additional things, none of which are mentioned in the question. Budget alerts have scope in Resource Group RG1, which includes VM1, but not VM2. VM1 consumes 20 Euro/day, so 20 euros * 30 days = 600 euros. The 50%, 500 Euro limit, will be reached in 25 days (25*20 = 500), so an email will be sent. The 70% and 100% alert conditions will not be reached within a month, and they don't trigger email actions anyway, because AG1 action group contains a user. Credit alerts: Credit alerts are generated automatically at 90% and at 100% of your Azure credit balance. Whenever an alert is generated, it's reflected in cost alerts and in the email sent to the account owners. 90% and 100% will not be reached though. Reference: https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/cost-mgt-alerts-monitor-usage-spending https://docs.microsoft.com/en-gb/azure/cost-management-billing/costs/tutorial-acm-create-budgets

Answer 10

From the RG1 blade, click Deployments. You see a history of deployment for the resource group. Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-rst-template?tabs=azure-powershell

Answer 11

B. No Instead, you should delete VM1. Then recreate VM1 and add the network interface for VM1. To migrate a VM from a VNET to another VNET the only option is to delete the VM and redeploy it using a new NIC and NIC connected to VNET2. Note: When you create an Azure Virtual Machine (VM), you must create a Virtual Network (VNet) or use an existing VNet. You can change the subnet a VM is connected to after it's created, but you cannot change the VNet. You can also change the size of a VM. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/network-overview

Answer 12

C. User1 and User2 only Users may join devices to Azure AD - This setting enables you to select the users who can register their devices as Azure AD joined devices. The default is All. Additional local administrators on Azure AD joined devices - You can select the users that are granted local administrator rights on a device. Users added here are added to the Device Administrators role in Azure AD. Global administrators, here User2, in Azure AD and device owners are granted local administrator rights by default. Reference: https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal First the only user who can join Azure AD devices is User 1 . since User1 is admin on machine. So, the machine can be added. Second, the ones that can be local admins on Windows 10 are managed under "Additional local administrators" , since this is not mentioned, so we can assume default. By default, the ones are global administrator and device owners (device administrators). This lead us to User1 and User2 only When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principals to the local administrators group on the device: The Azure AD global administrator role The Azure AD joined device local administrator role The user performing the Azure AD join

Answer 13

App1 can be moved to RG2 - No RG2 is read only. ReadOnly means authorized users can read a resource, but they cannot delete or update the resource App1 can be moved to RG3 - Yes App1 can be moved to RG4 - Yes A read-only lock on a resource group prevents you from moving existing resources in or out of the resource group. https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json#considerations-before-applying-your-locks Note: App Service resources are region-specic and cannot be moved directly across regions. You can move the App Service resource by creating a copy of your existing App Service resource in the target region, then move your content over to the new app. You can then delete the source app and App Service plan. To make copying your app easier, you can clone an individual App Service app into an App Service plan in another region. Reference: https://docs.microsoft.com/en-us/azure/app-service/manage-move-across-regions https://docs.microsoft.com/en-us/azure/azure-resourcemanager/management/move-limitations/app-service-move-limitations

Answer 14

Tags assigned to RG1: - "tag1": "value1" only Tags assigned to storage1: - "tag2": "value2" and "tag3": "value3" only RG1 already exists so does not receive tag2. According to the documentation: "Add a tag to resources" Adds the specified tag and value when any resource missing this tag is created or updated. Existing resources can be remediated by triggering a remediation task. If the tag exists with a different value it will not be changed. Does not modify tags on resource groups. Tags applied to the resource group are not inherited by the resources in that resource group. Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

Answer 15

The number of email messages that Alert1 will send in an hour is: 60 One alert per minute will trigger one email per minute. The number of SMS messages that Alert2 will send in an hour is: 12 -If it’s a typo and it means Alert1, then Answer = 12 (60/5 = 12) -If it is actually Alert2 then Answer = 0 No more than 1 SMS every 5 minutes can be send, which equals 12 per hour (60/5 = 12). Note: Rate limiting is a suspension of notifications that occurs when too many are sent to a particular phone number, email address or device. Rate limiting ensures that alerts are manageable and actionable. The rate limit thresholds are: ✑ SMS: No more than 1 SMS every 5 minutes. ✑ Voice: No more than 1 Voice call every 5 minutes. ✑ Email: No more than 100 emails in an hour. ✑ Other actions are not rate limited. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-rate-limiting

