Practice Free AZ-104 Exam Online Questions
You have an Azure subscription. The subscription contains virtual machines that connect to a virtual network named VNet1.
You plan to configure Azure Monitor for VM Insights.
You need to ensure that all the virtual machines only communicate with Azure Monitor through VNet1.
What should you create first?
- A . an Azure Monitor Private Link Scope (AMPIS)
- B . a private endpoint
- C . a Log Analytics workspace
- D . a data collection rule (DCR)
A
Explanation:
Azure Monitor for VM Insights is a feature of Azure Monitor that provides comprehensive monitoring and diagnostics for your Azure virtual machines and virtual machine scale sets. It collects performance data, process information, and network dependencies from your virtual machines and displays them in interactive charts and maps. You can use Azure Monitor for VM Insights to troubleshoot performance issues, optimize resource utilization, and identify network bottlenecks1.
To enable Azure Monitor for VM Insights, you need to install two agents on your virtual machines: the Azure Monitor agent (preview) and the Dependency agent. The Azure Monitor agent collects performance metrics and sends them to a Log Analytics workspace. The Dependency agent collects process information and network dependencies and sends them to the InsightsMetrics table in the same workspace2.
By default, the agents communicate with Azure Monitor over the public internet. However, if you want to ensure that all the virtual machines only communicate with Azure Monitor through a virtual network named VNet1, you need to configure private network access for the agents.
Private network access allows the agents to communicate with Azure Monitor using a private endpoint, which is a special network interface that connects your virtual network to an Azure service without exposing it to the public internet. A private endpoint uses a private IP address from your virtual network address space, so you can secure and control the network traffic between your virtual machines and Azure Monitor3.
To configure private network access for the agents, you need to create an Azure Monitor Private Link Scope (AMPIS) first. An AMPIS is a resource that groups one or more Log Analytics workspaces together and associates them with a private endpoint. An AMPIS allows you to manage the private connectivity settings for multiple workspaces in one place4.
After creating an AMPIS, you need to create a private endpoint in VNet1 and link it to the AMPIS. This will enable the agents on your virtual machines to send data to the Log Analytics workspaces in the AMPIS using the private IP address of the private endpoint5.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You assign a built-in policy definition to the subscription.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
No, this does not meet the goal. Assigning a built-in policy definition to the subscription is not enough to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. This is because there is no built-in policy definition that matches this requirement. The closest built-in policy definition is “Network security groups should not allow unrestricted inbound traffic on well-known ports”, but this policy only blocks TCP port 80 and 443, not 80801.
To meet the goal, you need to create a custom policy definition that enforces a default security rule for NSGs. A policy definition is a set of rules and actions that Azure performs when evaluating your resources2. You can use a policy definition to specify the required properties and values for NSGs, such as the direction, protocol, source, destination, and port of the security rule. You can then assign the policy definition to the subscription scope, so that it applies to all the resource groups and virtual networks in the subscription.
DRAG DROP
You have a windows 11 device named Device1 and an Azure subscription that contains the resources shown in the following table.
Device 1 has Azure PowerShell and Azure Command-Line Interface (CLI) installed.
From Device1, you need to establish a Remote Desktop connection to VM1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
https://learn.microsoft.com/en-us/azure/bastion/connect-native-client-windows
You develop the following Azure Resource Manager (ARM) template to create a resource group and deploy an Azure Storage account to the resource group.
Which cmdlet should you run to deploy the template?
- A . New-AzTenantDeployment
- B . New-AzResourceGroupDeploy»ent
- C . New-AzResource
- D . New-AzOeployment
B
Explanation:
The New-AzResourceGroupDeployment cmdlet deploys an Azure Resource Manager template to a resource group. You can use this cmdlet to create a new resource group or update an existing one with the resources defined in the template. The template can be a local file or a URI. Then,
Reference: [New-AzResourceGroupDeployment]
You have an Azure App Service app named Appl that contains two running instances.
You have an auto scale rule configured as shown in the following exhibit
For the instance limits stale condition setting, you set Maximum to 5.
During a 30-minute period. Appl uses 60 percent of the available memory.
What is the maximum number of instances tor Appl during the 30-minute pefiod:
- A . 2
- B . 3
- C . 4
- D . 5
C
Explanation:
The exhibit shows that you have an auto scale rule configured for your App Service app named App1. The rule is based on the memory percentage metric, which measures the average amount of memory used by all the instances of your app.
The rule has the following settings:
Scale out action: Add 1 instance when the memory percentage is greater than or equal to 80% for a duration of 10 minutes.
Scale in action: Remove 1 instance when the memory percentage is less than or equal to 60% for a duration of 10 minutes.
Instance limits: The minimum number of instances is 2, and the maximum number of instances is 5.
According to the question, during a 30-minute period, App1 uses 60% of the available memory. This means that the scale in action is triggered, but not the scale out action. Therefore, one instance is removed from App1 every 10 minutes, until the minimum number of instances is reached.
