Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Azure AZ-104 > Practice Test 1 > Flashcards

Practice Test 1 Flashcards

1
Q

View Case Study - https://rb.gy/5e9wyy

You are planning the move of photon-app to Azure. You create a network security group (NSG). You need to recommend a solution to provide users with access to photon-app. What should you recommend?

A

Create an incoming security rule for port 443 from the internet. Associate the Network Security Group tothe subnet that contains the web servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your company has an on-premises file server named demoserver that runs Windows Server 2016. Your company also has an Azure subscription that contains an Azure file share. You have to deploy an Azure File Sync Storage Sync Service, so you go ahead and create a sync group. You now need to synchronize files from demoserver to Azure. Which of the following actions would you need to perform for this purpose?

Choose 3 answers from the options given below.

A
  1. Install the Azure File Sync agent on the demo server
  2. Register demo server
  3. Add a server endpoint
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your company has an Azure subscription that is used by multiple departments in your company. The subscription contains around 5 resource groups. Each department uses resources in several resource groups. Your supervisor has requested to send a report that details the costs for each department. Which of the following actions would you need to perform for this purpose?

Choose 3 answers from the options given below.

A
  1. Download the usage report
  2. Assign a tag to each resource
  3. From the Costs Analysis blade, filter the view by tag
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have an Azure Active Directory (Azure AD) tenant that has the initial domain name.

You have a domain name of photon.com registered at a third-party registrar. You need to ensure that you can create Azure AD users that have names containing a suffix of @photon.com.

Which of the following would need to be implemented to fulfil this requirement?

Choose 3 answers from the options given below

A
  1. Add a custom domain name
  2. Add a record to the public photon.com DNS zone
  3. Verify the domain
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A company currently has an Azure account and subscription. They want to host an application using Virtual Machines and a load balancer. There is a requirement to ensure that the application is made available 99.99% of the time. Which of the following would need to be in place? You also have to minimize costs associated with the solution.

Choose 2 answers from the options given below

A
  1. Create a Standard Load balancer
  2. Add 2 Virtual Machines to the backend pool
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A company has setup a Load balancer that load balances traffic on port 80 and 443 across 3 virtual machines.

You have to ensure that all RDP traffic is directed towards a VM named demovm. How would you achieve this?

A

By creating an inbound NAT rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company has setup a Load balancer that load balances traffic on port 80 and 443 across 3 virtual machines. You have to ensure that all clients are serviced by the same web server for each request.

Which of the following would you configure for this requirement?

A

Session Persistence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A company has started using Azure and setup a subscription. They want to see the costs being incurred for each type of resource. Which of the following can help you get these details?

A

Go to your subscription and go to Cost Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your company currently has a Virtual Network defined in Azure. The Virtual Network has a default subnet that contains 2 Virtual machines named demo vm and demo vm1. There is a requirement to inspect all network traffic between the Virtual Machines for a duration of 3 hours.

You propose a solution to create a Data Collector set.

Does this solution fulfil the requirement?

A

No

The right solution is to use Network watcher.

A data collector set if used to collect data for Performance counters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your company currently has a Virtual Network defined in Azure. The Virtual Network has a default subnet that contains 2 Virtual machines named demovm and demovm1. There is a requirement to inspect all network traffic between the Virtual Machines for a duration of 3 hours.

You propose a solution to run Packet Capture on Azure Network watcher

Does this solution fulfil the requirement?

A

Yes

Network Watcher variable packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine. Packet capture helps to diagnose network anomalies both reactively and proactivity. Other uses include gathering network statistics, gaining information on network intrusions, to debug client-server communications and much more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Your company currently has a Virtual Network defined in Azure. The Virtual Network has a default subnet that contains 2 Virtual machines named demovm and demovm1. There is a requirement to inspect all network traffic between the Virtual Machines for a duration of 3 hours.

You propose a solution to create a metric chart for Network In and Network Out

Does this solution fulfil the requirement?

A

No

This is used to just see the number of packets coming into and out of the Virtual machine but will not do a detailed packet inspection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You are the Azure administrator for a company. You have to create a custom role based on the Virtual Machine Reader role. You have to complete the following powershell script

$role = SLOT1 “Virtual Machine Contributor”

$role.Id = $null $role.Name = “Virtual Machine Operator”

$role.Description = “Can monitor and restart virtual machines.”