Answer 16

D. VM1, VM3, VMA, and VMC only To create a Recovery Services Vault to protect Virtual Machines, the vault must be in the same Region as the Virtual Machines. If you have Virtual Machines in several Regions, create a Recovery Services Vault in each Region. It works with any resource group or any Operating System. Reference: https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-vms-prepare

Answer 17

B. the az aks command D. the Azure portal We need to configure autoscaler for the AKS cluster. We do not want to scale Kubernetes pods, so kubectl command is not needed. A: kubectl command is used for configuring Kubernetes and not AKS cluster. B: The az aks command is used for the AKS cluster configuration. C: Set-AzVm cmdlet is used for VMs. D: Azure portal, under node pools, press scale, then choose auto scale. E: Set-AzAks, creates or updates an AKS cluster, the correct cmdlet is Set-AzAksCluster. AKS clusters can scale in one of two ways: - The cluster autoscaler watches for pods that can't be scheduled on nodes because of resource constraints. The cluster then automatically increases the number of nodes. - The horizontal pod autoscaler uses the Metrics Server in a Kubernetes cluster to monitor the resource demand of pods. If an application needs more resources, the number of pods is automatically increased to meet the demand. Reference: https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler

Answer 18

A. Run the docker push command. or ???? C. Run the az acr build command.

Answer 19

A. Proximity2 only Placement Groups is a capability to achieve co-location of your Azure Infrastructure as a Service (IaaS) resources and low network latency among them, for improved application performance. Azure proximity placement groups represent a new logical grouping capability for your Azure Virtual Machines, which in turn is used as a deployment constraint when selecting where to place your virtual machines. In fact, when you assign your virtual machines to a proximity placement group, the virtual machines are placed in the same data center, resulting in lower and deterministic latency for your applications. The VMSS should share the same region, even it should be the same zone as proximity groups are located in the same data center. Accordingly, it should be proximity 2 only. Reference: https://azure.microsoft.com/en-us/blog/introducing-proximity-placement-groups

Answer 20

B - No From the RG1 blade, click Deployments. You see a history of deployment for the resource group. Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-first-template?tabs=azure-powershell

Answer 21

B. No From the RG1 blade, click Deployments. You see a history of deployment for the resource group. Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-rst-template?tabs=azure-powershell

Answer 22

A. Yes From the RG1 blade, click Deployments. You see a history of deployment for the resource group. Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-rst-template?tabs=azure-powershell

Answer 23

B. Linux Diagnostic Extension (LAD) 3.0 The Linux diagnostic extension helps a user monitor the health of a Linux VM running on Microsoft Azure. It has the following collection and capabilities: - Metrics - Syslog - Files A: Azure HDInsight is a managed, full-spectrum, open-source analytics service in the cloud for enterprises. You can use open-source frameworks such as Hadoop, Apache Spark, Apache Hive, LLAP, Apache Kafka, Apache Storm, R, and more. C: Azure Performance Diagnostics VM Extension is used for Windows VM only. D: Azure Analysis Services is a fully managed platform as a service (PaaS) that provides enterprise-grade data models in the cloud.

Answer 24

Internet users [answer choice]: - can connect to only the web server on VM1 Rule2 blocks ports 50-60, which includes port 53, the DNS port. Internet users can reach to the Web server, since it uses port 80. If you delete Rule2, Internet users [answer choice]: - can connect to the web server and the DNS server on VM1. If Rule2 is removed internet users can reach the DNS server as well. Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Answer 25

C. each virtual machine in a separate Availability Zone if you want Datacenter level high availability - vms should be deployed in different zones. Simply adding that an availability zone can have only one datacenter. Availability set - Within data centre - configure update domains and fault domains Availability zone - Within region (usually three data centres per region) Use availability zones to protect from datacenter level failures. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability https://docs.microsoft.com/en-us/azure/virtualmachines/windows/tutorial-availability-sets

Answer 26

D. resource group I tried the only ones that need to be updated manually are resource group and password. Manual steps: log in, deploy VM1. Accept all defaults. Go to resource > template > save to library. View library > deploy template, It pre-populates the subscription but you have to set an RG. VM Name can be customized, admin user/pass are pulled from template. Administrator username: You can specify a new administrator username during deployment. Virtual machine size: You can select the VM size (e.g., Standard_D2s_v3) during deployment. Resource group: You can choose the resource group where the new VM will be deployed. Azure resource manager library is no longer available, It will be deprecated in March 2025 Instead we can use TemplateSpecs to store the template Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/ps-template