Since App1 initially has two running instances, after the first 10 minutes, one instance is removed and App1 has one instance left. However, since the minimum number of instances is set to 2, another instance is added back to App1 to meet the minimum requirement. Therefore, after the first 10 minutes, App1 still has two instances.
After the second 10 minutes, the same process repeats. One instance is removed due to the scale in action, and another instance is added back due to the minimum requirement. Therefore, after the second 10 minutes, App1 still has two instances.
After the third 10 minutes, there is no change in the number of instances, because App1 already has the minimum number of instances. Therefore, after the third 10 minutes, App1 still has two instances.
Therefore, during the 30-minute period, App1 never has more than two instances running at any given time. However, since one instance is removed and added back every 10 minutes, there are four different instances that are used by App1 during the period. Hence, the maximum number of instances for App1 during the period is four.
You have an Azure App Service app named Appl that contains two running instances.
You have an auto scale rule configured as shown in the following exhibit
For the instance limits stale condition setting, you set Maximum to 5.
During a 30-minute period. Appl uses 60 percent of the available memory.
What is the maximum number of instances tor Appl during the 30-minute pefiod:
- A . 2
- B . 3
- C . 4
- D . 5
C
Explanation:
The exhibit shows that you have an auto scale rule configured for your App Service app named App1. The rule is based on the memory percentage metric, which measures the average amount of memory used by all the instances of your app.
The rule has the following settings:
Scale out action: Add 1 instance when the memory percentage is greater than or equal to 80% for a duration of 10 minutes.
Scale in action: Remove 1 instance when the memory percentage is less than or equal to 60% for a duration of 10 minutes.
Instance limits: The minimum number of instances is 2, and the maximum number of instances is 5.
According to the question, during a 30-minute period, App1 uses 60% of the available memory. This means that the scale in action is triggered, but not the scale out action. Therefore, one instance is removed from App1 every 10 minutes, until the minimum number of instances is reached.
Since App1 initially has two running instances, after the first 10 minutes, one instance is removed and App1 has one instance left. However, since the minimum number of instances is set to 2, another instance is added back to App1 to meet the minimum requirement. Therefore, after the first 10 minutes, App1 still has two instances.
After the second 10 minutes, the same process repeats. One instance is removed due to the scale in action, and another instance is added back due to the minimum requirement. Therefore, after the second 10 minutes, App1 still has two instances.
After the third 10 minutes, there is no change in the number of instances, because App1 already has the minimum number of instances. Therefore, after the third 10 minutes, App1 still has two instances.
Therefore, during the 30-minute period, App1 never has more than two instances running at any given time. However, since one instance is removed and added back every 10 minutes, there are four different instances that are used by App1 during the period. Hence, the maximum number of instances for App1 during the period is four.
HOTSPOT
You create a Recovery Services vault backup policy named Policy1 as shown in the following exhibit.
Explanation:
Box 1: 10 years
The yearly backup point occurs to 1 March and its retention period is 10 years.
Box 2: 36 months
The monthly backup point occurs on the 1
of every month and its retention period is 36 months.
Note: Azure retention policy takes the longest period of retention for each backup. In case of conflict between 2 different policies.
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/retention?view=o365-worldwide
HOTSPOT
You purchase a new Azure subscription named Subscription1.
You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.
You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: A Recovery Services vault
A Recovery Services vault is an entity that stores all the backups and recovery points you create over time.
Box 2: A backup policy
What happens when I change my backup policy?
When a new policy is applied, schedule and retention of the new policy is followed.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-configure-vault
https://docs.microsoft.com/en-us/azure/backup/backup-azure-backup-faq
A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases.
You can use backup policy to configure schedule.
https://docs.microsoft.com/en-us/azure/backup/backup-azure-recovery-services-vault-overview
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm
HOTSPOT
You purchase a new Azure subscription named Subscription1.
You create a virtual machine named VM1 in Subscription1. VM1 is not protected by Azure Backup.
You need to protect VM1 by using Azure Backup. Backups must be created at 01:00 and stored for 30 days.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: A Recovery Services vault
A Recovery Services vault is an entity that stores all the backups and recovery points you create over time.
Box 2: A backup policy
What happens when I change my backup policy?
When a new policy is applied, schedule and retention of the new policy is followed.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-configure-vault
https://docs.microsoft.com/en-us/azure/backup/backup-azure-backup-faq
A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases.
You can use backup policy to configure schedule.
https://docs.microsoft.com/en-us/azure/backup/backup-azure-recovery-services-vault-overview
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm
You need to configure an Azure web app named contoso.azurewebsites.net to host www.contoso.com.
What should you do first?
- A . Create a CNAME record named asuid that contains the domain verification ID.
- B . Create A records named www.contoso.com and asuid.contoso.com.
- C . Create a TXT record named asuid that contains the domain verification ID.
- D . Create a TXT record named www.contoso.com that has a value of contoso.azurewebsites.net.