$role.Actions.Clear() $role.Actions.Add(“Microsoft.Storage/*/read”)

$role.Actions.Add(“Microsoft.Network/*/read”)

$role.Actions.Add(“Microsoft.Compute/*/read”)

$role.Actions.Add(“Microsoft.Compute/virtualMachines/start/action”)

$role.Actions.Add(“Microsoft.Compute/virtualMachines/restart/action”)

$role.Actions.Add(“Microsoft.Authorization/*/read”)

$role.Actions.Add(“Microsoft.ResourceHealth/availabilityStatuses/read”)

$role.Actions.Add(“Microsoft.Resources/subscriptions/resourceGroups/read”)

$role.Actions.Add(“Microsoft.Insights/alertRules/*”)

$role.Actions.Add(“Microsoft.Support/*”)

$role.AssignableScopes.Clear()

$role.AssignableScopes.Add(“/subscriptions/00000000-0000-0000-0000-000000000000”)

$role.AssignableScopes.Add(“/subscriptions/11111111-1111-1111-1111-111111111111”)

SLOT2 -Role $role

Which of the following would come in SLOT1?

A

Get-AzRoleDefinition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You are the Azure administrator for a company. You have to create a custom role based on the Virtual Machine Reader role. You have to complete the following powershell script

$role = SLOT1 “Virtual Machine Contributor”

$role.Id = $null $role.Name = “Virtual Machine Operator”

$role.Description = “Can monitor and restart virtual machines.”

$role.Actions.Clear() $role.Actions.Add(“Microsoft.Storage/*/read”)

$role.Actions.Add(“Microsoft.Network/*/read”)

$role.Actions.Add(“Microsoft.Compute/*/read”)

$role.Actions.Add(“Microsoft.Compute/virtualMachines/start/action”)

$role.Actions.Add(“Microsoft.Compute/virtualMachines/restart/action”)

$role.Actions.Add(“Microsoft.Authorization/*/read”)

$role.Actions.Add(“Microsoft.ResourceHealth/availabilityStatuses/read”)

$role.Actions.Add(“Microsoft.Resources/subscriptions/resourceGroups/read”)

$role.Actions.Add(“Microsoft.Insights/alertRules/*”)

$role.Actions.Add(“Microsoft.Support/*”)

$role.AssignableScopes.Clear()

$role.AssignableScopes.Add(“/subscriptions/00000000-0000-0000-0000-000000000000”)

$role.AssignableScopes.Add(“/subscriptions/11111111-1111-1111-1111-111111111111”)

SLOT2 -Role $role

Which of the following would come in SLOT2?

A

New-AzRoleDefinition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A company has just setup an Azure account and subscription. There is a requirement to ensure that IT administrators can only spin up virtual machines of a particular SKU size.

Which of the following can help achieve this?

A

Create an Azure policy and assign it to the subscription

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A company has the following set of Virtual Machines defined in the Azure account

The company wants to move photon-vm1 to another subscription. Which of the following can be implemented to fulfill this requirement?

A

Use the Move-AzResource powershell command to move the Virtual Machine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A team has a Virtual Machine defined in Azure. The Networking details are given below

A new network interface named secondary has been created. The Network interface needs to be added to the Virtual machine.

What must be done first in order to ensure that the network interface can be attached to the Virtual Machine?

The machine needs to be stopped first.

A

The machine needs to be stopped first

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A company has the following virtual networks defined in Azure

bhuvanapps-network1 10.1.0.0/16

bhuvanapps-network2 10.2.0.0/16

The following virtual machines have been defined as well

bhuvanappsvm1 bhuvanapps-network1

bhuvanappsvm2 bhuvanapps-network2

The necessary peering connections have been created between bhuvanapps-network1 and bhuvanapps-network2. The firewalls on the virtual machines have been modified to allow ICMP traffic. But traffic does not seem to flow between the virtual machines when the ping request is made.

Which of the following can be used to diagnose the issue?

Application Insights

A

IP Flow Verify

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A company has the following virtual networks defined in Azure

Larger image

The following virtual machines have been defined as well

Larger image

The necessary peering connections have been created between bhuvanapps-network1 and bhuvanapps-network2. The firewalls on the virtual machines have been modified to allow ICMP traffic. But traffic does not seem to flow between the virtual machines when the ping request is made.

If the security department wanted to check on any network intrusions into the virtual networks, which of the following tool could be used for this purpose?

A

variable packet capture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Your company has an Azure account and subsription. The subscription contains a virtual machine named demovm. You have a computer named Computer1 that runs Windows 10. Computer1 is connected to the Internet. You add a network interface to the VM1 as shown in the exhibit below

From Computer1, you attempt to connect to demovm by using Remote Desktop, but the connection fails. You need to establish a Remote Desktop connection to demovm.