Answer 27

B. Modify the VM size property of VM1. Here we need to modify the size of the VM to increase the number of vCPU's assigned to the VM. This can be included as a task in the runbook. The VM size property can be modified by a runbook that is triggered by metrics, but you can schedule it monthly. C: Scheduled vertical scaling could be a solution, but then you don't need a scheduled runbook and it states that it does not support multiple active instances. Scale Set is not a n option. E: DSC is only useful to keep the resources on a VM (OS, File shares, etc.) in a consistent state, not to change VM properties. Reference: https://www.apress.com/us/blog/all-blog-posts/scale-up-azure-vms/15823864#:~:text=If%20you%20select%20the%20option,to%20the%20next%20larger%20size

Answer 28

Containers will be assigned an IP address in the [answer choice] subnet: 10.244.0.0/16 Services in the AKS cluster will be assigned an IP address in the [answer choice] subnet: 10.0.0.0/16 Box 1: 10.244.0.0/16 - The Pod CIDR. Note: The --pod-cidr should be a large address space that isn't in use elsewhere in your network environment. This range includes any onpremises network ranges if you connect, or plan to connect, your Azure virtual networks using Express Route or a Site-to-Site VPN connection. This address range must be large enough to accommodate the number of nodes that you expect to scale up to. You can't change this address range once the cluster is deployed if you need more addresses for additional nodes. Box 2: 10.0.0.0/16 - The --service-cidr is used to assign internal services in the AKS cluster an IP address. Reference: https://docs.microsoft.com/en-us/azure/aks/congure-kubenet

Answer 29

If after deployment CPU usage is 70 percent for one hour and then reaches 90 percent for five minutes, at that time the total number of instances will be [answer choice]: 5 The maximum 5 will kept as the CPU Usage >= 30. If after deployment the CPU maintains constant usage of 90 percent for one hour, and then the average CPU usage is below 25 percent for nine minutes, at that point the number of instances will be [answer choice]: 3 As soon as the average CPU usage drops below 30%, the count will decrease by 1. After the 5 minute cool-down it will decrease by another 1, reaching 3. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-autoscale-performance-schedule

Answer 30

C. the new files on drive D For Windows Server, the temporary disk is mounted as “D:\”. For Linux based VM’s the temporary disk is mounted as “/dev/sdb1”. Reference: https://www.cloudelicious.net/azure-vms-and-their-temporary-storage

Answer 31

C. the hard drive The Virtual hard disk is VHDx, it should be formated to VHD before migration from on-premises to Azure. Azure supports only generation 1 VMs that are in the VHD file format and have a fixed sized disk. The maximum size allowed for the VHD is 1,023 GB. You can convert a generation 1 VM from the VHDX file system to VHD and from a dynamically expanding disk to fixed-sized. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image

Answer 32

When an administrator changes the virtual machine size, the size will be changed on up to [answer choice] virtual machines simultaneously: 4 If you resize the Scale Set all the VMs get resized at once, thus 4 is the correct answer. When a new build of the Windows Server 2016 image is released, the new build will be deployed to up to [answer choice] virtual machines simultaneously: 1 Automatic OS updates update 20% of the VMs at once, with a minimum of 1 VM instance at a time. Also 20% of 4 = 0.8. Reference: https://docs.microsoft.com/en-us/learn/modules/build-app-with-scale-sets/2-features-benefits-virtual-machine-scale-sets https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-upgrade-scale-set The Get-AzVmssVM cmdlet gets the model view and instance view of a Virtual Machine Scale Set (VMSS) virtual machine. Box 1: 0 - The enableAutomaticUpdates parameter is set to false. To update existing VMs, you must do a manual upgrade of each existing VM. Box 2: 4 - Enabling automatic OS image upgrades on your scale set helps ease update management by safely and automatically upgrading the OS disk for all instances in the scale set. Reference: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-upgrade-scale-set https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade

Answer 33

B RG1. the only way to see both together storage and VM Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template

Answer 34

B. Swap the slots When you swap deployment slots, Azure swaps the Virtual IP addresses of the source and destination slots, thereby swapping the URLs of the slots. We can easily revert the deployment by swapping back. Reference: https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots

