Practice Free AZ-104 Exam Online Questions
HOTSPOT
You have an Azure subscription that contains the storage accounts shown in the following exhibit.
HOTSPOT
You need to the appropriate sizes for the Azure virtual for Server2.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Create a Recovery Services vault
Create a Recovery Services vault on the Azure Portal.
Box 2: Install the Azure Site Recovery Provider
Azure Site Recovery can be used to manage migration of on-premises machines to Azure.
Scenario: Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Server2 has the Hyper-V host role.
Reference: https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure
HOTSPOT
You have an Azure subscription that contains the virtual machines shown in the following table.
VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections.
Subnet1 and Subnet2 are in a virtual network named VNET1.
The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules.
NSG2 uses the default rules and the following custom incoming rule;
• Priority: 100
• Name: Rule1
• Port: 3389
• Protocol: TCP
• Source: Any
• Destination: Any
• Action: Allow
NSG1 is associated to Subnet! NSG2 is associated to the network interface of VM2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
No: VM1 has default rules which denies any port open for inbound rules
Yes: VM2 has custom rule allowing RDP port
Yes: VM1 and VM2 are in the same Vnet. by default, communication are allowed
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Operator role to the Developers group.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
The Logic App Operator role only grants the ability to read, enable, disable, and run logic apps. It does not grant the ability to create logic apps. To create logic apps, you need to assign the Logic App Contributor role or a higher-level role such as Owner or Contributor. Then,
Reference: [Built-in roles for Azure resources] [Azure Logic Apps permissions and access control]
HOTSPOT
You have two Azure App Service apps named App1 and App2. Each app has a production deployment slot and a test deployment slot.
The Backup Configuration settings for the production slots are shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Explanation:
On January 15, 2021, App1 will have only one backup in storage. Yes, this is correct. According to the table, App1 has a backup every 1 day, starting from January 6, 2021, with a retention of 0 days. This means that each backup will be deleted after 0 days, or as soon as the next backup is created. Therefore, on January 15, 2021, App1 will have only one backup in storage, which is the one created on that day1.
On February 6, 2021, you can access the backup of the App2 test slot from January 15, 2021. No, this is not correct. According to the table, App2 has a backup every 1 day, starting from January 6, 2021, with a retention of 30 days. This means that each backup will be deleted after 30 days, or when the storage limit is reached. However, the table also shows that App2 has a setting of “Keep at least one backup” set to Yes. This means that the oldest backup will be retained even if it exceeds the retention period or the storage limit2. Therefore, on February 6, 2021, you can access the backup of the App2 test slot from January 6, 2021, but not from January 15, 2021.
On January 15, 2021, you can restore the App2 production slot backup from January 6 to the App2 test slot. Yes, this is correct. According to the web search results, you can restore a backup by overwriting an existing app or by restoring to a new app or slot3. You can also restore a backup from a different slot or app as long as they are in the same subscription and region4. Therefore, on January 15, 2021, you can restore the App2 production slot backup from January 6 to the App2 test slot.
You have an Azure subscription that contains a storage account named storage.
You have the devices shown in the following table.
From which devices can you use AzCopy to copy data to storage1?
- A . Device1 and Device2 only
- B . Device1, Device2 and Device3
- C . Device’ only
- D . Device and Device3 only
B
Explanation:
https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10#download-azcopy
HOTSPOT
You have peering configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure subscription that contains the resource groups shown in the following table.
RG1 contains the resources shown in the following table.
RG2 contains the resources shown in the following table.
You need to identify which resources you can move from RG1 to RG2, and which resources you can move from RG2 to RG1.
Which resources should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you recommend?
- A . Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.
- B . Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
- C . Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
- D . Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
C
Explanation:
As App1 is public-facing we need an incoming security rule, related to the access of the web servers.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three
tiers: a SQL database, a web front end, and a processing middle tier.
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Azure Network Watcher, you create a connection monitor.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-overview