23

Questions and Answers

Does creating an Azure storage account and configuring shared access signatures (SASs) meet the goal to alert when more than two error events are logged to the System event log on VM1?

No (correct)

Yes

What should you do to move a custom application installed on VM1 to VNet2?

Identify the disk used by the VM, delete the VM while retaining the disk, and recreate the VM in the target virtual network, attaching the original disk.

What should you create to store an administrative password without storing it in plain text?

Azure Active Directory Identity Protection and an Azure policy

A Recovery Services vault and a backup policy

An Azure Key Vault and an access policy (correct)

An Azure Storage account and an access policy

What platforms can ASP1 and ASP3 App Service plans host?

ASP.NET Core apps on Windows or Linux.

What command should you run to install the kubectl client on your computer?

az aks install-cli

What should be the first step to manage virtual machine configurations with Azure Automation State Configuration?

Upload a configuration to Azure Automation State Configuration.

How can you deploy a virtual machine to the West US location using Template1?

Modify the location in the resources section to westus

What must you do first to create a staging slot for Plan1?

Scale up the App Service plan to Standard, Premium, or Isolated tier.

What is required to ensure that App1 always runs on at least eight virtual machines during planned Azure maintenance?

One Availability Set that has 10 update domains and one fault domain

Does creating an event subscription on VM1 and an alert in Azure Monitor meet the goal of alerting when more than two error events are logged within an hour?

No

Does moving the virtual machine to a different subscription meet the goal of moving VM1 to a different host immediately?

No

Does clicking Redeploy from the Redeploy blade meet the goal of moving VM1 to a different host immediately?

Yes

Does clicking Enable from the Update management blade meet the goal of moving VM1 to a different host immediately?

No

What should you do first to add the custom domain www.contoso.com to webapp1?

Create a DNS record

Does moving VM1 to RG2 and adding a new network interface allow you to connect VM1 to VNET2?

No

Does deleting VM1 and recreating it with a new network interface allow you to connect VM1 to VNET2?

Yes

Does turning off VM1 and adding a new network interface allow you to connect VM1 to VNET2?

No

What is the maximum total of vCPUs allowed for the deployed virtual machines?

20

Which IP address should you include in the DNS record for Cluster1?

131.107.2.1

What should you identify to minimize Azure costs before deploying Template1 for 10 Azure web apps?

One App Service plan

Which type of storage and host caching should you configure for the new data disk?

Premium SSD

Which two actions should you perform on Vault1 to prepare for Azure Disk Encryption?

Select Azure Disk Encryption for volume encryption.

Which encryption method should you use for VM1?

Azure Disk Encryption

Which two settings should you configure for a shared access signature (SAS)?

Allow users to read blobs.

What should you use to allow read access to container1 while allowing both HTTP and HTTPS protocols?

A shared access signature (SAS)

Which three options should you configure for the Azure Storage account to support Data Lake Storage?

The Cool access tier

Which storage account can be converted to zone-redundant storage (ZRS) replication?

storage2

On which devices can you install Azure Storage Explorer?

Device1, Device2, and Device3 only

From where can you deploy a YAML file to the AKS cluster AKS1?

From Azure CLI using kubectl client

What can you configure during the deployment of VM2 from Template1?

Administrator username

What task should you include in the scheduled runbook to increase the processor performance of VM1 at the end of each month?

Add a Desired State Configuration (DSC) extension to VM1

What should you use to ensure that NGINX is available on all the virtual machines after they are deployed?

A Desired State Configuration (DSC) extension

Availability zones protect from datacenter level failures.

True

What is the function of the Azure Performance Diagnostics agent?

To provide insights and diagnostics data for potential performance issues in Azure Virtual Machines.

Which change will cause downtime for VM1?

Change the size to D8s v3

Which two actions should you perform to ensure that the App1 update is tested before it is made available to users?

Deploy the App1 update to webapp1-test, and then test the update

Which three actions should you perform to record all successful and failed connection attempts to VM1?

Register the Microsoft.Insights resource provider.

What should you do to deploy an Azure virtual machine scale set that contains five instances as quickly as possible?