Answer 35

You can perform a file recovery of VM1 to: - VM1 or a new Azure virtual machine only (mlantonis says different but I dont care) You can restore VM1 to: - VM1 or a new Azure virtual machine only For restoring a VM, you can choose 'Create new' or 'Replace existing'. Reference: https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/backup/backup-azure-restore-files-from-vm.md#for-windows-os

Answer 36

B. VM1 does not have the latest version of the Azure VM Agent (WaAppAgent.exe) installed The Warning state indicates one or more issues in VM's conguration that might lead to backup failures and provides recommended steps to ensure successful backups. Not having the latest VM Agent installed, for example, can cause backups to fail intermittently and falls in this class of issues. Reference: https://azure.microsoft.com/en-us/blog/azure-vm-backup-pre-checks/

Answer 37

B. No You would need to redeploy the VM. Changing Subscription won't affect the downtime, it will just you change the billing. You would need to redeploy the VM. After you redeploy a VM, the temporary disk is lost, and dynamic IP addresses associated with virtual network interface are updated. From Overview there is no option to move the VM to another hardware to skip the maintenance. Ideally you need an Availability Set and defining the Update Domains. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

Answer 38

platformFaultDomainCount: 2 or 3, depending on which region you are in. 3 (since its in East US) platformUpdateDomainCount: 20 Use 20 for platformUpdateDomainCount Increasing the update domain (platformUpdateDomainCount) helps with capacity and availability planning when the platform reboots nodes. A higher number for the pool (20 is max) means that fewer of their nodes in any given availability set would be rebooted at once. Reference: https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domains-managed-disks https://github.com/Azure/acs-engine/issues/1030

Answer 39

A. Yes References: https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-response https://docs.microsoft.com/en-us/azure/azuremonitor/platform/agents-overview

Answer 40

At 9:00 AM, the scale set starts and CPU utilization is 90 percent for 15 minutes. How many virtual machine instances will be running at 9:15 AM? : 3 At 10:00 AM, the scale set has five virtual machine instances running and CPU utilization falls to less than 15 percent for 60 minutes. How many virtual machine instances will be running at 11:00 AM? : 1 Reference: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-autoscale-portal

Answer 41

A. West US, Central US, or East US Reference: https://docs.microsoft.com/en-us/azure/app-service/app-service-plan-manage

Answer 42

1. New-AzResourceGroupDeployment 2. -ResourceGroupName RG1' 1. This cmdlet allows you to use a custom ARM template file to deploy resources to a resource group. For example: New-AzResourceGroup -Name $resourceGroupName -Location "$location" New-AzResourceGroupDeployment ` -ResourceGroupName $resourceGroupName ` -TemplateUri "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.compute/vm-simple-windows/azuredeploy.json" ` -adminUsername $adminUsername ` -adminPassword $adminPassword ` -dnsLabelPrefix $dnsLabelPrefix 2: It’s one of parameters of New-AzResourceGroupDeployment to specify to which resource group you want to deploy resources. You could use New-AzVm to create a VM, but it doesn’t use a template. You would need to provide all parameters in the command line. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/ps-template https://docs.microsoft.com/en-us/powershell/module/az.compute/new-azvm?view=azps-7.0.0

Answer 43

B. No To deploy a YAML file, the command is: To manage a Kubernetes cluster, use the Kubernetes command-line client, kubectl, then run "kubectl apply -f azure-vote.yaml" Reference: https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough

Answer 44

B. No You must install the Microsoft Monitoring Agent on VM1, and not the Microsoft Monitoring Agent VM extension. Instead: You create an Azure Log Analytics workspace and configure the data settings. You install the Microsoft Monitoring Agent on VM1. You create an alert in Azure Monitor and specify the Log Analytics workspace as the source. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview

Answer 45

A. Yes Alerts in Azure Monitor can identify important information in your Log Analytics repository. They are created by alert rules that automatically run log searches at regular intervals, and if results of the log search match particular criteria, then an alert record is created and it can be congured to perform an automated response. The Log Analytics agent collects monitoring data from the guest operating system and workloads of virtual machines in Azure, other cloud providers, and on- premises. It collects data into a Log Analytics workspace. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-response https://docs.microsoft.com/en-us/azure/azuremonitor/platform/agents-overview

