Practice Free AZ-104 Exam Online Questions
HOTSPOT
You have an Azure subscription that has offices in the East US and West US Azure regions.
You plan to create the storage account shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
Box1 = To minimize the network costs of accessing adatum22, modify the Default routing tier setting.
The default routing tier setting determines how network traffic is routed from the internet to the storage account. By default, the Microsoft global network routing option is selected, which means that traffic is routed over the Microsoft global network for the bulk of its path, maximizing network performance and reliability. However, this option also incurs network charges for data transfer between different Azure regions. The internet routing option, on the other hand, minimizes the traversal of traffic over the Microsoft global network, handing it off to the transit ISP at the earliest opportunity. This option lowers networking costs, but may compromise network performance and reliability. Therefore, to minimize the network costs of accessing adatum22, which is located in the East US region, from the West US region, you should modify the default routing tier setting to use internet routing instead of Microsoft global network routing. For more information, see Network routing preference for Azure Storage.
Box2 = Encryption Type
https://learn.microsoft.com/en-us/azure/storage/common/infrastructure-encryption-enable?tabs=portal
You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.
The virtual machines host several applications that are accessible over port 443 to user on the Internet.
Your on-premises network has a site-to-site VPN connection to VNet1.
You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.
You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.
What should you do?
- A . Modify the address space of the local network gateway.
- B . Remove the public IP addresses from the virtual machines.
- C . Modify the address space of Subnet1.
- D . Create a deny rule in a network security group (NSG) that is linked to Subnet1.
D
Explanation:
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
You can use a site-to-site VPN to connect your on-premises network to an Azure virtual network. Users on your on-premises network connect by using the RDP or SSH protocol over the site-to-site VPN connection. You don’t have to allow direct RDP or SSH access over the internet. And this can be achieved by configuring a deny rule in a network security group (NSG) that is linked to Subnet1 for RDP / SSH protocol coming from internet.
Modify the address space of Subnet1: Incorrect choice
Modifying the address space of Subnet1 will have no impact on RDP traffic flow to the virtual network.
Modify the address space of the local network gateway: Incorrect choice
Modifying the address space of the local network gateway will have no impact on RDP traffic flow to the virtual network.
Remove the public IP addresses from the virtual machines: Incorrect choice
If you remove the public IP addresses from the virtual machines, none of the applications be accessible publicly by the Internet users.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices
You have the Azure virtual machines shown in the following table.
You have a Recovery Services vault that protects VM1 and VM2. You need to protect VM3 and VM4 by using Recovery Services.
What should you do first?
- A . Create a new Recovery Services vault.
- B . Configure the extensions for VM3 and VM4.
- C . Create a storage account.
- D . Create a new backup policy.
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?
- A . Azure Active Directory (AD) Identity Protection and an Azure policy
- B . a Recovery Services vault and a backup policy
- C . an Azure Key Vault and an access policy
- D . an Azure Storage account and an access policy
C
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter?tabs=azure-cli
HOTSPOT
You have an Azure subscription named Sub1 that contains the blob containers shown in the following table.
Sub1 contains two users named User1 and User2. Both users are assigned the Reader role at the Sub1 scope.
You have a condition named Condition1 as shown in the following exhibit.
You assign roles to User1 and User2 as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure subscription that contains the resource groups shown in the following table.
You create the following Azure Resource Manager (ARM) template named deploy json.
You deploy the template by running the following cmdlet.
Item-AzSubscriptionDeployment -location -Template file deploy-json
For each or the following statements, select Yes il the statement is bue. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure subscription that contains the resources in the following table.
In Azure, you create a private DNS zone named adatum.com, add virtual network link to VNet2, and enable auto registration.
The adatum.com zone is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point
You have an Azure subscription named Subscription1 that contains the storage accounts shown in the following table:
You plan to use the Azure Import/Export service to export data from Subscription1.
Which account can be used to export the data.
What should you identify?
- A . storage1
- B . storage2
- C . storage3
- D . storage4
D
Explanation:
Azure Import/Export service supports the following of storage accounts:
✑ Standard General Purpose v2 storage accounts (recommended for most scenarios)
✑ Blob Storage accounts
✑ General Purpose v1 storage accounts (both Classic or Azure Resource Manager deployments),
Azure Import/Export service supports the following storage types:
✑ Import supports Azure Blob storage and Azure File storage
✑ Export supports Azure Blob storage. Azure Files not supported.
Only storage4 can be exported.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-requirements
HOTSPOT
You have an Azure subscription that contains the vaults shown in the following table.
You create a storage account that contains the resources shown in the following table.
To which vault can you back up cont1 and share1? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.
HOTSPOT
You plan to deploy the following Azure Resource Manager (ARM) template.
For each of the following statements, select Yes. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
LB1 will be connected to a subnet named LB1 in VNET1. Yes, this is correct. The template specifies that the load balancer resource named LB1 has a property called frontend IP Configurations, which defines the subnet where the load balancer is located. The value of this property is a reference to the resource ID of the subnet named LB1 in VNET1. You can see this reference in line 38 of the template1.
LB1 can be deployed only to the resource group that contains VNET1. No, this is not correct. The template does not specify a resource group for the load balancer resource, which means it can be deployed to any resource group in the same subscription as VNET1. However, if you want to deploy the load balancer to a specific resource group, you can add a property called resource Group to the reference of the subnet in line 382.
The value of the sku variable can be provided as a parameter when the template is deployed. No, this is not correct. The template defines the sku variable as a constant value of “Standard” in line 9. This means that the value cannot be changed or overridden by a parameter when the template is deployed. If you want to make the sku value configurable, you need to change the variable definition to a parameter definition, and use the parameter reference instead of the variable reference in line 363.