Deploy one virtual machine scale set that is set to ScaleSetVM orchestration mode.

What is the minimum number of App Service plans you should create for the web apps?

1

When the budget thresholds you've created are exceeded, resources are affected and your consumption is stopped.

False

Does the solution to view the date and time when the resources were created in RG1 meet the goal?

No

Does the solution to connect VM1 to VNET2 by creating a new network interface and adding it to VM1 meet the goal?

No

Which users are members of the local Administrators group on Computer1 after User1 joins it to adatum.com?

User1 and User2 only

Which tags are assigned to the storage account after Policy1 is applied?

"tag1": "value1" only

How many alerts will be triggered in an hour if Alert1 is configured to trigger every minute?

60

Which virtual machines can be backed up to Vault1?

VM1, VM3, VMA, and VMC only

Which tools can be used to configure the cluster autoscaler for AKS1?

az aks command

What should you do first after creating a container image named App1?

Run the az acr build command.

Which proximity placement groups should you use for VMSS1?

Proximity2 only

Does selecting the subscription and then clicking Resource Providers meet the goal of viewing the creation date and time of resources in RG1?

No

Does clicking Automation Script from the RG1 blade meet the goal of viewing creation times of resources in RG1?

No

Does clicking Deployments from the RG1 blade meet the goal of viewing when resources were created in RG1?

Yes

What should you use to monitor the metrics and logs of a Linux virtual machine named VM1?

Linux Diagnostic Extension (LAD) 3.0

What is the DNS port number that is blocked by the effective network security rules shown?

53

To ensure at least two virtual machines are available if one Azure datacenter becomes unavailable, what should you deploy?

Each virtual machine in a separate Availability Zone

Study Notes

Azure Virtual Machine Storage Recommendations

• Adding a 1-TB data disk to VM1 requires a storage type ensuring data resiliency, low latency, and data protection from host failures.

Azure Key Vault and Disk Encryption

• For configuring Azure Disk Encryption, two necessary actions for Vault1 are selecting Azure Virtual Machines for deployment and creating a new key.

VM Encryption Methods

• To encrypt VM1 while meeting specific requirements, Azure Disk Encryption is the most effective method as it can store and use the encryption key in KV1, maintain encryption during VM downloads, and encrypt both the OS and data disks.

Shared Access Signature (SAS) Configuration

• To enable secure downloads of blobs in a storage account, configure a shared access signature (SAS) that restricts actions to downloading only by blob name.

Container Access Configuration

• To configure access for container1, a shared access signature (SAS) is required to allow read access, permit both HTTP and HTTPS protocols, and apply permissions to all container content.

Azure Storage Account Creation for Data Lake

• When creating an Azure Storage account (storage1) for Azure Data Lake, include zone-redundant storage (ZRS), the Cool access tier, and geo-redundant storage (GRS) to minimize costs for infrequently accessed data and enable automatic data replication.

Blob Versioning and Lifecycle Management

• Blob versioning allows snapshots of critical blobs within containers, alongside lifecycle management policies that can affect data retention and accessibility.

Storage Account Replication Options

• A storage account can be converted to zone-redundant storage (ZRS) replication under specific conditions, while other types of accounts may have limitations.

Azure Storage Explorer Installation

• Azure Storage Explorer can be installed on multiple devices, allowing users various options for accessing and managing Azure storage resources.

Deploying to Azure Kubernetes Service (AKS)

• To deploy a YAML file to an AKS cluster, the correct method is using the kubectl client through Azure CLI; other methods like az aks and azcopy do not meet the deployment requirements.

Azure Monitor Alerts Configuration

• For monitoring error events on VM1, utilize Azure Log Analytics workspace, not a storage account; this allows for alert creation based on error event thresholds within a designated timeframe.### Azure Virtual Machines Management
• Moving a virtual machine (VM) across virtual networks requires deleting the VM while retaining the disk, then recreating it in the target VNet.
• Admins can create and manage multiple virtual machines using the Azure Resource Manager templates.

Custom Applications in Azure

• To migrate an application between VNets, identify the disk used, delete the VM, and recreate it in the target network to minimize administrative effort.