Answer 46

B. From VM2, install the Microsoft Azure Recovery Services Agent. Microsoft Azure Recovery Services Agent also known as MARS or Azure Backup Agent can be used to restore data for entire volume or just individual folders and files. reference: https://learn.microsoft.com/en-us/azure/backup/restore-all-files-volume-mars

Answer 47

- "copy" : [ - "[copyIndex https://docs.microsoft.com/nl-nl/azure/azure-resource-manager/templates/copy-properties

Answer 48

A. Yes Multiple NICs allow a VM to connect to different subnets. VM must have at least one NIC. A virtual machine can have more than one NIC, depending on the size of the VM you create. Each NIC attached to a VM must exist in the same location and subscription as the VM. Each NIC must be connected to a VNet that exists in the same Azure location and subscription as the NIC. Reference: https://learn.microsoft.com/en-us/azure/virtual-network/network-overview

Answer 49

B. No The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a region. Multiple NICs allow a VM to connect to different subnets. VM must have at least one NIC. A virtual machine can have more than one NIC, depending on the size of the VM you create. Each NIC attached to a VM must exist in the same location and subscription as the VM. Each NIC must be connected to a VNet that exists in the same Azure location and subscription as the NIC. Reference: https://learn.microsoft.com/en-us/azure/virtual-network/network-overview https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface

Answer 50

A. Yes The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, here West US, also referred to as a region. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface

Answer 51

D. New-AzDeployment The New-AzDeployment cmdlet adds a deployment at the current subscription scope. This includes the resources that the deployment requires. Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-powershell https://learn.microsoft.com/en-us/powershell/module/az.resources/new-azdeployment?view=azps-8.3.0

Answer 52

First create: - An Azure Storage account App Service can back up the following information to an Azure storage account and container that you have configured your app to use: App configuration, File content, Database connected to your app. To exclude Folder2, use: - A _backup.filter file Exclude files from your backup. Note: Choose your backup destination by selecting a Storage Account and Container. The storage account must belong to the same subscription as the app you want to back up. If you wish, you can create a new storage account or a new container in the respective pages. You need a Recovery service vault if you want to backup VMs, File Shares, SAP HANA in a VM or SQL Server in a VM. You need a Backup vault if you want to backup Azure Disks, Azure Blobs or Azure Database for PostgreSQL Server. The question asks about an App Service, this one backs up to a storage account. Suppose you have an app that contains log files and static images that have been backup once and are not going to change. In such cases, you can exclude those folders and files from being stored in your future backups. To exclude files and folders from your backups, create a _backup.filter file in the D:\home\site \wwwroot folder of your app. Specify the list of files and folders you want to exclude in this file. Reference: https://docs.microsoft.com/en-us/azure/app-service/manage-backup

Answer 53

C. Azure Custom Script Extension Note: There are several versions of this question in the exam. The question has two correct answers: 1. a Desired State Configuration (DSC) extension 2. Azure Custom Script Extension The question can have other incorrect answer options, including the following: ✑ the Publish-AzVMDscConfiguration cmdlet ✑ Azure Application Insights Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template https://docs.microsoft.com/en-us/samples/mspnp/samples/azure-well-architected-framework-sample-state-configuration https://docs.microsoft.com/en-us/azure/architecture/framework/devops/automation-configuration

Answer 54

type: - microsoft.compute/virtualmachines/extensions The following JSON example uses the Microsoft.Compute/virtualMachines/extensions resource type to install the Active Directory domain join extension. Parameters are used that you specify at deployment time. When the extension is deployed, the VM is joined to the specified managed domain. ... : - "ProtectedSettings" : { https://docs.microsoft.com/en-us/azure/active-directory-domain-services/join-windows-vm-template#azure-resource-manager-template-overview https://docs.microsoft.com/en-us/azure/active-directory-domain-services/join-windows-vm-template

Answer 55

B. Deallocate VM1. When you need to scale up a virtual machine (VM1) to a new size, and the intended size is unavailable, the most likely reason is that the size is not available on the current hardware cluster where the VM is hosted. To make the new size available, you must move the VM to a different cluster, which requires deallocating the VM.