What should you do first?

A

Start demo vm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Your company has an Azure account and subsription. The subscription contains a virtual machine named demovm. You have a computer named Computer1 that runs Windows 10. Computer1 is connected to the Internet. You add a network interface to the VM1 as shown in the exhibit below

From Computer1 you want to be able to also access a web service running on port 80 after demovm is started.

Which of the following must be done for this to work?

A

Add an incoming network security group rule for allowing traffic on port 80

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Your company has an Azure account and subscription. The subscription contains the resources in the following table:

Your IT administrator has deployed a virtual machine called demovm and a storage account called bhuvanapps-temp by using a single Azure Resource Manager template. You want to do a review of the template that was used for the deployment. Which of the following resource blade could be used to view the template that was used for the deployment?

A

bhuvanapps-rg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Your company has an Azure subscription. In the subscription, you go ahead and create an Azure file share named share1. You also create a shared access signature (SAS) named SASdemo as shown in the following exhibit.

If you run Microsoft Azure Storage Explorer on a computer that has an IP address of 193.77.134.1 and you use SASdemo to connect to the storage account, then you

A

Will have no access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Your company has an Azure subscription. In the subscription, you go ahead and create an Azure file share named share1. You also create a shared access signature (SAS) named SASdemo as shown in the following exhibit.

If you use the net use command on a computer that has an IP address of 193.77.134.50 and then use SASdemo to connect to share1, then you

A

will have read, write, and list access

24
Q

You plan to deploy five virtual machines to a virtual network subnet.

Each virtual machine will have a public IP address and a private IP address.

Each virtual machine requires the same inbound and outbound security rules.

What is the minimum number of network interfaces that you require?

A

5

So, when you attach or have a network interface for a Virtual Machine, that network interface can have both a private and public IP address. So, by this measure, we only need to define 5 network interface cards, one for each virtual machine. Hence all the other options are incorrect

25
Q

You plan to deploy five virtual machines to a virtual network subnet.

Each virtual machine will have a public IP address and a private IP address.

Each virtual machine requires the same inbound and outbound security rules.

What is the minimum number of network security groups that you require?

A

1

A network security group can have multiple network interfaces assigned. Since the question clearly states that the virtual machines all require the same inbound and outbound security rules, hence we should use just the same network security group for all network interfaces

26
Q

You have a virtual network named VNet2 that has the configuration shown in the following exhibit.

Before a virtual machine on VNET2 can receive an IP address from 192.168.1.0/24 you must first

A

Add an address space

27
Q

You have a virtual network named VNet2 that has the configuration shown in the following exhibit.

Before a virtual machine on VNET2 can receive an IP address from 10.2.1.0/24 you must first

A

Add a subnet

28
Q

A company has an Azure subscription that contains the resources in the following table.

bhuvanappstore contains a file share named documents. The document file share contains 1000 files.

You need to synchronize the files in the file share with an on-premise server named bhuvanappserver. Which of the following would you need to implement to fulfil this requirement? Choose 3 answers from the options given below

A
  1. Install the Azure File Sync Agent
  2. Register the server
  3. Create a sync group
29
Q

A company needs to create a storage account that needs to conform to the following requirements

  • Users should be able to add files such as images and videos
  • Ability to store archive data
  • File shares need to be in place which can be accessed across several VM’s
  • The data needs to be available even if a region goes down
  • The solution needs to be cost effective

Which of the following type of storage account would you create for this purpose?

A

General Purpose(v2)

30
Q

A company needs to create a storage account that needs to conform to the following requirements

  • Users should be able to add files such as images and videos
  • Ability to store archive data
  • File shares need to be in place which can be accessed across several VM’s
  • The data needs to be available even if a region goes down
  • The solution needs to be cost effective

What is the type of replication that needs to be configured for the storage account?

A

Geo-Redundant storage (GRS)

31
Q

You need to deploy two Azure virtual machines named VM1 and VM2 based on the Windows server 2016. The deployment must meet the following requirements:

  • Provide a Service Level Agreement (SLA) of 99.95 percent availability.
  • Use managed disks

You propose a solution to create a scale set for the requirement.

Would the solution meet the goal?

A

No

Scale sets are used to scale the Virtual machines based on load. But here to achieve the desired level of availability, you also need to use an Availability set. You can use availability sets along with scale sets to achieve high availability.

32
Q

You need to deploy two Azure virtual machines named VM1 and VM2 based on the Windows server 2016 image. The deployment must meet the following requirements:

  • Provide a Service Level Agreement (SLA) of 99.95 percent availability.
  • Use managed disks

You propose a solution to create an availability set for the requirement.