Securing Administrative Passwords

• Use Azure Key Vault with an access policy to securely store administrative passwords, preventing their exposure in plain text within templates.

Azure App Service Plans

• ASP.NET Core apps can be hosted on both Windows and Linux platforms, while the ASP.NET apps are limited to Windows only.
• Current App Service plan tiers (Basic, Standard, Premium, Isolated) determine features like deployment slots.

Autoscale Configuration for Virtual Machine Scale Sets

• Autoscale rules allow automatic scaling of VMs; for example, scaling up from 4 to 6 VMs when CPU usage exceeds 80%.
• Scaling in can reduce VMs down to a minimum set, ensuring resource efficiency while maintaining performance.

Automating Virtual Machine Deployment

• To include web server components in scale set VMs, modify the extensionProfile section of the Resource Manager template and use Azure Desired State Configuration (DSC).

Installing Clients in Azure Kubernetes Service

• Use the command az aks install-cli to install the kubectl client on local machines for managing AKS clusters.

Azure Automation State Configuration

• Steps to manage VM configurations include uploading a configuration, compiling it into a node configuration, and assigning the configuration to ensure compliance.

Resource Manager Template Modifications

• To change the deployment location of a VM, modify the location in the resources section of the ARM template directly.

Deployment Slots in Azure Web Apps

• Creating a staging slot for an Azure web app requires the app to be in the Standard, Premium, or Isolated tier; scaling up the plan is necessary.

High Availability Strategies in Azure

• An Availability Set with multiple update domains is crucial for ensuring that a distributed application remains operational during planned maintenance, maximizing uptime.

Alerting in Azure

• To set alerts for error events on a VM, utilize Azure Log Analytics with the Microsoft Monitoring Agent, ensuring events are logged and monitored effectively.

VM Redeployment

• Moving a VM to a different host following a maintenance notification requires redeployment rather than a simple move within the Azure interface.### Redeploying Azure Virtual Machines
• To move an Azure VM to a different host and retain all configurations, use the Redeploy option from the Redeploy blade.
• Redeploying a VM involves moving it to a new node within the Azure infrastructure and powering it back on.

Network and Virtual Machines

• Azure VM connection to VNet: You cannot change the VNet associated with a VM after its creation. To connect a VM to a new VNet, delete and recreate the VM with the new network interface.
• Azure VNet: You can change the subnet of a VM but not the VNet itself.

Custom Domains for Azure Web Apps

• To add a custom domain (e.g., www.contoso.com) to an Azure Web App, start by creating the appropriate DNS record (CNAME or A record) to map the custom name.

Azure Resource Management

• When deploying multiple Azure Web Apps, only one App Service plan is required to minimize Azure costs, rather than creating separate plans for each app.

Azure Availability Sets

• When using an Availability Set, virtual machines shared across update domains can lead to only a specific number of VMs being offline during maintenance, controlled by the update domain count.
• Fault domains prevent total VM outage; in case of failure in one fault domain, not all VMs would be affected.

Azure Kubernetes Service (AKS)

• To allow internet users access to applications running in an Azure Kubernetes Service cluster, the appropriate public IP address should be configured in the DNS record.

Resource Quotas in Azure

• Azure regions have limits on regional vCPUs. Deallocated VMs count toward the total limit. For instance, if the regional quota is 20 vCPUs, and existing VMs are using 18, only 2 vCPUs remain available.

VM Changes and Downtime

• Resizing a VM (e.g., changing from D4s v3 to D8s v3) requires the VM to be stopped, resulting in downtime.
• Adding disks or extensions generally does not cause downtime.

Testing Application Updates

• To test updates of an application running on an Azure Web App, deploy the update to a testing slot, test it, and only then swap with the production slot for user access.

Monitoring VM Connection Attempts

• To record successful and failed connection attempts to an Azure VM, enable Azure Network Watcher in the appropriate region and utilize NSG flow logs for detailed monitoring.

Description

Test your knowledge with this quiz focused on the AZ-104 Azure exam. The questions cover various topics including virtual machines, data disks, and Azure subscription management. Prepare effectively for your certification with these practice scenarios.