Answer 56

To ensure that you can create Windows containers in AKS1, you must [answer choice]: modify the Network configuration setting To ensure that you can integrate AKS1 with an Azure container registry, you must modify the [answer choice] setting: AKS-managed Azure Active Directory

Answer 57

az aks nodepool [1 add] -n pool1 -g RG1 --cluster-name cluster1 [2 --max-surge 2]

Answer 58

The commands will create four new resources. - Yes Y: The 4 resources created are the RG1 resource group + the 3 storage accounts The commands will create storage accounts in the West US Azure region. - No The first storage account that is created will have a prefix of 0. - Yes

Answer 59

params.json [1...] RG1 -Mode [2...] 1. -ResourceGroupName 2. Complete -Mode Specifies the deployment mode. The acceptable values for this parameter are: Complete: In complete mode, Resource Manager deletes resources that exist in the resource group but are not specified in the template. Incremental: In incremental mode, Resource Manager leaves unchanged resources that exist in the resource group but are not specified in the template. https://learn.microsoft.com/en-us/powershell/module/az.resources/new-azresourcegroupdeployment?view=azps-9.2.0 There is no such mode called "All"

Answer 60

After CPU usage has reached 80 percent for 15 minutes, [answer choice] will be running: 2 instances Once the first scale-out instance is created, the minimum time before an additional instance is created will be [answer choice]: 15 minutes Initial instance is 1 as specified in first figure. 80% for 15 minutes reaches 10 minutes duration, but haven't reached second turn of scale out, so only one new instance is created. Since cool down time is 5 minutes, which means after one scale happens, it will count 5 minutes before counting a new 10 minutes, so 15 minutes total.

Answer 61

D. Instance3 and Instance4 only Read the question carefully. The instances you are about to deploy will be deployed "in a Container Group", making it a multi-instance container group. As per the article referred below, its only available for Linux Containers for now: https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-groups Multi-container groups currently support only Linux containers. For Windows containers, Azure Container Instances only supports deployment of a single container instance.

Answer 62

B. IP1 and IP2 only IPv4 + standard + static https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses#at-a-glance Azure Firewall - Dynamic IPv4: No - Static IPv4: Yes - Dynamic IPv6: No - Static IPv6: No https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/configure-public-ip-firewall Azure Firewall is a cloud-based network security service that protects your Azure Virtual Network resources. Azure Firewall requires at least one public static IP address to be configured. This IP or set of IPs are used as the external connection point to the firewall. Azure Firewall supports standard SKU public IP addresses. Basic SKU public IP address and public IP prefixes aren't supported.

Answer 63

"dependsOn": [ [ ... ('networdInterfaces', 'vm1') - resourceId "storageProfile" : { - ImageReference

Answer 64

Pricing plan: Standard Record type: TXT

Answer 65

The operating system disk of VM1 can be used as a source for a version of Image1. - No The operating system disk of VM2 can be used as a source for a version of Image1. - Yes The operating system disk of VM3 can be used as a source for a version of Image1. - Yes image definition needs V1 generation, but vCPU and memory are only recommendations. Text from Azure Portal while creating image definition: "These recommendations are informational only, and do not constrain VM specification"

Answer 66

B. 2 https://learn.microsoft.com/en-us/azure/app-service/overview Can run only on Windows: .NET, ASP.NET Can run only on Linux: Python Can run on either Windows/Linux: PHP From Azure documentation: ASP.NET Core (on Windows or Linux) ASP.NET (on Windows) PHP (on Windows or Linux) Ruby (on Linux) Node.js (on Windows or Linux) Java (on Windows or Linux) Python (on Linux) HTML Custom container (Windows or Linux)

Answer 67

The template creates a resource group named RGO in the East US Azure region. - Yes. RG0 will be created with location from template file. For subscription level deployments, you must provide a location for the deployment. The location of the deployment is separate from the location of the resources you deploy. The deployment location specifies where to store deployment data. The template creates four new resource groups. - No. Only RG0 and RG3 will be created, RG1 and RG2 already exist and can't be created. The template creates a resource group named RG3 in the West US Azure region. - No. RG3 will be created in east region.

Answer 68

D. 5 Start at 2 instances, after 15 min, > 70%, then +1 instance Cooling 5 mins, still >70%, then +1 instance Cooling 5 mins, still > 70%, then +1 instance Cooling 5 mins, still >70%, since max 5 instances, keep 5 instances only -https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-understanding-settings -https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-best-practices

Answer 69

Image1: Azure Container Instances and App Services only Image2: Azure Container Instances, Azure Container Apps, and App Services - Azure Container Instances can schedule both Windows and Linux containers with the same API. You can specify your OS type preference when you create your container groups. Some features are currently restricted to Linux containers. https://learn.microsoft.com/en-us/azure/container-instances/container-instances-overview - Azure Container Apps supports: Any Linux-based x86-64 (linux/amd64) container image with no required base image Containers from any public or private container registry Sidecar and init containers https://learn.microsoft.com/en-us/azure/container-apps/containers - Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Node.js, PHP, and Python. Applications run and scale with ease on both Windows and Linux-based environments.https://learn.microsoft.com/en-us/azure/app-service/overview

Answer 70

B. Assign a managed user identity to App1. https://learn.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app First Step is to Assign a managed identity to the App.