Would the solution meet the goal?

A

Yes

33
Q

You need to deploy two Azure virtual machines named VM1 and VM2 based on the Windows server 2016. The deployment must meet the following requirements:

  • Provide a Service Level Agreement (SLA) of 99.95 percent availability.
  • Use managed disks

You propose a solution to create a Traffic Manager for the requirement.

Would the solution meet the goal?

A

No

Azure Traffic manager is used for traffic distribution based on DNS queries. For achieving high availability, you need to use Availability sets.

34
Q

Your company has an Azure account and an Azure subscription. They have created a Virtual Network named bhuvanapps-net. The following users have been setup

Which of the following users would be able to add a subnet to the Virtual Network?

A

bhuvanapps-usr1 and bhuvanapps-usr3 only

If you look at the Network Contributor Role, they have access to manage Virtual Networks. And then by default the Owner will have all privileges over Azure resources.

35
Q

Your company has an Azure account and an Azure subscription. They have created a Virtual Network named bhuvanapps-net. The following users have been setup

Which of the following users would be able to add the Reader role access for a user to the Virtual Network?

A

bhuvanapps-usr1 only

The Network Contributor does not have access to assign roles. And if you look at the Security admin role , it only has the privilege to work with Security Center.

36
Q

You work as an Azure Administrator for a company. You have to ensure that a role can be in place that would have the following requirements

View all the resources in the Azure subscription

Issue support requests to Microsoft.

Use the principle of least privilege.

You have to complete the below JSON role definition

{

“assignableScopes”: [

”/”

],

“description”: “Lets you create and manage Support requests”,

“id”: “/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e”,

“name”: “cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e”,

“permissions”: [

{

“actions”: [

SLOT_1,

“Microsoft.Resources/subscriptions/resourceGroups/read”,

SLOT_2

],

“notActions”: [],

“dataActions”: [],

“notDataActions”: []

}

],

“roleName”: “Support Request Contributor”,

“roleType”: “BuiltInRole”,

“type”: “Microsoft.Authorization/roleDefinitions”

}

Which of the following would go into SLOT_1?​

A

“Microsoft.Authorization/*/read”

37
Q

ou work as an Azure Administrator for a company. You have to ensure that a role can be in place that would have the following requirements

View all the resources in the Azure subscription

Issue support requests to Microsoft.

Use the principle of least privilege.

You have to complete the below JSON role definition

{

“assignableScopes”: [

”/”

],

“description”: “Lets you create and manage Support requests”,

“id”: “/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e”,

“name”: “cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e”,

“permissions”: [

{

“actions”: [

SLOT_1,

“Microsoft.Resources/subscriptions/resourceGroups/read”,

SLOT_2

],

“notActions”: [],

“dataActions”: [],

“notDataActions”: []

}

],

“roleName”: “Support Request Contributor”,

“roleType”: “BuiltInRole”,

“type”: “Microsoft.Authorization/roleDefinitions”

}

Which of the following would go into SLOT_2?

A

“Microsoft.Support/*”

38
Q

You have the Azure virtual networks shown in the following table.

To which virtual networks can you establish a peering connection from VNet1?

A

VNet3 and VNet4 only

39
Q

Your company has an Azure account and a subscription. The subscription contains the virtual networks in the following table

Larger image

The subscription also contains the virtual machines in the following table

Larger image

The firewalls on all the virtual machines are configured to allow all ICMP traffic

You add the peerings in the following table.

Larger image

For each of the following statements, select Yes if the statement is true

Is VM1 peered with VM3?

A

yes

40
Q

Your company has an Azure account and a subscription. The subscription contains the virtual networks in the following table

The subscription also contains the virtual machines in the following table

The firewalls on all the virtual machines are configured to allow all ICMP traffic

You add the peerings in the following table.

For each of the following statements, select Yes if the statement is true

Is VM2 peered with VM3?

A

No

41
Q

Your company has an Azure account and a subscription. The subscription contains the virtual networks in the following table

The subscription also contains the virtual machines in the following table

The firewalls on all the virtual machines are configured to allow all ICMP traffic

You add the peerings in the following table.

For each of the following statements, select Yes if the statement is true

Is VM2 peered with VM1?

A

No

42
Q

A company has the following storage accounts in place as part of their Azure subscription

Which of the following storage account/accounts could be used to store objects as part of the Archive tier?