Answer 71

B. NIC1 Therefore, the most direct and crucial dependency for VM1 among the listed resources is NIC1 (Option B). The NIC acts as the bridge between the VM and the other network resources like the virtual network, public IP, and network security group. Hence, it's essential to ensure that NIC1 is deployed before VM1. https://learn.microsoft.com/en-us/azure/templates/microsoft.compute/virtualmachines?pivots=deployment-language-arm-template https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/resource-dependency https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-templates-with-dependent-resources?tabs=CLI

Answer 72

A. New-AzSubscriptionDeployment Deploy across entire subscription: New-AzSubscriptionDeployment Deploy across subscriptions in a management group: New-AzManagementGroupDeployment Deploy within a specific resource group: New-AzResourceGroupDeployment Deploy across entire organization (rare): New-AzTenantDeployment

Answer 73

B. scope We would use scope to target the resource group for storage account. kind: This property defines the type of resource within the storage account (e.g., BlobStorage, FileStorage, etc.). It's unlikely you need to modify this in your scenario as Bicep likely already has the correct type defined. scope: This property specifies the location where the resource will be deployed. In your case, you want to deploy it to the resource group "RG1", so modifying the scope property to reference "RG1" is necessary. sku: This property defines the performance tier of the storage account. While you might adjust this depending on your needs, it's not directly related to deployment location. location: This property can also define the deployment location, but it's generally recommended to use the scope property with resource groups for clarity and consistency. Bicep might already have the location set within the resource definition.

Answer 74

You can deploy a virtual machine to RG1. - Yes You can deploy a virtual machine to RG2. - No You can manually create a resource group named RG3. - Yes The deployment creates 3 RGs called RG0, RG1, RG2 as the index is 0-based. You can deploy to RG1 as the lock is delete. You can't deploy to RG2 as the lock is read-only, hence it can't be modified.

Answer 75

C. Proximity1 only Placement Groups is a capability to achieve co-location of your Azure Infrastructure as a Service (IaaS) resources and low network latency among them, for improved application performance. Azure proximity placement groups represent a new logical grouping capability for your Azure Virtual Machines, which in turn is used as a deployment constraint when selecting where to place your virtual machines. In fact, when you assign your virtual machines to a proximity placement group, the virtual machines are placed in the same data center, resulting in lower and deterministic latency for your applications. The VMSS should share the same region, even it should be the same zone as proximity groups are located in the same data center. Accordingly, it should be proximity 1 only. Reference: https://azure.microsoft.com/en-us/blog/introducing-proximity-placement-groups

Answer 76

WebApp1 can communicate with VM2. - Yes Explanation: webapp1 is integrated with vnet1 and vnet1 is peered with vnet2, which vm2 is connected to. So, webapp1 can communicate with vm2. NSG1 controls inbound traffic to WebApp1. - No Explanation: nsg1 is associated with subnet1, not directly with webapp1. It controls the inbound traffic to the subnet1, not to the webapp1. Virtual network integration is used only to make outbound calls from your app into your virtual network WebApp2 can communicate with VM1. - No or Yes Yes: Explanation: webapp2 is deployed to subnet2 and subnet2 is in vnet2. vnet2 is peered with vnet1, which vm1 is connected to. So, webapp2 can communicate with vm1. NO: There are some limitations with using virtual network integration: The feature isn't available for Isolated plan apps in an App Service Environment Reference: https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration

Answer 77

D. ContReg1 "If activated, you can use the registry name as username and admin user access key as password to docker login to your container registry." when you go to this Option in the Portal - next to the "Mark" is a Explanation Field and when you hover over it, it say -> the admin user is identical to the Name of the Container Registry. The Name of the Container Registry is ContReg1 therefore is the admin user ContReg1 and that means D

az-104 dumps topic 4, 1-106 Flashcards

(101 cards)