A

bhuvanappstore2 and bhuvanappstore3 only

43
Q

View Case Study - https://rb.gy/5e9wyy

You have been requested to move the initial set of documents to Azure. The total size of the documents is 500MB. Which of the following is the ideal implementation step that should be followed to fulfil this requirement?

A

Use Azure Storage Explorer to copy the files

44
Q

View Case Study - https://rb.gy/5e9wyy

The application photon-app is a critical application and hence you need to ensure a backup solution is in place for the application. Which of the following would need to be created first first?

A

A recovery services vault

45
Q

View Case Study - https://rb.gy/5e9wyy

You are working on the network design for hosting the different tiers for the photon-app application. How many virtual networks would you recommend hosting the Virtual Machines for the application?

A

1

Since there is no requirement to have multiple virtual networks, one network would suffice for this requirement

46
Q

View Case Study - https://rb.gy/5e9wyy

You are working on the network design for hosting the different tiers for the bhuvanapps-app application. How many subnets would you recommend hosting the Virtual Machines for the application?

1

A

3

Since there are 3 layers as part of the case study

A SQL database

A web front end

A processing middle tier

It would be preferential to have a separate subnet for each layer

47
Q

View Case Study - https://rb.gy/5e9wyy

You need to ensure that users can join devices to Azure AD. But at the same time, you need to ensure that the users only belong to the pilot Azure AD group. Which of the below are the two settings you need to modify to implement this requirement?

A
  1. Users may join devices to Azure AD
  2. require Multi-Factor Auth to join devices
48
Q

A company needs to deploy the following architecture to Azure

The architecture would consist of a load balancer that should only accept requests via private IP addresses and should not flow via the internet. The load balancer would direct requests to database servers hosted on Virtual machines.

Which of the following load balancer type should be implemented for this architecture?

A

Internal Load Balancer

49
Q

View Case Study - https://rb.gy/uyxdr2

Which of the following should be used to ensure an SLA of 99.5% for the availability of the Virtual Machines? Choose 2 answers from the options given below

A
  1. Azure Managed Disks
  2. Azure Availabilty sets

To provide redundancy to your application, we recommend that you group two or more virtual machines in an availability set. This configuration within a datacenter ensures that during either a planned or unplanned maintenance event, at least one virtual machine is available and meets the 99.95% Azure SLA

Managed disks provide better reliability for Availability Sets by ensuring that the disks of VMs in an Availability Set are sufficiently isolated from each other to avoid single points of failure. It does this by automatically placing the disks in different storage fault domains (storage clusters) and aligning them with the VM fault domain. If a storage fault domain fails due to hardware or software failure, only the VM instance with disks on the storage fault domain fails.

50
Q

View Case Study - https://rb.gy/uyxdr2

Which of the following account kind should be used for the storage account?

A

General Purpose(v2)

Since the question has the key requirement “Storage replication needs to be in place to ensure that data is available even in the case of a data centre failure”, this means that you need to use Zone redundant replication which is only available in General Purpose v2.

51
Q

View Case Study - https://rb.gy/uyxdr2

How many availability sets would you create for deployment of the web and database virtual machines onto Azure?

A

2

You should ideally create availability sets based on the number of tiers you have for your application.

52
Q

View Case Study - https://rb.gy/uyxdr2

When adding custom domain names, which of the following record needs to be added to your custom domain registrar?

A

TXT record

53
Q

View Case Study - https://rb.gy/uyxdr2

Which of the following rule would you apply to the Network Security Group for the Network interface attached to the Web server?

A

An inbound rule allowing traffic on port 443

Since the users will connect via HTTPS, that means that port 443 should be open. And we need to add an Inbound security rule.

54
Q

A team member has created a point to site VPN connection between a computer named “WorkstationA” and an Azure Virtual Network. Another point to site VPN connection needs to be created between the same Azure Virtual Network and a computer named “WorkstationB”. The VPN client package was generated and installed on “WorkstationB”. You need to ensure you can create a successful point to site VPN connection.

You decide to join “WorkstationB” to the Azure AD tenant.

Would this solution fulfil the requirement?

A

No

55
Q

A team member has created a point to site VPN connection between a computer named “WorkstationA” and an Azure Virtual Network. Another point to site VPN connection needs to be created between the same Azure Virtual Network and a computer named “WorkstationB”. The VPN client package was generated and installed on “WorkstationB”. You need to ensure you can create a successful point to site VPN connection.

You decide to create a local VPN gateway.

Would this solution fulfil the requirement?

A

No

The local VPN gateway is used when you want to define site-to-site VPN connections.

Azure AZ-104 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions